EFF in the News
Making these distinctions between the people who really intended harm—the people who, in legal language, issued threats that they should have reasonably foreseen would be interpreted as “serious expressions of intent to inflict bodily harm upon that person”—and the people who were merely venting political frustrations or indulging in some hyperbolic anger is a very murky area of law, particularly when it comes to online threats. “It is harder to separate the wheat from the chaff online,” said Fakhoury, the Electronic Frontier Foundation lawyer, of distinguishing “true threats” from speech that is protected by the First Amendment. “Part of that is the speed with which people can communicate online, part of it is that people are somewhat removed from what they say online, part of it is the breadth of the audience that exists online,” he explained.
One way to aid data deletion is encryption, said Jacob Hoffman-Andrews, senior staff technologist at the Electronic Frontier Foundation. If a user’s data is encrypted with a single key, destroying the key associated with an account is easier than finding and wiping each place the customer's data exists. That way, the information remains encrypted, but the key to decrypt the information is gone. The key will similarly need to be deleted and overwritten for it to be erased.
The Ashley Madison breach is "also a good case of, ‘Don't retain more data than you need,' " Hoffman-Andrews wrote in an e-mail. He recommends that all companies that store personal data audit their systems often to make sure everything they think they are deleting is actually being erased.
When it comes to data deletion, Ashley Madison may not be as bad as many other so-called dating sites, according to the EFF. In its 2012 ranking of dating sites based on their security and privacy practices, Ashley Madison was among the 3 out of 8 sites ranked that earned high marks for data deletion practices.
“You would give your credentials to this website, then it would give you an error, then they use your credentials to take your money,” said Noah Swartz of the Electronic Frontier Foundation.
Finding the threats is the easy part, though. “It’s a lot easier to figure out the context of speech in the physical world than in the online world,” said Hanni Fakhoury, a senior staff attorney at the Electronic Frontier Foundation. “You need that context in order to see what that speech really means.”
Rainey Reitman, the activism director of the Electronic Frontier Foundation, criticized MasterCard and Visa for removing support for Backpage, writing earlier this month, “We don’t need Visa and MasterCard to play nanny for online speech. Payment processors and banks shouldn’t be in the position of deciding what type of online content is criminal or enforcing morality for the rest of society.”
Instead of coming up with a new draft, the Electronic Frontier Foundation's Nate Cardozo says he wants the US to reopen the initial discussions that led to the software restrictions with the Wassenaar negotiators. That way, says the EFF staff attorney, the agreement could focus on actual spyware and surveillance products instead of the components that make or control those technologies.
"What are they actually trying to control? Are they trying to control [the notorious spyware] FinFisher?" asks Mr. Cardozo, who recently filed a lawsuit against Ethiopia over its use of FinFisher, a maker of surveillance technology. "Why don’t they go after export of that kind of software directly?"
Nate Cardozo, staff attorney at the Electronic Frontier Foundation, told The Register that the storm over the proposed changes highlighted the need for a full rethink when the member states who sign up to Wassenaar meet to discuss the changes in December.
"I don’t think anyone thinks this was a well drafted proposed rule, not even BIS at this point," he said. "The BIS has heard the industry loud and clear and will revise the proposed rules."
Jennifer Lynch, an attorney at the Electronic Frontier Foundation, a prominent digital civil liberties group, said New Castle County's system could eventually grow beyond its emergency-only mandate.
"A lot of local law enforcement agencies are saying, 'trust us,' and I don't think that's an appropriate check [on their power]," Lynch said. "It often becomes a situation where the cameras are always on."
“We’re usually talking in terms of many months, if not years, before responses are received,” says David Sobel, an attorney who represents Poitras pro-bono, on behalf of the digital civil liberties group the Electronic Frontier Foundation. “Certainly, for purposes of journalism where the timeliness is critical, these systemic delays in responding to requests have really hampered the ability of journalists to use FOIA as a tool.”
“Biometrics are … a series of numbers of ones and zeros that represent different measurements on your face and different ways that your face might look,” said Jennifer Lynch, a senior staff attorney with the non-profit civil liberties group, Electronic Frontier Foundation.