EFF in the News
As a category, the internet of things is useful to eavesdroppers both official and unofficial for a variety of reasons, the main one being the leakiness of the data. “[O]ne helpful feature for surveillance is that private sector IoT generally blabs a lot, routinely into some server, somewhere,” said Lee Tien, a senior staff attorney at the Electronic Frontier Foundation. “That data blabbing can be insecure in the air, or obtained from storage.”
Jamie Williams, a legal fellow on the civil liberties team at the Electronic Frontier Foundation, said the bill ignores the reality that it is technically impossible to give the government access to personal data without making consumers more vulnerable.
"If device manufactures were to build such vulnerabilities into phones, it would be a serious threat to privacy and security - leaving us all less safe as a result," Williams said. "And a law mandating that a manufacturer retain the capability to decrypt or unlock a phone also could present significant First Amendment implications."
The pro-privacy and internet freedom group Fight for the Future recently launched a petition against the bill. The group argues that requiring phone companies to put "secret backdoors" in smartphones "would mean we have no way of knowing if our private communications are actually private at all."
"I think we have lawmakers at both the state and federal levels who are listening to the experts when they say that it's not possible to force providers and manufacturers to provide access to encrypted data without simultaneously undermining encryption," Andrew Crocker, an attorney at the Electronic Frontier Foundation, told Ars.
"We also have lawmakers who are instead proposing vague and/or ineffective ‘solutions’ to that fundamental concern. That's really the sum of these Crypto Wars: The ‘pro encryption’ side has the weight of technical and policy expertise. The ‘anti’ side repeats that it can be done without saying how."
"This kind of precedent is long established,” said Nate Cardozo, a staff attorney focused on hacking rights at the Electronic Frontier Foundation, referencing the destruction of the Creeper virus in 1971. “For instance, what is generally considered to be the very first virus ever was taken down by a gray hat. So you could say that this sort of action is as old as computer viruses themselves.”
“The problem with Free Basics service was that it centralized control of the Internet with a single gatekeeper – Facebook and its partners – that introduced a whole range of problems, creating a new barrier to content providers that have to register with Facebook,” Malcolm told Al Jazeera. “That in turn creates a locus for control, for censorship, for privacy and security problems that didn’t exist on the open Internet.”
Rather, why not pivot resources towards offering some basic level of free, unrestricted Internet access to people in countries like India – rather than the "walled garden" activists consider Free Basics. Even if that scenario doesn't advantage Facebook to the same degree, Malcolm argued, “the more Internet users, the more Facebook users. So you achieve the same results without all the problems."
On the other hand, zero rating is "a dangerous approach," noted Jeremy Malcolm, senior global policy analyst at the Electronic Frontier Foundation.
It often "reduces competition, diverts users toward already-dominant Internet services, and creates the potential for censorship, and privacy and security problems," he told the E-Commerce Times. "We hope it will encourage Facebook and its partners to examine other ways to bring the Internet to India's poor."
Electronic Frontier Foundation’s Jeremy Malcolm and Techonomy chief executive officer David Kirkpatrick discuss if India is in violation of net neutrality after banning Facebook’s free basics with Emily Chang on “Bloomberg West.”
"This bill as drafted is clearly unconstitutional," Electronic Frontier Foundation Staff Attorney Nate Cardozo said to Ars Technica in a phone interview. "There may be anti-doxing legislation out there which does make sense, but this bill creates a crime if you, with the intent to annoy, publish someone else's name. If I want to say [online], 'Sam is a poo-poo head,' that's a crime under this draft."
"It's really trendy, frankly, to legislate in the area of computer crime or cybersecurity right now," Cardozo added. "Because it's trendy to do, we've seen any number of extremely poorly worded and poorly thought-through proposals [from American lawmakers]. This is just another one."
“We think that trying to craft a regulatory definition that would capture offensive tools only while leaving defensive tools freely available is not possible,” Nate Cardozo, a staff attorney at the Electronic Frontier Foundation told The Hill. “We think it’s a fool’s errand to even try.”
The reorganization could make those perceived problems worse, said Andrew Crocker, an attorney with the Electronic Frontier Foundation.
"The Snowden documents have really pointed to a lot of places where the [signals intelligence] mission is in conflict with the information assurance mission," he said. "You wonder about how they're going to balance that internally."