You may have arrived at this post because you received an email from a purported hacker who is demanding payment or else they will send compromising information—such as pictures sexual in nature—to all your friends and family. You’re searching for what to do in this frightening situation.
Don’t panic. Contrary to the claims in your email, you haven't been hacked (or at least, that's not what prompted that email). This is merely a new variation on an old scam which is popularly being called "sextortion." This is a type of online phishing that is targeting people around the world and preying off digital-age fears.
The first and foremost piece of advice we have: do not pay the ransom.
If the scammer emailed you a password that you still use, in any context whatsoever, STOP USING IT and change it NOW! Consider employing a password manager to keep your passwords strong and unique. Moving forward, you should make sure to enable two-factor authentication whenever that is an option on your online accounts. You can also check out our Surveillance Self-Defense guide for more tips on how to protect your security and privacy online. You may also want to apply a cover over your computer’s camera. We know this experience isn't fun, but it's also not the end of the world. Just ignore the scammers' empty threats and practice good password hygiene going forward!
When it comes to guns, nearly everyone has strong views. When it comes to Internet publication of 3D printed guns, those strong views can push courts and regulators into making hasty, dangerous legal precedents that will hurt the public's ability to discuss legal, important, and even urgent topics ranging from mass surveillance to treatment of tear gas attacks. In its responses to 3D printed guns, the U.S. Department of State and state Attorneys General have sought to brush aside the legal protections that ensure your right to dissent and to publish technological information and software for privacy and other purposes. That’s why we’re working to make sure that 3D printing cases don’t set precedents that chip away at your freedoms to speak and learn online.
If the states in this case are successful, they will bypass legal doctrines that we rely on to protect your right to encrypt and your right to advocate for social change. Their arguments are dangerous because they threaten to empower current (and future) U.S. government officials to play pre-publication gatekeeper of what information you can publish online based on the barest, unproven claim of national interest or the possibility that others might use your information to further crimes. It could bar us from publishing and discussing artificial intelligence technologies, something that has increasing importance to our online lives and even how the government makes decisions about bail and sentencing. It could censor information about how to survive a chemical weapons attack. It could force us to compromise our secure communications technologies, making our personal information vulnerable to unlawful surveillance and identity theft.
California has enacted the Consumer Privacy Act (A.B. 375), a well-intentioned but flawed new law that seeks to protect the data privacy of technology users and others by imposing new rules on companies that gather, use, and share personal data. There's a lot to like about the Act, but there is substantial room for improvement. Most significantly, the act allows businesses to charge a higher price to users who exercise their privacy rights, does not provide users the power to bring violators to court (with the exception of a narrow set of businesses if there are data breaches), does not require user consent for data collection, only requires users to opt-out (rather than opt-in) to data being sold, and the "right-to-know" language is not specific enough and does not avoid news gathering.
The CCPA is just a start. Between now and the Act’s effective date in January 2020, much work remains to be done. EFF looks forward to advocating for improvements to the Act in the months and years to come.
U.S. law makes clear that the government cannot keep surveillance records on a person or group because of their political views or the way that they express their First Amendment rights. Unfortunately, the FBI has flouted these laws by maintaining records of its probe of two people whose website criticized U.S. policy in the Middle East.
In this case, plaintiffs Mr. Raimondo and Mr. Garris ran the website antiwar.com, where they wrote pieces criticizing U.S policy in the Middle East in the early 2000s. After reposting a widely available FBI document, they caught the notice of the FBI, which began tracking the website and the two men through a practice called “threat assessment.” The FBI did not find any wrongdoing or basis to further investigate. Nonetheless, the FBI maintained for many years a record of the postings on this advocacy website and its writers. The First Amendment clearly protects their online journalism and advocacy. Now they are requesting that the FBI expunge their surveillance files.
EFF is urging a court to make this right and filed an amicus brief in the Ninth Circuit Court of Appeals in support of the plaintiffs.
Two reporters recently identified eight AT&T locations in the United States—towering, multi-story buildings—where NSA surveillance occurs on the backbone of the Internet. Their article showed how the agency taps into cables, routers, and switches that handle vast quantities of Internet traffic around the world. Published by The Intercept, the report shines a light on the NSA’s expansive Internet surveillance network housed inside these sometimes-opaque buildings.
EFF has been shining its own light on NSA Internet surveillance for years with our landmark case, Jewel v. NSA. In more than 10 years of litigation, we’ve made significant strides. Despite the government’s years-long stonewalling, EFF is committed to continuing its fight against the NSA’s mass, warrantless surveillance. Multiple newspapers and publications, like The Intercept, are equally committed, too. We thank them for investigating and writing stories that confirm what we’ve said in our Jewel suit, and for continuing to expose the enormous breadth of NSA surveillance to the public.
When patent trolls threaten and sue small businesses, their actions draw the public's attention to the worst abuses of the patent system. Upaid Ltd., a shell company based in the British Virgin Islands, has been filing patent infringement lawsuits throughout 2018, including 14 against laundromats—yes, laundromats—from California to Massachusetts.
Upaid says that laundromats are infringing U.S. Patent No. 8,976,947. Claim 1 of the patent describes a computer system that performs “pre-authorized communication services and transactions,” after checking an account to see if a user “has a sufficient amount currently available for the … transaction.” It’s essentially a patent on having a prepaid account for—well, anything.
Last month, 360 cyber crime experts from 95 countries gathered in Strasbourg to attend the Octopus Conference. Octopus is one of the more open and transparent elements in the world of global law enforcement and cybersecurity. Civil societies like EFF and EDRI were invited to speak, and this year it was our primary chance to comment on a new initiative by the event’s organizers, the Council of Europe: an additional protocol to their Cybercrime Convention (also known as the Budapest Convention on Cybercrime), which will dictate how Parties of the Convention from around the world can cooperate across borders to fight Internet crime.
Our conclusion: the Council of Europe (CoE) needs to stand more firmly against a global trend to undermine everyone’s privacy in the pursuit of faster and easier investigations. As conversations at Octopus showed, the many long arms of the world’s law-enforcers are coming for user data, and the CoE needs to stand firm that they obey international human rights, in particular article 15 of the Budapest Convention, when they reach across borders.
The majority of Americans do not have a choice when it comes to high-speed Internet. People living in rural areas have poor quality and coverage when it comes to even mid-range broadband, and America is lagging behind other countries in fiber optics. There are very few things in place that help address these problems, and big ISPs are asking the FCC to end one of them. But EFF is stepping in to ask the FCC to deny AT&T's and Verizon’s petition to give them a further chokehold on Internet access choice.
A local organization in the Electronic Frontier Alliance will host this event: In this session, Tiberius Hefflin, Founder of Go Boldly, will delve into the basics of digital forensics. Attendees will learn what digital forensics draws from forensic science, how the law informs what a forensic investigator is ethically able to do, the many uses of digital forensics, evidence collection methods, anti-forensics methods, what the incident response process should look like, and how they can maintain crime scene integrity until investigators can carry out an assessment.
EFF returns to Dragon Con to participate in a series of panels about technology, civil liberties, activism, and pop culture.
For folks attending Crypto 2018, the 38th International Cryptology Conference, don't miss this internationally-focused panel on surveillance and encryption. Organized by the International Association for Cryptologic Research (IACR), EFF Executive Director Cindy Cohn will examine recent international and U.S. governmental efforts to control encryption and limit user security.
Help EFF get to SXSW by voting for our panels in the SXSW Panel Picker. And share the blog post so your friends can vote, too!
A local organization in the Electronic Frontier Alliance (not EFF) will host this event: An exploration of the emerging technologies and implementations coming out of the Digital Identity Foundation (https://identity.foundation) member organizations, with a focus on Hyperledger Indy and the privacy preserving properties of these new identity networks.
The content moderation debate should be about urging companies to apply their rules consistently and provide clear, accessible avenues for meaningful appeal, says EFF's David Greene. (Washington Post)
Eighteen states have laws requiring warrants for drone surveillance—but others have not kept up with the rapid pace of drone technology. (Bloomberg Government)
As companies begin to use "behavioral biometrics" to track users, EFF's Jennifer Lynch says there's good reason to worry: "It’s a very small leap from using this to detect fraud to using this to learn very private information about you." (The New York Times)
Are copyright holders following patent holders to the Eastern District of Texas in search of a friendly forum for infringement lawsuits? (The News & Observer)
Besides being in poor taste, a proposal in Toledo, Ohio City Council to switch from electronic ankle monitoring to microchips misses the point. (The Appeal)
“Facebook already has mountains of information about our social networks, physical movements, and activity online. Do we really want to give Facebook greater insight into our finances and purchases, too?” asks EFF's Gennie Gebhart. (Fortune)