EFF in the News
There are basically three ways to stop a drone, said Jeremy Gillula, a staff technologist at the Electronic Frontier Foundation: block the radio signals linking the drone to its controller, hack the aircraft's control signals and trick it into believing it is somewhere else, or physically disable it. Some drone manufacturers program a "geo fence" — location coordinates that their drones treat as off limits, and refuse to fly past — into the drone's programming. Police also could physically knock a drone out of the air with a projectile or use a net to catch it.
"If it were me, that would actually be the first thing I would think about doing," Gillula said. "You would have to basically encase the White House in this net. It sure wouldn't look pretty, but in some ways it would be the most effective way."
As senior legal counsel at Electronic Frontier Foundation (EFF) David Sobel told me yesterday, EFF sent multiple letters to the White House in 2009, urging Obama to voluntarily release this information from the White House anyway, including emails from Obama’s Blackberry, after all of the President elect’s rosy transparency proclamations. EFF received no response.
“Obama has not done anything to roll back this growing trend to protect the White House from Foia’s reach,” Sobel said. “You can look at any component of the Executive Office of the President that has been exempted from Foia over time by the courts, and clearly, as a matter of discretion, he could roll that back”.
The San Francisco-based Electronic Frontier Foundation, a nonprofit group that focused on defending civil liberties, objects to police holding onto such records indefinitely.
"It's a real threat to privacy that we allow our government to collect this kind of information on us - on where we travel and where we are going at any given time," said Jennifer Lynch, a senior staff attorney at the foundation.
"Many of these law enforcement agencies will drive around parking lots and collect license-plate data," Lynch continued. "That parking lot might be for your doctor or it might be for your church. I don't think that law enforcement and the government should have a right to have that information on us."
But beyond higher rates, new businesses and non-profits that don’t have the deep pockets of global conglomerates and activist billionaires will get squeezed out of the market or discussion. The Electronic Frontier Foundation, the pre-eminent nonprofit organization defending civil liberties in the digital world, has been made its case for net neutrality for years partly on the argument that non-profits who promote alternative viewpoints would be particularly vulnerable.
The non-profit American Hydrogen Association, whose group advocates for energy solutions that, if adopted, would revolutionize several industries — perhaps greatest among them, the oil and gas conglomerates — is exactly the type of group that the EFF said would be most vulnerable.
"What we worry about is when people's First Amendment rights are impacted in the sense that they are going to be clearly charged or sued for defamation," said Hanni Fakhoury, senior staff attorney for the Electronic Frontier Foundation, a digital rights organization. "The First Amendment protects certain knuckle-headed speech."
“There’s no legitimate way to claim that there wasn’t a requirement, certainly to keep with the spirit of the law, to make real-time copies available to the agency,” said David Sobel, senior counsel for the Electronic Frontier Foundation.
The incident prompted the Electronic Frontier Foundation (EFF) to publish a how-to on uninstalling Superfish and removing the certificate, as the adware installs its own root CA certificate in Windows systems. EFF noted that the self-signed root certificate allows the software to inject ads in secure HTTPS pages, leaving SSL connections vulnerable to being intercepted by attackers.
“The use of a single certificate for all of the MitM attacks means that all HTTPS security for at least Internet Explorer, Chrome, and Safari for Windows, on all of these Lenovo laptops, is now broken,” EFF technology experts wrote in a blog post at the time. “If you access your webmail from such a laptop, any network attacker can read your mail as well or steal your password. If you log into your online banking account, any network attacker can pilfer your credentials. All an attacker needs in order to perform these attacks is a copy of the Superfish MitM private key.”
4. Every website and app should use HTTPS
You've heard every rumor there is to hear about HTTPS. It's slow. It's only for websites that need to be ultra-secure. It doesn't really work. All wrong. The Electronic Frontier Foundation's Peter Eckersley is a technologist who has been researching the use of HTTPS for several years, and working on the EFF's HTTPS Everywhere project. He says that there's a dangerous misconception that many websites and apps don't need HTTPS. He emailed to expand on that:
Another serious misconception is website operators, such as newspapers or advertising networks, thinking "because we don't process credit card payments, our site doesn't need to be HTTPS, or our app doesn't need to use HTTPS". All sites on the Web need to be HTTPS, because without HTTPS it's easy for hackers, eavesdroppers, or government surveillance programs to see exactly what people are reading on your site; what data your app is processing; or even to modify or alter that data in malicious ways.
Eckersley has no corporate affiliations (EFF is a nonprofit), and thus no potential conflict of interest when it comes to promoting HTTPS. He's just interested in user safety.
“Most of the material you find online is covered by copyright, because copyright applies automatically. That includes most photos on Instagram, videos on YouTube, and so on,” Electronic Frontier Foundation staff attorney Mitch Stoltz explained to the Daily Dot. “For most creative material that's online, you need permission from the copyright holder for some uses. Other uses are covered by fair use.” When fair use applies, the content becomes free to anyone, no permission required.
"The task of keeping a mail-server secure isn't one even the average [system administrator] is up to. I'd be shocked if her server was even remotely secure," said Nate Cardozo, a staff attorney with the Electronic Frontier Foundation."Clinton's decision to forgo the State Department's servers is inexplicable and inexcusable."