EFF in the News
One way to aid data deletion is encryption, said Jacob Hoffman-Andrews, senior staff technologist at the Electronic Frontier Foundation. If a user’s data is encrypted with a single key, destroying the key associated with an account is easier than finding and wiping each place the customer's data exists. That way, the information remains encrypted, but the key to decrypt the information is gone. The key will similarly need to be deleted and overwritten for it to be erased.
The Ashley Madison breach is "also a good case of, ‘Don't retain more data than you need,' " Hoffman-Andrews wrote in an e-mail. He recommends that all companies that store personal data audit their systems often to make sure everything they think they are deleting is actually being erased.
When it comes to data deletion, Ashley Madison may not be as bad as many other so-called dating sites, according to the EFF. In its 2012 ranking of dating sites based on their security and privacy practices, Ashley Madison was among the 3 out of 8 sites ranked that earned high marks for data deletion practices.
“You would give your credentials to this website, then it would give you an error, then they use your credentials to take your money,” said Noah Swartz of the Electronic Frontier Foundation.
Finding the threats is the easy part, though. “It’s a lot easier to figure out the context of speech in the physical world than in the online world,” said Hanni Fakhoury, a senior staff attorney at the Electronic Frontier Foundation. “You need that context in order to see what that speech really means.”
Rainey Reitman, the activism director of the Electronic Frontier Foundation, criticized MasterCard and Visa for removing support for Backpage, writing earlier this month, “We don’t need Visa and MasterCard to play nanny for online speech. Payment processors and banks shouldn’t be in the position of deciding what type of online content is criminal or enforcing morality for the rest of society.”
Instead of coming up with a new draft, the Electronic Frontier Foundation's Nate Cardozo says he wants the US to reopen the initial discussions that led to the software restrictions with the Wassenaar negotiators. That way, says the EFF staff attorney, the agreement could focus on actual spyware and surveillance products instead of the components that make or control those technologies.
"What are they actually trying to control? Are they trying to control [the notorious spyware] FinFisher?" asks Mr. Cardozo, who recently filed a lawsuit against Ethiopia over its use of FinFisher, a maker of surveillance technology. "Why don’t they go after export of that kind of software directly?"
Nate Cardozo, staff attorney at the Electronic Frontier Foundation, told The Register that the storm over the proposed changes highlighted the need for a full rethink when the member states who sign up to Wassenaar meet to discuss the changes in December.
"I don’t think anyone thinks this was a well drafted proposed rule, not even BIS at this point," he said. "The BIS has heard the industry loud and clear and will revise the proposed rules."
Jennifer Lynch, an attorney at the Electronic Frontier Foundation, a prominent digital civil liberties group, said New Castle County's system could eventually grow beyond its emergency-only mandate.
"A lot of local law enforcement agencies are saying, 'trust us,' and I don't think that's an appropriate check [on their power]," Lynch said. "It often becomes a situation where the cameras are always on."
“We’re usually talking in terms of many months, if not years, before responses are received,” says David Sobel, an attorney who represents Poitras pro-bono, on behalf of the digital civil liberties group the Electronic Frontier Foundation. “Certainly, for purposes of journalism where the timeliness is critical, these systemic delays in responding to requests have really hampered the ability of journalists to use FOIA as a tool.”
“Biometrics are … a series of numbers of ones and zeros that represent different measurements on your face and different ways that your face might look,” said Jennifer Lynch, a senior staff attorney with the non-profit civil liberties group, Electronic Frontier Foundation.
That does not impress some privacy campaigners. “It is kind of surprising for them to be throwing out all these scary hypotheticals, but when they are asked for hard evidence they don’t have any,” said Jeremy Gillula, a staff technologist at the Electronic Frontier Foundation (EFF), a non-profit digital rights group. “For people whose jobs depend on the ability to present hard evidence to a judge in order to put ‘bad guys’ away, you’d think they would have some better evidence.”