EFF in the News
“Apple’s security model depends on all of us knowing that Apple’s key is only used by Apple in its best judgment,” Nate Cardozo, staff attorney for the Electronic Frontier Foundation told WIRED recently. “And once that security model is broken, that’s sort of it. We can no longer assume that an over-the-air update to iOS isn’t compromised…. Apple being ordered to compromise their code-signing infrastructure undermines trust in the whole system.”
The American Civil Liberties Union and Electronic Frontier Foundation are among the groups preparing their own briefs in support of Apple. The EFF’s filing will argue that the government’s request amounts to a violation of the First Amendment.
“It’s well established that computer code is protected under the First Amendment,” EFF staff attorney Andrew Crocker said Thursday.
Jennifer Lynch, a senior staff attorney with the Electronic Frontier Foundation, said it was “reassuring” the Riverside wiretap numbers had normalized, but worried there is “no oversight” even for new eavesdropping orders. Almost all wiretaps are sealed, and are sometimes kept secret even from the suspects who are arrested as a result of the eavesdropping, Lynch said.
“We are reliant on the prosecutors and the law enforcement officers to do their jobs and the judges not to just stamp a signature on them, but without releasing these on a regular basis it’s hard to be satisfied that the system is operating the way it should be,” Lynch said.
The strategy's not without risk, however. Congress could pass a law that requires all manufacturers to include backdoors for law enforcement to access their devices. Nate Cardozo, staff attorney at the Electronic Frontier Foundation, said this eventuality is part of the FBI's plan in fighting the San Bernardino case in public. "The FBI kind of doesn't care if it loses this fight if it puts pressure on Congress," Cardozo told The Verge. "They can't lose."
“Authoritarian regimes around the world are salivating at the prospect of the FBI winning this order,” Nate Cardozo of the nonprofit Electronic Frontier Foundation said. “If Apple creates the master key that the FBI has demanded ... governments around the world are going to be demanding the same access.”
“Even if the FBI loses this case, what they have won is ammunition,” says Nate Cardozo, staff attorney at the Electronic Frontier Foundation in San Francisco. “They will take that loss to Congress, to say ‘we need to mandate back doors by law.'”
An attorney for the Electronic Frontier Foundation is highly critical of how wiretapping is approved and conducted in the county and elsewhere.
The EFF's Jennifer Lynch is among the critics who point to what they call a lack of transparency, oversight and accountability.
"I think a real question here is were the wiretaps issued lawfully, and that is hard question to find an answer to, because most wiretap orders are sealed. That points to a larger problem in our system where these orders are sealed, and they remain sealed, and they're kept from the public, and they're kept from defense attorneys and judges," said Lynch.
Lynch believes more transparency would lead to less wiretapping, and said wiretap orders should be required to be unsealed automatically after a certain period of time.
She also says law enforcement should be required to prove why certain orders should not be unsealed in certain cases.
Chelsea Manning's helpers write, "Citing potential copyright infringement, the Army censored materials on prison censorship from the Electronic Frontier Foundation that were sent to Chelsea by one of her volunteers."
Shahid Buttar, Director of Grassroots advocacy at the Electronic Frontier Foundation
Susan Hennessey, fellow in national security in governance at the Brookings Institution and a former attorney in the Office of General Counsel of the National Security Agency; she also is managing editor of the LawFare Blog, which focuses on national security issues
Several years ago, Joseph Bonneau, a Stanford post-doctoral researcher and a technology fellow with the Electronic Frontier Foundation, obtained samples of password frequency from Yahoo. He was able to publish some aggregate statistics, but Yahoo wouldn't let him publicly share the raw data because of potential privacy concerns.
"Here was this data that was incredibly useful to people like me, but we couldn't get access to it," Blocki said.
So Blocki, Datta and Bonneau created a new algorithm to add just enough distortion to the frequency lists to make them useless to hackers, but still enable researchers to see the high-level patterns they seek in the data.
Their algorithm is based on a powerful differentially private tool called the exponential mechanism, which introduces minimal distortion but is not computationally efficient in general. By exploiting the inherent mathematical structure of a password frequency list, the researchers were able to develop a computationally efficient version of the exponential mechanism tailored to the lists.
"With our new approach, we can provide precise guarantees about privacy," Bonneau said. "I hope this convinces more organizations to share data publicly about passwords and potentially other data that might be useful for security."