For the last four years, EFF has greeted the holiday season by publishing a list of things we'd like to see happen in the coming year. Sometimes these are actions we'd like to see taken by companies, and sometimes our wishes are aimed at governments, but we also include actions everyday people can take to advance our digital civil liberties. This year has seen a few wishes come true. For example, our FOIA lawsuit against the NSA led them to disclose the (redacted) details of their Vulnerabilities Equities Process. We’ve also been pleased to see more journalists and news organizations using SecureDrop to securely accept documents from anonymous sources and the House Judiciary Committee is finally considering reform of the Electronic Communications Privacy Act.
Here are the things we’d like to see happen in 2016:
- Now that many companies are issuing transparency reports, they should break down their reports by jurisdiction within countries.
- Social media companies should institute better appeals processes for user grievances.
- Governments should stop pushing for tech companies to give them backdoor access to end-to-end encrypted data, either through legislation or through “voluntary cooperation.”
- OEMs should stop installing bogus root certificates and compromising user security.
- The Assad government should free imprisoned technologist Bassel Khartabil.
- Verizon should end their smartphone super cookie program once and for all.
- More websites would adopt our Do Not Track Policy and make a strong commitment to not tracking their users.
- More unencrypted websites should turn on SSL by default (perhaps by using Let's Encrypt).
- Software developers should stop providing unauthenticated software downloads. They should be using HTTPS and GPG signatures.
- Google should stop mining the data they collect from students using Chromebooks for advertising.
- Congress should remove cybersecurity legislation from the omnibus bill and postpone any vote on the cybersecurity language until after the December recess.
- Countries that have signed on to the Wassenaar Arrangement should roll back the 2013 changes on export controls. There are enough problems with these changes that it's time to rethink this entire approach.