Skip to main content

EFFector - Volume 21, Issue 6 - Open Source Advocate, Canadian Copyfighter, and AT&T Whistleblower Win Pioneer Awards

EFFector Vol. 21, No. 6  February 22, 2008

A Publication of the Electronic Frontier Foundation
ISSN 1062-9424

In the 459th Issue of EFFector:
 * Open Source Advocate, Canadian Copyfighter, and AT&T
Whistleblower Win Pioneer Awards
 * FOIA Document Shows Improper FBI Access to Entire
Domain's Email
 * Research Team Finds Security Flaw in Popular Disk
Encryption Technologies
 * House Democrats Call Bush's Bluff
 * White House Admits that Defendants in Telecom Cases
Assisted in Wiretapping Program
 * No Immunity for Unknown Unknowns
 * Telecoms Say They Won't "Protect America" If They Don't
Get Their Way
 * Total Election Awareness
 * EU: Printer Tracking Dots May Violate Human Rights
 * As Evidence of Piracy Weakens, House Passes Overbearing
"Campus Digital Theft Prevention" Requirements
 * Come See EFF at the O'Reilly Emerging Technology
 * EFF at Plutopia! SXSW Interactive Gathering of Tribes
 * Come Hear EFF Speakers at the SanFran MusicTech Summit!
 * miniLinks (7): Wikileaks still online
 * Administrivia

For more information on EFF activities & alerts:

Make a donation and become an EFF member today!

Tell a friend about EFF:

effector: n, Computer Sci. A device for producing a desired

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* Open Source Advocate, Canadian Copyfighter, and AT&T
Whistleblower Win Pioneer Awards

Mitchell Baker and the Mozilla Foundation, Michael Geist,
and Mark Klein to be Honored at San Diego Award Ceremony

San Diego - The Electronic Frontier Foundation (EFF) is
pleased to announce the winners of its 2008 Pioneer Awards:
the Mozilla Foundation and its Chairman Mitchell Baker,
University of Ottawa Professor Michael Geist, and AT&T
whistleblower Mark Klein.

The award ceremony will be held at 7pm, March 4th at the
San Diego Marriott Hotel and Marina in conjunction with the
O'Reilly Emerging Technology Conference (ETech). Michael
Robertson -- founder and CEO of, Linspire, MP3Tunes
and Gizmo5 -- will give the awards' keynote address: "What
to Expect When You're Expecting...To Be Sued."

Mitchell Baker is the Chairman of the Mozilla Foundation,
which is dedicated to promoting openness, innovation, and
opportunity on the Internet through its sponsorship of the
open-source Mozilla project. The Mozilla Foundation
provides grants, legal services, and other support for
development projects involving the Firefox browser, the
Thunderbird email application, and other Mozilla software.
Baker was previously the attorney at Netscape responsible
for all legal issues related to product development and
intellectual property protection. During that time she
wrote the Netscape and Mozilla Public Licenses.

Dr. Michael Geist is a law professor at the University of
Ottawa. Last year, he led the public protest to proposed
Canadian copyright law changes that would have devastated
consumers' technology rights. The groundswell of opposition
caused the government to rethink and ultimately cancel
introducing the legislation. Geist serves on the Privacy
Commissioner of Canada's Expert Advisory Board and on the
Canadian Digital Information Strategy's Review Panel. Geist
is also an internationally syndicated columnist on
technology law and writes a popular blog on the Internet
and intellectual property issues.

Mark Klein is a retired AT&T telecommunications technician
who blew the whistle on the government's warrantless
surveillance program. When news reports of illegal spying
surfaced in December of 2005, Klein realized that he had
been witness to -- and participated in setting up --
massive surveillance technology that violated the rights of
millions of Americans. In early 2006, Klein brought EFF
authenticated documents showing how AT&T diverted
customers' communications to a room controlled by the
National Security Agency. EFF now represents AT&T customers
in a class-action lawsuit over the illegal spying.

"The Pioneer Award winners this year show us how one person
can truly make a difference in our digital world," said EFF
Executive Director Shari Steele. "It's hard work to protect
freedom, and we are so grateful for the invaluable
contributions of Mitchell, Michael, and Mark."

Since 1991, the EFF Pioneer Awards have recognized
individuals and organizations that have made significant
and influential contributions to the development of
computer-mediated communications and to the empowerment of
individuals in using computers and the Internet. Past
winners include World Wide Web inventor Tim Berners-Lee,
Linux creator Linus Torvalds, and security researcher Bruce
Schneier, among many others.

The winners of the 17th annual Pioneer Awards were
nominated by the public and then chosen by a panel of
judges. This year's panel includes Kim Alexander (President
and founder, California Voter Foundation), Esther Dyson
(Internet court jester and blogger, Release 0.9; founding
chairman of ICANN; former chairman of EFF), Mitch Kapor
(President, Kapor Enterprises; co-founder and former
chairman EFF), Drazen Pantic (Co-director, Location One),
Barbara Simons (IBM Research [Retired] and former president
ACM), James Tyre, (Co-founder, The Censorware Project; EFF
policy fellow) and Jimmy Wales, (Founder, Wikipedia;
co-founder, Wikia; chair emeritus of the Wikimedia

TCHO is the Platinum Sponsor for the 2008 Pioneer Awards
ceremony. TCHO is a new chocolate company for a new
generation of chocolate enthusiasts. Founded by Wired
co-founder Louis Rossetto and legendary chocolatier and
former technologist Timothy Childs, TCHO will sample a
"beta release" of their dark chocolate during the awards
ceremony. Attendees are invited to taste two different
formulas and vote for their favorite. Feedback directly
influences the national release bar. Learn more about TCHO

Bronze sponsors of the event include Atomic PR, Barracuda,
JibJab, MOG, and Three Rings.

Tickets to the Pioneer Awards ceremony are $35. If you plan
to attend, RSVP to You can also pay for
your tickets in advance at:

Members of the media interested in attending the event
should email:

For more on attending the Pioneer Awards:

For this release:

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* FOIA Document Shows Improper FBI Access to Entire
Domain's Email

According to a document obtained by the Electronic Frontier
Foundation through the Freedom of Information Act, an
"apparent miscommunication" resulted in unauthorized FBI
access to an entire domain's email, rather than the single
email account the Bureau had permission to monitor. As Eric
Lichtblau of the New York Times reported:

  "A technical glitch gave the F.B.I. access to the e-mail
messages from an entire computer network -- perhaps
hundreds of accounts or more -- instead of simply the lone
e-mail address that was approved by a secret intelligence
court as part of a national security investigation,
according to an internal report of the 2006 episode."

The revelation speaks directly to a problematic result of
the expansion of electronic surveillance: "government
officials, or the private companies they rely on for
surveillance operations, sometimes foul up their
instructions about what they can and cannot collect."

To learn more about EFF's open government work and FOIA
litigation, click here.

For the document exposing the unauthorized FBI access to

For the New York Times article by Eric Lichtblau (log-in
may be required):

For this complete post by EFF Staff Attorney Marcia

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* Research Team Finds Security Flaw in Popular Disk
Encryption Technologies

Laptops in "Sleep" or "Hibernation" Mode Most Vulnerable to

San Francisco - A team including the Electronic Frontier
Foundation, Princeton University, and other researchers
have found a major security flaw in several popular disk
encryption technologies that leaves encrypted data
vulnerable to attack and exposure.

"People trust encryption to protect sensitive data when
their computer is out of their immediate control," said EFF
Staff Technologist Seth Schoen, a member of the research
team. "But this new class of vulnerabilities shows it is
not a sure thing. Whether your laptop is stolen, or you
simply lose track of it for a few minutes at airport
security, the information inside can still be read by a
clever attacker."

The researchers cracked several widely used disk encryption
technologies, including Microsoft's BitLocker, Apple's
FileVault, TrueCrypt, and dm-crypt. These "secure" disk
encryption systems are supposed to protect sensitive
information if a computer is stolen or otherwise accessed.
However, in a paper and video published on the Internet
today, the researchers show that data is vulnerable because
encryption keys and passwords stored in a computer's
temporary memory -- or RAM -- do not disappear immediately
after losing power.

"These types of attacks were often thought to be in the
realm of the NSA," said Jacob Appelbaum, an independent
computer security researcher and member of the research
team. "But we discovered that on most computers, even
without power applied for several seconds, data stored in
RAM seemed to remain when power was reapplied. We then
wrote programs to collect the contents of memory after the
computers were rebooted."

Laptops are particularly vulnerable to this attack,
especially when they are turned on but locked, or in a
"sleep" or "hibernation" mode entered when the laptop's
cover is shut. Even though the machines require a password
to unlock the screen, the encryption keys are already
located in the RAM, which provides an opportunity for
attackers with malicious intent.

The research released today shows that these attacks are
likely to be effective against many other disk encryption
systems because these technologies have many architectural
features in common. Servers with encrypted hard drives are
also vulnerable.

"We've broken disk encryption products in exactly the case
when they seem to be most important these days: laptops
that contain sensitive corporate data or personal
information about business customers," said J. Alex
Halderman, a Ph.D. candidate in Princeton's computer
science department. "Unlike many security problems, this
isn't a minor flaw; it is a fundamental limitation in the
way these systems were designed."

In addition to Schoen, Appelbaum, and Halderman, the
research team included William Paul of Wind River Systems,
and Princeton graduate students Nadia Heninger, William
Clarkson, Joseph Calandrino, Ariel Feldman as well as
Princeton Professor Edward Felten, the director of the
Center for Information Technology Policy and a member of
EFF's Board of Directors.

The researchers have submitted the paper for publication
and it is currently undergoing review. In the meantime, the
researchers have contacted the developers of BitLocker,
which is included in some versions of Windows Vista,
Apple's FileVault, and the open source TrueCrypt and
dm-crypt products, to make them aware of the vulnerability.
One effective countermeasure is to turn a computer off
entirely, though in some cases even this does not provide

For the full paper "Lest We Remember: Cold Boot Attacks on
Encryption Keys," a demonstration video, and other
background information:

For this release:

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* House Democrats Call Bush's Bluff on Telecom Immunity

In a striking development, leaders in the House of
Representatives have drawn a line in the sand, letting the
so-called "Protect America Act" expire while declaring that
they intend to finalize a law without caving and passing
the Senate's draconian surveillance bill in its entirety.

Ever since the Senate passed its bill, the Administration
has been attempting to railroad the bill through the House
by claiming that failure to cave to his demands will result
in all American surveillance operations 'going dark'. Of
course, this claim is completely false.

Many thanks to the EFF supporters and activists who took
time to contact their Congresspeople about this issue.
Leaders in the House would not be standing this tall if
they didn't know that their constituents have their backs.

For this complete post:

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* White House Admits that Defendants in Telecom Cases
Assisted in Wiretapping Program

Last week, White House Press Secretary Dana Perino admitted
that the defendants in the lawsuits against
telecommunications carriers "certainly helped us," marking
the first time the White House has admitted that the
particular companies alleged to have participated in the
wiretapping did indeed participate.

Since EFF first filed suit against the telecommunications
carriers, the Administration has been asserting that
confirming or denying whether the defendants actually
assisted would cause "exceptionally grave harm to the
national security." While it is well-known that AT&T and
Verizon participated, the Administration has tried to be
coy, using phrases like the "companies believed to have
assisted in the efforts to defend America" to refer to the
telecoms, and refusing to be clearer. While EFF
respectfully disagrees with the government's spin, today's
White House statement is much clearer. The transcript

	"Q: But were the telephone companies told that it was
legal to wiretap six months before 9/11?

	MS. PERINO: The telephone companies that were alleged
to have helped their country after 9/11 did so because they
are patriotic and they certainly helped us and they helped
us save lives."

For the transcript of the White House Press briefing:

For more about this story from the Wired blog "Threat

For this complete post:

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* No Immunity for Unknown Unknowns

Last week, Director of National Intelligence (DNI) Mike
McConnell admitted that corporate complicity in legally
dubious activities far exceeds what's already publicly
known. The Associated Press reports:

	"Already, [DNI McConnell] says the roughly 40 lawsuits
filed against telecom companies nationwide have chilled the
private sector's willingness to help the intelligence
agencies in ways unrelated to electronic surveillance.
Exactly how is classified, and he won't elaborate."

This points to one of the most troubling flaws in the
Administration's preferred bill: it offers a broad immunity
designed to dismiss all lawsuits filed "in connection with
an intelligence activity involving communications."
McConnell's revelation shows that the Administration is
trying to sweep under the rug not only the pending
lawsuits, but also whatever other illegal programs the
Administration has perpetrated.

This amounts to asking Congress to forgive unknown unknowns
-- crimes that haven't even been revealed yet. Congress
does not know what it does not know about the
Administration's other programs, but McConnell has made it
clear that the programs are dubious enough to worry the

For the Associated Press story with DNI Mike McConnell's

For this post by EFF Senior Staff Attorney Kurt Opsahl:

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* Telecoms Say They Won't "Protect America" If They Don't
Get Their Way

In arguing for immunity for the telecom providers, the
President said, "If these companies are subjected to
lawsuits that could cost them billions of dollars, they
won't participate. They won't help us. They won't help
protect America." EFF just can't resist pointing out what
this means:

	* This is blackmail. It is unconscionable for the
telecoms to condition protecting America on receiving a
	* Participation in lawful wiretapping is not optional.
If a telecom refuses to comply with a lawful request for
assistance, the solution is to compel compliance, not pay
off the telecom with legislative favors. If, on the other
hand, a telecom is asked to break the law, it properly
should refuse. That's why we have laws in the first place.
	* This shows that the telecoms are no heroes. Heroes
take risks "above and beyond the call of duty," they do not
condition simply doing their duty on getting a
get-out-of-jail free card.

For this post:

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* Total Election Awareness

Over the last several years, EFF has strongly opposed the
use of closed, unverifiable voting technologies, bringing
litigation to investigate faulty machines and challenge bad
practices as well as backing legislation that would move us
towards more trustworthy elections. For 2008, EFF is making
a new contribution to help keep track of election issues,
technology-related or otherwise.

This past month, EFF successfully tested a beta version of
Total Election Awareness (or "TEA"), a web-based
application designed to help election monitoring efforts
collect and analyze election-related incidents in real
time. The first field test took place on February 5th --
"Super Tuesday". Working with the Election Protection
Coalition, TEA helped volunteers staffing Election
Protection call centers (866-OUR-VOTE) in Atlanta, Chicago,
Los Angeles, and New York to record over 2,200 incidents
and inquiries from voters from across the country. This
week, TEA recorded the details of another 600 calls in the
Virginia, Maryland, and Washington D.C. primaries.

The next phase in the project development is preparing the
tool for use in the November general election. In addition
to improving the quality of the data recorded as part of
the Election Protection process, EFF is also planning to
make the November data available to the public in real
time. Moreover, TEA is being developed as a free
open-source project so other election monitoring efforts,
large or small, will be able to use the tool themselves
once it's released.

For this post by EFF Activism and Technology Director Tim

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* EU: Printer Tracking Dots May Violate Human Rights

EFF has long been concerned about the human rights risks of
printer tracking dots for anyone who publishes printed
works with modern technology. Tracking dots are the secret
marks that many popular color laser printers and
photocopiers scatter across every document they touch. The
marks, almost invisible to the eye, uniquely identify the
printer that produced the document, and, as EFF uncovered,
can even automatically encode the time and date it was

Anonymous self-publication and distribution have been, and
remain, a vital political communication channel in many
countries. A telltale pattern readable by government
officials is a tool that oppressive states everywhere would
love to have -- not to mention the general threat to
individual privacy in countries more respectful of human

The European Commission, the executive wing of the EU
(whose members include many former Eastern Bloc states),
shares these concerns. There is recognition in Europe of
the dangers of these yellow dots. It also raises some
follow-up questions. Given that including tracking systems
in printers appears to be a U.S. government policy, how
hard does the EU plan to pressure their ally for change in
its secret agreements with printer manufacturers? Is the
United States sharing its knowledge of how to decode these
dots with individual EU nations' governments? And if so,
what other governments, authoritarian or not, know the
secret of tracking their citizens' publications?

For more about EFF's work on the issue of printer tracking

For the exchange between a member of the European
Parliament for Finland and a Vice-President of the EU's
executive branch:

For this complete post by EFF International Outreach
Coordinator Danny O'Brien:

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* As Evidence of Piracy Weakens, House Passes Overbearing
"Campus Digital Theft Prevention" Requirements

The House passed the College Opportunity and Affordability
Act (COAA) last week, leaving troubling "Campus Digital
Theft Prevention" requirements intact despite recent
revelations that fears over unauthorized campus-based
filesharing were drastically overblown by the motion
picture industry.

The provision requires universities to combat unauthorized
file sharing in two particular ways: by planning to engage
entertainment industry-blessed downloading services and
planning to use filters or other network tools to interdict
infringing activity. It's unfortunate that a bill about
college funding is being used as a vehicle for the
entertainment industry, which has been making a concerted
effort to target the youth and the higher education
community with corny videos, invasive technology, and bad

The passage of this provision is particularly shocking in
light of the recent revelation that the 2005 study that the
Motion Picture Association of America (MPAA) relied upon in
lobbying Congress was tainted by a "human error." The study
originally accused college students of 44% of domestic
revenue losses due to unauthorized file sharing; the
"corrected" figure is adjusted to 15%. More importantly,
the MPAA is still hiding the study's methodology from peer
review. They say only that "the MPAA will retain a third
party to validate [the research company's] updated

For this complete post:

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

 * Come See EFF at the O'Reilly Emerging Technology

Heading to San Diego for the O'Reilly Emerging Technology
Conference (ETech) in March? Plan to catch EFF's "On A
Brighter Note..." panel, where EFF lawyers and activists
will put on their rose-tinted spectacles and describe our
best case scenarios: near-future technology that will help
you defend your rights, real world policy initiatives that
could help save the Net, and techniques and tricks that you
can bake into your work now that will help preserve all our
freedoms, for now and for good. Also, don't forget to visit
our booth and grab some EFF swag during exhibit hours.

Also, plan to check out EFF's Pioneer Awards ceremony on
March 4, sponsored by TCHO, "a new kind of chocolate
company for a new generation of chocolate enthusiasts."
Brought to the world by Wired co-founder Louis Rossetto and
legendary chocolatier Timothy Childs, himself a former
technologist, their goal is to make obsessively good dark
chocolate, where Silicon Valley start-up meets San
Francisco food culture.

The future will be open to debate, up for grabs, yours to
define, and on display at ETech 2008, O'Reilly's showcase
conference for emerging technology. ETech hones in on the
ideas, projects, and technologies that the alpha geeks are
thinking about, hacking on, and inventing right now,
creating a space for all participants to connect and be
inspired. From robotics, health care, and space travel to
gaming, finance, and art, ETech explores promising
technologies influencing and altering everyday life.

And, if you use code "et08eff" you will save a juicy 30%
off registration fees!

For more about ETech:

For more information about TCHO:

For more about the 17th Annual EFF Pioneer Awards:

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* EFF at Plutopia! SXSW Interactive Gathering of Tribes

Going to SXSW Interactive? Stop by the Plutopia party on
March 10, 2008, and hang out with EFF! The theme of this
year's gathering is "convergence, sustainability, futurism,
and art."

Author Bill McKibben will be delivering a talk about
sustainability and local-scale enterprise; and geek
comedian Heather Gold will be making a presentation
alongside "Internet rockstar Jonathan Coulton, queer
novelist Michelle Tea, twitter founder Ev Williams, Look
Shiny's Nick Douglas, the other Internet rockstar Ben
Brown, gamemaker Jane McGonigal, surprise guests and you."

The event takes place on Monday March 10, 2008 at Scholz
Garten, 1607 San Jacinto Blvd., Austin. It's $10 at the
door or free with a costume and/or your SXSWi badge.

For more about Plutopia:

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* Come Hear EFF Speakers at the SanFran MusicTech Summit on
February 25!

The SanFran MusicTech Summit seeks to bring together the
best and brightest developers in the music and technology
space, along with musicians, entrepreneurial business
people, and organizations who work with them. EFF
co-founder John Perry Barlow will be interviewed live by
Brian Zisk, a music-tech innovator and co-founder of the
Future of Music Coalition; and EFF staffer Katina Bishop
will be on a panel covering "Artists, Copyrights, and
Technologies." Other panelists include future-focused
artists, innovators from MusicBrainz, MP3tunes, and
Pandora, and leaders in the Internet radio community.

The summit takes place on Monday, February 25 in San
Francisco's Japantown. If you register with the code "eff",
you'll receive 10% off!

For more about the SanFran MusicTech Summit:

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* miniLinks
The week's noteworthy news, compressed.

~ Wikileaks still online
The wikileaks domain has been shut down, but the site can
still be accessed through other means.

~ Supremes toss wiretap case
The US Supreme Court chose not to hear a case brought by
journalists and teachers who say they may have been illegal

~ EU commissioner backs copyright extension
Charlie McCreevy wants European copyright term extended to
95 years.

~ UN: Cable cuts may have been sabotage
Undersea telecommunication cables in the Middle East may
not have been cut by accident.

~ Are the DVD format wars over?
Toshiba's decision appears to make Blu-ray the winner over

~ Free your media with DoubleTwist
"DVD Jon" wants to make a business out of circumventing
copy restrictions.

~ Cartoon skewers immunity
Mark Fiore's latest cartoon featuring "Snuggly, the
Security Bear" breaks through the fear-mongering arguments
for telecom immunity.

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* Administrivia

EFFector is published by:

The Electronic Frontier Foundation
454 Shotwell Street
San Francisco CA 94110-1914 USA
+1 415 436 9333 (voice)
+1 415 436 9993 (fax)	

Richard Esguerra, EFF Activist	

Membership & donation queries:

General EFF, legal, policy, or online resources queries:

Reproduction of this publication in electronic media is 
encouraged. Signed articles do not necessarily represent 
the views of EFF. To reproduce signed articles 
individually, please contact the authors for their express 
Press releases and EFF announcements & articles may be 
reproduced individually at will.

Current and back issues of EFFector are available via the 
Web at:
JavaScript license information