Skip to main content
Podcast Episode: Fighting Enshittification

EFFector - Volume 23, Issue 8 - Government Exploits SSL Certificates Security Flaw?


EFFector - Volume 23, Issue 8 - Government Exploits SSL Certificates Security Flaw?

EFFector Vol. 23, No. 08  March 26, 2010

A Publication of the Electronic Frontier Foundation
ISSN 1062-9424

effector: n, Computer Sci. A device for producing a
desired change.

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

In our 531st issue:

FLAW? Researchers released a draft paper about an inherent
browser security flaw with evidence that governments
may be able to surreptitiously spy on users' "secure"
communications. Most modern browsers rely on certificate
authorities (CAs) to vouch for whether a secure site
is what it claims to be. But there's evidence that
governments are being sold tools that they can use as
part of a scheme to have CAs issue certificates for
surveillance operations, enabling the undetectable
spoofing of ceratin websites or services.

For details about the security research:

RESULTS IN CHINA this week, definitively underscoring
the gap between Western democratic values and the
Chinese government's authoritarian approach to the
Internet. Censorship technology operated by the Chinese
government is still active, but Google itself is no longer
complicit and has taken a principled stand along those
who fight censorship in China and the rest of the world.

For more about Google ceasing censorship in China:

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

EFF Updates

* EFF Appeals Dismissal of Warrantless Wiretapping Case
EFF argues to the 9th Circuit that the District Court in
Jewel v. NSA was wrong in holding that AT&T customers who
were spied on had "no particularized injury." EFF also
warns that the ruling would dangerously blind courts from
acting when lawbreaking is widespread.

* EFF Urges Supreme Court to Protect Text-Message Privacy
In an amicus brief to the United States Supreme Court,
EFF argues that modern communication methods like text
messages retain the constitutional privacy protections
applied to earlier technologies.

* Groups Call On IP Czar To Get Priorities Straight
Responding to the Intellectual Property Enforcement
Coordinator's request for comments, EFF and others urged
balance, restraint, and creativity in considering IP
enforcement policies.

* Viacom Makes Its Case Against Yesterday's YouTube
Newly unsealed documents reveal Viacom's radical demands
for online service providers.

* Senators Unveil Yet Another Flawed National ID Card Plan
The plan to give biometric cards to all workers in order
to "solve" illegal immigration fails to recognize the
many pitfalls that will prevent it from being effective.

* FTC to Internet Companies: Start Using SSL
In a speech before an FTC roundtable, outgoing FTC
Commissioner Pamela Jones Harbour called on Web services
to start using HTTPS/SSL encryption.

* Video: EFF Panel on "Architecture Is Policy"
Earlier this month, several EFF board members discussed
how technology design can maximize or decimate our basic
rights to free speech, privacy, property ownership,
and creative thought.

* Book Review: Property Outlaws
Written by two legal scholars, the book is a thoughtful
rebuttal to the notion that property is absolute and
trespassers are always "thieves."

* Check Out EFF's Favorite Books
We are a bookish crowd here at EFF -- check out a list
of some of our favorite books!

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :


* Evan Ratliff: Shedding Your Identity in the Digital Age

On April 13, Evan will talk about his experience trying to
"disappear" in a modern world for a special Geek Reading
event. Join us at San Francisco's 111 Minna bar for Evan's
presentation on the questions of privacy, surveillance,
and identity raised by his groundbreaking experiment.

While researching a story for Wired Magazine about people
who fake their own deaths, journalist Evan Ratliff began
to wonder: How hard would it be to disappear in today's
digital world? Email, online banking, mobile phones and
other ubiquitous technologies leave traces of ourselves
that can be easily tracked. If you wanted to disappear
while using these tools, could you?

To find out the answer, he went underground himself,
and issued a challenge to his readers: find Evan and win
$5000. While continuing to use the Internet, mobile phones
-- and a variety of disguises -- Evan managed to stay
on the run for a total of 25 days before obsessive fans
tracked him down in New Orleans.

Tuesday, April 13, 2010 at 7 PM
111 Minna Bar
111 Minna Street
San Francisco, CA 94105

To purchase tickets visit:

* EFF Seeking Staff Intellectual Property Attorney

Dream job alert:  EFF is seeking an intellectual property
staff attorney for its legal team. Responsibilities will
include litigation, public speaking, media outreach,
plus legislative and regulatory advocacy, all in
connection with a variety of intellectual property and
high technology matters.

Qualified candidates should have at least four years of
legal experience, with knowledge in patent law and at
least one other IP specialty (copyright, trademark, trade
secret). Litigation experience is required, including
significant experience managing cases, both overall case
strategy and day-to-day projects and deadlines. Candidates
should have good communication skills and interest
in working with a team of highly motivated lawyers and
activists in a hard-working nonprofit environment. Strong
writing and analytical skills as well as the ability to be
self-motivated and focused are essential. Tech savviness
and familiarity with Internet civil liberties and high
tech public interest issues preferred. This position is
based in San Francisco.

Interested applicants should submit a resume, writing
sample, and references to

* Volunteer/Deferred Open Government Legal Fellow

Dream fellowship alert:  EFF has a opening for a deferred
associate or a full-time volunteer to contribute to our
open government work, the FOIA Litigation for Accountable
Government (FLAG) Project, in our San Francisco
office. This fellowship will involve handling Freedom of
Information Act requests and follow-on litigation. The
position includes motion practice, negotiation with the
government, strategic decisionmaking and reviewing the
documents we receive to find out what's interesting and
useful to the public debate, then getting them posted to
the website in an organized manner. These are very good
skills for young lawyers.

The position is unpaid, but we'll work with the various
deferral programs available to young attorneys.

The ideal candidate will possess these qualifications:
 * Demonstrated interest in, and knowledge of, civil
 liberties issues involving emerging technologies.
 * Excellent writing and communications skills, preferably
 demonstrated in a track record of blogging, investigative
 reporting, or other similar activities.
 * Ability to manage and organize large quantities of
 documentary materials, and to present them to an audience
 in a compelling and informative manner.
 * Litigation background desirable, but not required.
 * Familiarity with basic information technology tools
 and, preferably, experience in designing and/or managing
 web-based resources.

Contact if you're interested.

* Work With EFF and Tor for Google's Summer of Code

Interested in working with EFF or Tor, and getting paid
for it by Google? If you are a student and a coder,
then we have good news for you: A few of our projects
have been accepted for Google's Summer Of Code 2010.

At EFF, there are three projects we're focused on: First,
TOSBack, which tracks changes to the terms of service
of the Internet's most popular websites. Secondly,
OurVoteLive, which tracks problems in elections with
polling places and voting machines across the US. Third,
you could help us implement improvements to Switzerland,
a passive IP-layer network neutrality testing system. You
can read more about our possible summer projects here.

In addition, our friends and colleagues at the Tor
project have dozens of ideas for improving their software,
which allows users to route around Internet censorship
and surveillance.

For more about the Google Summer of Code with EFF:

* Help EFF Go to SouthEast LinuxFest!

EFF is looking for donations of airline miles, flight
vouchers, and hotel points for travel to SouthEast
LinuxFest in Spartanburg, NC, as well as other conferences
and speaking engagements. If you have enough airline miles
for a free ticket and would like to send an EFF staffer
to a conference, let us know, and we will help you with
the process of making the reservation. Please note that
at this time we are unable to combine miles from multiple
individuals. We are also looking for hotel rewards points
to help reduce our overall travel costs.
As a thanks for your donation, we can offer a free
membership and a mention in EFFector (if you'd
like). Please contact if you can help!

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* Administrivia

EFFector is published by:
The Electronic Frontier Foundation
454 Shotwell Street
San Francisco CA 94110-1914 USA
+1 415 436 9333 (voice)
+1 415 436 9993 (fax)


Richard Esguerra, EFF Activist

Membership & donation queries:

General EFF, legal, policy, or online resources queries:

Reproduction of this publication in electronic media is
encouraged. Signed articles do not necessarily represent
the views of EFF. To reproduce signed articles
individually, please contact the authors for their express

Press releases and EFF announcements & articles may be
reproduced individually at will.

Current and back issues of EFFector are available via the
Web at:

Back to top

JavaScript license information