EFF in the News
Activist Katitza Rodriguez of the Electronic Frontier Foundation said she had not seen "any legal provision anywhere that stripped geolocation data of constitutional communications privacy protections as explicitly" as the Peruvian decree.
It follows a global pattern of governments seeking to fast-track surveillance legislation without public debate, said Rodriguez, the foundation's international rights director.
“Just because governments around the world engage in spying doesn’t make it legal,” said Nate Cardozo, a staff attorney with the San Francisco-based Electronic Frontier Foundation, which is representing Kidane. “And when spies get caught, there are consequences.”
Instead of tossing their project in the digital trash bin at Facebook's request, Gross and Croom, who have since taken jobs at Google and Twitter respectively, turned to the Electronic Frontier Foundation. EFF lawyer Daniel Nazer responded (PDF) to Facebook on Friday, telling the company that Gross and Croom are now his clients, and they have no intention of taking the site down.
In a blog post explaining the decision to help the undergraduate project, Nazer writes that it isn't clear if the Facebook letter is simply an example of "mindless over-enforcement" or an attempt to intentionally censor a critic. "Either way, this kind of demand undermines online expression," Nazer says.
For Jeremy Gillula of the Electronic Frontier Foundation, the bill is a "well-intentioned" effort to prevent "nuisance by drone." Although the bill doesn't forbid your neighbor from spying on you, Gillula said, it does prohibit your neighbor — or anyone else with a drone — from disturbing your peace.
Making these distinctions between the people who really intended harm—the people who, in legal language, issued threats that they should have reasonably foreseen would be interpreted as “serious expressions of intent to inflict bodily harm upon that person”—and the people who were merely venting political frustrations or indulging in some hyperbolic anger is a very murky area of law, particularly when it comes to online threats. “It is harder to separate the wheat from the chaff online,” said Fakhoury, the Electronic Frontier Foundation lawyer, of distinguishing “true threats” from speech that is protected by the First Amendment. “Part of that is the speed with which people can communicate online, part of it is that people are somewhat removed from what they say online, part of it is the breadth of the audience that exists online,” he explained.
One way to aid data deletion is encryption, said Jacob Hoffman-Andrews, senior staff technologist at the Electronic Frontier Foundation. If a user’s data is encrypted with a single key, destroying the key associated with an account is easier than finding and wiping each place the customer's data exists. That way, the information remains encrypted, but the key to decrypt the information is gone. The key will similarly need to be deleted and overwritten for it to be erased.
The Ashley Madison breach is "also a good case of, ‘Don't retain more data than you need,' " Hoffman-Andrews wrote in an e-mail. He recommends that all companies that store personal data audit their systems often to make sure everything they think they are deleting is actually being erased.
When it comes to data deletion, Ashley Madison may not be as bad as many other so-called dating sites, according to the EFF. In its 2012 ranking of dating sites based on their security and privacy practices, Ashley Madison was among the 3 out of 8 sites ranked that earned high marks for data deletion practices.
“You would give your credentials to this website, then it would give you an error, then they use your credentials to take your money,” said Noah Swartz of the Electronic Frontier Foundation.
Finding the threats is the easy part, though. “It’s a lot easier to figure out the context of speech in the physical world than in the online world,” said Hanni Fakhoury, a senior staff attorney at the Electronic Frontier Foundation. “You need that context in order to see what that speech really means.”
Rainey Reitman, the activism director of the Electronic Frontier Foundation, criticized MasterCard and Visa for removing support for Backpage, writing earlier this month, “We don’t need Visa and MasterCard to play nanny for online speech. Payment processors and banks shouldn’t be in the position of deciding what type of online content is criminal or enforcing morality for the rest of society.”
Instead of coming up with a new draft, the Electronic Frontier Foundation's Nate Cardozo says he wants the US to reopen the initial discussions that led to the software restrictions with the Wassenaar negotiators. That way, says the EFF staff attorney, the agreement could focus on actual spyware and surveillance products instead of the components that make or control those technologies.
"What are they actually trying to control? Are they trying to control [the notorious spyware] FinFisher?" asks Mr. Cardozo, who recently filed a lawsuit against Ethiopia over its use of FinFisher, a maker of surveillance technology. "Why don’t they go after export of that kind of software directly?"