Nearly two years ago, along with the Media Legal Defence Initiative and with consent and input from his family, we submitted a petition to the UN Working Group on Arbitrary Detention (UNWGAD) for the release of Egyptian coder, blogger, and activist Alaa Abd El Fattah. Abd El Fattah was arrested on November 28, 2013, two days after participating in a peaceful demonstration against a law allowing Egyptian civilians to be tried in military courts. His arrest was conducted without a warrant, he was beaten by police officers, and authorities raided his home while his wife and child were present. He was later sentenced to five years in prison.
When Universities Sell Patents to Trolls, Publicly Funded Research Is Compromised
There’s been a lot of talk lately about the state of publicly funded research. Many, including EFF, have long called on Congress to pass a law requiring that publicly funded research be made available to the public.
EFF, ACLU, and a coalition of nearly two-dozen civil liberties and advocacy organizations and a union representative are urging the Uniform Law Commission (ULC) to vote down dangerous model employee and student privacy legislation.
The bill, the Employee and Student Online Privacy Protection Act (ESOPPA), is ostensibly aimed at protecting employee and student privacy. But its broad and vaguely worded exceptions and limitations overshadow any protections the bill attempts to provide. As our joint letter explains, ESOPPA will result in only further invasions of student and employee privacy.
EFF has joined with partners including MoveOn, CREDO, Daily Kos, and Demand Progress to call on Democratic Party Leader Nancy Pelosi to stop the Trans-Pacific Partnership (TPP) from going to a vote during the "lame duck" session of Congress following the November election.
EFF staffers will spread the online freedom message at 2600 Magazine's biennial Hackers on Planet Earth (HOPE) conference from July 22 to July 24. The Eleventh HOPE will take place at the historic Hotel Pennsylvania in New York and host numerous presentations on such diverse topics as automobile software hacking, pervasive surveillance, the blockchain, and fostering community.
Representatives from multiple teams at EFF will lead a flurry of activities over the long weekend in New York. HOPE attendees will have the opportunity to hear our talks about online freedom issues, participate in EFF's "capture the flag" hacking contest all weekend, and speak directly to EFF staffers at our vendor hall booth. Additionally, all New York area EFF members are invited to a Speakeasy meetup on Friday evening. Read on for more details.
This week a new Digital Economy Bill [PDF] has been tabled before the United Kingdom Parliament, tackling a diverse range of topics related to electronic communications infrastructure and services. Two of these give us serious concern, the first being a new regime restricting access to online pornography, and the other an expansion of criminal liability for copyright infringement.
One of our most valuable tools for protecting freedom of expression and innovation on the Internet—a law that shields websites and other Internet service providers from being held responsible for content that comes from users or third parties—has been under fire in recent years. The law, 47 U.S.C. § 230, a provision of the Communication Decency Act, was designed to encourage the development of new communication technologies and to protect free speech and the open exchange of ideas online. Just like you can’t hold a library liable for defamation for a statement written in a book you check out, or for hacking after someone breaks into a computer after learning how to do so from a library book, under Section 230, you can't hold a website liable for the speech of others.
Despite strong opposition in Congress and from the grassroots, the FBI is still pushing to expand its National Security Letter (NSL) authority. The proposed amendments would allow the FBI to serve companies with NSLs and obtain a wide range of Internet records, known as Electronic Communication Transactional Records (ECTRs), including browsing history.
Over the last 15 years, the FBI routinely exceeded its authority.
Last week, the Ninth Circuit Court of Appeals, in a case called United States v. Nosal, held 2-1 that using someone else’s password, even with their knowledge and permission, is a federal criminal offense. This dangerous ruling threatens to upend a good decision that the Ninth Circuit sitting en banc—i.e., with 11 judges, not just 3—made in 2012 in the same case. EFF filed an amicus brief in the case and our arguments were echoed by the strong dissent, authored by Judge Stephen Reinhardt.
EFF’s headline-making research earlier this year showed that T-Mobile’s Binge On program wasn’t exactly working as advertised. Now, researchers at Northeastern University and the University of Southern California have published a paper confirming EFF’s findings in detail—even revealing a major weakness in the program that would allow T-Mobile customers to trick the system.
When EFF analyzes state legislation regulating the operation of drones, we look for a few elements. How will the bill affect law enforcement use of drones? And how will the bill impact private drone use, whether for recreation, journalism, or innovative new business applications? Will the legislation protect the public from undue surveillance? Could it restrain the public’s ability to control its own technology?
The Affordable Care Act (ACA) provisions for employee wellness programs give employers the power to reward or penalize their employees based on whether they complete health screenings and participate in fitness programs. While wellness programs are often welcomed, they put most employees in a bind: give your employer access to extensive, private health data, or give up potentially thousands of dollars a year.
Sadly, the Equal Employment Opportunity Commission’s (EEOC) new regulations, which go into effect in January 2017, rubber stamp the ACA’s wellness programs with insufficient privacy safeguards. Because of these misguided regulations, employers can still ask for private health information if it is part of a loosely defined wellness program with large incentives for employees.
The World Wide Web Consortium has published a "Candidate Recommendation" for Encrypted Media Extensions, a pathway to DRM for streaming video.
A large community of security researchers and public interest groups have been alarmed by the security implications of baking DRM into the HTML5 standard. That's because DRM -- unlike all the other technology that the W3C has ever standardized — enjoys unique legal protection under a tangle of international laws, like the US Digital Millennium Copyright Act, Canada's Bill C-11, and EU laws that implement Article 6 of the EUCD.
Update July 14, 2016: Last week, the federal appeals court for the Ninth Circuit ruled in favor of Chaker. The court held that Chaker's blog posts did not violate his supervised release conditions because they were not harassment or defamation. Because the court ruled in favor of Chaker on these grounds, it did not need to reach the constitutional arguments presented by amici including EFF. Still, we are pleased that Chaker will not be punished for engaging in political speech on the Internet, and we hope that this decision will encourage government officials to respect the First Amendment rights of people on supervised release from prison.
Original post of December 17, 2015:
Three judges of the Ninth Circuit Court of Appeals have taken a step back from criminalizing password sharing, limiting the dangerous rationale of a decision issued by a panel of three different judges of the same court last week. That’s good, but the new decision leaves so many unanswered questions that it’s clear we need en banc review of both cases—i.e., by 11 judges, not just three—so the court can issue a clear and limited interpretation of the notoriously vague federal hacking statute at the heart of both cases, the Computer Fraud and Abuse Act (CFAA).
Randomly-generated passphrases offer a major security upgrade over user-chosen passwords. Estimating the difficulty of guessing or cracking a human-chosen password is very difficult. It was the primary topic of my own PhD thesis and remains an active area of research. (One of many difficulties when people choose passwords themselves is that people aren't very good at making random, unpredictable choices.)
It’s been a rough month for Internet freedom in Russia. After it breezed through the Duma, President Putin signed the “Yarovaya package" into law—a set of radical “anti-terrorism” provisions drafted by ultra-conservative United Russia politician Irina Yarovaya, together with a set of instructions on how to implement the new rules. Russia’s new surveillance laws include some of Bad Internet Legislation’s greatest hits, such as mandatory data retention and government backdoors for encrypted communications—policies that EFF has opposed in every country where they’ve been proposed.
Wednesday, July 20 is the final day of EFF's Summer Security Reboot, a two-week membership drive that focuses on taking stock of our digital security practices and bolstering the larger movement to protect digital civil liberties. Besides a reduced donation amount for the Silicon level membership, the Reboot features sets of random number generators: EFF dice with instructions on how to generate stronger and more memorable random passphrases.
If you only listened to entertainment industry lobbyists, you’d think that music and film studios are fighting a losing battle against copyright infringement over the Internet. Hollywood representatives routinely tell policymakers that the only response to the barrage of online infringement is to expand copyright or even create new copyright-adjacent rights.
Section 1201 of the Digital Millennium Copyright Act forbids a wide range of speech, from remix videos that rely upon circumvention, to academic security research, to publication of software that can help repair your car or back up your favorite show. It potentially implicates the entire range of speech that relies on access to copyrighted works or describes flaws in access controls—even where that speech is clearly noninfringing.
Some day, your life may depend on the work of a security researcher. Whether it’s a simple malfunction in a piece of computerized medical equipment or a malicious compromise of your networked car, it’s critically important that people working in security can find and fix the problem before the worst happens.
And yet, an expansive United States law, passed in 1998 and emulated in legal codes all over the world, casts a dark legal cloud over the work of those researchers. It gives companies a blunt instrument with which to threaten that research, keeping potentially embarrassing or costly errors from seeing the light of day.
We are excited to announce that Onlinecensorship.org, a joint project of EFF and Visualizing Impact, is now available in Spanish. Onlinecensorship.org seeks to expose how social media sites moderate user-generated content. By launching the platform in the second-most widely spoken language in the world, we hope to reach several million more individuals who've experienced censorship on social media. Now, more users than ever can report on content takedowns from Facebook, Google+, Twitter, Instagram, Flickr, and YouTube and use Onlinecensorship.org as a resource to appeal unfair takedowns.
We’ve written many times about the need for comprehensive patent reform to stop innovation-killing trolls. While we continue to push for reform in Congress, there are a number of steps that companies and inventors can take to keep from contributing to the patent troll problem. These steps include pledges and defensive patent licenses. In recent years, companies like Twitter and Tesla have promised not to use their patents offensively.
Today, EFF joined a broad coalition of other public interest groups at Democratic Leader Nancy Pelosi's office in San Francisco, to present her with a petition carrying an incredible 209,419 signatures with a request to oppose the introduction of the Trans-Pacific Partnership (TPP) during the post-election "lame duck" session of Congress. And with your help, we succeeded! In a letter that she handed us at our meeting, Leader Pelosi wrote:
On matters implicating privacy, such as mass surveillance or the powers of investigatory agencies, Congress has too often failed to fulfill its responsibilities. By neglecting to examine basic facts, and deferring to executive agencies whose secrets preclude meaningful debate, the body has allowed proposals that undermine constitutional rights to repeatedly become enshrined in law. In last week’s launch of a new bipartisan Fourth Amendment Caucus in the House, however, the Constitution has gained a formidable ally.
Another month, another terrible patent being asserted in the Eastern District of Texas. Solocron Education LLC, a company whose entire “education” business is filing lawsuits, owns U.S. Patent No. 6,263,439, titled “Verification system for non-traditional learning operations.” What kind of “verification system” does Solocron claim to have invented? Passwords.
Why is it so hard to see our local TV stations these days? Even as more and more people watch TV via the Internet, streaming local TV stations to our Internet-enabled devices is next to impossible in most places. Companies that try to bring local TV to the Internet have faced relentless legal challenges from major media companies and the broadcast stations they own. The latest is FilmOn (formerly called Aereokiller), which is fighting in multiple lawsuits around the U.S. for the right to capture local TV broadcasts and stream them to paying subscribers, much as a traditional cable company does.
When user content is threatened with removal from the Internet, it's unlikely that anyone is going to put up more of a fight than the user who uploaded it. That's what makes it so critically important that the user is informed whenever an Internet intermediary is asked to remove their content from its platform, or decides to do so on its own account.
Unfortunately this doesn't consistently happen. In the case of content taken down for copyright infringement under the DMCA or its foreign equivalents, the law typically requires the user to be informed. But for content that allegedly infringes other laws (such as defamation, privacy, hate speech, or obscenity laws), or content that isn't alleged to be illegal but merely against the intermediary's terms of service, there is often no requirement that the user be informed, and some intermediaries don't make a practice of doing so.
The Yale Law Journal has published a short essay that I wrote in response to an article by Robert Litt, General Counsel to the Office of the Director of National Intelligence on the Fourth Amendment in the Digital Age. Mr. Litt uses EFF's NSA Spying case Jewel v. NSA and the Klayman v. Obama case, where I argued as amicus, as examples, so it seemed only reasonable that EFF reply. It's here and it's only 10 pages long: