The Federal Circuit Court of Appeals in Washington, D.C. heard oral argument yesterday in the closely watched “breast cancer gene” patent case. At issue are two patents covering naturally occurring human genes that, when present, signal an increased likelihood of developing breast cancer. The ACLU and the Public Patent Foundation filed the lawsuit in May 2009, representing 150,000 geneticists, pathologists, and laboratory professionals; in March 2010, the district court found in the plaintiffs’ favor and invalidated the patents.
Internet certification authorities (CAs) are charged with the task of vouching for the identities of secure web servers. When you browse to https://www.wellsfargo.com/, your browser knows it’s the real wellsfargo.com because VeriSign, a CA, says it is.
However, if CAs don’t validate the identities of the sites they vouch for, the whole system breaks down. In this post, I’ll discuss one way in which CAs frequently fail.
Using data in EFF's SSL Observatory, we have been able to quantify the extent to which CAs engage in the insecure practice of signing certificates for unqualified names. That they do so in large numbers indicates that they do not even minimally validate the certificates they sign. This significantly undermines CAs’ claim to be trustworthy authorities for internet names. It also puts internet users at increased risk of network attack.
Are you an undergraduate or graduate student who is interested in protecting civil liberties online and fighting for a free and open Internet? Do you have strong writing and research skills? Do you love delving into the latest issues in technology, privacy, intellectual property, and transparency? Apply for EFF’s Summer Activism Internship!
The Activism Intern will work closely with EFF’s activism team to create new campaigns, action alerts, and issue pages, research new issues in digital civil liberties, and update existing web pages on EFF’s sprawling website.
EF is seeking candidates with the following qualifications:
Yesterday, I posted about how internet certification authorities will sign unqualified names, which have no meaning on the internet.
In addition to unqualified names being meaningless — or, worse than meaningless — there are also meaningless fully-qualified names. And, yes, CAs will sign those names too.
As you may know, the internet domain name system (DNS) has a hierarchical structure: at the top are the top-level domains (TLDs) like .com, .org, and .net. Additionally, each two-letter ISO country code like UK, JP, and CN is also a valid country-code TLD (ccTLD). Finally, there are the lesser-known TLDs like .mobi, .museum, and .int.
Judicial decisions are starting to come fast and furious in the movie copyright troll cases – and the trend is mixed but promising for those of us who care about protecting due process.
The good news is that judges continue to recognize the fundamental flaws in these cases. In the Northern District of Illinois, for example, Judge Blanche Manning recently severed Millennium v. Does 1-800, effectively dismissing the case against almost every Doe defendant. The court also suggested that the suit had been brought in the wrong place:
Current members will be invited to join EFF technologists, activists, attorneys, and fellow members for happy hour at a secret San Francisco location on Thursday, April 21st. We'll present a brief update on the topic of YOUR choice! Vote to hear about our latest tech projects, activism campaigns, or legal cases when you receive your invitation and make a reservation.
EFF Members-Only Happy Hour
Thursday, April 21st from 6-8 PM
EFF's Speakeasy is a free, informal gathering for current members only and space is limited. Attendees must be 21 or older. No-host bar. Members will receive a personal invitation with location details by email on Tuesday, April 12th. For more information, contact firstname.lastname@example.org.
Not a member or have you let it lapse this year? There's still time to sign up today at https://www.eff.org/join
UPDATE: At the request of Mayor Ed Lee, the San Francisco Entertainment Commission has decided to postpone discussion of the proposed rules until its next meeting. EFF will provide more details as they become available.
The city of San Francisco has a long history of political activism and cultural diversity, which could be in danger if the San Francisco Entertainment Commission has their way. The Electronic Frontier Foundation joined civil liberties and privacy groups in criticizing a proposal from the San Francisco Entertainment Commission that would require all venues with an occupancy of over 100 people to record the faces of all patrons and employees and scan their ID’s for storage in a database which they must hand over to law enforcement on request. If adopted, these rules would pose a grave threat to the rights of freedom of association, due process, and privacy in San Francisco.
For the next 14 days, you can get the newly-released Humble Frozenbyte Bundle! Like the first two bundles, you pay what you want to download five independent, DRM-free, cross-platform computer games, and choose to divide your money between the game developers, Child’s Play, and EFF. The Frozenbyte Bundle includes Trine, Shadowgrounds Survivor, the unpublished game Splot, and gaming prototype Jack Claw, in which you get to rampage through a city, throw cars, and generally cause mayhem.
What happens when governments go to your online service providers seeking information about you? Birgitta Jonsdottir, Rop Gonggijp and Jacob Appelbaum use online social networks to communicate about social and political causes – including their support for the online whistleblower website Wikileaks. But their decision to back Wikileaks drew the attention of the U.S. government.
In connection with its investigation into Wikileaks, the Department of Justice issued a secret order to Twitter demanding the account information of Birgitta, Rop and Jacob. The order included a "gag" – meaning Twitter wasn’t allowed to talk about it. In fact, it wasn’t even allowed to tell Birgitta, Rop and Jacob about the government order for their account information.
California has taken another big step towards updating reader privacy for the digital age. The State Senate Judiciary Committee passed through SB 602, the Reader Privacy Act, after hearing testimony from EFF Legal Director Cindy Cohn and others in support of the bill Tuesday.
As Cindy told the judiciary committee, the books we choose to read reveal private information about our political and religious beliefs or interests, our health concerns, our financial situation, and our personal and professional lives. Maintaining reader privacy is fundamental to the dignity of Californians, and this principle is well ensconced in state law. However, with the market for digital books exploding, the law needs an update for the 21st Century.
On Tuesday, Senators John McCain and John Kerry introduced the long-awaited Commercial Privacy Bill of Rights, a sweeping bill that covers online and offline data collection, retention, use, and dissemination practices. Unfortunately, the bill may fall short of what’s needed to protect our privacy.
YouTube announced its new and “improved” copyright policies yesterday, and it’s a mixed bag for YouTube users: they have a new opportunity to remove strikes on their accounts, but they have to watch some copyright propaganda first.
Nevada federal judge Roger Hunt was busy last week. In addition to his widely reported decision in Righthaven v. Democratic Underground to unseal Righthaven LLC’s business agreement with publisher Stephen Media – an agreement that shows Righthaven's claim of copyright ownership is a sham – Judge Hunt also granted Tad DiBiase’s motion to dismiss Righthaven’s request to seize his domain name. As the judge noted, there simply is no legal basis for Righthaven’s threat to seize domain names as a remedy for copyright infringment.
For several weeks EFF and co-counsel Fenwick & West have been trying to persuade a federal district court to unseal a critical document Stephens Media produced in Righthaven v. Democratic Underground. The document, the Strategic Alliance Agreement between Righthaven and Stephens Media (publisher of the Las Vegas Review-Journal), and our accompanying supplemental brief were unsealed on Friday.
The below originally appeared in the Daily Journal.
EFF recently launched a campaign calling on companies to stand with their users when the government comes looking for data. (If you haven’t done so, sign our petition urging companies to provide better transparency and privacy.) This article will provide a more detailed look at one of the four categories in which a company can earn a gold star in our campaign: promising to tell users about government data demands.
The vast open landscape for users, developers, and industry that Google announced with the release of Android has been growing narrower and more opaque. When the service launched, Google made much of Android’s transparency and inclusiveness, which it said would enable innovation lacking in the mobile space. And Google has pointed fingers at Apple for its draconian, closed ways.
Over the past few years, prosecutors have tried to stretch the Computer Fraud and Abuse Act (CFAA) in troubling ways through cases like United States v. Drew. This week, a federal appeals court rebuffed another attempt to expand the CFAA, finding that prosecutors can't double-count computer crime charges to turn misdemeanors into felonies.
EFF today, along with Professor Jason Schultz, Co-Director of the Samuelson Law, Technology, & Public Policy Clinic at the University of California at Berkeley Law School, and Professor Mark Webbink, Executive Director of the Center for Patent Innovations at New York Law School, filed comments in response to the Patent Office’s Request for Information on Improving Regulation and Regulatory Review.
Traditionally, the lack of public participation at the Patent Office has caused great harm to patent quality as well as innovation. In addition, we have seen time and again that third parties want to participate in the patent process. Successful programs like EFF’s Patent Busting Project and Peer To Patent are proof of this trend.
Earlier this week, the popular online dating site Match.com announced plans to implement a system to check their users against sex offender registries. This comes in the wake of a lawsuit against the company by a woman who says she was assaulted by someone she met through the website. While sexual assault is inexcusable, this would-be solution is deeply flawed. Match.com’s plan isn’t a good way to catch sexual predators (who could just use fake names), sacrifices user privacy, and sets a troubling precedent for allowing companies to peer into our personal lives and histories before doing business with us.
EFF recently launched a campaign calling on companies to stand with their users when the government comes looking for data. (If you haven’t done so, sign our petition urging companies to provide better transparency and privacy.) This article will provide a more detailed look at one of the four categories in which a company can earn a gold star in our campaign: transparency about government requests.
We're asking companies to do two things in order earn a gold star in the transparency category: provide reports on how often they provide data to the government, and publish their law enforcement guidelines.
Last Friday, the Chief Judge of the federal court in Nevada, which is overseeing more than 200 Righthaven copyright cases, dismissed Righthaven's meritless claim to seize its victim's domain names. In each case so far, Righthaven contended that the mere hosting of any infringing material means that the entire domain name was forfeit to the copyright troll. Chief Judge Hunt rejected that claim, explaining that the "Court finds that Righthaven’s request for such relief fails as a matter of law and is dismissed."
Last night, Righthaven filed a new copyright case in Nevada federal court, and - guess what? - demanded forfeiture of the domain name. Indeed, unable to take "you're wrong as a matter of law" for an answer, Righthaven upped the ante, and asked the Court to:
Thanks to everyone who attended last night's second Bay Area Members-Only Speakeasy in San Francisco! We hope that you enjoyed this happy hour event as much as we did. Based on your votes, we were treated to an inside look at recent developments in Righthaven Copyright Troll lawsuits from EFF's Intellectual Property Director Corynne McSherry.
The conversations continued well into the night at Noisebridge, our local hackerspace. A special thanks to Andy Isaacson who spoke about EFF's SSL Observatory during his 5 Minutes of Fame lightning talk. For those who couldn't make, we hope to see you next time. Watch for the next Members' Speakeasy near you!
When Keith Cowing made an innocuous post about a meeting of the President’s Council of Advisors on Science and Technology on his long-running science policy blog, Space Ref, he didn’t imagine that it would trigger a phone call from the White House. But that is exactly what happened, and the White House was not calling to congratulate him on his excellent science policy coverage. Cowing’s offense? Including an image of the seal of the Executive Office of the President of the United States in his blog post. According to Cowing, White House staffer Rick Weiss objected to the seal’s placement in proximity to an ad, which White House lawyers worried might be construed as an endorsement of the product.
Last Friday, the federal district court in Nevada held that the non-profit organization Center for Intercultural Organizing’s posting of a copyrighted news article was a non-infringing fair use. The well-reasoned opinion sets a powerful precedent for fair use and against copyright trolling.
The newspaper article at issue was originally published by Stephens Media’s Las Vegas Review-Journal newspaper. Per its standard practice, copyright troll Righthaven LLC found it online and entered into a scheme with Stephens Media, under which the publisher purportedly assigned the right to sue to Righthaven. The litigation factory would then carry on the litigation at its own expense, splitting any proceeds with Stephens Media (less expenses).
EFF is very pleased to announce the newest staff attorney to join our legal team, Hanni Fakhoury. Hanni is an experienced criminal defense attorney, who will focus on the intersection of technology and criminal law and join our Coders' Rights Project, which protects programmers and developers engaged in technology innovation and research.
Prior to joining EFF, Hanni worked as a federal public defender in San Diego. In less than four years, he tried fourteen felony jury and bench trials and argued before the Ninth Circuit Court of Appeals four times, winning three reversals. While in law school, Hanni worked at the federal public defender's office in Sacramento, where he obtained acquittals in one jury trial and two bench trials.
If you sometimes find yourself needing an open wireless network in order to check your email from a car, a street corner, or a park, you may have noticed that they're getting harder to find.
Stories like the one over the weekend about a bunch of police breaking down an innocent man's door because he happened to leave his network open, as well as general fears about slow networks and online privacy, are convincing many people to password-lock their WiFi routers.
The gradual disappearance of open wireless networks is a tragedy of the commons, with a confusing twist of privacy and security debate. This essay explains why the progressive locking of wireless networks is harmful — for convenience, for privacy and for efficient use of the electromagnetic spectrum.
Like so many others, we were stunned to learn that law professor, cartoonist, copyfighter and digital rights stalwart Professor Keith Aoki passed away earlier this week. Keith, who started at the University of Oregon then moved to U.C. Davis, was a longtime friend to EFF and one of the law professors we came to count on in our many battles for your rights online.
Keith will likely be most remembered, outside academia, for the brilliant cartoons he drew for Bound by Law, his project with James Boyle and Jennifer Jenkins.
EFF recently received documents from the FBI that reveal details about the depth of the agency's electronic surveillance capabilities and call into question the FBI's controversial effort to push Congress to expand the Communications Assistance to Law Enforcement Act (CALEA) for greater access to communications data. The documents we received were sent to us in response to a Freedom of Information Act (FOIA) request we filed back in 2007 after Wired reported on evidence that the FBI was able to use “secret spyware” to track the source of e-mailed bomb threats against a Washington state high school.
EFF has been monitoring the Council of Europe (CoE) and its Internet policymaking process to ensure that they live up to their human rights commitments. A few weeks ago, we submitted detailed comments to the CoE’s Expert Committee on New Media’s draft recommendation and guidelines for social networking services. The Council of Europe is one of the most influential inter-governmental organizations shaping Internet policy. The Strasbourg-based organization is comprised of 47 Member States (more member countries than the total number of countries of the European Union) and its actions can have influence well beyond Europe’s borders. The CoE is particularly important in guiding international law—for better or worse. Its treaties can have teeth and are legally enforceable.