EFF in the News
We shouldn’t debate whether drones are either good or bad. Instead, with sensible regulations the conveniences of drones will not have to come at the cost of personal safety or privacy. Making sure drones land on the right side of that balance is not up to the technology, but us humans.
Hanni Fakhoury is a senior staff attorney with the Electronic Frontier Foundation in San Francisco, California, which works to protect civil liberties, privacy, consumer interests and innovation in new technologies.
"A basic privacy principle is that you don't retain data any longer than you have to," said Lee Tien, a senior staff attorney with the Electronic Frontier Foundation.
"Even 10 years feels long to me," Tien said.
“It’s kind of a fraught conversation, no question,” says Jillian York, the director for international freedom of expression for the Electronic Frontier Foundation. “It’s one thing if a block list is public, so it’s transparent, but there are private block lists as well and that’s a little disturbing. I’ve already seen a couple of journalists using them to block people who aren’t even really harassing.”
Privacy advocates say those secret deliberations have created a black box that keeps the public from seeing both why the government makes key surveillance decisions and how it justifies them. But the new law passed by Congress last week may shed some new light on these matters. "The larger step that the USA Freedom Act accomplishes is that it is bringing those things out to the public," says Mark Jaycox, a legislative analyst at the Electronic Frontier Foundation, a digital privacy advocacy group. The new law mandates that FISA court rulings that create "novel and significant" changes to surveillance law be declassified—and it is up to the judges to determine if the cases reach that threshold—though only after review by the attorney general and the director of national intelligence. While FISA court rulings have been leaked and occasionally declassified, the new law marks the first time Congress has attempted to make the court's decisions available to the public.
The DEA and other federal agencies are required by federal law to obtain approval from a senior Justice Department official before even seeking a warrant for electronic surveillance from a federal judge. No such law exists when the warrant is sought from a local judge. As Hanni Fakhoury, an attorney for the Electronic Frontier Foundation (EFF), explains, "That law exists to make sure that wiretap authority is not abused, that it's only used when totally appropriate. That's a burden. And if there's a way to get around that burden, the agents are going to try to get around it."
The Commerce Department's Bureau of Industry and Security guidelines are "tremendously overbroad, and appear to prohibit the sharing of vulnerability research without a license," says Electronic Frontier Foundation Executive Director Cindy Cohn. "This is incredibly dangerous; the same tools that are used to attack systems are also the ones we need to help discover flaws and attacks. BIS says it doesn't want to hurt vulnerability research, but its rules go much further than Wassenaar requires and further than other countries go. The result could be a complete backfire, making technologies we all rely upon less secure." (This week, BIS said its proposal was intended to curb the export of tools to control or develop what it deems intrusion software, but the technical clarification appears to have done little to assuage experts' concerns.)
As Hanni Fakhoury of the Electronic Frontier Foundation put it, “Don’t even think about deleting anything that may be harmful to you, because we may come after you at some point in the future for some unforeseen reason and we want to be able to have access to that data. And if we don’t have access to that data, we’re going to slap an obstruction charge that has a 20-year maximum on you.”
Dave Maass, an investigative researcher with a San Francisco-based electronic privacy group, the Electronic Frontier Foundation, noted that automatic license plate readers can reveal a wealth of information about a person’s daily routine and interests based on where they drive.
“It only takes a few data points to know where you work and where you live,” Maass said. “It can reveal a lot about your political affiliations. If police want to know where a reporter’s going, all they need is their license plate.”
What can be done about it: If you ask any privacy advocate for a list of their greatest fears, any change to Section 230 will likely be on it. Making platforms at all liable for content that users post is seen by many activists as a slippery slope that ends in the destruction of public discourse as we know it. "If you introduce liability, these companies don't have a particularly compelling reason to let everybody talk," says Danny O'Brien, the international director of the Electronic Frontier Foundation. "What would happen is that you would see conversations, arguments about issues like Israel and Palestine being pushed off networks."
A patent lawyer who sued the Electronic Frontier Foundation for defamation for writing about his invention in a "Stupid Patent of the Month" blog post has dropped the lawsuit.
"There was no settlement or agreement," EFF general counsel Kurt Opsahl told Ars in an e-mail. "It was a voluntary dismissal of a meritless lawsuit by Scott Horstemeyer."
The lawsuit, which was served on Monday and dropped on Thursday, named both the EFF and EFF lawyer Daniel Nazer, who authored the April blog post, as defendants.