December 3, 2013 | By Eva Galperin and Seth Schoen

EFF's 2013 Holiday Wishlist

As we did last year and the year before, EFF welcomes the winter season with a new wishlist of some things we'd love to have happen for the holidays—for us and for all Internet users. These are some of the actions we'd most like to see from companies, governments, organizations, and individuals in the new year.

  • Citizens, organizations, privacy officials, and governments should unite around the International Principles on the Application of Human Rights to Communications Surveillance and add their voices to declare that mass surveillance violates international human rights.
  • The U.S. Congress should create a new Church Committee to find out what intelligence agencies are actually doing; since mass surveillance is a global problem, we also need parliamentary commissions of inquiry around the world to look into the same question.
  • Congress should pass meaningful reform to the Computer Fraud and Abuse Act and the Electronic Communications Privacy Act.
  • The Department of Justice should notify everyone who's been convicted of a crime using evidence derived—directly or indirectly—from warrantless surveillance programs (not just a cherry-picked handful of defendants).
  • All communications companies should publish transparency reports showing the scope and nature of government requests for user information. The Internet industry, led by Google, has made this a standard for corporate transparency, but telecom companies are still totally missing in action.
  • All Internet sites should adopt cryptographic best practices for every connection, every time, including PFS, STARTTLS, HSTS, and encrypted traffic between data centers.
  • In 2014, every certificate authority and web browser should commit to adopt Google's Certificate Transparency system to detect and stop the issuance of fake certificates that facilitate spying on web users.
  • Companies that sell books, movies, music, or other digital media should commit to the principle that if you bought it, you own it. That means no DRM and no sneaky license agreements.
  • Every wireless device should let you change its MAC address (a hardware serial number), and no new technology standards should be designed to transmit any persistent hardware serial numbers over the air or on a network. (If your device keeps sending the same hardware serial number, like wifi devices and cell phones, among others, whoever's at the other end or listening in can recognize you and track your location. Businesses and governments are already taking advantage of this to build massive databases of our devices.)
  • Web sites should publish historical versions of their terms of service and privacy policies, with their effective dates, to help users understand what's changed over time. 
  • Governments should come clean about how they've weakened computer and communications security, clean up the damage, and stop doing it.
  • Companies entering the secure communications space (as well as those that have been there a while!) should explain exactly how secure they are and why. They should get public technical audits by experts and clearly explain how they handle classic, fundamental security challenges. They should clearly and publicly explain whether and to what extent they could be compelled to record or turn over user data or to help break users' security (including by disclosing cryptographic keys or passwords, by issuing false digital certificates, or by modifying their software).
  • The surveillance industry should take responsibility for ensuring that it's not assisting mass surveillance and other human rights violations.

It goes without saying that 2013 has been a major year for transparency, security, privacy, and more. Let's see it out with a bang by getting some of these important wishes granted.

Update: Thanks to prompt action by Facebook, their robots.txt file has been modified to allow crawls by the Internet Archive for the Facebook terms of use and privacy policy. We appreciate their quick response. 

Deeplinks Topics

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

Censorship powers, data retention, and vague hacking crimes: Pakistan's terrible cybercrime bill has it all:

Nov 25 @ 5:11pm

While Bangladesh blocks social messaging apps, locals are turning to Tor and Twitter:

Nov 25 @ 3:50pm

You've heard recent news about Securus, the prison phone service. It's also the proud owner of a very stupid patent.

Nov 25 @ 3:09pm
JavaScript license information