EFF in the News
Jennifer Lynch, a senior staff attorney with the Electronic Frontier Foundation who specializes in privacy issues, was surprised at the extent of the LA Sheriff’s Department’s use of facial recognition technology, particularly the mobile devices that deputies employ in the field.
To the San Francisco-based organization, the advent of mobile facial recognition presents the possibility for police to stop people merely to check their identification and document their biometric information for future reference.
“It pushes the line of what’s legal, whether it’s permissible to go up to someone and say, ‘I want to take your picture.’ That’s a different issue, a different standard of suspicion than a mug shot photo collected on booking, where there’s presumably probable cause for the arrest,” Lynch said.
“Face recognition data can be collected without a person’s knowledge,” said Jennifer Lynch, an attorney for the Electronic Frontier Foundation, a San Francisco-based privacy rights group. “It’s very rare for a fingerprint to be collected without your knowledge.”
Last week, a U.S. District Court ruled that it should be able to get a compulsory license to legally stream local broadcasts. The ruling is under appeal, but should it be upheld it means that local TV stations can be streamed by any number of services, including Netflix, Amazon and Hulu, said Mitch Stoltz, senior staff attorney at the Electronic Frontier Foundation. "It will destroy ... existing cable and satellite systems’ comfortable position as the only ones who can transmit broadcast TV for a fee," he said.
Activist Katitza Rodriguez of the Electronic Frontier Foundation said she had not seen "any legal provision anywhere that stripped geolocation data of constitutional communications privacy protections as explicitly" as the Peruvian decree.
It follows a global pattern of governments seeking to fast-track surveillance legislation without public debate, said Rodriguez, the foundation's international rights director.
“Just because governments around the world engage in spying doesn’t make it legal,” said Nate Cardozo, a staff attorney with the San Francisco-based Electronic Frontier Foundation, which is representing Kidane. “And when spies get caught, there are consequences.”
Instead of tossing their project in the digital trash bin at Facebook's request, Gross and Croom, who have since taken jobs at Google and Twitter respectively, turned to the Electronic Frontier Foundation. EFF lawyer Daniel Nazer responded (PDF) to Facebook on Friday, telling the company that Gross and Croom are now his clients, and they have no intention of taking the site down.
In a blog post explaining the decision to help the undergraduate project, Nazer writes that it isn't clear if the Facebook letter is simply an example of "mindless over-enforcement" or an attempt to intentionally censor a critic. "Either way, this kind of demand undermines online expression," Nazer says.
For Jeremy Gillula of the Electronic Frontier Foundation, the bill is a "well-intentioned" effort to prevent "nuisance by drone." Although the bill doesn't forbid your neighbor from spying on you, Gillula said, it does prohibit your neighbor — or anyone else with a drone — from disturbing your peace.
Making these distinctions between the people who really intended harm—the people who, in legal language, issued threats that they should have reasonably foreseen would be interpreted as “serious expressions of intent to inflict bodily harm upon that person”—and the people who were merely venting political frustrations or indulging in some hyperbolic anger is a very murky area of law, particularly when it comes to online threats. “It is harder to separate the wheat from the chaff online,” said Fakhoury, the Electronic Frontier Foundation lawyer, of distinguishing “true threats” from speech that is protected by the First Amendment. “Part of that is the speed with which people can communicate online, part of it is that people are somewhat removed from what they say online, part of it is the breadth of the audience that exists online,” he explained.
One way to aid data deletion is encryption, said Jacob Hoffman-Andrews, senior staff technologist at the Electronic Frontier Foundation. If a user’s data is encrypted with a single key, destroying the key associated with an account is easier than finding and wiping each place the customer's data exists. That way, the information remains encrypted, but the key to decrypt the information is gone. The key will similarly need to be deleted and overwritten for it to be erased.
The Ashley Madison breach is "also a good case of, ‘Don't retain more data than you need,' " Hoffman-Andrews wrote in an e-mail. He recommends that all companies that store personal data audit their systems often to make sure everything they think they are deleting is actually being erased.
When it comes to data deletion, Ashley Madison may not be as bad as many other so-called dating sites, according to the EFF. In its 2012 ranking of dating sites based on their security and privacy practices, Ashley Madison was among the 3 out of 8 sites ranked that earned high marks for data deletion practices.
“You would give your credentials to this website, then it would give you an error, then they use your credentials to take your money,” said Noah Swartz of the Electronic Frontier Foundation.