Skip to main content

EFF Press Release Archives

Press Releases: February 2008

February 29, 2008

First Amendment Rights of Internet Users Upheld in Today's Hearing

San Francisco - A federal district court judge in San Francisco today rescinded a controversial order that disabled the "wikileaks.org" domain name which had -- until two weeks ago -- pointed to Wikileaks, a website designed to give whistleblowers a forum for posting materials of public concern.

This week, the Electronic Frontier Foundation (EFF) moved to intervene in the case, along with the American Civil Liberties Union (ACLU), and the American Civil Liberties Union Foundation of Northern California and the Project on Government Oversight (POGO). In a hearing in federal court today, EFF and its fellow intervenors and amici argued that the order infringed on the First Amendment rights of Internet users who have an interest in accessing material of public concern on the site. Ruling from the bench, Judge Jeffrey White cited concerns about the First Amendment, the effectiveness of disabling the wikileaks.org domain name, and the court's own jurisdiction over the case as reasons to dissolve his previous orders.

"We're very pleased that Judge White recognized the serious constitutional concerns raised by his earlier orders," said EFF Senior Staff Attorney Matt Zimmerman. "Attempting to interfere with the operation of an entire website because you have a dispute over some of its content is never the right approach. Disabling access to an Internet domain in an effort to prevent the world from accessing a handful of widely-discussed documents is not only unconstitutional -- it simply won't work."

Wikileaks permits third parties to post corporate and government documents that they believe expose wrongdoing. For example, in the past year individuals have posted materials documenting alleged human rights abuses in China and political corruption in Kenya.

The lawsuit began earlier this month, when Swiss bank Julius Baer filed suit against Wikileaks for hosting allegedly leaked documents regarding personal banking transactions of Julius Baer customers. Also sued was Wikileaks' domain name registrar, Dynadot LLC. On February 15, following a stipulation between Julius Baer and Dynadot, the court issued a permanent injunction, disabling the wikileaks.org domain name and preventing that domain name from being transferred to any other registrar.

In addition to dissolving the permanent injunction, which permits the wikileaks.org domain name to be reactivated, the court also declined to extend a previous temporary restraining order requiring Wikileaks to disable access to 14 disputed Julius Baer documents.

Joining the EFF, ACLU, and POGO motion to intervene was Wikileaks user Jordan McCorkle. The papers were filed in consultation with and on behalf of the intervenors by Steven Mayer of the law firm of Howard Rice Nemerovski Canady Falk & Rabkin. Other attorneys on the case include Christopher Kao and Shaudy Danaye-Elmi of Howard Rice; Zimmerman, Cindy Cohn, and Kurt Opsahl of EFF; and Aden Fine and Ann Brick of the ACLU and ACLU-Northern California, respectively.

For the full order:
http://www.eff.org/files/filenode/baer_v_wikileaks/wikileaks102.pdf

For more on the Wikileaks case:
http://www.eff.org/cases/bank-julius-baer-co-v-wikileaks

Contact:

Matt Zimmerman
Senior Staff Attorney
Electronic Frontier Foundation
mattz@eff.org

Related Issues:
February 27, 2008

Domain Name Shutdown Harms First Amendment Right to Access Information

San Francisco - The Electronic Frontier Foundation (EFF), the American Civil Liberties Union (ACLU), and the American Civil Liberties Union Foundation of Northern California (ACLU-Northern California) Tuesday filed a motion to intervene in a lawsuit where a federal judge ordered the disabling of one of the domain names associated with "Wikileaks," a website designed to give whistleblowers a forum for posting materials of public concern.

In early February, Swiss bank Julius Baer filed suit in federal district court against Wikileaks for hosting 14 allegedly leaked documents regarding personal banking transactions of Julius Baer customers. Also sued was Wikileaks' domain name registrar, Dynadot LLC. On February 15, following a stipulation between Julius Baer and Dynadot, the court issued a permanent injunction, disabling the wikileaks.org domain name and preventing that domain name from being transferred to any other registrar.

"Dynadot's private agreement to disable access to its customer's domain name -- and the court's endorsement of that agreement -- raise serious First Amendment concerns," EFF Senior Staff Attorney Matt Zimmerman. "This unwarranted injunction should remind everyone who hosts critical information on the Web that such information may only remain accessible as long as your service provider or registrar is willing to stand up for you against obviously overreaching legal attacks."

Wikileaks permits third parties to post corporate and government documents that they believe expose wrongdoing. For example, in the past year individuals have posted materials documenting alleged human rights abuses in China and political corruption in Kenya. The court's order effectively prevents readers who are only familiar with Wikileaks through the wikileaks.org domain name from accessing any material on the site.

"Julius Baer's private dispute regarding a former employee's alleged violation of a confidentiality agreement does not warrant this attempt to block access to all material hosted on Wikileaks," said Zimmerman. "The First Amendment rights of readers who have a legitimate interest in the materials posted on the website simply cannot be treated as acceptable collateral damage to the bank's claims."

In the papers filed Tuesday, the intervenors -- including the EFF, the ACLU, the Project on Government Oversight (POGO), and Wikileaks user Jordan McCorkle -- asked the court for permission to intervene in order to dissolve the injunction disabling the wikileaks.org domain name. The papers were filed in consultation with and on behalf of the intervenors by Steven Mayer of the law firm of Howard Rice Nemerovski Canady Falk & Rabkin. Other attorneys on the case include Christopher Kao and Shaudy Danaye-Elmi of Howard Rice; Zimmerman, Cindy Cohn, and Kurt Opsahl of EFF; and Aden Fine and Ann Brick of the ACLU and ACLU-Northern California, respectively.

At 9:00 a.m. on Friday, February 29, a federal judge in San Francisco will hear arguments regarding a related issue: whether to extend a temporary restraining order aimed at preventing the further distribution of the 14 disputed Julius Baer documents. A hearing to address Tuesday's motion to intervene and subsequent motion to dissolve the domain name permanent injunction has not yet been scheduled.

For information regarding the February 29 hearing, please contact press@eff.org.

For the full motion to intervene:
http://www.eff.org/files/filenode/baer_v_wikileaks/motiontointervene.pdf

For more on this case:
http://www.eff.org/cases/bank-julius-baer-co-v-wikileaks

Contact:

Matt Zimmerman
Senior Staff Attorney
Electronic Frontier Foundation
mattz@eff.org

Related Issues:
February 26, 2008

DOJ's Top Privacy Lawyer Left Government Post for Job with Online Giant

Washington, D.C. - The Electronic Frontier Foundation (EFF) filed suit against the Department of Justice (DOJ) today, demanding information about communications between the DOJ's former top privacy official and Google, the official's current employer.

Jane C. Horvath was named the DOJ's first Chief Privacy and Civil Liberties Officer in February of 2006. At that time, Google was fighting a massive DOJ subpoena asking for the text of every query entered into the search engine over a one-week period. The DOJ request -- part of a court battle over the constitutionality of a law regulating adult materials on the Internet -- ignited a national debate about Internet privacy.

The DOJ later scaled back its request, and a judge eventually allowed access to only 5000 random Google search queries. In a subsequent news article, Horvath was publicly critical of the DOJ's initial subpoena, saying she had privacy concerns about the massive request for information. Horvath's new job as Google's Senior Privacy Counsel was announced in August of 2007.

EFF asked the DOJ for information about communications between Horvath and Google with a Freedom of Information Act (FOIA) request as Horvath prepared to leave the agency, but the DOJ has not responded to the request more than six months after it was submitted.

"Google has an unprecedented ability to collect and retain very personal information about millions of Americans, and the DOJ and other law enforcement agencies have developed a huge appetite for that information," said EFF Senior Counsel David Sobel. "We want to know what discussions DOJ's top privacy lawyer had with Google before leaving her government position to join the company."

EFF's suit demands records of all correspondence, email, or other communications between Horvath and Google, and asks the court to order the DOJ to immediately process the documents for release.

This FOIA lawsuit is part of EFF's FLAG Project, which uses FOIA requests and litigation to expose the government's expanding use of technologies to invade privacy. Previous EFF FOIA requests have uncovered misuse of National Security Letters (NSLs) by the FBI, as well as improper FBI access to email from an entire computer network.

For the full complaint against the DOJ:
http://www.eff.org/files/filenode/doj_google/foia_complaint_filed.pdf

For more on EFF's FLAG Project:
http://www.eff.org/issues/foia

Contact:

David Sobel
Senior Counsel
Electronic Frontier Foundation
sobel@eff.org

Related Issues:
February 21, 2008

Laptops in "Sleep" or "Hibernation" Mode Most Vulnerable to Attack

San Francisco - A team including the Electronic Frontier Foundation (EFF), Princeton University, and other researchers have found a major security flaw in several popular disk encryption technologies that leaves encrypted data vulnerable to attack and exposure.

"People trust encryption to protect sensitive data when their computer is out of their immediate control," said EFF Staff Technologist Seth Schoen, a member of the research team. "But this new class of vulnerabilities shows it is not a sure thing. Whether your laptop is stolen, or you simply lose track of it for a few minutes at airport security, the information inside can still be read by a clever attacker."

The researchers cracked several widely used disk encryption technologies, including Microsoft's BitLocker, Apple's FileVault, TrueCrypt, and dm-crypt. These "secure" disk encryption systems are supposed to protect sensitive information if a computer is stolen or otherwise accessed. However, in a paper and video published on the Internet today, the researchers show that data is vulnerable because encryption keys and passwords stored in a computer's temporary memory -- or RAM -- do not disappear immediately after losing power.

"These types of attacks were often thought to be in the realm of the NSA," said Jacob Appelbaum, an independent computer security researcher and member of the research team. "But we discovered that on most computers, even without power applied for several seconds, data stored in RAM seemed to remain when power was reapplied, We then wrote programs to collect the contents of memory after the computers were rebooted."

Laptops are particularly vulnerable to this attack, especially when they are turned on but locked, or in a "sleep" or "hibernation" mode entered when the laptop's cover is shut. Even though the machines require a password to unlock the screen, the encryption keys are already located in the RAM, which provides an opportunity for attackers with malicious intent.

The research released today shows that these attacks are likely to be effective against many other disk encryption systems because these technologies have many architectural features in common. Servers with encrypted hard drives are also vulnerable.

"We've broken disk encryption products in exactly the case when they seem to be most important these days: laptops that contain sensitive corporate data or personal information about business customers," said J. Alex Halderman, a Ph.D. candidate in Princeton's computer science department. "Unlike many security problems, this isn't a minor flaw; it is a fundamental limitation in the way these systems were designed."

In addition to Schoen, Appelbaum, and Halderman, the research team included William Paul of Wind River Systems, and Princeton graduate students Nadia Heninger, William Clarkson, Joseph Calandrino, Ariel Feldman as well as Princeton Professor Edward Felten, the director of the Center for Information Technology Policy and a member of EFF's Board of Directors.

The researchers have submitted the paper for publication and it is currently undergoing review. In the meantime, the researchers have contacted the developers of BitLocker, which is included in some versions of Windows Vista, Apple's FileVault, and the open source TrueCrypt and dm-crypt products, to make them aware of the vulnerability. One effective countermeasure is to turn a computer off entirely, though in some cases even this does not provide protection.

For the full paper "Lest We Remember: Cold Boot Attacks on Encryption Keys," a demonstration video, and other background information:
http://citp.princeton.edu/memory/

Contacts:

Seth Schoen
Staff Technologist
Electronic Frontier Foundation
seth@eff.org

Jacob Appelbaum
Computer Security Researcher
jacob@appelbaum.net

J. Alex Halderman
Princeton University
jhalderm@cs.princeton.edu

Related Issues:
February 21, 2008

Mitchell Baker and the Mozilla Foundation, Michael Geist, and Mark Klein to be Honored at San Diego Award Ceremony

San Diego - The Electronic Frontier Foundation (EFF) is pleased to announce the winners of its 2008 Pioneer Awards: the Mozilla Foundation and its Chairman Mitchell Baker, University of Ottawa Professor Michael Geist, and AT&T whistleblower Mark Klein.

The award ceremony will be held at 7pm, March 4th at the San Diego Marriott Hotel and Marina in conjunction with the O'Reilly Emerging Technology Conference (ETech). Michael Robertson -- founder and CEO of MP3.com, Linspire, MP3Tunes and Gizmo5 -- will give the awards' keynote address: "What to Expect When You're Expecting...To Be Sued."

Mitchell Baker is the Chairman of the Mozilla Foundation, which is dedicated to promoting openness, innovation, and opportunity on the Internet through its sponsorship of the open-source Mozilla project. The Mozilla Foundation provides grants, legal services, and other support for development projects involving the Firefox browser, the Thunderbird email application, and other Mozilla software. Baker was previously the attorney at Netscape responsible for all legal issues related to product development and intellectual property protection. During that time she wrote the Netscape and Mozilla Public Licenses.

Dr. Michael Geist is a law professor at the University of Ottawa. Last year, he led the public protest to proposed Canadian copyright law changes that would have devastated consumers' technology rights. The groundswell of opposition caused the government to rethink and ultimately cancel introducing the legislation. Geist serves on the Privacy Commissioner of Canada's Expert Advisory Board and on the Canadian Digital Information Strategy's Review Panel. Geist is also an internationally syndicated columnist on technology law and writes a popular blog on the Internet and intellectual property issues.

Mark Klein is a retired AT&T telecommunications technician who blew the whistle on the government's warrantless surveillance program. When news reports of the illegal spying surfaced in December of 2005, Klein realized that he had been witness to -- and participated in setting up -- massive surveillance technology that violated the rights of millions of Americans. In early 2006, Klein brought EFF authenticated documents showing how AT&T diverted customers' communications to a room controlled by the National Security Agency. EFF now represents AT&T customers in a class-action lawsuit over the illegal spying.

"The Pioneer Award winners this year show us how one person can truly make a difference in our digital world," said EFF Executive Director Shari Steele. "It's hard work to protect freedom, and we are so grateful for the invaluable contributions of Mitchell, Michael, and Mark."

Since 1991, the EFF Pioneer Awards have recognized individuals and organizations that have made significant and influential contributions to the development of computer-mediated communications and to the empowerment of individuals in using computers and the Internet. Past winners include World Wide Web inventor Tim Berners-Lee, Linux creator Linus Torvalds, and security researcher Bruce Schneier, among many others.

The winners of the 17th annual Pioneer Awards were nominated by the public and then chosen by a panel of judges. This year's panel includes Kim Alexander (President and founder, California Voter Foundation), Esther Dyson (Internet court jester and blogger, Release 0.9; founding chairman of ICANN; former chairman of EFF), Mitch Kapor (President, Kapor Enterprises; co-founder and former chairman EFF), Drazen Pantic (Co-director, Location One), Barbara Simons (IBM Research [Retired] and former president ACM), James Tyre, (Co-founder, The Censorware Project; EFF policy fellow) and Jimmy Wales, (Founder, Wikipedia; co-founder, Wikia; chair emeritus of the Wikimedia Foundation).

TCHO is the Platinum Sponsor for the 2008 Pioneer Awards ceremony. TCHO is a new chocolate company for a new generation of chocolate enthusiasts. Founded by Wired co-founder Louis Rossetto and legendary chocolatier and former technologist Timothy Childs, TCHO will sample a "beta release" of their dark chocolate during the awards ceremony. Attendees are invited to taste two different formulas and vote for their favorite. Feedback directly influences the national release bar. Learn more about TCHO at: http://www.tcho.com

Bronze sponsors of the event include Atomic PR, Barracuda, JibJab, MOG, and Three Rings.

Tickets to the Pioneer Awards ceremony are $35. If you plan to attend, RSVP to events@eff.org. You can also pay for your tickets in advance at http://secure.eff.org/pioneerfundraiser. Members of the media interested in attending the event should email press@eff.org.

For more on attending the Pioneer Awards:
http://www.eff.org/awards/pioneer

Contacts:

Katina Bishop
Associate Director of Development
Electronic Frontier Foundation
katina@eff.org

Rebecca Jeschke
Media Coordinator
Electronic Frontier Foundation
press@eff.org

February 12, 2008

EFF Condemns Senate Vote, Looks to House for Leadership

Washington, D.C. - Despite the strong leadership of senators like Chris Dodd and Russ Feingold, the Senate failed today to block provisions of a pending surveillance bill that would grant immunity to phone companies that assisted the government in illegal electronic surveillance.

The Dodd-Feingold amendment to remove immunity from the FISA Amendments Act (FAA) failed in a 31 to 67 vote, and final Senate passage of the FAA is expected later today.

"Immunity for telecom giants that secretly assisted in the NSA's warrantless surveillance undermines the rule of law and the privacy of every American," said EFF Senior Staff Attorney Kevin Bankston. "Congress should let the courts do their job instead of helping the administration and the phone companies avoid accountability for a half decade of illegal domestic spying."

After the Senate passes the FAA, it will need to negotiate with the House over differences between the FAA and the RESTORE Act, the House's own surveillance bill passed in November. The RESTORE Act, although far from perfect, provides for more congressional and judicial oversight of the Executive Branch's domestic spying than the FAA, and does not include immunity for the telephone companies. President Bush has threatened to veto any surveillance legislation that does not contain immunity, even as the Protect America Act's changes to surveillance law -- which the president has argued are critical to saving American lives -- are set to expire on February 15th.

"It's time for Speaker Pelosi to draw a line the sand, and make clear to the president that this House of Representatives is never going to pass any bill that includes immunity for lawbreaking telecoms," said Bankston. "It's time for the president to show that he cares more about American lives than about the phone companies' bottom lines by actually working toward a bipartisan agreement on how to update surveillance law for the 21st century."

Senator Feinstein also offered an amendment to the Senate bill that would have provided immunity to phone companies if the Foreign Intelligence Surveillance Court determined that they had a good faith, reasonable belief that the NSA program was legal. That amendment did not pass, but received enough votes that it might be considered by the House as a potential compromise on the immunity issue.

"Attempts by senators like Ms. Feinstein to find a reasonable compromise on the immunity question are much appreciated, but transferring all of the litigation to the secretive and conservative FISA court is unnecessary, inefficient and unwise," said Bankston. "The regular federal courts are fully capable of handling these cases fairly and securely."

EFF represents the plaintiffs in Hepting v. AT&T, a class-action lawsuit brought by AT&T customers accusing the telecommunications company of violating their rights by illegally assisting the government in widespread domestic surveillance. The Hepting case is just one of many suits aimed at holding telecoms responsible for knowingly violating federal privacy laws with warrantless wiretapping and the illegal transfer of vast amounts of personal data to the government.

Contacts:

Rebecca Jeschke
Media Coordinator
Electronic Frontier Foundation
press@eff.org

Kevin Bankston
Senior Staff Attorney
Electronic Frontier Foundation
bankston@eff.org

Related Issues:
February 8, 2008

Announcement Sets Stage for Congressional Showdown

Washington, D.C. - Today, a formidable trio of House Committee Chairmen sent a stern letter to their colleagues urging them to oppose immunity for phone companies that assisted in the NSA's warrantless wiretapping program.

The White House is demanding that immunity for the telecoms be included in Foreign Intelligence Surveillance Act (FISA) legislation pending in Congress. But in today's letter -- written by John Dingell, Chairman of the House Committee on Energy and Commerce; Ed Markey, Chairman of the House Subcommittee on Telecommunications and the Internet; and Bart Stupak, Chairman of the Subcommittee on Oversight and Investigations -- the congressmen argue that the president is creating a "false choice" for lawmakers.

"By tying the question of lawsuit immunity to questions of national security and Foreign Intelligence Surveillance Act (FISA) reform legislation, the President has created a false choice for Congress," the letter states. "The issue of immunity for phone companies that chose to cooperate with the President's warrantless wiretapping program deserves a separate and more deliberate examination by Congress. No special urgency attaches to the question of immunity other than the present Administration's general eagerness to limit tort liability and its desire to avoid scrutiny of its own actions, by either the courts or the Congress."

Earlier this week, more than two dozen House members sent a letter to the White House announcing their opposition to telecom immunity. Along with the Chairmen's letter, this may represent a significant shift in the political debate over telecom immunity. The Senate could complete work on the FISA Amendments Act, which includes immunity, as early as next week. In November, the House passed its own surveillance bill, the RESTORE Act, which does not grant immunity. The House will soon be negotiating with the Senate over how to reconcile those bills.

"Senators about to vote on immunity should heed the Chairmen's warning: tying the question of telecom immunity to that of FISA reform is unnecessary and dangerous," said Electronic Frontier Foundation (EFF) Senior Staff Attorney Kevin Bankston. "But if the Senate complies with the Administration's pleas to cover up its illegal spying and bail out the phone companies, then it's time for the House to step up and block immunity for lawbreaking telecom giants."

EFF represents the plaintiffs in Hepting v. AT&T, a class-action lawsuit brought by AT&T customers accusing the telecommunications company of violating their rights by illegally assisting the National Security Agency in widespread domestic surveillance. The Hepting case is just one of many suits aimed at holding telecoms responsible for knowingly violating federal privacy laws with warrantless wiretapping and the illegal transfer of vast amounts of personal data to the government.

For the full letter from Congressmen Dingell, Markey, and Stupak: http://www.eff.org/files/nsa/dingell.pdf

For the letter from the House members to the White House: http://lee.house.gov/index.cfm?ContentID=1206&ParentID=0&SectionID=4&SectionTree=4&lnk=b&ItemID=1201

For more on the telecoms' role in warrantless spying:
http://www.eff.org/issues/nsa-spying

Contacts:

Kevin Bankston
Senior Staff Attorney
Electronic Frontier Foundation
bankston@eff.org

Cindy Cohn
Legal Director
Electronic Frontier Foundation
cindy@eff.org

Related Issues:
February 7, 2008

Information Sought in Response to Growing Complaints of Harassment at U.S. Borders

San Francisco - The Asian Law Caucus (ALC) and Electronic Frontier Foundation (EFF) filed suit today against the U.S. Department of Homeland Security (DHS) for denying access to public records on the questioning and searches of travelers at U.S. borders. Filed under the Freedom of Information Act, the suit responds to growing complaints by U.S. citizens and immigrants of excessive or repeated screenings by U.S. Customs and Border Protection agents.

ALC, a San Francisco-based civil rights organization, received more than 20 complaints from Northern California residents last year who said they were grilled about their families, religious practices, volunteer activities, political beliefs, or associations when returning to the United States from travels abroad. In addition, customs agents examined travelers' books, business cards collected from friends and colleagues, handwritten notes, personal photos, laptop computer files, and cell phone directories, and sometimes made copies of this information. When individuals complained, they were told, "This is the border, and you have no rights."

"When the government searches your books, peers into your computer, and demands to know your political views, it sends the message that free expression and privacy disappear at our nation's doorstep," said Shirin Sinnar, staff attorney at ALC. "The fact that so many people face these searches and questioning every time they return to the United States, not knowing why and unable to clear their names, violates basic notions of fairness and due process."

ALC and EFF asked DHS to disclose its policies on questioning travelers on First Amendment-protected activities, photocopying individuals' personal papers, and searching laptop computers and other electronic devices. The agency failed to meet the 20-day time limit that Congress has set for responding to public information requests, prompting the lawsuit.

"The public has the right to know what the government's standards are for border searches," said EFF Staff Attorney Marcia Hofmann. "Laptops, phones, and other gadgets include vast amounts of personal information. When will agents read your email? When do they copy data, where is it stored, and for how long? How will this information follow you throughout your life? The secrecy surrounding border search policies means that DHS has no accountability to America's travelers."

When Nabila Mango, an American citizen and San Francisco therapist, returned from a trip to the Middle East in December, customs agents at San Francisco International Airport asked her to name every person she had met and every place she had slept during her travels. They also searched her Arabic music books, business cards, and cell phone, and may have photocopied some of her papers.

"In my 40 years in this country, I have never felt as vulnerable as I did during that interrogation," Mango said. "I want to find out whether my government is keeping files on me and other Americans based on our associations and ideas."

Amir Khan, an IT consultant from Fremont, California and a U.S. citizen, is stopped each time he returns to the country. Customs officials have questioned him for a total of more than 20 hours and have searched his laptop computer, books, personal notebooks, and cell phone. Despite filing several complaints, Khan has yet to receive an explanation of why he is repeatedly singled out.

"One customs officer even told me that no matter what I do, nothing would improve," said Khan. "Why do I have to part with my civil liberties each time I return home?"

For a copy of the complaint:
http://www.eff.org/files/filenode/alc/alc-complaint.pdf

Contacts:

Marcia Hofmann
Staff Attorney
Electronic Frontier Foundation
marcia@eff.org

Shirin Sinnar
Staff Attorney
Asian Law Caucus
shirins@asianlawcaucus.org

Related Issues:
JavaScript license information