The House Judiciary Committee on Wednesday approved the USA Liberty Act, a surveillance reform package introduced last month. The bill is seen by many as the best option for reauthorizing and reforming Section 702 of the FISA Amendments Act of 2008, which is set to expire in less than two months.
Some committee members described feeling forced to choose between supporting stronger surveillance reforms or advancing the Liberty Act, and voiced their frustration about provisions that only partly block the warrantless search of Americans’ communications when an amendment with broader surveillance reforms was available. Complicating their deliberations was the fact that the Senate Select Committee on Intelligence has already reported out a bill with far fewer surveillance protections.
The “PreCheck” program is billed as a convenient service to allow U.S. travelers to “speed through security” at airports. However, the latest proposal released by the Transportation Security Administration (TSA) reveals the Department of Homeland Security’s (DHS) greater underlying plan to collect face images and iris scans on a nationwide scale. DHS’s programs will become a massive violation of privacy that could serve as a gateway to the collection of biometric data to identify and track every traveler at every airport and border crossing in the country.
In the wake of Equifax's massive breach of 145.5-million Americans' most sensitive information, EFF has some suggestions for Congress to ensure that victims of data breaches like these are compensated fairly when a company is negligent with their sensitive data.
Congress needs to empower an expert agency like the FTC with rule-making authority to set security standards and enforce them. Congress should not preempt state data breach laws, but should establish that credit bureaus have a fiduciary duty to protect our data. People impacted by breaches should have an unwaiveable right to sue companies that are negligent with sensitive data.
After lobbying Congress to repeal consumer privacy protections over ISPs, Verizon wants the Federal Communications Commission (FCC) to do it a favor and preempt states from restoring their privacy rights. After Congress repealed the FCC's previous privacy rule, dozens of state bills were introduced to restore broadband privacy.
It would be unwise for the FCC to attempt to block consumer privacy protections at Verizon's behest, and it would be on shaky legal footing if it tried to do so.
Does Google U.S. have to obey a Canadian court order requiring Google to take down information around the world, ignoring contrary rules in other jurisdictions? According to the Northern District of California in Google v. Equustek, the answer is no.
A court in one country has no business issuing a decision affecting the rights of citizens around the world. The Canadian order set a dangerous precedent that would be followed by others, creating a race to the bottom as courts in countries with far weaker speech protections would feel empowered to effectively edit the Internet.
We recently released the implementation guide for EFF's Do Not Track (DNT) policy. For years users have been able to set a Do Not Track signal in their browser, but there has been little guidance for websites as to how to honor that request. EFF's DNT policy sets out a meaningful response for servers to follow, and the guide provides details about how to apply it in practice.
The guide exists as a Git repository and will evolve. We want your contributions and invite you to use it as a space to share advice on web privacy engineering. If you have suggestions for other DNT-compliant service providers, please submit them.
Keeping Your Site Alive, our guide for keeping your site online amidst a DoS (denial of service) or DDoS (distributed denial of service) attack, now has a new look and new advice. The guide, originally created and updated in conjunction with the Tactical Technology Collective, is aimed at human rights defenders, independent publications, and other administrators of small websites.
The guide: https://www.eff.org/keeping-your-site-alive/
Epson claims that generic ink cartridges that are compatible with its printers violate a nonspecific patent in nonspecific ways. Because Epson is part of eBay's VeRo program, through which trusted vendors can have listings removed without anyone checking the validity of the claim, eBay removed many third-party ink sellers' products without any further scrutiny.
The Open Rights Group—whose analysis shows that Epson is acting to hurt the resale market, not to assert patents against the manufacturers that are their competitors—have asked the UK Intellectual Property Office to investigate Epson's business practices.
In response to the recent ruling in India that privacy is a fundamental right, tech companies must now shift to more responsible and accountable data collection and retention methods, which Indian courts will enforce through yet-to-be-written data protection laws. (Slate)
EFF's nash will host a convening of grassroots organizers at the Brennan Center for Justice on November 13. Participants will share updates about their projects and discuss intersectional opportunities to strengthen each other’s efforts.
EFF's Erica Portnoy will participate in GW Libraries and Academic Innovation's Privacy Week. Join her on November 16 to learn the basics of how encryption works and why to use it, and how to work with secure technologies.
EFF is looking for a full-time contractor for Latin American digital rights policy analysis. This is a remote position based in Latin America, and will report directly to the International Rights Director who is based in our San Francisco office.
EFF is seeking an operations engineer to join our Technical Operations team, which is responsible for designing and maintaining EFF’s systems and networks while also providing hardware and software technical support for staff. The ideal candidate must work well with a very busy staff with varying levels of technical expertise.
EFF is seeking a staff technologist or senior staff technologist to join our Technology Projects team. The role's primary responsibility will be working on one of EFF's technical projects, which may require a basic familiarity with web cryptography and other web technologies. All projects are open source and have active community contributors.