At midnight last Saturday morning, Washington DC time, oversight over the performance of ICANN's IANA functions—notably its maintenance of the root zone database of the Internet's domain name system (DNS)—passed from the National Telecommunications and Information Administration (NTIA) to ICANN's global multi-stakeholder community.
Last Monday, we published our open letter to Hewlett-Packard CEO Dion Weisler, and more than 10,000 of you promptly stepped up to sign it, telling the company that you agree that it is absolutely unacceptable for a company to send out deceptive "security" updates that reconfigure your printer so that it only accepts the company's own high-priced ink.
When Google announced its new Allo messaging app, we were initially pleased to see the company responding to long-standing consumer demand for user-friendly, secure messaging. Unfortunately, it now seems that Google's response may cause more harm than good. While Allo does expose more users to end-to-end encrypted messaging, this potential benefit is outweighed by the cost of Allo's mixed signals about what secure messaging is and how it works. This has significance for secure messaging app developers and users beyond Google or Allo: if we want to protect all users, we must make encryption our automatic, straightforward, easy-to-use status quo.
The purpose of registered trademarks is to protect people. When you buy a bottle of Club-Mate, the trademark affords you some certainty that what you’re buying is the product you already know and love and not that of a sneaky impostor. But when the U.S. Patent and Trademark Office (USPTO) issues overly broad or generic trademarks, those trademarks do just the opposite: they can expose us to the risk of legal bullying. One recent round of bullying over a trademark on “invisible disabilities” has shown how a bad trademark can even be used to threaten people’s right to assemble and express themselves online.
In a bombshell published today, Reuters is reporting that, in 2015, Yahoo complied with an order it received from the U.S. government to search all of its users’ incoming emails, in real time.
There’s still much that we don’t know at this point, but if the report is accurate, it represents a new—and dangerous—expansion of the government’s mass surveillance techniques.
Now that schools are back in full swing, we thought it would be a good time to check in on what’s happened in the student privacy world since we submitted our FTC complaint about Google’s practices a little under a year ago.
The main complaint in our FTC filing was that, based on all the publicly available information we could find, it appeared that Google was tracking students and building advertising profiles on them when they navigated to Google-operated sites outside of Google Apps for Education (GAFE).
Americans pay by far the highest prices in the world for most prescription drugs, and of course big pharma would like to keep it that way. Key measures that the industry relies upon in this regard are the Prescription Drug Marketing Act [PDF] and Ryan Haight Online Pharmacy Consumer Protection Act [PDF], which make it unlawful for most Americans to access lower-priced drugs from overseas, coupled with the powers of U.S. Customs and Border Protection (CBP) to seize such drugs at the border on their own initiative.
Since 1992, EFF’s annual Pioneer Awards celebration has honored those who expanded freedom and innovation on what was dubbed the electronic frontier—a bleeding edge of technology intersecting with the rights of users. Today we understand better than ever that digital privacy and free expression are fundamental elements of democracy and human rights around the world.
This year we recognized the work of four leaders in this space: trailblazing digital rights activist Malkia Cyril, tireless international data protection activist Max Schrems, the groundbreaking encryption researchers who authored “Keys Under Doormats," and champions of California’s CalECPA privacy law Senators Mark Leno (D-San Francisco) and Joel Anderson (R-Alpine).
It is long overdue for the FCC to address Stingrays' impact on speech, interference with 911 calls, and invasion of privacy.
FCC Helped Create the Stingray Problem, Now it Needs to Fix It
It is long overdue for the FCC to address Stingrays' impact on speech, interference with 911 calls, and invasion of privacy.
In the wake of reports this week that the secretive Foreign Intelligence Surveillance Court (FISC) ordered Yahoo to scan all of its users’ email in 2015, there are many unanswered legal and technical questions about the mass surveillance.
But before we can even begin to answer them, there is a more fundamental question: what does the court order say?
By the time you read this, Let’s Encrypt will have issued its 12 millionth certificate, of which 6 million are active and unexpired. With these milestones, Let’s Encrypt now appears to us to be the the Internet’s largest certificate authority—but a recent analysis by W3Techs said we were only the third largest. So in this post we investigate: how big is Let’s Encrypt, really?
After eighteen years, we may finally see real reform to the Digital Millennium Copyright Act’s unconstitutional pro-DRM provisions. But we need your help.
In enacting the “anti-circumvention” provisions of the DMCA, Congress ostensibly intended to stop copyright “pirates” from defeating DRM and other content access or copy restrictions on copyrighted works and to ban the “black box” devices intended for that purpose. In practice, the DMCA anti-circumvention provisions haven’t had much impact on unauthorized sharing of copyrighted content. Instead, they’ve hampered lawful creativity, innovation, competition, security, and privacy.
We believe in celebrating women in science, technology, engineering, and mathematics every day, and today – Ada Lovelace Day – is no different. Named after visionary 19th century mathematician Ada Lovelace, today is an opportunity to recognize the achievements of women in the STEM fields.
Lovelace, who is credited with being among the first to recognize the potential of computing, was encouraged to explore the world of mathematics from a young age at a time when few women were actively involved in the field. At 17, she worked on Charles Babbage’s Analytical Engine, and her notes on his machine included what is recognized as the first computer algorithm as well as ideas about the potential of computational machines.
After months of study, European regulators have finally released the full and final proposal on Copyright in the Digital Single Market, and unfortunately it's full of ideas that will hurt users and the platforms on which they rely, in Europe and around the world. We've already written a fair bit about leaked version of this proposal, but it's worth taking a deeper dive into a particular provision, euphemistically described as sharing of value. This provision, Article 13 of the Directive, requires platform for user-generated content to divert some of their revenue to copyright holders who, the Commission claims, otherwise face a hard time in monetizing their content online. We strongly support balanced and sensible mechanisms that help ensure that artists get paid for their work. But this proposal is neither balanced nor sensible.
If you scroll through EFF’s staff bios, you may notice a trend: we have a lot of reporters who have joined the battle for free speech, privacy, and transparency. Some worked for years in newsrooms or as independent journalists. Others studied and taught at journalism schools or worked directly for journalism advocacy organizations. This kind of experience is often a perfect fit for tech policy advocacy, because reporters have a practical understanding of how important our rights are and how to communicate these issues to the public. And ultimately, EFF’s work is not unlike journalism: we fight to free information and then we write about it.
If Congress does nothing, a new policy will take effect in less than two months that will make it easier than ever for the FBI to infiltrate, monitor, copy data from, inject malware into, and otherwise damage computers remotely.
UPDATE (1/26/17): In response to news about WhatsApp's key management choices, we have added additional information about related trade-offs under "Key change notifications."
After careful consideration, we have decided to add additional warnings and caveats about using WhatsApp to our Surveillance Self Defense guide.
It's Time for the Supreme Court to End the Venue Loophole
When EFF launched a campaign last year to encourage the public to help us uncover police use of biometric technology, we weren’t sure what to expect. Within a few weeks, however, hundreds of people joined us in filing public records requests around the country.
Ultimately, dozens of local government agencies responded with documents revealing devices capable of digital fingerprinting and facial recognition, while many more reported back—sometimes erroneously—that they hadn’t used this technology at all. Several, however, either didn’t respond, demanded exorbitant fees, or outright rejected the requests.
Harvard researcher Yarden Katz has just published some fascinating findings on which universities have sold patents to notorious patent-holding company Intellectual Ventures (IV). Of the nearly 30,000 active patents that IV lists publicly, 470 of them were originally assigned to universities—a total of 61 institutions.
Katz explains how he arrived at these numbers:
How many of IV’s patents came from universities?
Before all of this ever went down
In another place, another town
You were just a face in the crowd
You were just a face in the crowd
Out in the street walking around
A face in the crowd
If we don’t speak up now, the days when we can walk around with our heads held high without fear of surveillance are numbered. Federal and local law enforcement across the country are adopting sophisticated facial recognition technologies to identify us on the streets and in social media by matching our faces to massive databases.
Having for years enforced a constitutionally offensive border search regime at physical borders and U.S. international airports, Customs and Border Protection (CBP) recently proposed to expand its violations in troubling new ways by prompting travelers from countries on the State Department’s Visa Waiver Program list to provide their “social media identifier.”
With a new school year underway, concerns about student privacy are at the forefront of parents’ and students’ minds. The Student Privacy Pledge, which recently topped 300 signatories and reached its two-year launch anniversary, is at the center of discussions about how to make sure tech and education companies protect students and their information. A voluntary effort led by the Future of Privacy Forum and the Software and Information Industry Association (SIAA), the Pledge holds the edtech companies who sign it to a set of commitments intended to protect student privacy.
Since the Trans-Pacific Partnership Agreement (TPP) was signed and its text released earlier this year, preventing the passage of that agreement through Congress during its upcoming lame duck session has become a top priority. But there's another secretive trade agreement lurking out of sight and out of mind, which is also scheduled for completion this year: the Trade in Services Agreement or TISA, which contains many provisions that are a virtual copy-and-paste out of the TPP's Electronic Commerce chapter.
Open access is the practice of making research and other materials freely available online, ideally under licenses that allow anyone to share and adapt them. By removing barriers like subscription fees or institutional connections, open access publishing lets more people participate in science and culture.
There are events and workshops on open access taking place all over the world this week. Find out what’s going on in your area and get involved!
Check back all week for new #OAWeek content from EFF. We’ll update this list with links to new posts:
Publicly Funded Research Should Be Open to the Public
When the public pays for research, the public should have free access to that research. You shouldn’t have to buy expensive journal subscriptions or academic database access in order to read research that was paid for with federal funding. That’s the simple premise of FASTR, the Fair Access to Science and Technology Research Act (S. 779, H.R. 1477). As we near the end of the 2015-16 session of Congress, the clock is ticking for FASTR.
Months of aggressive lobbying by the MPAA and its allies at the Copyright Office gave them the result they desired
Update: a timeline of events based on the Copyright Office e-mails is here.
In the current debate over cable set-top box competition, content and cable industries worked together to oppose regulation that could potentially weaken their control over personal TV hardware and software. We were surprised, though, to see the U.S. Copyright Office echoing Hollywood’s flawed legal arguments.
You should know if the government thinks it can deputize your email provider to scan through your messages.
Like most people, we were shocked at reports earlier this month that Yahoo scanned its hundreds of millions of users’ emails looking for a digital signature on behalf of the government. We join millions of Yahoo users in wanting to know how this happened.
The Patriot Act turns 15 today, but that’s nothing to celebrate.
Since President George W. Bush signed this bill into law on October 26, 2001, the Patriot Act has been ardently defended by its supporters in the intelligence community and harshly criticized by members of Congress, the tech industry, and privacy advocates like us. Despite the debates that have unfolded over the last 15 years, including last year’s reforms through the USA FREEDOM Act, there’s still a lot to learn about this controversial law.
While there are countless examples of DMCA abuse, sometimes a story stands out. Last week, Samsung sent a series of takedown notices aimed at videos showing a GTA V mod in action. The modification replaced an in-game weapon with an exploding Samsung phone. Whether you think these videos are hilarious or in bad taste (or both), they are a parody inspired by real-life stories of Galaxy Note 7s catching fire. Samsung may not enjoy this commentary, but that does not excuse its abuse of the DMCA.
The Washington Post recently reported on Facebook’s plans to introduce its international Free Basics app to American users. We have written about the problems with Free Basics before, and we are disappointed that Facebook might be trying to repackage this controversial international program as a solution for domestic issues.
The Obama administration promised privacy protections for foreigners abroad, but PPD-28 fails to deliver those protections
In early 2014, still reeling from global outrage over recently uncovered surveillance programs, President Barack Obama pledged to rein in the U.S. government’s spying and boost privacy protections for people in the U.S. and abroad. His words were heartening:
“People around the world, regardless of their nationality, should know that the United States is not spying on ordinary people … and that we take their privacy concerns into account,” he said, standing in front of American flags at Justice Department headquarters in Washington, D.C.
One year ago today, the 100,000th person added their name to a public petition calling on President Obama to categorically reject any attempt to add backdoors to our devices or otherwise undermine encryption.
Since then, crickets.
Obama has promised to reply to petitions on his We the People platform that receive over 100,000 signatures. But the only response our hugely popular petition received was a nonresponse asking for more input.
Since then, the issue has become even more pressing. While the urgency of the Apple encryption battle may have abated, the conversation around forcing tech companies to assist the government in obtaining access to unencrypted data has continued.
When Diego Gomez, a biology master’s student at the University of Quindio in Colombia, shared a colleague’s thesis with other scientists over the Internet, he was doing what any other science grad student would do: sharing research he found useful so others could benefit from it and build on it. Indeed, this kind of sharing is the norm in academia, just as it is elsewhere in our increasingly social media-driven online world.
This Open Access Week, the global open access community has a lot to celebrate. Hundreds of universities around the world have adopted open access policies asking faculty to publish their research in open access journals or archive them in open repositories. A few years ago, open access publishing was barely recognized on the fringes of science; now, it’s mainstream. Three years after the White House’s groundbreaking open access memo, we may be on the verge of passing an open access law.
The federal government is set to get massively expanded hacking powers later this year. Thankfully, members of Congress are starting to ask questions.
In a letter this week to U.S. Attorney General Loretta Lynch, 23 members of Congress—including Sens. Ron Wyden and Patrick Leahy and Rep. John Conyers—pressed for more information and said they “are concerned about the full scope of the new authority” under pending changes to federal investigation rules.
Long-overdue rules protecting security research and vehicle repair have finally taken effect, as they should have done last year. Though the Copyright Office and the Librarian of Congress unlawfully and pointlessly delayed their implementation, for the next two years the public can take advantage of the freedom they offer. Despite their flaws, the exemptions will promote security, innovation, and competition – and also help the next generation of engineers continue to learn by taking their devices apart to see how they work.
Are you scrambling for a clever Halloween costume this weekend? We've got you covered. Here are five ideas for digital rights activists planning to trick-or-treat on Monday.
Facial Recognition Face Paint
Just this week we learned that facial recognition is far more prevalent among local and federal law enforcement than we thought, with at least 26 states using this biometric technology. Of those, 16 states grant the FBI access to their DMV databases. Many large cities have proposed using facial recognition on live camera feeds.
Is somebody really claiming to have invented a method for switching from watching one video to watching another?
You probably don’t expect the government to log and track your personally identifying information, despite having broken no laws, just because you attended an event at the fairgrounds. That would be preposterous in the Land of the Free.
But, according to the Wall Street Journal, federal agencies have joined forces with local police to deploy automated license plate reader (ALPR) technology at gun shows, with the aim of collecting attendees' plate information—without an explicit target. Gun show patrons are typically concerned about their Second Amendment rights, but what about the First Amendment?
Should law enforcement get an all access, long-term pass to a teenager’s cell phone, just because he or she had a run in with police? That question is in front of California’s highest court, and in an amicus brief filed earlier this month, EFF and the three California offices of the ACLU warned that it was a highly invasive and unconstitutional condition of juvenile parole.
In this case, a teenager known in court documents as Ricardo P. admitted to two cases of burglary. One condition of his parole was that he submit his phone to search at any time, whether by his probation officers or any peace officer, even though his phone use had nothing to do with the commission of the crimes.