In our society, the rule of law sets limits on what government can and cannot do, no matter how important its goals. To give a simple example, even when chasing a fleeing murder suspect, the police have a duty not to endanger bystanders. The government should pay the same care to our safety in pursuing threats online, but right now we don’t have clear, enforceable rules for government activities like hacking and "digital sabotage." And this is no abstract question—these actions increasingly endanger everyone’s security.
The Federal Communications Commission has proposed to break cable and satellite TV companies’ monopoly over the hardware and software used by their subscribers. Those companies are fighting back hard, probably to preserve the $20 billion in revenue they collect every year from set-top box rental fees. Major TV producers and copyright holders are pushing back too. They want to control how you can search for TV shows and discover new ones, and the order in which shows appear to you. And they want to limit the features of your home and mobile TV setups, like how and when you can control the playback.
Can you imagine being prosecuted for checking personal email while at work because your employer says you can only use your computer for “company business”? Of course not. Violating a company rule is not—and should not be—a computer crime. Prosecutors have tried to use the federal Computer Fraud and Abuse Act (CFAA) and parallel state criminal laws to target violations of company rules, but courts are increasingly calling foul on the misuse of statutes intended to criminalize computer break-ins.
Last weekend EFF took part in the Eleventh Hackers On Planet Earth (HOPE) conference in New York City and got to meet so many of our wonderful supporters. We've collected the HOPE talks given by EFF staff below, with the official program abstract, video, and where applicable, the original slides. Once you're done watching those, you can also try your hand at our Capture The Flag competition—the challenges are still up at https://eff-ctf.org, even though the contest is over.
The Federal Communications Commission has a plan to bring much-needed competition and consumer choice to the market for set-top boxes and television-viewing apps. Under the FCC’s proposed rule change, pay-TV customers would be able to choose devices and apps from anywhere rather than being forced to use the box and associated software provided by the cable company, ending cable companies’ and major TV studios’ monopoly in the field.
Today, DARPA (the Defense Advanced Research Projects Agency, the R&D arm of the US military) is holding the finals for its Cyber Grand Challenge (CGC) competition at DEF CON. We think that this initiative by DARPA is very cool, very innovative, and could have been a little dangerous.
In a win for the open source community, router maker TP-Link will be required to allow consumers to install third-party firmware on their wireless routers, the Federal Communications Commission (FCC) announced Monday. The announcement comes on the heels of a settlement requiring TP-Link to pay a $200,000 fine for failing to properly limit their devices' transmission power on the 2.4GHz band to within regulatory requirements. On its face, new rules about open source firmware don't seem to have much to do with TP-Link's compliance problems. But the FCC's new rule helps fix an unintended consequence of a policy the agency made last year, which had led to open source developers being locked out of wireless routers entirely.
Imagine if local governments were like restaurants, where you could pick up a menu of public datasets, read the names and description, then order whatever suits your open data appetite?
This transparency advocate’s fantasy became reality in California on July 1, when a new law took effect. S.B. 272 added a section to the California Public Records Act that requires local agencies (except school districts) to publish inventories of “enterprise systems” on their websites. We are talking about catalogs of every database that holds information on the public or serves as a primary source of government data.
And we need your help on Saturday, Aug. 27 to—as the saying goes—catch ‘em all.
Today, the EFF and a coalition of organizations and individuals asked the US Federal Trade Commission (FTC) to explore fair labeling rules that would require retailers to warn you when the products you buy come locked down by DRM ("Digital Rights Management" or "Digital Restrictions Management").
These digital locks train your computerized devices to disobey you when you ask them to do things the manufacturer didn't specifically authorize -- even when those things are perfectly legal. Companies that put digital locks on their products -- ebook, games and music publishers, video companies, companies that make hardware from printers to TVs to cat litter trays -- insist that DRM benefits their customers, by allowing the companies to offer products at a lower price by taking away some of the value -- you can "rent" an ebook or a movie, or get a printer at a price that only makes sense if you also have to buy expensive replacement ink.
Diego Gomez is a recent biology graduate from the University of Quindío, a small university in Colombia. His research interests are reptiles and amphibians. Since the university where he studied didn’t have a large budget for access to academic databases, he did what any other science grad student would do: he found the resources he needed online. Sometimes he shared the research he discovered, so that others could benefit as well.
Illinois has joined the growing ranks of states limiting how police may use cell-site simulators, invasive technology devices that masquerade as cell phone towers and turn our mobile phones into surveillance devices. By adopting the Citizen Privacy Protection Act, Illinois last month joined half a dozen other states—as well as the Justice Department and one federal judge—that have reiterated the constitutional requirement for police to obtain a judicial warrant before collecting people's location and other personal information using cell-site simulators.
With high-profile hacks in the headlines and government officials trying to reopen a long-settled debate about encryption, information security has become a mainstream issue. But we feel that one element of digital security hasn’t received enough critical attention: the role of government in acquiring and exploiting vulnerabilities and hacking for law enforcement and intelligence purposes. That’s why EFF recently published some thoughts on a positive agenda for reforming how the government, obtains, creates, and uses vulnerabilities in our systems for a variety of purposes, from overseas espionage and cyberwarfare to domestic law enforcement investigations.
Last year, while most of us were focused on the FCC’s Open Internet Order to protect net neutrality, the FCC quietly did one more thing: it voted to override certain state regulations that inhibit the development and expansion of community broadband projects. The net neutrality rules have since been upheld, but last week a federal appeals court rejected FCC’s separate effort to preempt state law.
A new federal government policy will result in the government releasing more of the software that it creates under free and open source software licenses. That’s great news, but doesn’t go far enough in its goals or in enabling public oversight.
A few months ago, we wrote about a proposed White House policy regarding how the government handles source code written by or for government agencies. The White House Office of Management and Budget (OMB) has now officially enacted the policy with a few changes. While the new policy is a step forward for government transparency and open access, a few of the changes in it are flat-out baffling.
As the Rock Against the TPP tour continues its way around the country, word is spreading that it's not too late for us to stop the undemocratic Trans-Pacific Partnership (TPP) in its tracks. The tour kicked off in Denver on July 23 with a line-up that included Tom Morello, Evangeline Lilly, and Anti-Flag, before hitting San Diego the following week where Jolie Holland headlined. You can check out the powerful vibe of the kick-off show below.
Join us as we tweet at Gov. Jerry Brown that he must sign A.B. 2298 to protect the privacy and civil liberties of hundreds of thousands of Californians who have been caught up in the state's flawed CalGang gang affiliation database.
CalGang is a joke.
Microsoft had an ambitious goal with the launch of Windows 10: a billion devices running the software by the end of 2018. In its quest to reach that goal, the company aggressively pushed Windows 10 on its users and went so far as to offer free upgrades for a whole year. However, the company’s strategy for user adoption has trampled on essential aspects of modern computing: user choice and privacy. We think that’s wrong.
When universities invent, those inventions should benefit everyone. Unfortunately, they sometimes end up in the hands of patent trolls—companies that serve no purpose but to amass patents and demand money from others. When a university sells patents to trolls, it undermines the university’s purpose as a driver of innovation. Those patents become landmines that make innovation more difficult.
A few weeks ago, we wrote about the problem of universities selling or licensing patents to trolls. We said that the only way that universities will change their patenting and technology transfer policies is if students, professors, and other members of the university community start demanding it.
It’s time to start making those demands.
Civil Rights Groups Urge FCC to Issue Enforcement Action Prohibiting Law Enforcement Agencies From Illegally Using Stingrays
For the second year in a row, EFF and a coalition of virtual currency and consumer protection organizations have beaten back a California bill that would have created untenable burdens for the emerging cryptocurrency community.
Unfortunately, the current bill in print does not meet the objectives to create a lasting regulatory framework that protects consumers and allows this industry to thrive in our state. More time is needed and these conversations must continue in order for California to be at the forefront of this effort.
Despite near universal condemnation from Pakistan's tech experts; despite the efforts of a determined coalition of activists, and despite numerous attempts by alarmed politicians to patch its many flaws, Pakistan's Prevention of Electronic Crimes Bill (PECB) last week passed into law. Its passage ends an eighteen month long battle between Pakistan's government, who saw the bill as a flagship element of their anti-terrorism agenda, and the technologists and civil liberties groups who slammed the bill as an incoherent mix of anti-speech, anti-privacy and anti-Internet provisions.
There has been significant activity relating to cases and patent infringement claims made by Shipping & Transit, LLC, formerly known as ArrivalStar. Shipping & Transit, who we’ve written about on numerous occasions, is currently one of the most prolific patent trolls in the country. Lex Machina data indicates that, since January 1, 2016, Shipping & Transit has been named in almost 100 cases. This post provides an update on some of the most important developments in these cases.
EFF recently launched Reclaim Invention, a project to encourage universities to manage their patent portfolios in a way that maximizes the public benefit. Specifically, we’ve urged universities to sign a Public Interest Patent Pledge not to sell or exclusively license patents to patent assertion entities, also known as patent trolls. EFF is proud to partner with Creative Commons, Engine, Fight for the Future, Knowledge Ecology International, and Public Knowledge on this initiative.
UPDATE: The Office of Management and Budget (OMB) approved CBP's proposal to collect the social media handles of visitors from Visa Waiver Countries in December 2016. The question is on the online ESTA form and looks like this:
U.S. border control agents want to gather Facebook and Twitter identities from visitors from around the world. But this flawed plan would violate travelers’ privacy, and would have a wide-ranging impact on freedom of expression—all while doing little or nothing to protect Americans from terrorism.
This month, the online service provider CloudFlare stood up for its website-owner customers, and for all users of those websites, by telling a court that CloudFlare shouldn’t be forced to block sites without proper legal procedure. Copyright law limits the kinds of orders that a court can impose on Internet intermediaries, and requires courts to consider the pros and cons thoroughly. In this case, as in other recent cases, copyright (and trademark) holders are trying to use extremely broad interpretations of some basic court rules to bypass these important protections. As special interests keep trying to make things disappear from the Internet quickly, cheaply, and without true court supervision, it’s more important than ever that Internet companies like CloudFlare are taking a stand.
We all know that the NSA uses word games to hide and downplay its activities. Words like "collect," "conversations," "communications," and even "surveillance" have suffered tortured definitions that create confusion rather than clarity.
There’s another one to watch: "targeted" v. "mass" surveillance.
Across the country, civilian journalists have documented government violence using cell phones to record police activities, forcing a much-needed national discourse. But in case after case after case after case, the people who face penalties in the wake of police violence are the courageous and quick-witted residents who use technology to enable transparency.
A just-leaked draft impact assessment on the modernization of European copyright rules could spell the end for many online services in Europe as we know them. The document's recommendations foreshadow new a EU Directive on copyright to be introduced later this year, that will ultimately bind each of the European Union's 28 member states. If these recommendations by the European Commission are put in place, Europe's Internet will never be the same, and these impacts are likely to reverberate around the world.
Note: The updated datasets are now located on our California Database Catalogs hub. As of Oct. 4, 2016, the spreadsheets on this page will no longer be updated.
A team of over 40 transparency activists aimed their browsers at California this past weekend, collecting more than 400 database catalogs from local government agencies, as required under a new state law. Together, participants in the California Database Hunt shined light on thousands upon thousands of government record systems.
Imagine being convicted of a crime for logging into a friend's social media account with their permission? Or for logging into your spouse’s bank account to pay a bill, even though a pop-up banner appeared stating that only account holders were permitted to access the system? The Ninth Circuit Court of Appeals last month issued two decisions—by two different 3-judge panels in two separate cases—which seem to turn such actions into federal crimes. We teamed up with the ACLU and ACLU of Northern California to ask the court to review both decisions en banc—with 11 judges, not just 3—and issue a ruling that will ensure innocent Internet users are not transformed into criminals on the basis of innocuous password sharing.
On August 30, 2016, the Patent Office issued U.S. Patent No. 9,430,468, titled; “Online peer review and method.” The owner of this patent is none other than Elsevier, the giant academic publisher. When it first applied for the patent, Elsevier sought very broad claims that could have covered a wide range of online peer review. Fortunately, by the time the patent actually issued, its claims had been narrowed significantly. So, as a practical matter, the patent will be difficult to enforce. But we still think the patent is stupid, invalid, and an indictment of the system.
In our previous piece about a leaked European impact assessment on copyright, we described how the foreshadowed changes to European copyright law would place onerous new responsibilities on Internet platforms to scan your uploaded content on behalf of large entertainment companies. We also described how the changes would give news publishers a new, copyright-like veto power over the publications of snippets of text from news stories, even if these are merely by way of linking to the publisher's website.