EFF in the News
“The idea that your Internet service provider is going to be spying on the contents of your traffic, even in an automated way, is very disconcerting,” said Jeremy Gillula, staff technologist with the San Francisco digital-rights organization Electronic Frontier Foundation.
“What if data about your browsing history gets out?” he said. “What if there’s a data breach?”
Around the same time the US and Israel were already developing and unleashing Stuxnet on computers in Iran, using five zero-day exploits to get the digital weapon onto machines there, the government realized it needed a policy for how it should handle zero-day vulnerabilities, according to a new document obtained by the Electronic Frontier Foundation.
When the Electronic Frontier Foundation (EFF) sued the National Security Agency (NSA) over records regarding the government's alleged prior knowledge of Heartbleed, the privacy group hoped to gain insight into the agency's zero-day exploitation policy.
So what is surveillance? The US military defines it as "systematic observation". It controls "what we see, what we can do... ultimately, what we say", says Schneier. A director of the Electronic Frontier Foundation in San Francisco, Schneier has been a go-to expert for years. He helped analyse some of the more technical documents leaked by Edward Snowden. But he wears his expertise lightly: the book moves fast and references are relegated to pages of notes.
Activists say the battle is half won. "The court left intact Section 69A, the government website blocking procedure, despite the lack of either judicial review or transparency in how or which sites are blocked," says James S Tyre, special counsel for Electronic Frontier Foundation, a San Francisco-based advocacy group. "This is the first time the SC has struck down or limited internet censorship laws. However, the SC has much more to do."
Hanni Fakhoury, an attorney with the Electronic Frontier Foundation privacy group, said it was "ridiculous" that it has taken so much prying to glean just basic information about the device and its use.
"It's secrecy for the sake of secrecy," he said. "Now they're dismissing cases rather than disclosing information -- that's not in the public's interest. We're not asking for a blueprint, just some transparency."
“If you have one plate scan of one car, all you have is this car was at this place at this time — not what the driver was doing,” said Jennifer Lynch, senior staff attorney with Electronic Frontier Foundation in San Francisco. “But over multiple days, you can get a picture of what someone is doing, where they’re going and why. You can start to make pretty broad assumptions of someone’s life with the more data you have.”
Jacob Hoffman-Andrews, a senior staff technologist at the Electronic Frontier Foundation, a digital rights advocacy group, says these practices raise security and privacy concerns.
“Ideally, customers shouldn’t be in a battle with their ISPs for their privacy. ISPs should be on your side, helping you get a clean connection to the Internet, without interference and without tracking. Unfortunately, that’s not really the case today,” Hoffman-Andrews told DecodeDC.
"There is clear evidence that ShotSpotter can record conversations," Electronic Frontier Foundation activist Nadia Kayyali told Business Insider.
Despite seeming attempts at privacy improvements, critics say the House version of the bill is in most major respects just as problematic as the Senate version. “You have pretty much non-existent privacy protections, along with new powers to spy on and monitor users…all while being provided broad immunity,” says Mark Jaycox, a legislative analyst with the Electronic Frontier Foundation who has closely followed both House and Senate bills. “It creates a perfect storm for sharing personal information with intelligence agencies.”