EFF in the News
One big red flag to watch out for in situations like this is to compare a downloaded app’s list of permissions to the list of permissions required by the authorized version, advises Noah Swartz of the Electronic Frontier Foundation.
“The way that you can tell if it’s malware is if it requests more permissions than the app says it does,” he explained to Consumerist. “So you can go check in the Play Store and see what permissions Pokémon Go app would normally request, and then you can see what the app on your phone requests.”
In the case of the recent fake Pokémon Go app that was being circulated, for example, the permissions it was requesting should’ve made it somewhat easy to spot: while the real version of the app only wants location data and the ability to say things to your phone, the malware version wanted access to users’ contacts, a full data connection — basically, “it wanted all of these things that the normal one didn’t,” Swartz notes.
But Aaron Mackey, a legal fellow at the Electronic Frontier Foundation, a U.S. group promoting civil rights in the digital world, said he believed the lawsuit would fail.
He said the plaintiffs would have to prove that Facebook was "actively participating" in terrorist attacks. He also said the Communications Decency Act provides a "broad shield" of protection for online platforms like Facebook.
"What they are really asking for is for Facebook to not provide service to certain individuals or to certain parts of the world because they're afraid of the speech that might result," he said. Any attempt to impose broad filters on expression would "sweep up a whole lot of legitimate speech" as well, he said.
Aaron Mackey, a legal fellow at the Electronic Frontier Foundation says such lawsuits that blame websites for the actions of their users threaten to curtail access to platforms in Middle Eastern countries where users rely on social media to bypass censorship. New social media rules that are too strict in filtering terms related to hate speech, Mackey says, could also strike down “robust political debate” about the topics like the Middle East even if the content does not seek to incite violence.
“That would be a net loss for journalists, bloggers, academics and normal Americans chatting online,” he says. “It would also disempower people in countries who rely on social media for news and debate.”
That approach has drawn criticism. Mixing “secret” and regular messages is not secure by definition, said Nate Cardozo, a staff attorney at the Electronic Frontier Foundation. “It’s too easy to mess up. It’s too easy to send a message believing that it’s secure, but accidentally send it in the insecure mode.”
Shahid Buttar, director of grassroots advocacy for the San Francisco-based digital rights group Electronic Frontier Foundation, said while his organization advocates for public viewing of body camera footage, the issue becomes tricky when it comes to these sensitive police interactions.
"This is one of the problems with police body cameras," he said. "These are private conversations."
"Police officers are already using mobile tools to collect other biometrics like fingerprints and face recognition when they detain people on the street, and there have been cases where officers have collected DNA on the street as well — even from kids they have detained," said Jennifer Lynch, senior staff attorney at the Electronic Frontier Foundation.
The whole thing is financed by advertising. Each kiosk's twin 55-inch displays will carry targeted ads based on an audience profile algorithmically derived from the information the kiosks collect from their users. But as the old internet saw goes: If you're not paying for the product, you are the product. And that should give New Yorkers pause, says Lee Tien, a lawyer with the Electronic Frontier Foundation.
"If CityBridge is using a business model that is not charging, and they are spending a bunch of money putting these things in, they are going to be monetizing the data hard," Tien says. "That means that they are always thinking about how to collect your data and how to profit off of it."
Lee Tien, senior staff attorney at the Electronic Frontier Foundation, was on the technical advisory committee that led to the pay-by-mile pilot program. His victory was ensuring volunteers could "pay" without being tracked.
"You can do odometer readings," he says. "We wouldn't object to that. There are ways you can design the system to collect money from people without invading privacy."
Asked if there is a way that the state could do GPS tracking with the promise that data would otherwise be kept private, Tien responds: "The problem is if an entity would do that and make that promise, the FBI and courts could also order them to preserve that data or hand it over as soon as they get it. Giving it to the government and trusting them doesn't work."
Some legal experts in the complex area of internet law agreed that Airbnb and other platforms are viewed as intermediaries, not the creators of the content, and they have protections under this law. David Greene, a senior staff attorney and civil liberties director at the Electronic Frontier Foundation, which calls the CDA the most important law created to protect internet speech, said Airbnb has a good argument here.
“The San Francisco law is going to require that if anyone has a post on Airbnb, they include their license number, to the extent that Airbnb is being held liable because of some defect in the content,” he said.
"Putting the onus on the companies to act as censors is wrong; corporations do not have users' best interests or right to free expression at heart, and lack the expertise to make good decisions about who is or isn't a terrorist," Jillian York, director for international freedom of expression at the Electronic Frontier Foundation, said in an email to The Verge. "This becomes particularly problematic at Facebook's size; Facebook has more users than any country in the world has citizens."