EFF in the News
Kit Walsh, a lawyer with the Electronic Frontier Foundation, thinks this is wrong. "Think of crash test dummies," he says. "Those safety tests are relied on by a majority of Americans in deciding what vehicles to trust and to rely upon. And the same kind of analysis should be possible with computers, given the crucial role that they play in controlling safety-critical systems as well as emissions systems."
Walsh says if independent researchers had access to the code in VWs, for instance, they might have detected the cheating software much sooner and revealed that the clean diesel the company touted in a recent TV ad wasn't so clean.
An exemption to the law that would allow researchers and owners to access car software has been fought by the auto industry. And, Walsh says, the industry had an unexpected ally. "We were surprised to see that the EPA wrote in against the exemption, particularly given that the investigation against Volkswagen must have been underway at that point," he says.
For Jillian York, the Director for International Freedom of Expression at the Electronic Frontier Foundation, however, the focus of the new initiative is wrong, given that censorship globally “is largely dwindling,” and countries are more focused on surveillance and going after dissidents “for speech after the fact.”
“Circumvention is a band-aid,” she told Motherboard via Twitter direct message. “While I'm not in favor of government funding for Internet freedom, I'd still rather see it put to better use, or see diplomacy efforts to push countries toward a more open internet.”
For the News app, the end result of that process looks like a boon for consumers according to privacy advocates. “It goes a long way to mitigating the potential risks involved in the type of tracking they’re doing,” said Nate Cardozo, a staff attorney at the Electronic Frontier Foundation.
Squirreled away in something called the Digital Millennium Copyright Act of 1998 is fine print that makes it risky to dig around under the hood of a new car and find out what makes it tick, explains Kit Walsh of the Electronic Frontier Foundation.
“The modern automobile is controlled by about 100 different computers running software created by the automakers or third parties that they contract with,” Walsh said. "And they typically will lock down that software so that you can’t even look at it, let alone modify it as a user."
That's troubling to Andrew Crocker, a staff attorney at the Electronic Frontier Foundation, who has researched the US government’s practice of buying information about software vulnerabilities. Using a Freedom of Information Act request, Mr. Crocker was able to get a copy of the government's Vulnerabilities Equities Process – the guidelines that the government and intelligence services use to acquire and deploy software vulnerabilities.
"It’s an open secret that the government uses vulnerabilities for both offensive and defensive purposes," said Crocker. "And this isn't just vulnerabilities they discover, but those they acquire from other sources."
Crocker said that the practice of buying vulnerabilities from vendors such as Zerodium presents many problems. The least of those is that buying the information has the potential to make governments complicit in allowing software vulnerabilities to fester. And, because nation-states or cybercriminals might discover the same holes, such activity may put the public at risk, he notes.
Hours after activist David Miranda revealed his proposal for the Snowden Treaty, Snowden himself addressed the Electronic Frontier Foundation's 2015 Pioneer Awards ceremony, where he was interviewed by journalist Kashmir Hill about his 2013 disclosures and the way they've changed the world.
"The fact that automakers can assert a DMCA claim against researchers is a deterrent to going in and actually looking at the code to understand what it's doing," said Kit Walsh, a staff attorney at the Electronic Frontier Foundation (EFF).
The EFF, a non-profit digital rights group, has opposed the protections for the auto industry under the DMCA, arguing that vehicle owners and others have the right to inspect the code that runs their vehicles and allow a mechanic of their choice do work on their cars and trucks.
Nadia Kayyali with the Electronic Frontier Foundation said “there are not a lot of spots left where there’s not some sort of private or public surveillance camera.”
"It sounds like a gold mine for ID thieves," said Jeremy Gillula, staff technologist for the Electronic Frontier Foundation, a civil liberties group focused on technology. "I'm kind of surprised that this information was never compromised."
“No amount of authentication can compensate for insecure hardware and software,” Electronic Frontier Foundation senior staff attorney Lee Tien said. “Plus, we just saw that OPM admitted something like 5.6 million fingerprints were compromised—isn’t biometric authentication wonderful?”
In the taxpayer security situation, “here, I guess the issue is face recognition—but if I can make my phone send a picture of you, is that enough?” he wondered.