In an emergency hearing on March 19th, the government tried to convince the Northern District Court of California that the NSA should be relieved of its obligation to preserve evidence of dragnet collection of call records for the EFF's First Unitarian case. The arguments in court revealed an astounding level of obfuscation from government lawyers around the numerous lawsuits challenging NSA spying.
Representatives Mike Rogers and Dutch Ruppersberger, the leaders of the House Intelligence Committee, introduced HR 4291, the FISA Transparency and Modernization Act (.pdf), to end the collection of all Americans' calling records using Section 215 of the Patriot Act.
We were thrilled to hear today that Yahoo is carrying through a concerted effort to protect users across its sites and services by rolling out routine encryption in several parts of its infrastructure. The company's statement announced that, among other things, it now encrypts traffic between its data centers, makes secure HTTPS connections the default for some web sites, and has turned on encryption for mail delivery between Yahoo Mail and other email services that support it (like Gmail).
[Accessing] any part of a computer system without right. Cyber-squatting. Cybersex. Computer-related forgery. What do these things have in common? They are all punishable acts under Philippines’ Cybercrime Prevention Act.
After a two-week ban on the website imposed by Prime Minister Recep Tayyip Erdoğan, Turkey's Constitutional Court has ruled that the block breached freedom of expression. Access to Twitter was subsequently restored within the country.
The ban on Twitter drew widespread criticism both within and outside of Turkey. President Abdullah Gul, who hails from the same party as Erdoğan, spoke out against it. The White House issued a statement opposing the restriction, and Twitter itself condemned the choice, posting alternative options for tweeting to their @policy account.
This post has been written in collaboration with Fundacion Karisma in Colombia
Last February, the Colombian media revealed that the country’s intelligence service carried out widespread surveillance of key NGOs, journalists, and leftist politicians, including their own governmental team responsible for negotiating a peace agreement with the Colombian guerilla.
Today, April 4th is 404 Day. EFF, along with our friends at the National Coalition Against Censorship and the Center for Civic Media at MIT, are using today to call attention to blocked and banned websites in libraries and public schools across the country. Join us this afternoon, at 12pm PDT / 3pm EDT for a digital teach-in with some of the top researchers and librarians working to analyze and push back against the use of Internet filters on library computers. Use #404day on Twitter to send questions and comments our way.
You would think that by now the Internet would have grown up enough that things like online banking, email, or government websites would rely on thoroughly engineered security to make sure your data isn't intercepted by attackers. Unfortunately when it comes to the vast majority of websites on the Internet, that assumption would be dead wrong. That's because most websites don't yet support a standard called HSTS—HTTPS Strict Transport Security.1
Throughout April, the Electronic Frontier Foundation will receive 10% of ticket proceeds for HOPE X, the tenth biennial Hackers On Planet Earth conference founded by 2600 Magazine. For two decades, HOPE has cultivated a unique experience showcasing expert security research, software hacking, hardware hacking, civil liberties, art, and community. As staunch defenders of digital freedom and innovation, EFF is a proud participant.
While NSA surveillance has been front and center in the news recently, fusion centers are a part of the surveillance state that deserve close scrutiny.
Fusion centers are a local arm of the so-called "intelligence community," the 17 intelligence agencies coordinated by the National Counterterrorism Center (NCTC). The government documentation around fusion centers is entirely focused on breaking down barriers between the various government agencies that collect and maintain criminal intelligence information.
Today the European Court of Justice declared the EU's Data Retention Directive invalid, declaring that the mass collection of Internet data in Europe entailed a "wide-ranging and particularly serious interference with the fundamental rights to respect for private life and to the protection of personal data." The Directive ordered European states to pass laws that obliged Internet intermediaries to log records on their users' activity, keep them for up to two years, and provide access to the police and security services. The ECJ joins the United Nations' Human Rights Committee which last month called upon the United States to refrain from imposing mandatory retention of data by third parties.
EFF has long advocated for websites to support HTTPS instead of plain HTTP to encrypt and authenticate data transmitted on the Internet. However, we learned yesterday of a catastrophic bug, nicknamed "Heartbleed," that has critically threatened the security of some HTTPS sites since 2011. By some estimates, Heartbleed affects 2 out of 3 web servers on the Internet.
Since the SHIELD Act was introduced two years ago, momentum has been building for patent reform in Congress. And when the House overwhelmingly passed the Innovation Act in December, it seemed real legislation might be close at hand. Since then, the Senate has been thrashing out its version of a patent bill. We need to keep up the pressure to make sure that any final deal includes meaningful reforms that will slow the flood of patent troll litigation. With the Senate about to break for recess, the next few days could be crucial.
Recent events have shown us more than ever that the technologies we use and create every day have astonishing implications on our basic, most cherished rights. Tens of thousands more people have joined us in the past year alone—together, we're building a movement. But we need your help.
Today, we at EFF are unveiling new tools for student and community activists to engage in campaigns to defend our digital rights.
We want you to bring the fight to protect online civil liberties to cities, towns, and campuses across the country. We invite you—whether you're a newly minted activist or an experienced community organizer—to join our growing team of driven individuals and organizations actively working make sure that our rights are not left behind as we develop and adopt new technologies.
The Heartbleed SSL vulnerability presents significant concerns for users and major challenges for site operators. This article presents a series of steps server and site owners should carry out as soon as possible to help protect the public. We acknowledge that some steps might not be feasible, important, or even relevant for every site, so the steps are given in order both of their importance and the order they should be carried out.
1. Update Your Servers
If you haven't yet, update any and all of your systems that use OpenSSL for TLS encrypted communications. This includes most web servers, load balancers, cache servers, mail servers, messaging and chat servers, VPN servers, and file servers, especially those running on Linux, Unix, BSD, Mac OS X, or Cygwin.
Yesterday afternoon, Ars Technica published a story reporting two possible logs of Heartbleed attacks occurring in the wild, months before Monday's public disclosure of the vulnerability. It would be very bad news if these stories were true, indicating that blackhats and/or intelligence agencies may have had a long period when they knew about the attack and could use it at their leisure.
Case Argues Cisco Built Surveillance Tools Specifically Designed to Help Chinese Authorities Target Falun Gong
EFF filed a request to submit an amicus brief today in the Federal District Court of the Northern District of California, urging the Court to let a case entitled Doe v. Cisco Systems go forward against Cisco for its role in contributing to human rights abuses against the Falun Gong religious minority in China. China's record of human rights abuses against the Falun Gong is notorious, including detention, torture, forced conversions, and even deaths. These violations have been well-documented by the U.N., the U.S. State Department, and many others around the world, including documentation of China's use of sophisticated surveillance technologies to facilitate this repression.
What is a warrant canary?
A warrant canary is a colloquial term for a regularly published statement that a service provider has not received legal process that it would be prohibited from saying it had received. Once a service provider does receive legal process, the speech prohibition goes into place, and the canary statement is removed.
Warrant canaries are often provided in conjunction with a transparency report, listing the process the service provider can publicly say it received over the course of a particular time period. The canary is a reference to the canaries used to provide warnings in coalmines, which would become sick before miners from carbon monoxide poisoning, warning of the danger.
"Australia is ready for, and needs, a fair use exception now." These were the unambiguous words of the Australian Law Reform Commission's report investigating how to modernize the country's copyright laws. Specifically, the Commission called for a fair use doctrine that resembles that of the U.S., with the same four-factor balancing test.
Friday, April 4th was 404 Day - a day meant to call attention to Internet censorship in public schools and libraries in the United States. This censorship is the result of a well-meaning but misguided law, the Children's Internet Protection Act (CIPA), which ties federal funding for public schools and libraries to requirements to filter child pornography and content that is obscene or "harmful to minors." Unfortunately, bad and secretive filtering technology and over-aggressive filtering implementations result in the filtering of constitutionally-protected speech, among other problems.
New documents released by the FBI show that the Bureau is well on its way toward its goal of a fully operational face recognition database by this summer.
EFF received these records in response to our Freedom of Information Act lawsuit for information on Next Generation Identification (NGI)—the FBI’s massive biometric database that may hold records on as much as one third of the U.S. population. The facial recognition component of this database poses real threats to privacy for all Americans.
The DC Circuit Court of Appeals heard argument today in AF Holdings v. Does 1-1058, one of the few mass copyright cases to reach an appellate court, and the first to specifically raise the fundamental procedural problems that tilt the playing field firmly against the Doe Defendants. The appeal was brought by several internet service providers (Verizon, Comcast, AT&T and affiliates), with amicus support from EFF, the ACLU, the ACLU of the Nation's Capitol, Public Citizen, and Public Knowledge. On the other side: notorious copyright troll Prenda Law.
Let’s just imagine we could transport an Internet-connected laptop back to the 1790s, when the United States was in its infancy. The technology would no doubt knock the founders out of their buckle-top boots, but once the original patriots got over the initial shock and novelty (and clearing up Wikipedia controversies, hosting an AMA and boggling over Dogecoin), the sense of marvel would give way to alarm as they realized how electronic communications could be exploited by a tyrant, such as the one from which they just freed themselves.
Updates to the email privacy law called the Electronic Communications Privacy Act (ECPA) are long overdue. It's common sense that emails and other online private messages (like Twitter direct messages) are protected by the Fourth Amendment. But for a long time, the Department of Justice (DOJ) argued ECPA allowed it to circumvent the Fourth Amendment and access much of your email without a warrant. Thankfully, last year it finally gave up on that stance.
But now it appears that the Securities and Exchange Commission (SEC), the civil agency in charge of protecting investors and ensuring orderly markets, may be doing the same exact thing: it is trying to use ECPA to force service providers to hand over email without a warrant, in direct violation of the Fourth Amendment.
Donate a Few Hours to Help Us Create a Free Software Backend for Contacting Congress, Make the World a Better Place for Digital Rights
UPDATE (4/16/14): We're lowering the threshold for getting prizes, take a look below.
For years, EFF has been helping concerned technology users contact Congress. The EFF community stopped SOPA, we fought back privacy-invasive cybersecurity proposals, we are championing software patent reform, and now we’re demanding real NSA reform—not a fake fix.
While most courts in the United States are adversarial—each party presents its side and a jury, or occasionally a judge, makes a decision—in the Foreign Intelligence Surveillance Court (FISC), only the government presents its case to a judge. While typically two opposing sides work under public review to make sure all the facts are brought to light, in the FISC the system relies on a heightened duty of candor for the government. As is illustrated all too well by recent developments in our First Unitarian v. NSA case, this one-sided court system is fundamentally unfair.
In Armenia, online anonymity could be a luxury of the past if a bill that is currently before the Armenian parliament is passed. The bill would make it illegal for media outlets to publish defamatory content by anonymous or fake sources. Additionally, under this bill, sites that host libelous comments that are posted anonymously or under a pseudonym would be required to remove such content within 12 hours unless an author is identified.
You Asked: Tell us all your secrets.
SGT STAR: Good question. I'm not sure how to answer that. Please try rewording your question. I understand simple questions best.
You Asked: In that case, tell us everything.
SGT STAR: That is a good question, however, I am not positive that I understand what you're asking. Try rephrasing your question. I understand simple questions best.
Sgt. Star is the U.S. Army’s dedicated marketing and recruitment chatbot, and he isn’t going to turn whistleblower any time soon. There’s no use threatening him for answers either—he’s programmed to report that kind of hostility to the Army Criminal Investigation Division.
Two days ago, we asked web developers for help.
EFF and Sunlight Foundation published an open call for help testing a tool and populating an open data format that would make it easier for everyday people to contact members of Congress. We already had a prototype, but we needed volunteers to conduct tests on each and every Congressional website.
We expected the project would take about two weeks to complete, but feared it might take a month or longer. We worried that web developers wouldn’t want to spend hours working on a boring, frustrating, often technically complex task.
Instead, volunteers conquered the project in two days.
The patent office has issued its first ruling in our challenge to Personal Audio’s so-called podcasting patent. The Patent Trial and Appeal Board (PTAB) found that we have established a “reasonable likelihood” that we will prevail, based on two key pieces of “prior art” evidence. This isn’t a final ruling, but it is an important step forward.
Congress has been poised to move on powerful legislation to reform the NSA for months, so what’s slowing things down?
It’s been over ten months since the Guardian published the first disclosure of secret documents confirming the true depths of NSA surveillance, and Congress has still not touched the shoddy legal architecture of NSA spying.
There have been myriad NSA bills presented in Congress since last June. None of them are comprehensive proposals that fix all the problems. Many of them seem to be dead in the water, languishing in committee.
However, several proposals remain contenders. Some are deceptive fake fixes, disguised as reform while attempting to further entrench dragnet surveillance, while some of them are an excellent starting point for real change.
In the highly anticipated oral arguments of ABC v. Aereo yesterday, the Supreme Court expressed serious concerns about the unintended consequences that their ruling could have on technology and cloud services.
The start-up Aereo provides subscribers online access to a DVR that can hold recordings of over-the-air broadcasts made using dime-sized antennas in local markets where it's available. Broadcasters, which make a portion of their money from charging retransmission fees to cable companies, sued Aereo in New York and elsewhere on the theory that its user-directed transmissions are public performances under the law. As such, the broadcasters argue, it is infringing and need to be licensed.
All too often bills are proposed and laws are passed in the United States that are in grave violation of the United States' obligations under the International Covenant on Civil and Political Rights. And all too rarely does U.S. domestic policy get spoken about in terms of human rights laws. A case in point: the recent spate of bills responding to the unlawful mass surveillance conducted by the NSA revealed in the flood of disclosures from whistleblower Edward Snowden.
The NSA's actions are fundamentally at odds with the human rights to privacy, free expression, freedom of information, as well as the basic right to assemble and organize for change. Yet none of the current Congressional legislative proposals, or the expected legislation to be sponsored by President Obama, are good enough to fully comply with the United States' human rights obligations.
Across the Arab world, LGBTQ communities still struggle to gain social recognition, and individuals still face legal penalties for consensual activities. In Saudi Arabia, Yemen, and Iraq, homosexuality is punishable by death. In 2001, 52 men were arrested for being gay in Cairo. And in Syria, Algeria, and the United Arab Emirates, being outed as homosexual means facing years in prison. While activists in some countries, such as Lebanon, have made progress toward greater rights, personal security remains an imperative.
EFF recently filed comments with the Privacy and Civil Liberties Oversight Board (PCLOB) concerning Section 702 of the Foreign Intelligence Surveillance Amendments Act (FAA), one of the key statutes under which the government claims it can conduct mass surveillance of innocent people's communications and records from inside the US. EFF maintains that the government's activities under Section 702 that we know about are unconstitutional, not supported by the statutory language, and violate international law.
In an era when email and messaging services are being regularly subject to attacks, surveillance, and compelled disclosure of user data, we know that many people around the world need secure end-to-end encrypted communications tools so that service providers and governments cannot read their messages.
Narenji ("Orange") was Iran's top website for gadget news, edited daily by a team of tech bloggers who worked from a cramped office in the country's city of Kerman. The site was targeted at Iran's growing audience of technology enthusiasts. Like Gizmodo or Engadget in the United States, it had a simple but popular formula: mixed reviews of the latest Android and iPhones, summaries of new Persian-language apps and downloads, as well as the latest Internet memes (such as the ever-popular "An Incredible Painted Portrait of Morgan Freeman Drawn with a Finger on the iPad").
But now it’s gone. Narenji's front page is stuck in time as it was on December 3, when the entire Narenji team was rounded up by Iran's Revolutionary Guard and thrown into jail.
Federal Communications Commission Chairman Tom Wheeler is circulating a proposal for new FCC rules on the issue of network neutrality, the idea that Internet service providers (ISPs) should treat all data that travels over their networks equally. Unfortunately, early reports suggest those rules may do more harm than good.
The new rules were prompted by last January’s federal court ruling rejecting the bulk of the FCC’s 2010 Open Internet Order on the grounds that they exceeded the FCC’s authority, sending the FCC back to the drawing board.
According to reports, Chairman Wheeler’s new proposal embraces a “commercially reasonable” standard for network management. That standard could allow ISPs to charge companies for preferential treatment, such as charging web-based companies like Netflix or Amazon to reach consumers at faster speeds.
At the start of her opening address to the NETmundial conference in Sao Paolo this Tuesday, Brazil's President Dilma Rousseff ceremonially signed the Marco Civil, Brazil's long fought-for Internet Bill of Rights, into law. Even as she did so, activists from the floor below waved Ed Snowden masks and banners protesting the bill's inclusion of a data retention mandate.
It was a prefiguration of the battle between high hopes, user rights, anti-surveillance activism, and the forces of compromise that would take place in this forum over the next two days.
EFF has been on the road, traveling to cities and towns across the country to bring our message of digital rights and reform to community and student groups.
And while we had the tremendous opportunity to talk about our work and our two lawsuits against the NSA, the best part of the trip was learning about all of the inspiring and transformative activism happening everyday on the local level to combat government surveillance and defend our digital rights.
President Obama is on a diplomatic tour of Asia this week and one of his top priorities is the Trans-Pacific Partnership (TPP), a trade agreement that includes restrictive copyright enforcement measures that pose a huge threat to users’ rights and a free and open Internet. In particular, he's seeking to resolve some major policy disagreements with Japan and Malaysia—the two countries that have maintained resistance against some provisions in the TPP involving agriculture and other commodities. Despite some reports of movement on some of the most controversial topics during meetings between Obama and Japanese Prime Minister Abe, it seems that the TPP is still effectively at a standstill.
Today, April 26, is the day marked each year since 2000 as "Intellectual Property Day" by the World Intellectual Property Organization (WIPO). There are many areas where EFF has not historically agreed with WIPO, which has traditionally pushed for more restrictive agreements and served as a venue for domestic policy laundering, but we agree that celebrating creativity is a good thing.
Here's what the Deputy Solicitor General of the United States had to say during Tuesday's Aereo Supreme Court argument when asked directly whether a ruling might throw the United States out of line with international agreements:
We haven't made that argument. We we believe that existing U.S. copyright law properly construed is fully sufficient to comply with our international obligations. But that doesn't mean that we think that whenever a court misconstrues the statute, we will automatically be thrown into breach. It's certainly possible. But if this case were decided in Aereo's favor that some of our international trading partners might object, but I'm not going to take the position that we would concede those objections had merit, so we're not making that argument.
Patent reform language floated around the Hill last week while Congress was on recess. A recent draft included a retroactive effective date of April 24, 2014. While final phrasing for the upcoming Senate patent bill isn’t known, rumors of this start date were enough to spur action: on Wednesday, April 23—a day before reforms would presumably come into effect—trolls filed a total of 184 lawsuits against businesses big and small.
Clearly, the proposed reforms have patent trolls shaking in their boots.
Twenty-three governments have come together this week for the 4th annual Freedom Online Coalition (FOC) conference in Tallinn, Estonia—a meeting where FOC members work together to "coordinate their diplomatic efforts and engage with civil society" in order to advance Internet freedom worldwide.
Lately it seems every day has a big new patent story. Yesterday, the Supreme Court heard argument in an important case about the problem of vague and ambiguous patents. Today, the Court issued twin rulings, in Octane and Highmark, that will make it easier for defendants in patent cases to get attorney’s fees. This decision is bad news for patent trolls who bring weak cases and use the high cost of defense to extort settlements. While it’s a step in the right direction, we hope it will be followed by broader legislative reform curbing patent troll abuse.
We’ve written before about the dire consequences to online speech when service providers start acting like content police. These same consequences are applicable when financial services make decisions about to whom they provide services.