EFF in the News
One of them is Kit Walsh, a lawyer at the Electronic Frontier Foundation, which had petitioned the Librarian of Congress for the new exemption.
"The reason that we've learned about a string of significant security vulnerabilities in vehicles is because security researchers have had the courage to face this legal gray area and do the research anyway," Walsh says.
Despite these four loopholes, the new laws do state that ISPs should "treat all traffic equally, without discrimination, restriction or interference." Jeremy Malcolm, a senior global policy analyst at the Electronic Frontier Foundation, described the news as a "qualified success," adding that although the final result was "disappointing, this was always going to be a difficult battle, and the result is an ambiguous text."
But Jeremy Malcolm, senior global policy analyst at EFF, told WIRED that "overall Europe is in a better position today than it was yesterday." He said that although the amendments being voted down were "disappointing" the laws passed resulted in consistent net neutrality regulation across Europe for the first time.
"The disagreement is around the edges, the extent to which loopholes can be miss used for purposes that go beyond legitimate network management," he said. "Those loopholes may or may not be exploited but I guess we will see as this rolls out."
"We are pleased that analysts will now be able to examine the software in the cars we drive without facing legal threats from car manufacturers and that the Librarian has acted to promote competition in the vehicle aftermarket and protect the long tradition of vehicle owners tinkering with their cars and tractors," said Kit Walsh, a staff attorney with the Electronic Frontier Foundation, which pushed for the exemption.
The EFF applauded the decision but was disappointed in the year-long delay.
"This 'access control' rule is supposed to protect against unlawful copying," said EFF attorney Kit Walsh. "But as we've seen in the recent Volkswagen scandal—where VW was caught manipulating smog tests—it can be used instead to hide wrongdoing hidden in computer code. We are pleased that analysts will now be able to examine the software in the cars we drive without facing legal threats from car manufacturers, and that the Librarian has acted to promote competition in the vehicle aftermarket and protect the long tradition of vehicle owners tinkering with their cars and tractors. The year-long delay in implementing the exemptions, though, is disappointing and unjustified. The VW smog tests and a long run of security vulnerabilities have shown researchers and drivers need the exemptions now."
Changing times: This odd matchup of authority was bestowed upon the Library of Congress in 1998 under digital copyright legislation aimed mostly at keeping people from copying music and movies. But that power has grown with the technological advances of the past 18 years. “What this current round of exemptions is driving home is how much has changed,” Corynne McSherry, legal director at the Electronic Frontier Foundation, tells POLITICO. “I don’t think Congress even remotely contemplated that you’d have to go get an exemption from the Librarian of Congress to fix your car.”
"The bill focuses on information-sharing," said Mark Jaycox, a legislative analyst with the Electronic Frontier Foundation. But "the lack of information isn't a problem. What is a problem, is what we're seeing in the latest data breaches."
That includes persistent bad security habits by companies, such as failing to encrypt data or continuing to use outdated, "legacy" computer systems, Jaycox said.
While the bill requires companies and authorities to scrub the data of personal information, critics worry that that's unlikely.
"You aren't going to be looking at every single letter or email that goes out," Jaycox said. "There is a very real fear...that unrelated personal information is shared with the government."
Without amendments, the rules could favor sites by designating them specialized services, or by regulating that speculative impending network congestion, says Jeremy Malcolm senior global policy analyst with the Electronic Frontier Foundation, a nonprofit concerned with civil liberties in the digital age.
“One of the biggest concerns is that the regulation as it stands will allow ISP and telecom companies to discriminate against a certain type of traffic,” Malcolm tells Inverse. “This is really dangerous because it sets up a hierarchy of traffic from most important to least important. And there’s bound to be some mistakes, even if they’re trying to do it in a user-focused way.
“Encrypted traffic is particularly a problem because the ISP doesn’t know what it is — is it email? Is it video? — so what we could find is encrypted traffic slows down as a whole which is the opposite of what we want it to do, especially these days with surveillance and malicious hackers and cyber criminals.”
"The practices that carriers have gotten into, the sheer volume of data and the promiscuity with which they're revealing their customers' data creates enormous risk for their businesses," said Peter Eckersley, chief computer scientist at the Electronic Frontier Foundation, a privacy watchdog. Mr. Eckersley and others suggest that anonymization techniques are faulty in many cases because even information associated with a hashed or encrypted identification code can be linked back to a home address and potentially reidentified by hackers.