You may remember that EFF’s client, Kyle Goodwin, asked the court to return the legal files he lost when Megaupload was seized last January. Since then, we’ve been to court, both for a hearing and a mediation, and nothing has changed. The key problem: the government has failed to help third parties like Kyle get access to their data. So we have no choice but to go back to court.
Today, EFF filed a brief asking for the court to order Kyle’s rightfully owned data returned. And it’s not just about Kyle’s property: it’s about the property of many other legal Megaupload users, too. We’ve asked the court to implement a procedure to make all of those consumers whole again by granting them access to what is legally theirs. Especially given that the use of cloud computing services is already widespread and poised to grow exponentially in the next few years, we believe the court should ensure that such innocent users do not become regular collateral damage.
Kyle Goodwin, and others like him, did nothing but legitimately use a cloud storage service to house legal files – in Kyle’s case, business files, but many others lost access to personal and private information as well. We believe the time has long passed for those folks to get their data back. We hope the court agrees.
Today, Google expanded its transparency reports program today by releasing a detailed report of content removal requests from copyright holders. The new copyright report joins its semi-annual government takedown transparency report, and covers more than 95% of the copyright takedown requests it has received for Search results since July 2011.1 Though Google has posted the content of takedown requests to Chilling Effects where possible before, this report presents the data collectively (and graphically) for the first time.
Striking is the sheer volume of takedown notices Google receives: in just the last month, it processed over 1.2 million requests for Search alone, from 1,296 copyright owners and 1,087 reporting organizations. That scale allows it to present trends in the data that might not otherwise be apparent. For example, even in the case of notorious "pirate" sites like The Pirate Bay, Google has received takedown notices for less than 5% of their indexable pages.
On the other hand, this report also provides a clearer look into the abuse of copyright tools. Google explains that it's complied with 97% of takedown requests received between July and December of 2011, but also provides examples of obviously invalid copyright requests it's received. Those examples range from cases of negligent over-application, such as movie studios who have attempted to remove IMDB entries or links to legitimate trailers for their movies, to clear attempts at censorship, such as businesses who have issued takedown requests for employee accounts of unfair treatment. Of course, there are even more ridiculous examples: the report describes a reporting company sending a takedown notice for links to earlier takedown notices that obviously did not infringe.
This transparency report gives Google a chance to highlight some of its good citizenship as an online service provider. Although the burden of liability is supposed to be on the organization that sends the takedown notice — it is required to claim under penalty of perjury to have a good-faith belief of copyright infringement — in practice many groups are willing to skirt those rules, sending takedown notices to silence unfavorable speech or even without human review. The 3% of takedown notices that Google chooses not to comply with is a large absolute number, and each of those are instances of legitimate speech that would have otherwise been shut down. Google deserves to be commended for that behavior.
Given its importance as a starting point for many users, removal from Google's index can have devastating consequences on speech. Google has done the right thing by pushing back on bogus takedown notices, both by reviewing and rejecting those requests the first time, and by publishing real data about the behavior of copyright holders and reporting organizations. As with the government transparency reports, reporting on copyright notices can expose bad practices and allow people to assign blame where it belongs: with the people abusing the system. We hope this is just the beginning: Google should extend the program out to their other properties like YouTube and Blogger, and other online service providers should follow suit.
1. It doesn't cover requests for non-Search Google products, such as YouTube or Blogger. We hope these services are on the roadmap for the future.
Privacy advocates in the United Kingdom got the unfortunate opportunity to say “we told you so” last week, following revelations that nearly 1,000 civil servants working at the UK government’s Department for Work and Pensions had been disciplined for accessing citizens’ private and confidential data, including criminal records, employment histories and social security details. More than 150 of those data breaches occurred at the Department for Health, an agency tasked with providing health services – and maintaining all UK medical records.
The unsettling news came to light after reporters with an investigative television broadcast series filed Freedom of Information requests and published their findings.
As ZDNet’s Zack Whittaker shrewdly points out, the most disconcerting aspect of this rampant leakage is that it wasn't caused by a system malfunction, but rather active exploitation at the hands of “the very people we supposedly trust with our data.”
Not Guilty? Met Police Can Still Snoop Through Your Cell Phone
Metropolitan Police in 16 London boroughs are now employing technology to instantly extract mobile phone data from suspects in custody. The upgrade allows police to access call history, texts and phone contacts, while eliminating the need for a forensic examination that used to take several weeks.
A particularly glaring problem with this new policy is that police will continue to retain the mobile phone data regardless of whether charges are brought, according to a BBC report. Privacy International has characterized the new policy as a “possible breach of human rights law,” arguing that since it’s already illegal to indefinitely retain DNA profiles from detainees, sensitive mobile phone data should be held to the same standard. Another worry springing out of the new policy: Extracting mobile phone data at a police station is just a heartbeat away from doing the same during a stop-and-search on the street.
FBI Cozying Up with Europol on Cybersecurity
The European Union is actively seeking closer collaboration with the United States Department of Homeland Security (DHS) to fight cyber crime. In fact, EU Home Affairs Commissioner Cecilia Malmström recently went so far as to say, “EU-U.S. cooperation is not a choice, but a necessity.” She then predicted the success of joint cybersecurity operations between the FBI and Europol. Malmström added that she has been working closely with DHS Secretary Janet Napolitano on joint cyber crime initiatives as part of a working group that's planning “a fully fledged EU-U.S. cyber exercise” in 2014.
“Yesterday, I had the opportunity to follow the work of the FBI and I was impressed by how advanced they are,” Malmström noted. “This has reinforced my view that we should continue to deepen transatlantic cooperation against cyber threats.” Her comments were delivered on May 2 in Washington, D.C., at the Transatlantic Cyber Conference, organized by the Center for Strategic and International Studies, the European Security Roundtable and SRA International.
Land of #OzLog: Data Retention Back on the Agenda in Australia
“OzLog” is shorthand for a proposed mandatory data retention policy the Australian government has been toying with the idea of implementing, despite popular backlash. Patterned after the notorious European Directive on Data Retention, the proposal would require Internet service providers Down Under to store information about customers’ web usage history for two full years.
Dormant for months, it was looking as though OzLog would make a comeback in recent weeks as part of a broader surveillance monstrosity taking shape under Australia’s Federal Attorney-General, Nicola Roxon. To flesh out the plan, the government sought feedback on ideas such as: “increase powers of interception; make it easier for [the Australian Security Intelligence Organization] to break into computers and computer networks, including those of third parties not targeted in warrants; [facilitate] the prosecution of anyone who names an ASIO officer; and [implement OzLog],” according to Crikey, an Aussie news outlet.
Fortunately, opposition to the proposed surveillance scheme is mounting. Australia’s Parliamentary Joint Committee on Intelligence and Security rejected the plan’s terms of reference last week, sending it back to the drawing board. And Sen. Scott Ludlam, a spokesperson for the Australian Greens, expressed bitter opposition, saying: “This is the idea that all our personal data should be stored by service providers so that every move we make can be surveilled or recalled for later data mining. It is premised on the unjustified paranoia that all Australians are potential criminal suspects.”
Hey, Teachers! Leave Those Kids Alone!
High school students in the Australian state of Queensland who lack their own computers are given government-issued laptops to take home with them from school – but they come with a hidden price. A recent news report revealed that “screen spy” monitoring software run by the AB Tutor Client Program quietly takes time-stamped screenshots, monitors printing, and logs visits to websites and keystrokes. Students’ online activity is monitored even when they are working at home, and one mother complained that a screenshot had been taken of her daughter’s Skype conversation. During class, teachers can remotely control the computers.
Despite the uproar that was unleashed when parents and civil liberties advocates discovered the extent of the laptop monitoring, officials with Education Queensland, the governmental department responsible for running the schools, stuck by the practice. Responding to questions from the press, Queensland Education Minister John-Paul Langbroek noted that parents had signed an agreement disclosing that online communications could be audited and traced back to students. He then delivered a line that is often repeated but known by privacy advocates to be completely wrongheaded. “If they've done nothing wrong,” he said, “they've got nothing to fear."
In Canada, Telcos Got Inside Track On Surveillance Bill
Several weeks before Canada’s controversial online surveillance legislation, Bill C-30, was introduced, major telecommunication companies partnered with government officials to develop a secret forum on “Lawful Access,” the deceptive term used to describe governmental interception of online activity and information. The closed-door collaboration was revealed in documents obtained via Canada’s Access to Information Act (the equivalent of the U.S.’s Freedom of Information Act), according to Michael Geist, a law professor at the University of Ottawa. News of the secret meeting served to clear up confusion as to why Canada’s telcos stayed mum on C-30 when it reached the height of controversy earlier this year.
After Bill C-30 had formally entered the approval process, government officials continued to work with telcos behind the scenes to respond to their concerns — such as whether they would receive “adequate compensation” in exchange for providing subscriber information, according to the released documents.
As Geist points out, the behind-the-scenes collaboration essentially “created a two-tier approach to Internet surveillance policy, granting privileged access and information for telecom providers.” Though it’s on the back burner for now, Bill C-30 nevertheless remains in legal limbo, with Public Safety Minister Vic Toews promising that it will be sent to committee for further study.
Senator Ron Wyden yesterday introduced a bill on the floor of the U.S. Senate demanding access to draft texts of international trade agreements under negotiation by the Office of the United States Trade Representative such as the Trans-Pacific Partnership Agreement (TPP) that carry provisions that could severely choke off users' rights on the Internet around the world. This is a great positive step in the right direction.
The proposed bill, titled the "Congressional Oversight Over Trade Negotiations Act", calls for all Members of Congress, together with all of their staff with proper security clearance, to be given access to "documents, including classified materials, relating to negotiations for a trade agreement to which the United States may be a party and policies advanced by the Trade Representative in such negotiations."
Article 1 Section 8 of the U.S. Constitution gives Congress the sole power to regulate foreign commerce in order to ensure that such laws and policies take into consideration all the interests of the people rather than those of the select few. Congress has delegated certain powers to the Office of the U.S. Trade Representative (USTR), but remains subject to Congressional oversight. The USTR is required to consult wth the Senate Finance Committee and the House Ways and Means Committee, and is supposed to regularly consult with the House and Senate Leadership Offices. In addition, under amendments to the Trade Act enacted by Congress in 2002, the USTR is required to consult with members of the Congressional Oversight Group.
Senator Wyden is a member of the Senate Finance Committee (which has jurisdiction over "reciprocal trade agreements; tariff and import quotas, and related matters thereto") and is Chair of its subcommittee on International Trade, Customs and Global Competitiveness. And yet, as he explains, neither he nor his staff which have obtained proper security clearance, have been able to get access to material related to the negotiations of the TPP from the USTR. This is something that he also raised with the U.S. Trade Ambassador at a Senate hearing on 7 March. The USTR has apparently read the 2002 legislation as narrowing the requirement for the USTR to consult with Members of Congress, contrary to what Senator Wyden and others had intended at the time it was enacted. Meanwhile, the USTR is continuing to consult on TPP negotiating texts with representatives of large entertainment companies, and the pharmaceutical industry on the private sector Industry Trade Advisory Committee on Intellectual Property. Senator Wyden introduced yesterday's bill to rectify this situation.
In his remarks introducing yesterday's bill, Senator Wyden states:
Put simply, this legislation would ensure that the representatives elected by the American people are afforded the same level of influence over our nation’s policies as the paid representatives of PhRMA, Halliburton and the Motion Picture Association.
Senator Wyden has nailed it. The USTR has continued to exclude our Congressional representatives, civil society and public interest groups from learning about the policy issues that are being discussed in these negotiations, while welcoming private sector industry groups' inputs on negotiation texts with open arms.
The leaked U.S. TPP Intellectual Property chapter has provisions that will directly impact the future of the open Internet. This is a vital issue that all of us should have a say in, not just representatives from a few selective parts of the economy. Sound and balanced policy-making requires transparency and meaningful input from all affected Internet stakeholders.
Through our action alert, concerned citizens have sent over 20,000 emails to our Congressional representatives since February, calling on Congress to demand transparency in these negotiations. That demonstrates that there is very substantial interest from constitutents in understanding how what the USTR is negotiating will affect our digital rights and the open Internet. However, this battle is not close to being over.
Help us keep the pressure on Congress and let them know we'd like to see them defend Internet freedom against the powerful trans-national industries that are currently unilaterally shaping these secret international trade agreements.
Click here to take action. Tell Congress that you refuse any more backroom deals to regulate the Internet.
Use the hashtag #TPP and #TPPA to keep talking and raising awareness on the agreement on Twitter.
Last week, the Wall Street Journal reported the Obama Administration may finally lift the legal veil of secrecy surrounding the CIA’s covert drone program. The ACLU has been involved in a lawsuit over the US government’s constitutional authority to target American citizens with strikes overseas with its supposedly covert CIA drone program. On Monday, however, the CIA decided to continue to claim the program is a state secret and that they should not have to admit or deny it exists.
This, despite the fact that, as Journal reported, “U.S. drone strikes are hardly a secret. Officials have spoken openly about them, even discussing the operations in formal speeches. But they are still classified, and unauthorized disclosures about details of individual missions could constitute a felony.”
Ironically, on the same day, the White House announced a new policy for which suspects get targeted by the covert program, saying counterterrorism chief John Brennan would have the final say on who gets targeted by The Program Which Must Not Be Named.
EFF Releases New FOIA Documents and Files Amicus Brief in Transparency Case
EFF published the full set of documents the Justice Department has handed over so far in our FOIA lawsuit for the Justice Department’s secret interpretation of section 215 of the Patriot Act, of which Senators Ron Wyden and Tom Udall warned “most Americans would be stunned to learn the details of how these secret court opinions have interpreted section 215 of the Patriot Act.”
Meanwhile, a court in New York ruled against New York Times reporter Charlie Savage, along with the ACLU, in their separate lawsuit asking for the Justice Department’s secret memo on the same matter. Both EFF and ACLU have separate suits pending related to Section 215 in different jurisdictions.
State Department documents on ACTA
The EFF also received a response from the State Department last week in response to our FOIA request for documents related to the Anti-Counterfeiting Trade Agreement (ACTA). ACTA contains harsh copyright standards that EFF has been protesting for years. The documents suggested that ACTA was not submitted to the normal State Department review process to determine its constitutionality before it was signed by the Deputy Trade Ambassador. Read more about the FOIA request and how law professors cast further doubt on ACTA’s constitutionality here.
FOIA Suit for White House Visitor Records
EFF, along with Citizens for Responsibility and Ethics in Washington (CREW) and a host of other civil society organizations, recently filed an amicus brief in the long running Freedom of Information Act case against Department of Homeland Security (DHS) and the Secret Service for access to the White House visitor logs. Previously, the Obama administration released many of the logs, but is still arguing in court that they are not subject to FOIA because they do not belong to a specific agency. However, given it’s clear Secret Service is part of DHS, there is no threat to public safety, and the White House has released many records already, that there is no reason they should be withheld from the FOIA process.
NSA Forced to Declassify Document It Accidentally Posted Online
In an embarrassing incident two weeks ago, the National Security Agency (NSA)—notorious for overclassification and secrecy—was forced to use a “rarely used authority” to declassify a “properly classified” document in full after they mistakenly posted it on their website, according to secrecy expert Steven Aftergood. Instead of redacting the alleged sensitive material in the online post, they highlighted it.
But, according to Aftergood, as is the case in many circumstances of government classification, it is hard to see why it wasn’t declassified in the first place:
There was nothing exceptional about the contents of the document, and there was no overriding public interest that would have compelled its disclosure if it had been properly classified. Nor is any national security damage likely to follow its release.
Final Volume of the CIA’s Bay of Pigs Study Will Remain Secret
Two weeks ago, a federal judge ruled for the government in a FOIA suit filed by the National Security Archives asking the CIA to formally declassify a draft of the last volume of a history of the Bay of Pigs Invasion. Unfortunately, the federal judge ruled the government could keep the draft version secret, despite the fact that it was written 31 years ago about an event that happened more than 50 years ago.
The judge reasoned that the final volume was a draft not intended “for inclusion in the final publication” and therefore the ‘deliberative process’ exemption to FOIA applied, which provides an exemption to disclosure for documents that help government officials arrive at final agency policy positions. As McClatchy reported, “The judge agreed with the CIA assertion that release of Volume V would have a chilling effect on current CIA historians who might be reluctant to try out ‘innovative, unorthodox or unpopular interpretations in a draft manuscript’ if they thought it would be made public.”
The deliberative process privilege – when narrowly invoked – serves legitimate purposes. It is designed to provide lower level government employees with the freedom to express ideas, without fear of public disclosure if those ideas are not ultimately adopted by the agency. However, in this case, the (former) government employee who wrote the draft volume sought its release – through a FOIA request – 10 years ago. At the time, the information contained within the draft was still classified, so his request was denied. Now, however, the information is no longer classified, and, given that the person whose “deliberative process” the CIA is allegedly protecting sought the draft’s release, it is hard to understand what the public interest in protecting the document, 30 years after its creation, could possibly be.
Eurovision Song Contest Sets Stage for Online Protest
Last Thursday, Azeri hackers calling themselves Cyberwarriors for Freedom temporarily took down four different websites for the Eurovision Song Contest, which is being hosted by Azerbaijan this week. Hackers replaced the home pages with an Azeri-language message demanding that President Ilham Aliyev cancel the event. While they condemned the destruction of homes to make way for the Eurovision arena and the silencing of independent journalists, the hackers’ message also included homophobic language, calling the contest a “gay parade.”
While Azeri authorities continue to investigate the hacking, the International Partnership Group for Azerbaijan also launched a new campaign petitioning Eurovision performers to show support for human rights in Azerbaijan. The campaign echoes statements from Amnesty International and Human Rights Watch, who have called upon Azeri authorities to release detained opposition activists and guarantee free expression for peaceful protesters planning demonstrations before the contest.
The Azeri parliament is currently debating laws curtailing social media access, even though 78% of Azeris have never used the Internet and only 7% go online daily.
French Judicial Investigation Calls Out Amesys’ Complicity With Libyan Torture
The International Federation of Human Rights (FIDH) and the League of Human Rights (LDH) announced on Monday that Amesys, a subsidiary of the French defense firm Bull S.A., will be investigated for supplying the Gadhafi regime with electronic surveillance tools. Both NGOs have accused Amesys of complicity with the dictator’s crimes against humanity after NATO forces found equipment bearing the company logo in an abandoned security building in August 2011. FIDH and LDH originally filed their complaint against Amesys with a French civil party in October 2011.
A Wiredreport coinciding with the announcement of the French judicial investigation details Libyan Internet activism and government monitoring during the 2011 revolution. Amesys’ EAGLE Interception system was one of the many Western-built Internet surveillance systems that NATO found in the monitoring bunker. The EAGLE equipment suite can monitor Internet users beyond the scope of “lawful interception” wiretaps that require a warrant for a particular IP address. Instead, EAGLE uses “massive interception,” which can analyze all network communications and store them in a database that is searchable by keywords, dates, and user names or addresses.
If Amesys has to pay damages for working with Gadhafi during the revolutions, it will serve as a warning for Internet technology firms that sell to human rights abusers. Earlier this year, the United States Congress re-introduced the Global Online Freedom act, which seeks to restrict exports of surveillance or censorship technologies to Internet-restricting governments. While the bill is imperfect, its commitment to corporate accountability for human rights could inspire a set of legal best practices for multinational corporations that governments could use for future investigations of firms like Amesys.
Anonymous Hacks Indian Government Sites to Protest Blocking of Video-Sharing Services
The Indian Congress Committee and Supreme Court websites were both taken down by distributed denial-of-service attacks as part of Anonymous’ #OpIndia, which sought to chastise Indian Internet service providers for blocking video-sharing websites such as Vimeo. The ISPs acted in response to a state proposal for a UN Committee for Internet Related Policies (CIRP) that would give India’s ruling party discretion to censor all online content. This proposal comes in the wake of several movie piracy lawsuits that Indian and international media conglomerates have filed since February 2011.
These lawsuits have resulted in the issuance of court orders, known in India as “Ashok Kumar” orders, that ask all parties to halt the distribution, display, or download of particular movies. It is unclear why the ISPs chose to block entire websites, a move that removed access to considerable non-infringing content. Indian copyright law is similar to the American Digital Millennium Copyright Act in that intermediaries such as Vimeo and Dailymotion are actually protected from most copyright litigation. ISPs reported that they were following the temporary restraining order the Madras High Court recently published, which condemned “copying, recording, reproducing, camcording or communicating, or allowing others to communicate" the contents of the film 3 in any form.
Anonymous was not the only organization to protest the sloppy content-management of ISPs and Indian state lawyers. Sanjay Tandon, vice president of music and anti-piracy from Reliance Entertainment, stated, “Our requirement from ISPs has never been to block entire sites… ISPs just want to block the entire site because it’s less work than to identify content individually.”
South Korean Podcasters Accused of Breaking Election Law
Two hosts of the popular South Korean liberal podcast “Naneun Ggomsuda” (“I’m a Petty-Minded Creep”) have been summoned for questioning in regards to the Seoul Metropolitan Election Commission’s charges relating to the organization of eight large, public rallies showing support for the Democratic United Party. South Korea’s election laws prohibit any endorsement of candidates outside of a two to three-week official campaign period, but the rallies in question were held within ten days of the election. Typically, the government contacts the hosting providers of websites or media outlets found to have violated this rule before investigating citizen journalists, but the investigation of Kim Eo-Joon and Joo Jin-Woo began immediately following the election and has been ongoing for over a month.
South Korea has a rich history of arbitrarily censoring online free expression. In 2008, newly-elected conservative President Lee Myung-bak created the Korean Communication Standards Commission. This organization patrols the web for obscenity, national security threats, and defamation, and it has great latitude when defining standards for these offenses. Park Jeong Keun was slapped with a prison sentence last week for re-tweeting “self-evidently ludicrous missives” from North Korean regimes own Twitter account. After Park’s arrest earlier this year, Sam Zarifi, Asia-Pacific director of Amnesty International, said, "This is not a national security case; It's a sad case of the South Korean authorities' complete failure to understand sarcasm."
This week, the Supreme Court put to rest any doubt that when it invalidated a patent that added nothing novel to an otherwise unpatentable idea back in March, it was talking about software patents, too. In that case, Mayo v. Prometheus, the Court reviewed the three types of inventions that cannot be patented: laws of nature, natural phenomena, and abstract ideas and held that the patent at issue there—one covering diagnostic testing—represented nothing more than a law of nature, with “conventional steps, specified at a high level of generality,” appended. At the time, we commented that this ruling should likewise apply to software patents, so that merely adding a "conventional step" to an otherwise abstract idea would not make that abstract idea patentable (which is exactly what happened in the Ultramercial v. Hulu case). On Monday, the Supreme Court told the Federal Circuit to reconsider its Ultramercial ruling in light of Mayo, which sounds a lot like an endorsement that Mayo's limitations on patentable subject matter should extend to software, too.
When Mayo was first decided, we were pleased to see that the Supreme Court’s language included abstract ideas in its analysis. Of course, many consider most software, and the algorithms that form its basis, abstract ideas that should not be patented. So you can see why the Mayo ruling, applied to abstract ideas, would have the potential to limit some of the worst software patents we’ve seen.
Case in point: Ultramercial. We’ve written about this dangerous ruling before (here and here), but, in case you missed it, there the Federal Circuit upheld a patent that merely claimed a process for doing no more than viewing ads online before accessing copyrighted content. The court claimed that the patent was not abstract because the steps were completed on the Internet, despite the fact that the underlying idea—viewing ads in exchange for content—was indeed abstract. Essentially, if more courts and the Patent Office follow Ultramercial, the mere act of performing an abstract idea on the Internet would somehow make that otherwise abstract idea no longer abstract. Given the myriad ways in which the world is moving online, you can see just how badly this could go.
Lately, many have argued about whether the Mayo ruling would apply to software, too. We think it clearly should, and does. It seems the Supreme Court thinks so, too. We hope the Federal Circuit will get it right this time and strike Ultramercial from the books.
It is a testament to the enduring success and growing importance of the Internet that the original space of over four billion addresses has effectively been exhausted. Workarounds are in common use to share and reuse addresses, making this a problem that most users can continue to ignore for now. On the other hand, it already forces network engineers to work under difficult constraints and justify each request for a new address. Serving a variety of hostnames from only one IP address can make SSL certificate management complex, adding a needless obstacle to HTTPS adoption. Address scarcity also presents a serious roadblock to new ISPs, especially outside North America. As every new mobile device service is now an ISP too, the problem is only accelerating.
IPv6 solves this issue by starting out with a much larger block of addresses. Famously, the address space of 2128 is large enough to assign almost 5 x 1028, or 50 billion billion billion, addresses to every living human. The protocol also includes built-in features for configuration and encryption that have traditionally been performed by other software running on top of the IP network layer, and support for extremely large frame sizes for future scalability.
The transition to IPv6 presents some privacy concerns that users should be aware of. As first conceived, a portion of an IPv6 address would be generated from a device's MAC address, making it possible for every remote machine a user communicates with to calculate the unique hardware identity of the user's machine. That allows sites and services anywhere in the world to recognize and track the user's device forever. The sparse address space and decreased need to pool IP addresses with Network Address Translation also make it easier to uniquely identify and track a user.
However, more and more operating system vendors are including plugins to mitigate these concerns and, better yet, enabling them by default. IPv6 support is also available from the Tor Project, but for now you will need to know the address of an IPv6 bridge to use it. As more people adopt IPv6, we should all be vigilant about protecting our privacy, but right now we see no serious hurdles that should warrant putting off IPv6 adoption.
Because the IPv6 protocol follows the standard TCP/IP networking model and sits squarely on the Internet layer, many IPv4 applications can be updated to add IPv6 support with only small changes. For site operators like EFF, the changes can be almost as simple as updating the server software's configuration file to include its IPv6 address and adding IPv6 'AAAA' domain name records. We also recommend configuring an IPv6 aware firewall, such as ip6tables for GNU/Linux.
If getting ready for the Internet of the future is so easy, why hasn't everyone already done it? Unfortunately, for major hosting providers and ISPs, it can be a much bigger task. In order to provide your server with a v6 IP address, they might need to upgrade a significant portion of their network infrastructure. Very few home ISPs offer IPv6, and home routers with IPv6 support haven't been on the shelves for very long. Until demand increases, uptake might be slow, and with workarounds to share IPv4 addresses in place demand remains low. The organizations taking part in World IPv6 Launch Day are helping to change this picture.
If your ISP or hosting provider doesn't offer native IPv6, you can still offer connectivity or start using IPv6 care of a transition technology whereby v6 traffic is tunneled through an IPv4 address. A number of providers and client packages can help make configuring this scenario relatively painless.
www.eff.org will launch over IPv6 on June 6, 2012. Due to hosting limitations, our other sites and services will follow at an as yet undetermined date. In the meantime, future-proofed users can enjoy a preview at ipv6.eff.org.