The saga of the lost iPhone prototype -- the 2010 incident at least, not the most recent one -- has finally concluded. On Tuesday, Brian Hogan (who allegedly found the iPhone 4 prototype in a Redwood City bar) and Sage Wallower (who allegedly helped Hogan contact various web sites about the find) pleaded no contest to misdemeanor theft and were sentenced to probation, 40 hours of community service, and $250 each in restitution payments to Apple.
As part of the criminal investigation surrounding the incident last year, agents with the Rapid Enforcement Allied Computer Team (REACT), a "partnership of 17 local, state, and federal agencies" focused on computer-related crime in the Bay Area, executed a warrant and raided the home of Gizmodo editor Jason Chen, searching for evidence related to Gizmodo's scoop about the lost phone. As we repeatedlypointed out at the time, regardless of whether Chen or Gizmodo could have been charged with any crime related to obtaining and discussing the phone, state and federal law plainly barred the issuance and execution of the search warrant directed at journalist-held information "obtained or prepared in gathering, receiving or processing of information for communication to the public." While never discussing the matter directly, the San Mateo D.A.'s office tacitly conceded as much three months later when they petitioned the court to withdraw the warrant.
It turns out that prosecutors concluded that neither Chen nor Gizmodo did anything wrong after all. Legally, that is. Speaking to CNET.com earlier this week, San Mateo County District Attorney Steven Wagstaffe said that there was not sufficient evidence to charge anyone associated with the tech site with "possession of stolen property" or "extortion." Nevertheless, Wagstaffe took it upon himself to deride the quality of the improperly-seized, unpublished correspondence between the Gizmodo editors, describing it as "juvenile."
"It was obvious that they were angry with the company about not being invited to some press conference or some big Apple event. We expected to see a certain amount of professionalism--this is like 15-year-old children talking," Wagstaffe said. "There was so much animosity, and they were very critical of Apple. They talked about having Apple right where they wanted them and they were really going to show them."
San Mateo law enforcement officers are in no position to comment on professionalism in this matter. Illegally breaking into the home of a journalist and seizing his property is profoundly troubling, especially as law enforcement shows no apparent sign of remorse or of learning from their mistake. Indeed, one cannot avoid feeling a sense of deja vu upon hearing the recent news of the questionable police-escorted search of a San Francisco home by Apple employees apparently looking for another lost iPhone prototype. As it was their agents who did not comply with the law, Wagstaffe and the San Mateo County Sheriff's Office owe Chen and Gizmodo an apology, not snide commentary, now that the matter has concluded.
Just three months ago, we at EFF expressed our disappointment with Australia's two largest Internet service providers (ISPs), Telstra and Optus, for agreeing to implement a filtering scheme after a filtering bill from the Australian government failed to pass.
The blocked sites were to include "the appropriate subsection of the Australian Communications and Media Authority (ACMA) blacklist as well as child abuse URLs that are provided by reputable international organisations," according to News.com.au. Now, in conjunction with the Christian organization Mothers' Union, UK Prime Minister David Cameron has decided to take similar measures, enacting a plan with four of Britain's major ISPs—BT, TalkTalk, Virgin, and Sky—to block access to pornography, gambling, self-harm, and other blacklisted websites. The "good news" is that the filtering isn't mandatory: New customers will be required to select between a filtered and unfiltered connection, while existing customers will be offered the same choice via email. The bad news, on the other hand, is extensive.
First, the plan lacks transparency. The blocked categories are vague in nature, and the list's origins unknown. Not only do the categories contain legal content in some cases, but there is significant room for overblocking. For example, one filtering tool used by several Middle Eastern governments categorizes Tumblr.com as pornography, because several pornographic blogs are hosted on the platform.
Second, customers of ISP TalkTalk who opt out are still monitored, says University of Cambridge security research Richard Clayton, who in May noted a series of privacy concerns relating to TalkTalk's use of the HomeSafe system, the same system the ISP intends to use for filtering. According to Clayton, "the company scans all web addresses that its customers visit regardless of whether they have opted-in to the service."
Third, opt-in services create privacy concerns. Users who choose to opt out of the "bad" content filter are then on one list. The plan does not in include privacy protections for the people who choose to opt out. The list could potentially be made public, shaming users who would prefer their Internet with its pornography, gambling, and self-harm websites intact.
Lastly, as ZDNet's Violet Blue points out, the decision by PM Cameron and Mother's Union is based on the Bailey Report [PDF], a UK Department for Education report that relied heavily upon phone surveys with parents, input from Christian organizations, and a Murdoch-funded Australia Institute report entitled Youth, Sex, and the Internet.
Time and time again, filtering based on blacklists has proven to be overbroad, blocking access to some offensive websites at the cost of many legitimate ones. Parents have plenty of Internet filtering options which they can implement by installing software on their computers at home without having to resort to filtering at the ISP level, especially given the potential privacy risks this plan may pose for Internet users throughout the UK.
For the past six months, EFF has strongly supported SB 914, a bill recently passed by the California state legislature that would require police officers to get a warrant before searching through an arrested suspect’s cell phone.
Last month, the bill received overwhelming support from both Democrats and Republicans, passing the California State Assembly 70-0 and then the State Senate, 32-4. Despite such strong bipartisan support, Governor Brown disappointingly vetoed the bill (PDF) yesterday.
SB 914, written in response to the California Supreme Court decision in People v. Diaz, upheld basic constitutional principles. It just maintained Fourth Amendment protection to the contents of cell phones, requiring officers to show a judge there is probable cause that the phone has evidence of a crime before it is searched incident to arrest.
The bill was strongly opposed by law enforcement groups, yet SB 914’s effect on the police’s ability to do its job would be almost non-existent. As we pointed out in May, “cell phones pose no danger to the police, the threat of destruction of evidence can be easily remedied through simple preservation methods, and many arrests do not result in criminal prosecution at all.”
Privacy rights, however, will now take a major hit thanks to Gov. Brown’s veto.
As we warned when the bill was up for a vote, “Without SB 914, officers can use a pretextual arrest to casually browse the data on a person's cell phone for any reason, even if that person is never charged with a crime.” Smart phones, of course, contain a wealth of personal information, far beyond just call logs and address books. They store text messages, emails, photo albums, Internet browsing history and GPS location technology – and police will have unfettered access to all of it, even if they don’t suspect there is any evidence of a crime on the device.
This should be especially concerning for Californians involved in large protests and rallies. As we've seen in the recent Occupy Wall Street protests in New York, Seattle, Boston, and now San Francisco, the police have arrested protestors under a variety of pretenses. With Governor Brown’s veto, law enforcement will now be free to search through the cell phone of any arrested protestor and use its contents as evidence for alleged crimes that may have nothing to do with protesting. Because individuals in such circumstances don't have court or legislative protection in California, they should be aware of just what kinds of information are stored in their mobile devices. Where possible, they should also consider taking technical steps, such as disk encryption, to protect their data.
Despite the obvious privacy concerns, Governor Brown’s statement noted “Courts are better suited to resolve the complex and case specific issues relating to constitutional search-and-seizures protections.”
But as law professor Orin Kerr explained, Governor Brown actually has it backwards: a temporary legislative fix is much preferable to waiting for the courts.
It is very difficult for courts to decide Fourth Amendment cases involving developing technologies like cell phones. Changing technology is a moving target, and courts move slowly: They are at a major institutional disadvantage in striking the balance properly when technology is in flux…In contrast, legislatures have a major institutional advantage over courts in this setting. They can better assess facts, more easily amend the law to reflect the latest technology, are not stuck following precedents, can adopt more creative regulatory solutions, and can act without a case or controversy.
In fact, just last week, the United States Supreme Court declined to hear an appeal of California v. Diaz, ensuring the ultimate issue would remain unresolved by the nation’s highest court in the near future.
SB 914 was a much-needed fix for privacy violations happening now. Two cases, both decided in the last few weeks, are stark examples of where the Diaz decision is rapidly taking us. The routine privacy violations that EFF predicted would happen are now real and dangerous and we need legislative action to correct them.
In In re Alfredo C(PDF), police arrested a juvenile suspected of vandalism for spray painting graffiti in an alley. Despite being caught literally red handed, with spray paint on his hands and clothing, officers searched the juvenile, found a digital camera, and searched it without a warrant. The search was found reasonable on the basis of Diaz.
Similarly, in People v. Nottoli, (PDF) the defendant was pulled over for speeding. While talking with the defendant, officers suspected he was under the influence of drugs and placed him under arrest. Despite finding plenty of evidence of drug use in the defendant’s car, officers decided to nonetheless search his cell phone without a warrant. Again, the court found that the opinion in Diaz justified the search.
While Governor Brown’s veto of SB 914 is a setback for cell phone privacy, we will continue to fight for your rights. With strong support from both parties in the California state legislature, as soon as the bill can be brought up again, EFF will make sure Governor Brown reconsiders his extremely disappointing decision.
Canada is a popular destination for those who like to fish, but the Canadian government is attempting to spark what may be the country’s largest-ever fishing expedition into its citizens’ private online data.
Supporters of Canada’s “lawful access” legislation were foiled on September 20th when they were pressured to withdraw proposed warrantless digital surveillance measures from an omnibus crime bill. While this is certainly a step in the right direction, Canadian Justice officials say they are “committed to reintroducing” the bills. We must halt this assault on civil liberties in Canada.
The legislative proposals, expected to reincarnate former bills C-50, C-51 and C-52, would allow Canadian authorities to force Internet service providers to disclose private customer data without a warrant. This information included the name, address, phone number, IP address, email address, and other records about subscribers that could provide a detailed profile of online activity. In past iterations, the cluster of bills that make up “lawful access” also mandated surveillance technologies for Internet service providers, broadened police powers, and gave online service providers carte blanche immunity to spy on their customers on behalf of the police.
These measures would give authorities backdoors through which they can access data generated during the creation, transmission, or reception of a communication, including its origin and destination. The proposed Canadian “lawful access” legislation would in some circumstances even ban online service providers from even telling subscribers that their private data has been disclosed - undermining opportunities to challenge basic violations of privacy.
Your IP address can tell authorities what websites you visit and who you communicate with. It could reveal otherwise anonymous online identities, your social networking contacts, and even at times your physical location via GPS. Just this amount of data linked to your real identity could be used to create a nicely detailed police profile – all without any suspicious activity or legal justification. Oh Canada!
Canada’s provincial and federal Privacy Commissioners, who take Canadians’ personal privacy seriously, have sent an unprecedented joint letterto the Government expressing their concerns about this legislation. Careful Canadians, who rightly believe that their personal data is worth protecting, are fighting against the creation of a freewheeling surveillance state. Even Canada’s own police association seems wary of gaining access to personal data without first asking a judge.
If you are not alarmed by this legislation, you should be. “Lawful access” is the misshapen offspring of the Cybercrime Convention. Countries have been using this treaty as an excuse to invade citizens’ privacy for a decade since it was first enacted. Canada’s surveillance initiative is akin to Australia’s, where citizens are fighting their own overbroad online surveillance laws.Many of these new surveillance powers go far beyond the Convention’s intended levels of intrusiveness. Of course, our personal data is even more vulnerable now that we store so much of it in the cloud with third party service providers.
Canadians have so often been a voice of calm reason during international debates; now we must come to their defense before the right to privacy and anonymous free expression in Canada is gutted like – well, a fish.
The word is certainly out that the Canadian government is trying to push through fishy “lawful access” legislation. A petitionhas been launched by Canadian civil society groups, hosted by OpenMedia.ca, and has already been signed by more than 70,000 people. You should sign it too. And speak out against this proposed legislation in your blogs and social networks.
Tell your Canadian friends that putting their fellow citizens under digital surveillance should require a warrant and notification to subscribers. Insist that the Canadian Parliament thoroughly vets this reckless legislation and ensures that any “lawful access” scheme includes robust oversight and effective audit and reporting requirements. As the Canadian national anthem says: "The True North strong and free!”
On Saturday October 1st, eight countries (the United States, Australia, Canada, Japan, Morocco, New Zealand, Singapore, and South Korea) signed the Anti-Counterfeiting Trade Agreement (ACTA) in Tokyo, Japan. Three of the participating countries (the European Union, Mexico, and Switzerland) have not yet signed the treaty, but have issued a joint statement affirming their intentions to sign it “as soon as practicable.” ACTA will remain open for signature until May 2013. While the treaty’s title might suggest that it deals only with counterfeit physical goods such as medicines, it is in fact far broader in scope. ACTA contains new potential obligations for Internet intermediaries, requiring them to police the Internet and their users, which in turn pose significant concerns for citizens’ privacy, freedom of expression, and fair use rights.
EFF was one of the first groups to raise the alarm about ACTA, when negotiations were first announced by the U.S. Trade Ambassador, the European Union, and Japan in October of 2007. From the beginning, we were deeply concerned about the lack of transparency in the negotiating process. The U.S. Trade Representative (USTR) drafted a confidentiality agreement, signed by all parties, which purported to prohibit negotiating countries from disclosing any information about ACTA. Nevertheless, several versions of the trade agreement text and accompanying negotiating documents were leaked to the public, which allowed legal scholars from the participating countries to effectively analyze the impact of ACTA on many different countries with differing legal regimes and regulatory policies. The combination of scholarly analysis and pressure from civil society has helped to rein in the treaty. Many of the most concerning specific provisions that were present in preliminary versions of ACTA, such as requirements for ISPs to adopt Three Strikes Internet disconnection policies, were eliminated from the "final" version released by the USTR in May 2011.
Controversy over ACTA in the United States is far from over. Senator Ron Wyden has sent a letter to President Obama asking why the administration believes that ACTA does not require formal approval from Congress. Wyden goes on to point out that legal scholars have repeatedly raised concerns that ACTA is not consistent with US law and if the USTR ratifies ACTA without Congressional consent, it may be circumventing Congress' Constitutional authority to regulate international commerce. The letter goes on to say:
The executive branch lacks Constitutional authority to enter a binding international agreement covering issues delegated by the Constitution to Congresses' authority, absent Congressional approval.
Meanwhile, Brazil's parliament is debating proposed "Anti-ACTA" legislation, with provisions for the protection of net neutrality and the privacy and personal data of individuals, in direct opposition to language in ACTA which gives copyright holders carte blanche to demand trafic logs from ISPs to identify alleged offenders.
Unfortunately, rightholders' efforts to use multi-lateral treaties to enforce their intellectual property rights across the world may not end with ACTA. A leaked version of the IP chapter of the Trans Pacific Partnership Agreement (TPP), which is currently being negotiated by nine countries (U.S., Australia, Peru, Malaysia, Vietnam, New Zealand, Chile, Singapore, and Brunei) indicates that U.S. negotiators are pushing for the adoption of copyright measures far more restrictive than ACTA. Like ACTA, TPP is being negotiated rapidly and with little transparency. Negotiating countries hope to complete the agreement by November 2011. If you are in the U.S., now is the time to contact your lawmakers and demand transparency around TPP.
Part two in a short series on EFF’s Open Source Security Audit
Our recent security audit of libpurple and related libraries got us thinking about the general problem of open source security auditing, and we wanted to share what we’ve learned. Free and open source software that happens to be community-supported can be challenging from a security perspective. There is a fair amount of recent literature on this topic, and it is debatable whether openly readable source code helps defenders more than it helps attackers. The key issue is not about source code but the fact that community-based open source software projects often lack the organized resources of their corporate cousins. If large corporate projects choose to prioritize security, they can usually afford to hire experts to do regular security reviews; community projects need to find and coordinate volunteers with this specialized focus. In an environment where developers are stretched thin and often have a wide array of responsibilities, the search for security bugs may be less organized and lag behind. How do we combat this problem? How can we ensure good security in a world where vulnerabilities in important open source software can have disastrous consequences for users all over the world?
These are hard questions without simple answers. Yet although there are weaknesses to free, community-supported open source, there are also strengths: one can take advantage of crowdsourcing, open discussion, and can often give integrated updates with less hassle due to friendlier and sane licensing. In order to take advantage of the strengths while mitigating the weaknesses, we think that there are some design choices that these projects can make to drastically cut down on the amount of effort that will be required to do security auditing. These suggestions are by no means original, but we think are even more important to emphasize within the framework of the community-supported open source.
Make the code as simple, modular, and easy to understand as possible. To take advantage of volunteer effort to crowdsource security auditing, the barrier to entry for understanding the code has to be quite low. Modularity in itself helps improve security, but it also helps people take a look at one aspect of the code without having to digest the possibly complicated way that it all hangs together.
Treat every bug as potentially guilty of being a security vulnerability until proven innocent. There can be disastrous consequences to miscategorizing a security threat as benign or publishing security leaks too widely. Though publishing bugs openly helps community development and we want to encourage this practice, we would advise being cognizant about certain classes of bugs that should set off a security risk flag:
Memory bugs: wild or null pointer dereference, use after free, stack or heap corruption, etc.
User input bugs: unvalidated user input, unconstrained memory controlled by the user.
Exploit mitigation bugs: broken or missing mitigations such as ASLR, stack canaries, array bounds checking, ELF hardening, etc.
Avoid using native code (i.e. C/C++) if at all possible in situations where one needs to make security guarantees; instead opt to use a Very High Level Language by default. Although the choice of language is a contentious issue, one can resolve the question scientifically with tests. In particular, one should establish quantified performance requirements; try tuning the hot-spots; try writing only small sections of native code with VHLL bindings. Native code is not type-safe or memory-safe and opens one up to an entire class of attack vectors based on vulnerabilities such as such as buffer overflows and double free bugs. By choosing a VHLL, one effectively eliminates the possibility of being attacked this way.
Avoid giving the user options that could compromise security, in the form of modes, dialogs, preferences, or tweaks of any sort. As security expert Ian Grigg puts it, there is “only one Mode, and it is Secure.” Ask yourself if that checkbox to toggle secure connections is really necessary? When would a user really want to weaken security? To the extent you must allow such user preferences, make sure that the default is always secure.
In some respects our review only scratched the surface of libpurple, GnuTLS and libxml2. In addition to encouraging developers to follow the bullet points above, we also would like to encourage security experts who rely on open source software to get involved in the security auditing effort. Your expertise is invaluable, and writing security patches is just about the nicest thing you can do.
For its 800 millions users, logging out of Facebook is not something done idly. Closing the Facebook tab won’t do it. Closing your browser won’t do it unless you’ve adjusted the settings in your browser to clear cookies upon closing. And Facebook has buried the log-out button so that it isn’t apparent from your Facebook main page or profile page. This doesn’t mean that logging out of Facebook is difficult; it’s not. But this does indicate that when someone logs out of Facebook, they are doing so purposefully. They aren’t just stepping outside of Facebook; they’re closing the door behind them.
On September 25th, 2011, Nik Cubrilovic, a hacker and writer, published a blog post1 that showed that a particular Facebook session cookie wasn’t being deleted after a user logged out. He noted that the session cookie included your Facebook user id number, which would presumably facilitate Facebook associating any data they collected about your browsing the web with your Facebook account. Cubrilovic’s review showed that, based on what the cookies were transmitting, Facebook could easily connect some of your browsing habits to your unique Facebook account.
This set off a storm of media coverage, but much of it lacked a detailed analysis of what Facebook is actually tracking and an understanding of how this could influence pending privacy legislation in Congress.
What Does Facebook Really Track?
Facebook sets two types of cookies: session cookies and tracking cookies.
Session cookies are set when you log into Facebook and they include data like your unique Facebook user ID. They are directly associated with your Facebook account. When you log out of Facebook, the session cookies are supposed to be deleted.
Tracking cookies - also known as persistent cookies - don’t expire when you leave your Facebook account. Facebook sets one tracking cookie known as 'datr' when you visit Facebook.com, regardless of whether or not you actually have an account. This cookie sends data back to Facebook every time you make a request of Facebook.com, such as when you load a page with an embedded Facebook 'like' button. This tracking takes place regardless of whether you ever interact with a Facebook 'like' button. In effect, Facebook is getting details of where you go on the Internet.
When you leave Facebook without logging out and then browse the web, you have both tracking cookies and session cookies. Under those circumstances, Facebook knows whenever you load a page with embedded content from Facebook (like a Facebook 'like' button) and also can easily connect that data back to your individual Facebook profile.
Based on Cubrilovic’s recent findings, there was also a period of time when you kept a session cookie after logging out of Facebook, allowing Facebook to easily associate your web browsing history and your Facebook account. Facebook says they’ve addressed this issue, and that now all session cookies are deleted at log out.
But there have been other concerns around Facebook tracking, including an issue that has surfaced three times in the last year. Dutch doctoral candidate Arnold Rosendaal, independent security researcher Ashkan Soltani, and Stanford doctoral candidate and law student Jonathan Mayer have each discovered instances in which Facebook was setting tracking cookies on browsers of people when they visited sites other than Facebook.com. These tracking cookies were being set when individuals visited certain Facebook Connect sites, like CBSSports. As a result, people who never interacted with a Facebook.com widget, and who never visited Facebook.com, were still facing tracking by Facebook cookies.
But there’s yet another layer to this, a layer often glossed over by mainstream coverage of this issue: Facebook can track web browsing history without cookies. Facebook is able to collect data about your browser – including your IP address and a range of facts about your browser – without ever installing a cookie. They can use this data to build a record of every time you load a page with embedded Facebook content. They keep this data for 90 days and then presumably discard or otherwise anonymize it. That's a far cry from being able to shield one’s reading habits from Facebook.
For its part, Facebook admits they collected the data through the accidental setting of tracking cookies and the failure to delete session cookies upon log out - but says these were oversights. They say that the issues are now resolved. They expanded their help section and sent us this statement:
Our intentions stand in stark contrast to the many ad networks and data brokers that deliberately and, in many cases, surreptitiously track people to create profiles of their behavior, sell that content to the highest bidder, or use that content to target ads on sites across the Internet.
The Trust Gap
For users concerned about privacy, this statement is small consolation. It’s clear that Facebook does extensive cross-domain tracking, with two types of cookies and even without. With this data, Facebook could create a detailed portrait of how you use the Internet: what sites you visit, how frequently you load them, what time of day you like to access them. This could point to more than your shopping habits – it could provide a candid window into health concerns, political interests, reading habits, sexual preferences, religious affiliations, and much more.
Facebook insists they aren’t misusing the data they are collecting. The question is then: do we as Internet users trust Facebook? Do we trust them not to connect our data with our Facebook profiles, sell it to marketers, or provide it to the government upon request? If Facebook’s business model becomes less profitable in the coming years, do we trust them to continue to not connect tracking data to profiles? If the government brings pressure to bear on Facebook, do we trust Facebook to stand with users and safeguard the data they’ve collected? And, do we believe that Facebook isn’t actually connecting browsing data to profiles now, given their history of mistakes when it comes to tracking and the clear market incentive they would derive from that sort of connection?
This is the “trust gap”- the space between what Facebook promises they are doing with the data they are collecting and what we as Facebook users can reasonably trust them to do. And, when it comes to safeguarding the sensitive reading habits of millions of users, the trust gap is pretty wide.
Could Privacy Snafus Spur Privacy Legislation?
If you are uneasy with Facebook’s cross-domain tracking, you aren’t alone. This has led to a call from lawmakers as well as privacy advocates to have the FTC investigate whether Facebook deceived users by tracking logged-out users. And a group of 6 Facebook users has filed suit against Facebook over this issue.
This newest privacy snafu could prod legislators into moving on one of the many online privacy bills that have been introduced this year. Users’ unease with the quickly-evolving technical capabilities of companies to track users, combined with the abstruse ways in which that data can be collected (from social widgets to super cookies to fingerprinting), has resulted in a growing user demand to have Congress provide legal safeguards for individual privacy when using the Internet.
Unsurprisingly, Facebook hopes that its brand of data collection through ‘like’ buttons won’t be subject to federal regulation. According to AdAge, Facebook sent an “army of lawyers” to Washington to convince Senators McCain and Kerry to carve out exceptions to their recently introduced privacy bill so that Facebook could track their users via social widgets on other sites (dubbed the "Facebook loophole"). But while Kerry and McCain may have acquiesced to Facebook's requests, Senator Rockefeller did not. He introduced legislation that would empower the FTC to create rules around how best to protect users online from pervasive online tracking by third parties.
Facebook seems keen to influence future legislation on these issues. They recently filed paperwork to form a political action committee that will be "supporting candidates who share our goals of promoting the value of innovation to our economy while giving people the power to share and make the world more open and connected."
We hope that these efforts to influence politicians won't come at the cost of strong protections for user privacy on the Internet. As the situation currently stands, the resources available to governments and corporations to track users across the Internet far outstrip the resources of the average user to fend off such tracking. And from all appearances, self-regulation by industry is failing.
What You Can Do
If you find yourself creeped-out by being tracked by Facebook on non-Facebook sites, then you have a few options to protect yourself and voice your concerns.
Adjust the settings in your browser to delete all cookies upon closing. Clear your cookies when leaving a social networking site, and log out of Facebook before browsing the web. You should consider having one browser strictly for logging into your Facebook account and one browser for the rest of your web usage.
Support privacy legislation like the Rockefeller Do Not Track bill, which will give users a voice when it comes to online tracking.
1. According to his blog, Cubrilovic says he’s been trying to inform Facebook of these issues since November 14, 2010
Tomorrow, October 11, Egyptian blogger Maikel Nabil Sanad will have reached the 50th day of his hunger strike. Arrested in March, Sanad was later sentenced, by a military court, to three years in prison for accusing the military of having conducted virginity tests on female protesters (a charge later found to be true) and stating that "the army and the people are not one," a statement that runs counter to much of the sentiment expressed in Tahrir Square throughout January. In August, Sanad began a hunger strike in the hopes that it would "draw public attention to his plight and force the ruling military council to reconsider what he describes as the military’s 'discriminatory' policies," according to Shahira Amin of Index on Censorship.
Sanad himself has written from prison, sending missives via the site MidEast Youth. Sanad's father also recently wrote a letter of support for his son, citing his mental and physical state and calling for his immediate release.
A call for free expression in Egypt In post-revolutionary Egypt, free expression is not yet a guarantee. Numerous activists have been investigated by the ruling Supreme Council of Armed Forces (SCAF), while, between February and September, 11,879 people had been tried or investigated by military courts. Though Sanad's case has garnered minimal support in Egypt due to his stance on Israel (which he has supported for what he calls its "democratic values and freedom of expression"), calls for his release persist. Paraphrasing Evelyn Beatrice Hall, Professor Rasha Abdulla of the American University of Cairo recently wrote that, while she does not support Sanad's points of view, "as someone who has always been a staunch supporter of freedom of thought and expression, I will defend to the death his right to say them." Yesterday, Field Marshal Mohamed Hussein Tantawivowed to end to military trials "with notable exceptions," which many see as too little, too late. Among the exceptions is the crime of "spreading false information about the military," the same crime for which Sanad was initially charged.
EFF reiterates our call for the immediate release Maikel Nabil Sanad. If Sanad remains in prison, he will die.