Security researchers this week disclosed details about a major weakness in the basic architecture of the Web. Heartbleed exploits a critical flaw in OpenSSL, which is used to secure hundreds of thousands of websites including major sites like Instagram, Yahoo, and Google. This security exploit allows an attacker to obtain sensitive information like logins and passwords, as well as session cookies and possibly SSL keys that encrypt all traffic on a site. EFF has been tracking this issue closely, and we’ve put together guides for how systems administrators and website operators can take immediate action to secure their systems. We've also analyzed logs that seem to indicate intelligence agencies have exploited the vulnerability. We’ll have more on Heartbleed in the coming days; watch the EFF Twitter account for updates.
EFF has unveiled new tools to help student and community activists engage in campaigns to defend digital rights. Our exciting new resources include a mailing list, media tips, graphics, handy one page issue sheets, and more, so it's easy for you to take part, no matter how much organizing experience you have. EFF is also traveling across the country to help engage organizers, with a special focus on campus activism. Together, we're going to make history.
Fusion centers are state and local intelligence hubs that feed unconstitutionally collected intelligence information from local law enforcement to federal agencies like the FBI and DOJ. These centers also send intelligence information collected by federal agencies down to local law enforcement--including, potentially, unminimized NSA data. Fusion centers are known to promote racial profiling and political oppression, while wasting taxpayer money and churning out useless "intelligence." But change might be on the horizon: one locality has already passed regulations limiting fusion centers.
Senate debates on patent reform seem to be missing the core issues that need to be addressed. Patent reform must address patent quality, protect end-users of technology from being targeted, increase transparency of patent ownership, and crack down on misleading demand letters that allege patent infringement. We also want to see reform of patent lawsuits, including heightened pleading standards for patent lawsuits, an end to discovery abuse, and fee shifting that discourages patent trolls from frivolous lawsuits. We need to tell the Senate that the time for reform is now.
In mid-March, we wrote about Microsoft conducting a warrantless search of a blogger's Hotmail account as part of an internal investigation into the alleged theft of Microsoft trade secrets. After our post, we were pleased to hear that Microsoft would be reforming its terms of service so that they will now seek a warrant in such cases. Microsoft has also proposed a project that will bring together EFF, Center for Democracy, technology companies, and other privacy advocates to address this problem industry-wide.
In the light of revelations about NSA and GCHQ spying that has targeted European leaders, the European Parliament has discussed shifting to DebianParl, a version of Linux intended for parliaments that would offer increased security. This would be a positive step but would require some significant shifts with the participation of the Parliament's IT department.
Representatives Mike Rogers and Dutch Ruppersberger, two of the NSA's biggest defenders, have introduced an NSA "reform" bill that, in some ways, really just makes mass collection easier. The only genuine positive change in this bill is that it ends the government collection of all Americans' calling records using Section 215 of the Patriot Act. However, the bill also creates an new, ill-defined process that potentially enables even more collection. The problems with this bill come as no surprise, and it is clear that bills such as the USA FREEDOM Act are far superior.
Leaks are no substitute for integral transparency, something sorely lacking for the United States Trade Representative. The negotiation of the Trans-Pacific Partnership (TPP) and the more recent Transatlantic Trade and Investment Partnership (TTIP, or TAFTA) have made this issue crystal clear. The USTR is attempting to create public policy without the public. There appear to be substantive problems with TPP and TTIP, and there has been a strong push for transparency.
Philippines' Cybercrime Prevention Act criminalizes a broad swath of behavior on the internet, including anonymous online criticism. Activists have protested this draconian law, and the Philippine Supreme Court ruled that parts of the act are unconstitutional. Unfortunately, much of the law was left untouched, and it appears to be part of a move in the Phillipines towards internet censorship.
In an emergency hearing last month, the government tried to argue that it should not be required to preserve evidence of dragnet collection of all call records. While we believe the case can go forward without evidence of each individual being surveilled, we also can’t allow the government to simultaneously insist the evidence is necessary and destroy that evidence. On March 21st, the court ruled in our favor.
A new mandate forces researchers who rely on National Institute of Health funding to place anti-pornography filters on their computer networks. It's clear that essential scientific research is hindered by this restriction.
Academic researchers have discovered a new tool the NSA may have used to undermine RSA encryption.
Supported by Members
Our members make it possible for EFF to bring legal and technological expertise into crucial battles about online rights. Whether defending free speech online or challenging unconstitutional surveillance, your participation makes a difference. Every donation gives technology users who value freedom online a stronger voice and more formidable advocate.
EFF's April Glaser joins a panel with the Digital Freedom Group at Iowa State University with distinguished scholars from multiple departments. The event examines the NSA's illegal spying, the future of journalism, and the importance and paired challenges of adopting privacy tools online.
April 15, 2014
Techno-Activism Third Mondays (TA3M) are informal meetups that occur on the same date in many cities worldwide. It is designed to connect techno-activists and hacktivists who work on or with circumvention tools, and/or are interested in anti-censorship and anti-surveillance technology. Currently, TA3M are held in New York, Washington, DC, Amsterdam, Portland, Tokyo, and more.
April 21, 2014
San Francisco, CA
EFF Staff Attorney Hanni Fakhoury will discuss a variety of topics on electronic surveillance at the 2014 Roll-Zapata Criminal Law Seminar hosted by the Tucson Federal Bar Association.
April 25, 2014
EFF Staff Attorney Hanni Fakhoury will speak on a panel at the Media Law Resource Center's 2014 Legal Frontiers in Digital Media conference talking about the use of the CFAA to go after data scrapers.
May 15, 2014
Mountain View, CA