EFF in the News
A major distributed-denial-of-service (DDoS) attack on cybersecurity blog Krebs on Security reminded technology users that faulty Internet of Things (IOT) security makes all of our devices and appliance vulnerable. But some manufacturers may not be willing to spend money to make their appliances more secure, said Electronic Frontier Foundation (EFF) Senior Staff Attorney Lee Tien. For a company designing a new fitness tracker, "it would be a lot easier and a lot cheaper to design it without having storage and all sorts of things that people think they should have," Tien said.
According to a document obtained by The Intercept, your blue-bubbled texts do leave behind a log of which phone numbers you are poised to contact and shares this (and other potentially sensitive metadata) with law enforcement when compelled by court order. Andrew Crocker, an attorney with the Electronic Frontier Foundation (EFF), said the document prompted further questions: “How often are lookups performed? Does opening [an iMessage] thread cause a lookup? Why is Apple retaining this information?”.
The charge was taken up by the Electronic Freedom Foundation, a San Francisco-based group that takes stands against government surveillance and other tech-policy matters. The group on Monday sent a letter to Dion Weisler, HP’s chief executive, arguing in part that HP’s action could cause customers to become wary of software updates that are increasingly important to improve security.
“By giving tens of millions of your customers a reason to mistrust your updates, you’ve put them at risk of future infections that could compromise their business and home networks, their sensitive data, and the gadgets that share their network with their printers, from baby monitors to thermostats,” wrote Cory Doctorow, an EFF special adviser.
The EFF, which has long criticized the way companies use various forms of digital rights management technology, began an online petition asking readers to demand that “HP make amends for its self-destructing printers.” It has received more than 10,000 signatures, said Elliot Harmon, who holds the title of activist at the group.
HP did apologize for its poor communication about the firmware update and promised to be more "transparent" in the future. But that alone won't satisfy the Electronic Frontier Foundation, which called on HP for a public commitment to never again use its software update process "to distribute anti-features that work against [HP] customers' interests."
The EFF told Ars today that it's glad to hear about the firmware update, but it wants to know what HP's plans are for informing users. "Today, the vast majority of people who use the affected printers do not know why their printers lost functionality, nor do they know that it’s possible to restore it," EFF Activist Elliot Harmon said. "All of those customers should be able to use their printers free of artificial restrictions, not just the relatively few who have been closely following this story."
“You must be aware that this decision has shocked and angered your customers,” wrote Cory Doctorow of the Electronic Frontier Foundation (EFF) in an open letter, in which he suggested steps HP should take to “begin to repair the damage it has done to its reputation and the public’s trust.”
Doctorow added that HP’s customers should be able to choose the ink they put in their printers in much the same way Cuisinart toaster owners can choose their bread. He criticized the company for sneaking the functionality onto printers via what purported to be a security update, arguing that if people mistrust security updates, they might leave their product vulnerable to attack.
Mitch Stoltz (@mitchstoltz) is a Senior Staff Attorney at the Electronic Frontier Foundation. Mitch works on cases where free speech and innovation collide with copyright and trademark law. His current projects include improving the legal environment for mobile software developers and tinkerers, fighting the use of copyright as a tool for censorship, litigation on the copyright status of mandatory safety codes, and legal analysis in the field of Internet television and video. Mitch also counsels clients on Internet video technology and open source software licensing.
San Francisco’s Electronic Frontier Foundation, which promotes online free speech, said it receives queries at least weekly from consumers being sued over online reviews, usually on Yelp and sometimes on Glassdoor, a site where employees rate their workplaces, said staff attorney Sophia Cope. The EFF does not take individual cases, however.
“We need a federal law that applies in all states,” Cope said.
“The DMCA has given companies a legal hammer to prevent transparency in the way those devices work,” said Kit Walsh, a staff attorney the Electronic Frontier Foundation (EFF). That’s led to a chilling effect on people who want to improve, customize or better secure modern vehicles (it’s unclear how much it has deterred malicious hackers).
“Honestly, the real answer is 'it depends.' Marking election systems as critical infrastructure might help us begin to make them more secure, but not necessarily. And federalizing election systems could make us less secure by creating fewer points of failure. But overall, [the Electronic Frontier Foundation] and our colleagues at Verified Voting have been sounding the alarm about insecure voting systems for a long time, pushing for real auditing of code and risk limiting audits of the results, along with warning about the insecurity of the internet as a network for voting. More must be done. Whether the step of calling it critical infrastructure will help is hard to predict, but certainly raising the profile of this issue is long overdue.” – Cindy Cohn, Electronic Frontier Foundation
But all this user choice isn't necessarily a good thing, said Eva Galperin, a global policy analyst at the Electronic Frontier Foundation, which advocates for online privacy. In apps that let users switch between private and less-private modes, users either choose the wrong mode or mistakenly believe the whole app is safe.
"When people have those kinds of choices, it's too easy to mess up," she said.