On Monday, the W3C announced that its Director, Tim Berners-Lee, had determined that the "playback of protected content" was in scope for the W3C HTML Working Group's new charter, overriding EFF's formal objection against its inclusion. This means the controversial Encrypted Media Extension (EME) proposal will continue to be part of that group's work product, and may be included in the W3C's HTML5.1 standard. If EME goes through to become part of a W3C recommendation, you can expect to hear DRM vendors, DRM-locked content providers like Netflix, and browser makers like Microsoft, Opera, and Google stating that they can now offer W3C standards compliant "content protection" for Web video.
"Secrecy in government is fundamentally anti-democratic...Open debate and discussion of public issues are vital to our national health. On public questions there should be 'uninhibited, robust, and wide-open' debate." —New York Times Co. v. U.S., 403 U.S. 713, 724 (1971) (Douglas, J., concurring).
"Computers are everywhere. They are now something we put our whole bodies into—airplanes, cars—and something we put into our bodies—pacemakers, cochlear implants. They HAVE to be trustworthy."
–EFF Fellow Cory Doctorow
The man alleged to be "Dread Pirate Roberts," the founder and operator of the Silk Road—an online marketplace where bitcoins were traded for a range of goods and services, including drugs—was arrested by the FBI in San Francisco yesterday. The criminal complaint, released today, provides many details about how the site and its users relied on widespread anonymity technology, including Tor and Bitcoin.
The increased attention on this technology is a good reminder about how important it is not to blame these tools for the actions of a small portion of their users. The public wouldn't tolerate a campaign to malign the car because of its utility as a getaway vehicle for bank robbers; we must apply the same critical thinking to essential privacy-preserving technology.
President Obama was scheduled to meet with the leaders of the other eleven countries negotiating the Trans-Pacific Partnership agreement ahead of the Asia-Pacific Economic Cooperation (APEC) meeting in Bali, supposedly to plan the “end-game” for this massive trade deal. However, he has made a sudden decision to cancel his trip, claiming that this was a casualty of the government shutdown. Obama's announcement adds to the impression that goal of completing TPP at APEC has become unobtainable and reveal how precariously the negotiations are going.
Three major British privacy organizations on Thursday launched an important legal challenge to the United Kingdom’s participation in the massive global surveillance scandal. To support the case as an expert witness, I submitted a 32-page statement laying out much that is publicly known about the National Security Agency’s PRISM and UPSTREAM programs, and explained how US law offers no protections for non-US persons against spying by the agency.
The National Security Agency (NSA) has finally admitted to tracking the cell phone location of Americans. For two years, in 2010 and 2011, the spy agency ran an “experiment” pilot project in which they wanted to test how location information would flow into their massive databases containing other information on Americans.
As the New York Times reported on Wednesday, “it was unclear how many Americans’ locational data was collected as part of the project, whether the agency has held on to that information or why the program did not go forward.”
What’s clear to us is this was a massive invasion of privacy.
A group of prominent technologists submitted a letter today to the NSA Review Group, a body charged with conducting a review of NSA activities that does not currently have a technologist as a member. The letter urges the Review Group to seek assistance from independent technologists in order to conduct a thorough review, and that NSA oversight more broadly requires greater transparency with respect to the technical mechanisms used to conduct surveillance.
Friday, October 11th at 7:00 pm
We've long suspected that the NSA, the world's premiere spy agency, was pretty good at breaking into computers. But now, thanks to an article by security expert Bruce Schneier—who is working with the Guardian to go through the Snowden documents—we have a much more detailed view of how the NSA uses exploits in order to infect the computers of targeted users. The template for attacking people with malware used by the NSA is in widespread use by criminals and fraudsters, as well as foreign intelligence agencies, so it's important to understand and defend against this threat to avoid being a victim to the plethora of attackers out there.
How Does Malware Work Exactly?
There's an eerie similarity between the National Security Agency spying uncovered in the 1970s, which included the intelligence community spying on political activists and the NSA's collection of every single international telegram being sent from the United States, and the NSA spying today. Back then, after journalists reported on the illegal actions of the NSA, President Gerald Ford appointed Vice President Nelson Rockefeller to spearhead a commission to look into the allegations of illegal actions by the intelligence community.
Three years ago, I wrote of the controversy surrounding the use of Electronic Voting Machines (EVMs) in India. A study by 2010 EFF Pioneer Award winner Hari Prasad and others showed that the EVMs could be hacked. For his troubles, Prasad was charged criminally for alleged theft of the EVM that was studied.
The charges against Prasad have long since been dropped, but the controversy surrounding India's electronic voting machines continues. Some have advocated that the EVMs be abandoned completely, and that India should go back to using old fashioned paper ballots. Others have claimed that the EVMs can be made more secure, but only if a Voter Verifiable Paper Audit Trail (VVPAT) is added.
While many federal employees and the American public have been negatively affected by the US government shutdown, there is one group of people who can probably take solace: those who need to be held to account for the NSA surveillance scandal.
Before the shutdown, there were two allegedly “independent” investigations into NSA spying activities taking place—one through the Office of the Director of National Intelligence and one through the Privacy and Civil Liberties Oversight Board (PCLOB). We have heavily criticized these committees for their close ties to the White House and DNI, the same bodies in charge of the NSA, but certainly some investigation is better than nothing.
EFF is joining more than 30 major Canadian organizations to form the largest pro-privacy coalition in Canadian history. With the Canadian Parliament set to resume, the Protect Our Privacy Coalition has banded together to ensure Canadians get effective legal measures to protect their privacy against government intrusion.
The broad-based coalition includes organizations and individuals from a wide range of political perspectives, including citizen groups, civil liberties groups, privacy advocates, right-leaning organizations, First Nations groups, labour groups, small businesses, LGBT groups, and academic experts, all of whom have signed onto this statement:
There has been quite a bit of news lately that you have applied for a patent on bill splitting. It's a helpful tool—we've all been to restaurants or lived with housemates and have needed a convenient way of calculating and tracking who owes what. But this technology already exists—and it has existed for a while. The fact that you feel compelled to file for this patent only further proves how broken the system is.
The Committee to Protect Journalists has released its first-ever special report on freedom of the press in the United States. For many years, CPJ has documented attacks on journalists in many countries around the world. The report focused on how policies and practices of the Obama administration disrupt relationships between journalists and government sources, allow officials to circumvent scrutiny by the press, and create a chilling environment for whistleblowers who might otherwise serve as journalistic sources. The report also discusses the ramifications of NSA surveillance, which leaves journalists and their sources reluctant to communicate electronically.
Close your eyes, can't happen here
Big bro' on white horse is near
The hippies won't come back you say
Mellow out or you will pay
Mellow out or you will pay!
Now it's 1984
Knock-knock at your front door
It's the suede denim secret police
They have come for your uncool niece
- "California Über Alles," Dead Kennedys
For the third straight year, California Governor Jerry Brown vetoed common sense electronic privacy legislation, ensuring that California remains behind the rest of the country when it comes to technology law and policy.
Dear comic/sci-fi/fantasy/etc. convention organizers:
You may have read about the galactic frack-up at New York Comic-Con last week, in which hundreds of convention-goers learned that NYCC was posting hideously uncreative, gratuitously gleeful promotional tweets from their personal Twitter accounts. As a convention organizer yourself, these tweets and the subsequently trollful complaints may have filled up your feed. Nightmares of similar PR disasters may have (should have) have kept your heart racing as you tried to sleep.
NYCC attendees contacted us to ask what can be done about it, and that's why I entreat you today to think thoroughly through future attempts to lever technology against the fandoms, particularly when it comes to linking convention badges to personal data, including location.
Given the recent revelations about just how pervasive the government's electronic surveillance has been, it's no surprise these surveillance programs are popping up in criminal cases, as defense attorneys are finding gaps in how the government collected particular pieces of electronic evidence on their clients. A new amicus brief we filed today with the ACLU and the ACLU of Northern California in a drug case in San Francisco federal district court asks the court to order the government to fill these gaps.
Creative Commons, the non-profit best known for its copyright licenses that allow creators to voluntarily waive certain automatically-granted exclusive rights, has released a powerful new policy statement supporting fundamental copyright reform around the globe. This statement works to counter any argument that simply having a set of voluntary permissive copyright licenses available to rightsholders reduces the need for actual policy reform.
Back in 2008, a young Moroccan engineer named Fouad Mourtada became the first person in his country to be arrested for a social networking-related offense. His crime? Something that happens all over the world every day...Mourtada created a Facebook profile representing one of the Moroccan princes. While Mourtada claimed he was merely a fan, he was prosecuted for identity theft and reportedly beaten in custody. After 43 days in jail and a global campaign for his release, he was finally granted a royal pardon.
Google recently announced an update to its Terms of Service, focused on displaying your profile name and photo next to advertisements and reviews. The new feature, which goes into effect on November 11, is called Shared Endorsements and will allow you to share your recommendations (whether a +1 on Google Play or a restaurant rating on Google Maps) with your connections.
A link is just a link...except when it isn’t. In one ongoing case in Morocco, the act of linking to a news article that linked to a YouTube video that was posted by a terrorist group has landed a prominent editor in jail, charged with “material assistance” to a terrorist group, “defending terrorism,” and “inciting the execution of terrorist acts.”
The content lobby's narrative about the Internet's impact on the creative industry has grown all too familiar. According to this tiresome story, Hollywood is doing everything it can to prevent unauthorized downloading, but people—enabled by peer-to-peer technologies, “rogue” websites, search engines, or whatever the bogeyman of the moment is—keep doing it anyway. As a result, say groups like the Motion Picture Association of America (MPAA), creators are deprived of their hard-earned and well-deserved profits and have little incentive to keep creating.
There's a lot that's wrong with this story (like the assumption that most copyright royalties actual end up in the pockets of the artists). But one of the most pernicious aspects is the idea that Hollywood is actually making a sincere effort to meet user demand.
Today kicks off the sixth annual global Open Access Week. Open Access Week is at once a celebration and a call to action. Universities, libraries, organizations, and companies are hosting events all around the world to promote the ideals of open access: free, online availability of and unfettered access to scholarly works.
This year's Open Access Week is a special one. After many years of collective effort, we are very close to real reform on the federal and state level, and more and more researchers are taking steps, as individuals, to improve public access to their work.
EFF has joined a broad coalition of 14 public interest groups today in delivering a letter to members of Congress, urging U.S. lawmakers not to grant the Obama administration "fast-track" authority for trade agreements, including the Trans-Pacific Partnership (TPP). The TPP is a complex multi-national agreement that could extend restrictive laws around the world and rewrite international rules of copyright enforcement in ways that could further restrict online rights.
Today, we are one giant step closer to real patent reform in the United States. Rep. Bob Goodlatte (R-VA), along with a broad bipartisan coalition, has introduced the Innovation Act of 2013, comprehensive legislation that, if passed, would severely limit trolls' ability to continue their trolly behavior. The bill is cosponsored by Reps. Zoe Lofgren (D-CA), Spencer Bachus (R-AL), Jason Chaffetz (R-UT), Howard Coble (R-NC), Peter Defazio (D-OR), Anna Eshoo (D-CA), Blake Farenthold (R-TX), Lamar Smith (R-TX), Tom Marino (R-PA), and George Holding (R-GA).
As text messages become a universal method for personal communication across the country, courts are struggling with applying quill-era Fourth Amendment principles to the modern form of communication. A new amicus brief we filed in a case before the Rhode Island Supreme Court explains that no matter the medium, conversations should be protected by the Fourth Amendment's prohibition against warrantless searches. That includes text messages stored on someone else's phone.
The Intelligence Committee Bills Must be Stopped
Many of NSA reform bills going through Congress are encouraging, but the most important priority for those who want to stop the spying is to stop the bill by the Intelligence Committees of the House and Senate. The Chairs of each have confirmed that the (still secret) bill is aimed at continuing collection of everyone American's phone records unabated. The bill will likely provide some window dressing of limited transparency, while shoring up the legal basis for the spying.
Today EFF, together with Public Knowledge, filed an amicus brief in Nautilus v. Biosig Instruments. This case deals with a key problem with the patent system: the flood of vague and ambiguous patents. The petitioner is asking the Court to take the case and restore the Patent Act’s requirement that patent claims be definite. In other words, that patents actually put people on notice, in advance, of what they cover and what they do not.
You might think that if the US Supreme Court's ruling that a GPS device was a "search," the inevitable conclusion is that police would need a warrant to install a GPS device on a car. After all, warrantless searches are per se unreasonable under the Fourth Amendment (except in few limited exceptions), so the absence of a warrant would make the search unconstitutional.
In previous posts we've covered many of the ways the copyright provisions in the Trans-Pacific Partnership (TPP), a massive trade deal between 12 Pacific countries, could undermine users' rights. But those are just the tip of the iceberg. What may really sink the Titanic is a rather obscure but very dangerous section covering foreign investment.
Ever since Google issued its first transparency report in early 2010, EFF has called on other companies to follow suit and disclose statistics about the number of government requests for user data, whether the request they receive is an official demand (such as a warrant) or an unofficial request. After all, users make decisions every day about which companies they trust with their data, therefore companies owe it to their customers to be transparent about when they hand data over to governments and law enforcement.
One of the core messages of Open Access Week is that the inability to readily access the important research we help fund is an issue that affects us all—and is one with outrageous practical consequences. Limits on researchers' ability to read and share their works slow scientific progress and innovation. Escalating subscription prices for journals that publish cutting-edge research cripple university budgets, harming students, educators, and those of us who support and rely on their work.
But the problems don't stop there. In the digital age, it is absurd that ordinary members of the public, such as healthcare professional and their patients, cannot access and compare the latest research quickly and cheaply in order to take better care of themselves and others.
Take the case of Cortney Grove, a speech-language pathologist based in Chicago, who posted this on Facebook:
We have praised the Innovation Act of 2013, introduced this week by House Judiciary Committee Chairman Rep. Bob Goodlatte (R-VA) and co-sponsored by a bipartisan coalition, as the best patent troll-killing bill yet. We support the bill because it offers a host of fixes to the growing patent troll problem. Taken together, these reforms will help stop the abusive patent litigation that has targeted everyone from grocery stores to podcasters.
One of the trends we've seen is how, as the word of the NSA's spying has spread, more and more ordinary people want to know how (or if) they can defend themselves from surveillance online. But where to start?
The bad news is: if you're being personally targeted by a powerful intelligence agency like the NSA, it's very, very difficult to defend yourself. The good news, if you can call it that, is that much of what the NSA is doing is mass surveillance on everybody. With a few small steps, you can make that kind of surveillance a lot more difficult and expensive, both against you individually, and more generally against everyone.
Here are ten steps you can take to make your own devices secure. This isn't a complete list, and it won't make you completely safe from spying. But every step you take will make you a little bit safer than average. And it will make your attackers, whether they're the NSA or a local criminal, have to work that much harder.
The field of "mobile location analytics"—where tracking companies work with brick-and-mortar retail stores to collect insights about customer behavior based on fine-grained location information harvested from mobile phones—has taken a small step towards self-regulation with a new code of conduct published this week.
In 2010, Auernheimer's co-defendant Daniel Spitler discovered that AT&T configured its website to automatically publish an iPad user's e-mail address when the server was queried with a URL containing the number that matched an iPad's SIM card ID. Spitler collected approximately 114,000 email addresses, and Auernheimer talked about the discovery to several news outlets and Gawker published a story about it. Auernheimer was convicted of violating the CFAA and identity theft and sentenced to 41 months in prison.
The government released a second batch of documents yesterday in response to EFF's ongoing FOIA lawsuit for information concerning Section 215 of the Patriot Act—the provision of law the government relies on to compel the disclosure of records of millions of Americans' calls.
One document, in particular, confirms what in recent months has become abundantly clear: the NSA is unwilling to submit to meaningful and effective oversight and seems unwilling to recognize the extraordinarily sensitive nature of the information it collects.
David Plotz: People have a misguided belief in it, but, in general, the fact that anonymity is increasingly hard to get—Facebook doesn't permit it, most commenting on a lot of sites doesn't permit it—there's a loss when you don't have anonymity.
Emily Bazelon: Oh god, I am so not with you on this one. There is a loss if you're, like, a political dissident in Syria. If you are in this country, almost all of the time, there is a net gain for not having anonymous comments. We so err on the side of 'Oh, free speech, everywhere, everywhere, let people defame each other and not have any accountability for it.' And I think in free societies, that is generally a big mistake. And yes, you can make small exceptions for people who truly feel at risk, like victims of domestic violence are an example, but most of the time it is much healthier discourse when people have to own up to what they are saying.
When it comes to searching the most sensitive part of our bodies—our DNA—the Fourth Amendment's prohibition against unreasonable searches and seizures should be a strong bulwark, keeping the government out of our most personal and private biological information. But in the last few years, those protections have been eroded as courts throughout the country, including the US Supreme Court, have approved of the warrantless DNA collection of people arrested for crimes—individuals who are presumed to be innocent in the eyes of the law. A new amicus brief we filed on Monday argues that these decisions don't mean the complete death of Fourth Amendment protection from DNA collection.
Patent trolls are facing another legislative threat from Sen. Orrin Hatch (R-UT), who today introduced the Patent Litigation Integrity Act (S. 1612). This bill is a fairly simple—but very important—one that would curb patent trolls' dangerous litigation practices. We strongly support the bill and sent Sen. Hatch a letter today saying as much.
Encryption is one of the most important ways to safeguard data from prying eyes. But what happens when those prying belong to the government? Can they force you to break your own encryption and provide them with the information they want?
In a new amicus brief, we explain that the Fifth Amendment privilege against self-incrimination prohibits the government from forcing someone to decrypt their computer when they're suspected of a crime.
Ayer, la Comisión Interamericana de Derechos Humanos (CIDH) realizó la primera audiencia pública donde examinó directamente los programas de vigilancia masiva realizados por las Oficinas de Seguridad de los Estados Unidos (NSA) desde la óptica de los estándares interamericanos de derechos humanos.
Ante la evidencia pública de una intrusión no solo en las comunicaciones de ciudadanos del mundo, si no de líderes y miembros del gobierno, de países tan diversos como Alemania, México y Brasil, queda claro que la intención escapa a la mera protección de la seguridad nacional.
Just in time for Halloween, the Washington Post has brought us a horror story about U.S. and U.K. intelligence agencies reading massive amounts of private data directly off of the internal communications infrastructure of U.S. Internet giants Google and Yahoo.
The Post's report reveals that the spy agencies tapped into the internal, private fiber-optic links between the companies' data centers. This gave the spooks a view into corporate and customer data moving between data centers—data that the companies likely didn't encrypt because they viewed these dedicated private links as secure. That means that the private communications of millions of ordinary users, both foreign and domestic, were exposed to surveillance by the intelligence agencies.
US lawmakers may soon introduce legislation to give the Trans-Pacific Partnership (TPP) a “fast-track” through Congress. Senate Finance committee leaders Sen. Max Baucus and Sen. Orrin Hatch have renewed their call to pass such fast-track legislation and hand over Congress' constitutional power to set the terms of US trade policy. Instead, under fast-track, (also known as Trade Promotion Authority) lawmakers would be limited to an up-or-down vote, and shirk their responsibility to hold proper hearings on its provisions.
The bipartisan Innovation Act is the best bill yet when it comes to fighting patent trolls. This post is the first of a series explaining the bill's various provisions. While the Innovation Act won't fix every problem with the patent system, it includes a powerful set of proposed reforms that—taken together—will significantly reduce the threat of abusive patent trolls.
Join us in supporting the Innovation Act. Take action and contact your member of Congress now.
Sen. Dianne Feinstein, the chairman of the Senate Intelligence Committee and one of the NSA’s biggest defenders, released what she calls an NSA “reform” bill today.
Don’t be fooled: the bill codifies some of the NSA’s worst practices, would be a huge setback for everyone’s privacy, and it would permanently entrench the NSA’s collection of every phone record held by U.S. telecoms. We urge members of Congress to oppose it.