EFF in the News
4. Every website and app should use HTTPS
You've heard every rumor there is to hear about HTTPS. It's slow. It's only for websites that need to be ultra-secure. It doesn't really work. All wrong. The Electronic Frontier Foundation's Peter Eckersley is a technologist who has been researching the use of HTTPS for several years, and working on the EFF's HTTPS Everywhere project. He says that there's a dangerous misconception that many websites and apps don't need HTTPS. He emailed to expand on that:
Another serious misconception is website operators, such as newspapers or advertising networks, thinking "because we don't process credit card payments, our site doesn't need to be HTTPS, or our app doesn't need to use HTTPS". All sites on the Web need to be HTTPS, because without HTTPS it's easy for hackers, eavesdroppers, or government surveillance programs to see exactly what people are reading on your site; what data your app is processing; or even to modify or alter that data in malicious ways.
Eckersley has no corporate affiliations (EFF is a nonprofit), and thus no potential conflict of interest when it comes to promoting HTTPS. He's just interested in user safety.
“Most of the material you find online is covered by copyright, because copyright applies automatically. That includes most photos on Instagram, videos on YouTube, and so on,” Electronic Frontier Foundation staff attorney Mitch Stoltz explained to the Daily Dot. “For most creative material that's online, you need permission from the copyright holder for some uses. Other uses are covered by fair use.” When fair use applies, the content becomes free to anyone, no permission required.
"The task of keeping a mail-server secure isn't one even the average [system administrator] is up to. I'd be shocked if her server was even remotely secure," said Nate Cardozo, a staff attorney with the Electronic Frontier Foundation."Clinton's decision to forgo the State Department's servers is inexplicable and inexcusable."
But the Electronic Frontier Foundation, a major Internet rights advocacy organization, is already calling H.B. 271 "a dangerous anti-anonymity bill."
"A great many websites could be de-anonymized by this statute, whether they are hosted in Florida or not," the EFF's Mitch Stoltz wrote.
The bill's definition of a commercial work is so broad, Stoltz said, that "a potentially vast number of people" could seek a court order forcing a website owner to disclose his or her identity, even if the website raised no substantive piracy concerns.
"The ability to speak anonymously is an important free speech right," Stoltz wrote. "Forcing website owners to identify themselves violates the First Amendment when laws like this one are vague about which sites must comply."
Other’s support Warnken’s argument that the taking Raynor’s DNA without his consent was a violation as well. Last month in its request that the Supreme Court hear the arguments (which was denied Monday), the Electronic Frontier Foundation wrote “genetic material contains a vast amount of personal information that should receive the full protection of the Constitution against unreasonable searches and seizures.”
"I don't actually have any less faith in Google than I do in the government to secure those emails," Nate Cardozo, a staff attorney with the Electronic Frontier Foundation, told me. "But, it's still a terrible idea. Let's assume for the sake of argument she was using Gmail. If she was using Gmail, it means Google was scanning all of the email to present her with targeted advertising about it. Is that something we want as a nation? Do we want a private company doing profiling on our Secretary of State?"
The ability to speak anonymously is an important free speech right. Forcing website owners to identify themselves violates the First Amendment when laws like this one are vague about which sites must comply. Even a site that a court decides is “likely to violate” the statute could be de-anonymized.
In addition, using state law to regulate the contents of websites creates constitutional problems because the Internet is borderless. This bill could easily apply to sites hosted anywhere in the U.S., not just in Florida. State regulation of websites can interfere with the federal government’s exclusive authority over interstate commerce.
The Facebook matter, reported by the Electronic Frontier Foundation, quickly got attention. The group has billed itself as "the leading nonprofit organization defending civil liberties in the digital world." Its report discussed a South Carolina prison policy that resulted in what the group said were more than 400 disciplinary cases for using Facebook. It noted that the policy even considered it an offense for prisoners to ask a family member to update his or her Facebook status.
The EFF has very nice step-by-step instructions for installing GPGTools to allow it to be used directly with either Apple Mail or Mozilla Thunderbird for email; the tools are also available via the application Services menu wherever you can manipulate or select text. GPGTools is currently free, but plans to charge a very modest fee for its email plug-in at some point to help support development costs.