This week EFF released a new version its HTTPS Everywhere extension for the Firefox browser and debuted a beta version of the extension for Chrome. EFF frequently recommends that Internet users who are concerned about protecting their anonymity and security online use HTTPS Everywhere, which encrypts your communications with many websites, in conjunction with Tor, which helps to protect your anonymity online. But the best security comes from being an informed user who understands how these tools work together to protect your privacy against potential eavesdroppers.
Syrian Citizen Journalists Face Increasingly Grave Threats
We recently reported on the Syrian government raid on the Syrian Center for Media and Freedom of Expression, during which two bloggers and more than a dozen activists were arrested. The six women arrested have now been conditionally freed and are required to report to state security offices daily. However, nine men including blogger Hussein Ghrer and Mazen Darwish, the director of the Center, remain imprisoned.
Ridden the bus or train lately? Then you’ve probably checked your phone to find out when it will arrive. Or if you shop online, you’ve probably checked to see when your packages will arrive. If patent troll ArrivalStar has its way, this could all change. ArrivalStar has launched a blitzkrieg against municipalities and the U.S. Postal Service, among others, claiming that these types of tracking services infringe its patent, leaving those defendants with a few stark choices: fight the expensive lawsuit for years in court, settle and pay ArrivalStar to go away, or stop using the technology altogether (and even then, the municipalities could be forced to pay for their earlier use). ArrivalStar's dangerous suits show no sign of letting up: just this week, it sued Monterey, California and Cleveland.
Mobile smartphone apps represent a powerful technology that will only become more important in the years to come. But the unique advantages of the smartphone as a platform—a device that's always on and connected, with access to real world information like user location or camera and microphone input—also raise privacy challenges. And given the sensitivity of the data that many consumers store on their phones, the stakes are even higher for manufacturers, carriers, app developers, and mobile ad networks to respect user privacy in order to earn and retain the ever-important trust of the public.
Two weeks ago, Gawker’s Adrian Chen published a leaked copy of Facebook’s Operations Manual for Live Content Moderators, which the company uses to implement the rules and guidelines that determine which content will be allowed on the platform. The document was widely ridiculed for a variety of reasons, from the attitudes expressed toward sex and nudity (photos containing female nipples are banned, as is any “blatant (obvious) depiction of camel toes or moose knuckles”), to its lenient attitude towards gore (crushed heads and limbs are permitted “so long as no insides are showing”), to its arbitrary ban on photos depicting drunk, unconscious, or sleeping people with things drawn on their faces.
EFF is pleased to see that Websense, a company that produces Internet filtering technology, has issued a statement against Pakistan’s call for proposals [PDF] for companies to assist with their pervasive censorship plans. Websense’s statement, posted on their website also calls upon other producers of filtering technology to refuse complicity with Pakistan’s plans, which run counter to the right to free expression enshrined in Article 19 of the Universal Declaration of Human Rights.
The Mexican government today adopted a surveillance legislation that will grant them warrantless access to real time user location data. The bill was adopted almost unanimously with 315 votes in favor, 6 against, and 7 abstentions. It has been sent to the President for its approval.
Recently, Salon’s Glenn Greenwald reported that Idaho billionaire and CEO of Melaleuca, Inc., Frank VanderSloot, has been engaged in a systematic campaign to silence journalists and bloggers from publishing stories about his political views and business practices. VanderSloot and Melaleuca have targeted national news organizations and small town bloggers alike by issuing bogus legal threats alleging defamation and copyright infringement in an attempt to keep legitimate newsworthy information from being released to the public.
A few weeks ago, we started seeing reports of a Trojan called Darkcomet RAT on computers belonging to Syrian activists which would capture webcam activity, disable the notification setting for certain antivirus programs, record key strokes, steal passwords, and more--and send that sensitive information to an address in Syrian IP space. Symantec's writeup and recommendations are available here.
Now we've seen reports of new malware, Xtreme RAT, which sends data back to the same address in Syrian IP space and whose release appears to predate the Darkcomet RAT Trojan. Reports indicate the Trojan is being spread through email and chat programs. The malware was used to log keystrokes and take screenshots of the victim's computer, and it is likely that other functionality was also used.
This week Mozilla introduced Boot to Gecko (B2G), a mobile standalone operating system (OS) that is HTML-5, Linux based, and open source. In addition, it is the first implementation of Do Not Track at the operating system level, and not just at the web-browser level. It's an encouraging step by the Mozilla Foundation to insert open web standards and privacy protections among the walled gardens and proprietary-based OS software in the mobile environment.
This weekend kicks off one of EFF's favorite events: South by Southwest (SXSW). This year, in addition to a number of exciting panels, the EFF team will also be having a party! We’re all really excited to see you there, and hope that you’ll stop by our Trade Show booth (#723) to learn more about our work and pick up some swag.
In addition to the panels featuring members of the EFF team outlined below, we've also dug through the schedule to find a few gems that EFF fans will love. Read on for more details…
Danish Police Accidentally Block 8,000 Sites
For years, Denmark has continued to block websites hosting sexually abusive images of children. In a recent attempt to do so, Danish police accidentally censored thousands of websites for several hours, including Google and Facebook. Visitors to the blocked sites were met with a page stating that the sites had been made inaccessible by the country's High Tech Crime Unit.
Attorney General Eric Holder gave a much publicized speech at Northwestern law school on Monday, in which he attempted to explain the Obama administration’s constitutional authority for killing U.S. citizens abroad without judicial oversight. Holder in part claimed that there is a difference between “due process” and “judicial process”, the latter of which—according to him—is not guaranteed under the Constitution.
Last fall, we filed a brief asking the Federal Circuit to rehear Ultramerical v. Hulu, a case that found an abstract idea patentable when the invention took place on the Internet. The Federal Circuit declined, so now we've raised the stakes. In a brief filed today, EFF, along with CCIA and Red Hat, asked the Supreme Court to take a look and reverse this dangerous case that only further confuses the standard for what is too abstract to be patented (which is already somewhat of a mess).
In the last two months, two different federal courts have ruled on whether the Fifth Amendment's right against self-incrimination applies to the act of decrypting the contents of a computer. We wrote amicus briefs (PDF) in each case arguing the Fifth Amendment did prevent forced decryption when that act would incriminate a witness. And while our arguments were similar in both courts, the results were different.
Congress is doing it again: they’re proposing overbroad regulations that could have dire consequences for our Internet ecology. The Cyber Intelligence Sharing and Protection Act of 2011 (H.R. 3523), introduced by Rep. Mike Rogers and Rep.
Like many operating systems, Ubuntu stores information about how you use your computer. This is often convenient because it helps you quickly open recently used documents or search recently used folders. But it also means that anyone with access to your computer can learn these things as well. In the upcoming release, Ubuntu 12.04 (currently in beta, to be released April 26) is introducing operating system-wide privacy settings that let you delete portions of your activity log, disable logging for specific types of files and applications, or disable activity logging altogether.
A new iPhone app called Highlight is poised to be this year's breakout hit at South by Southwest, the Austin tech and media conference that has become known as a web service kingmaker after launching services like Twitter and Foursquare to a wide audience in years past. In the context of a major tech conference, Highlight makes an appealing promise: let it run in the background of your phone, persistently collecting your location data, and it will notify you when your friends, their friends, or people with shared interests are nearby. Highlight is only the most prominent in a collection of apps offering this sort of "ambient social networking."
On Tuesday March 6, the French National Assembly (Assemblée Nationale) passed a law proposing the creation of a new biometric ID card for French citizens with the justification of combating “identity fraud”. More than 45 million individuals in France will have their fingerprints and digitized faces stored in what would be the largest biometric database in the country. The bill was immediately met with negative reactions. Yesterday more than 200 members of the French Parliament referred it to the Conseil constitutional, challenging its compatibility with European’s fundamental rights framework, including the right to privacy and the presumption of innocence.
Coders, free speech advocates, game developers, and a host of others flocked to Mighty in San Francisco on March 8 for EFF’s 22nd birthday bash. It was a terrific reunion for a community united in the fight to keep the Internet free and open and to protect free speech and privacy rights in the digital realm. EFF would like to thank the Humble Bundle for helping to make the evening possible.
Late Friday, the federal district court in Nevada issued a declaratory judgment that makes it harder for copyright holders to file lawsuits over excerpts of material and burden online forums and their users with nuisance lawsuits.
The judgment – part of the nuisance lawsuit avalanche started by copyright troll Righthaven – found that Democratic Underground did not infringe the copyright in a Las Vegas Review-Journal newspaper article when a user of the online political forum posted a five-sentence excerpt, with a link back to the newspaper's website.
For a majority of users, the Internet is a space that encourages free expression and the valuable exchange of ideas. Unfortunately, there are numerous cases around the world in which various forces act to silence people's voices online.
Today kicks off Sunshine Week—a week dedicated to focusing on the importance of open government and ensuring accountability for government officials at the federal, state and local levels. To celebrate, EFF is kicking off a new weekly feature to highlight important news regarding government transparency. We will report on important Freedom of Information Act (FOIA) requests filed by EFF and other organizations, discuss important court cases, provide links to new FOIA releases by the government (voluntarily or through lawsuit), and track any progress—or lack thereof—made in important open government initiatives.
The U.S. Supreme Court’s recent ruling that warrantless installation of GPS devices violates the Fourth Amendment – United States v. Jones (PDF) – is already percolating through the court system, which is good news for our privacy rights. Today, in a two sentence order (PDF), the Ohio Supreme Court vacated a lower court's opinion that upheld the installation of a GPS device without a warrant, and ordered the court to apply Jones. EFF and a number of civil liberties organizations filed an amicus brief (PDF) in the Ohio case last year, urging just such a result.
UPDATE: National Assembly Member Bushra Gohar confirmed to the The Express Tribune that the Pakistani Ministry of Information Technology will withdraw its plans to subsidize a national blocking and filtering system. An official statement is due tomorrow.
As Sunshine Week rolls on, we wanted to highlight EFF’s transparency work over the past year. In an era of excessive government secrecy, the FOIA process is becoming increasingly vital to both keeping the public informed and holding the government accountable.
During the past year, EFF’s FOIA team filed over 30 different FOIA requests, to dozens of federal agencies, seeking information on the government's use of technology and its effect on civil liberties. When the government doesn't respond to our requests, we are sometimes forced to file suit: in 2011, we filed three new lawsuits, and are currently litigating four others, stemming from the government's failure to release the records we've requested.
Update on Pakistan’s plans for national censorship program
US company McAfee has just announced that they will not submit a proposal to create and implement a national blocking and filtering system in Pakistan. Their response came after pressure from various local and international groups including the EFF, Access, and the Business and Human Rights Resource Center.
Last week, EFF reported on two instances of pro-Syrian-government malware targeting Syrian activists through links sent in chats and emails. This week, we've seen new Windows malware dropped by a fake YouTube site hosting Syrian opposition videos.
Below is a screenshot of the fake YouTube page, which attacks users in two ways: it requires you to enter your YouTube login credentials in order to leave comments, and it installs malware disguised as an Adobe Flash Player update.
On the heels of President Obama's recent introduction of a Privacy Bill of Rights, the Digital Advertising Alliance (DAA), the latest self-regulatory organization for online advertising, agreed to support widespread implementation of Do Not Track (DNT) browser headers. This is a laudable step, and in the coming months the responsibilities for how websites respond to the signal will be articulated in multistakeholder meetings through the W3C's Tracking Protection Working Group. One conspicuous absence from the Do Not Track discussions is Facebook. As a company that tracks millions of users around the web, Facebook needs to follow in the footsteps of Google, Microsoft, Yahoo!, and others by committing to respect user choice.
In honor of Sunshine Week, yesterday we reviewed what EFF’s Freedom of Information Act requests revealed in the past year. Today, we’ll take a look at the FOIA lawsuits we filed last year and the information we hope the suits will provide.
Secret Interpretation and Use of the Patriot Act
As we noted in an earlier post, EFF received the first batch of records from the DOJ in our FOIA lawsuit related to Section 215 of the PATRIOT Act yesterday. The government released approximately 300 pages of records to EFF, but (not surprisingly) none of those records shed any light on the information EFF sought in the first place -- the government's secret interpretation and use of Section 215.
Last Friday marked the end of Sunshine week, a national initiative to promote dialogue about the importance of open government and freedom of information. It’s the third year for the Obama administration, which has been taken to task for reversing early promises on transparency. Have they improved? Here’s our review:
Ahead of Sunshine Week, the Obama administration debuted a welcome addition to government transparency: the newly-redesigned ethics.gov, which, as Politico reported, “puts various public records databases in a centralized location, including White House Visitor Records, lobbyist disclosure records, and campaign finance reports. Most of these databases were previously available online, but users can now search across all available datasets simultaneously.”
Last week, the San Francisco Board of Supervisors voted to pass the Safe San Francisco Civil Rights Ordinance, legislation that ensures that the San Francisco Police Department's counterterrorism activities are controlled by San Franciscans, rather than by the FBI. The ordinance requires San Francisco police officers working with the FBI's Joint Terrorism Task Force to obey San Francisco's civil rights laws, follow San Francisco's anti-spying policies, and subjects them to civilian oversight by San Franciscans.
There is a spate of proposed cybersecurity legislation working its way through the House and Senate. The bills are aimed primarily at facilitating cooperation regarding so-called “cybersecurity” issues among different branches of government as well as between government and the private sector. The bills range from being downright terrible to appropriately intentioned, yet they all suffer from the fundamental inability to clearly define the threats which are being defended against and the countermeasures that can be taken against those threats.
Last week, EFF joined eight international press and digital freedom organizations in sending a letter to the Vietnamese government to call on them to release five youth activists currently held in detention in Hanoi without access to legal counsel. The activists are all active bloggers and contribute to prominent citizen journalist sites.
Concerned individuals and organizations should send their own letters to Prime Minister Nguyen Tan Dung to support our opposition to the Vietnamese government's continuing crackdown on free expression. Addresses are provided below.
12 March 2012
Nguyen Tan Dung
Socialist Republic of Vietnam
Office of the State
1 Bach Thao
Re: Request for the immediate release of Dang Xuan Dieu, Ho Duc Hoa, Nguyen Van Duyet, Nong Hung Anh and Paulus Le Van Son, and the dismissal of all charges
Dear Prime Minister Nguyen Tan Dung,
Over the last few years, we've been battling laws that require a person arrested to give a DNA sample as part of the routine booking process. The law makes this DNA collection automatic and mandatory; law enforcement do not need a reason to collect the DNA and they can do so without a search warrant. Given the incredibly sensitive information that DNA can reveal about a person - details like a person's medical history, predisposition to disease and even sexual orientation - government access to this information must be strictly limited.
UPDATE: As expected, the Supreme Court send Myriad, the breast cancer gene case, back to the Federal Circuit for rehearing in light of its ruling in Mayo. Hopefully the Federal Circuit will accept the high court's invitation to hold that DNA is not patentable.
We're happy to report that the patent system is getting a much need jolt of sanity, in the form of a clear Supreme Court ruling affirming a basic, but sometimes forgotten, principle: laws of nature, and obvious methods of working with them, are not patentable.
On March 20, to coincide with the Iranian holiday of Nowruz, President Obama recorded a video message in which he offered assistance to the Iranian people in communicating beyond Iran's borders. Consistent with the Department of State's "Net Freedom" initiative, Obama issued new guidelines to make it easier for American businesses to provide software and services to Iranians in order to facilitate communications using free technologies (as opposed to paid ones). The new guidelines also include a "favorable licensing policy" through which U.S.
The former NSA official held his thumb and forefinger close together. “We are, like, that far from a turnkey totalitarian state,” he says. —Wired Magazine, April 2012
Last week, in Wired Magazine, noted author James Bamford reported on an expansive $2 billion “data center” being built by the NSA in Utah that will house an almost unimaginable amount of data on its servers, along with the world’s fastest supercomputers. Part of the purpose of this new center, according to Bamford, is to store “all forms of communication, including the complete contents of private emails, cell phone calls, and Google searches, as well as all sorts of personal data trails—parking receipts, travel itineraries, bookstore purchases, and other digital ‘pocket litter.’”
When it comes to the government's ability to search your electronic devices at the border, we've always maintained that the border is not an "anything goes" zone, and that the Fourth Amendment doesn't allow the government to search whatever it wants for any (or no) reason at all. And this week, the Ninth Circuit Court of Appeals agreed to rehear a case that gave the government carte blanche to search through electronic devices at the border.
Last week, RIAA CEO Cary Sherman confirmed that the country's largest ISPs will voluntarily roll out by July 1 a "graduated response" program aimed at discouraging unauthorized downloading. A Memorandum of Understanding published last summer outlines the program, which was developed without user feedback. Under the new system, a rightsholder accusing an ISP subscriber of infringment will trigger a series of ever-increasing consequences.
Salvadoran site threatened for reporting on organized crime
According to a report from the Committee to Protect Journalists (CPJ), Salvadoran site El Faro is under threat for investigative reporting conducted in February 2011 on an organized crime network in Northeast El Salvador. The crime ring, said CPJ, involved gang leaders, prominent businessmen, and local politicians, and resulted in journalists from the news site being followed and photographed. CPJ notes that Salvadoran journalists who report on organized crime in the country often report feeling threatened.
In the wake of a horrific rampage, in which Mohamed Merah (now dead after a 32-hour standoff with police) reportedly murdered three French soldiers, three young Jewish schoolchildren, and a rabbi, President Nicolas Sarkozy of France has begun calling for criminal penalties for citizens who visit web sites that advocate for terror or hate. "From now on, any person who habitually consults Web sites that advocate terrorism or that call for hatred and violence will be criminally punished," Sarkozy was reported as saying.
Reps. Joe Baca and Frank Wolf have introduced a bill this week that would require game publishers to add a "clear and conspicuous" warning label to most new video games. HR 4204, the Violence in Video Games Labeling Act, is only the most recent in a series of legislative attempts to restrict or otherwise hinder speech in the form of interactive media.
EFF has put together an action alert that lets you to tell your Congressmember that you stand against the unnecessary and burdensome regulation of speech in video games, and that she should too.
On Thursday, U.S. Attorney General Eric Holder signed expansive new guidelines for terrorism analysts, allowing the National Counter Terrorism Center (NCTC) to mirror entire federal databases containing personal information and hold onto the information for an extended period of time—even if the person is not suspected of any involvement in terrorism. (Read the guidelines here).
You might remember that late last year, Congress passed the America Invents Act, a largely toothless law that fails to address many of the biggest problems facing the patent system. In implementing that new law, the Patent and Trademark Office issued proposed guidelines for certain supplemental examination procedures. The PTO also recommended a huge increase in fees for filing certain patent reexaminations. As you might guess, this is a terrible idea.
Earlier today, the Federal Trade Commission (FTC) released its final report on digital consumer privacy issues after more than 450 companies, advocacy groups and individuals commented on the December 2010 draft report. The final report creates strong guidelines for protecting consumer privacy choices in the online world. The guidelines include supporting the Do Not Track browser header, advocating federal privacy legislation, and tackling the issue of online data brokers. We’re pleased by the flexible and user-centric nature of the privacy report, but we will continue to monitor how such principles are actually enacted.
Do Not Track & W3C