Facial recognition, fingerprinting, and retina scans—the government could extract all of these and more from travelers at checkpoints throughout domestic airports.
The TSA Modernization Act (S. 1872) would authorize the U.S. Transportation Security Administration and U.S. Customs and Border Protection (CBP) to deploy "biometric technology to identify passengers" throughout our nation's airports, including at "checkpoints, screening lanes, [and] bag drop and boarding areas."
Today, CBP is subjecting travelers on certain outgoing international flights to facial recognition screening. The bill would expand biometric screening to domestic flights as well, and would increase the frequency that a traveler is subjected to biometric screening (not just once per trip).
EFF opposes S. 1872 as well as similarly invasive data collection bills S. 1757 and H.R. 3548., both of which target U.S. borders.
"Phish for the Future", an advanced persistent spearphishing campaign targeting digital civil liberties activists at Free Press and Fight for the Future, appears to have been aimed at stealing credentials for various business services including Google, Dropbox, and LinkedIn. We were unable to determine what the secondary goal of the campaign was after the credentials were stolen. The attackers were remarkably persistent, switching up their attacks after each failed attempt and becoming increasingly creative with their targeting over time.
Although this phishing campaign does not appear to have been carried out by a nation-state actor and does not involve malware, it serves as an important reminder that civil society is under attack.
It is our recommended best practice to secure all accounts with two-factor authentication so that trusted compromised accounts can't be used in the service of more effective spearphishing attacks.
The Spanish government censored the Internet with ruthless efficiency before and during the referendum vote on Catalonian independence on October 1.
Examples of overreach include a censorship order blocking current and future referendum-related content publicized on any social network by a member of the Catalonian Government, as well as a court order requiring Google to remove a voting app from the Google Play app store. On the day of the referendum itself, the Internet was shut down at polling places.
The Spanish government's censorship of online speech during the Catalonian referendum period is wildly disproportionate and overbroad.
This summer 143 million Americans had their most sensitive information breached from Equifax's database. Misuse of this data can lead to financial devastation or, if a criminal uses stolen information to commit fraud, can lead to the breach victim being arrested and prosecuted.
Courts, too narrowly focused on financial losses directly traceable to a breach, too often dismiss lawsuits based on a cramped view of what constitutes "harm." So far, the federal bills being floated in response to the Equifax breach and earlier breaches do not remove the obstacles to victims bringing legal claims.
In response to the suggestion that members of Congress should consider how SESTA might affect small Internet startups, not just giant companies like Google and Facebook, Sen. Richard Blumenthal's (D-CT) response was "I believe that those outliers—and they are outliers—will be successfully prosecuted, civilly and criminally under this law."
In that unusual moment of candor, Sen. Blumenthal seemed to lay bare his opinions about Internet startups—he thinks of them as unimportant outliers and would prefer that the new law put them out of business.
Internet startups would take the much greater hit from SESTA than large Internet firms would, but ultimately, those most impacted would be users themselves.
With the new Safari 11 update, Apple addresses how your browsing habits are tracked and shared with parties other than the sites you visit. In response, Apple is getting criticized by the advertising industry for "destroying the Internet's economic model."
Safari has been blocking third-party cookies by default since releasing Safari 5.1 in 2010. The new Safari update, with Intelligent Tracking Prevention, closes loopholes around third-party cookie-blocking by using machine learning to distinguish the sites a user has a relationship with from those they don't, and treating the cookies differently based on that.
The new gold standard for cloud application encryption will soon be the cloud provider never having access to the user's data—not even while performing computations on it.
Microsoft has become the first major cloud provider to offer developers the ability to build their applications on top of Intel's Software Guard Extensions (SGX) technology, making Azure "the first SGX-capable servers in the public cloud." Azure customers in Microsoft's Early Access program can now begin to develop applications with the "confidential computing" technology.
The underlying technology is not yet perfect, but it's efficient enough for practical usage, stops whole classes of attacks, and is available today. Secure enclaves have the potential to be a new frontier in offering users privacy in the cloud.
Due to concerns over the U.S. government's mass surveillance programs, the European Court of Justice is now tasked with determining if EU citizens' privacy rights are sufficiently protected during Facebook data transfers. (TechCrunch)
Supported by Donors
Our members make it possible for EFF to bring legal and technological expertise into crucial battles about online rights. Whether defending free speech online or challenging unconstitutional surveillance, your participation makes a difference. Every donation gives technology users who value freedom online a stronger voice and more formidable advocate.
If you aren't already, please consider becoming an EFF member today.
A local community group in the Electronic Frontier Alliance will host a discussion on October 12 about Section 230, the law that makes modern online community possible, and the latest threat to it. EFF's Elliot Harmon will give a presentation remotely.
EFF's Cindy Cohn will participate in a conversation with technology writers and other thought leaders regarding the impact of the iPhone on our economy and society on October 18 at the Computer History Museum.
EFF is a co-sponsor of the Data Coalition's third annual California Data Demo Day on October 19 at the Capitol Event Center in Sacramento. The event will bring together state agency officials and legislators to explore the benefits of open data, inside and outside government.
Join EFF's Elliot Harmon on October 19 for an informal discussion on important digital rights issues coming up in Congress this year, as well as ways that South Dakotans can get involved with the fight for free expression, privacy, and innovation online.
Join Democracy Now!'s Amy Goodman, EFF's Cory Doctorow, and EFF's Danny O'Brien for a discussion about the importance of independent media and an open Internet at the National Bioneers Conference on October 21.
On October 23 & 24 EFF will host a booth at All Things Open, the annual gathering of free and open source software developers. EFF's Elliot Harmon will give a presentation on how coders can fight back against DRM on October 24.
EFF is seeking a staff technologist or senior staff technologist to join our Technology Projects team. The role's primary responsibility will be working on one of EFF's technical projects, which may require a basic familiarity with web cryptography and other web technologies. All projects are open source and have active community contributors.