EFF in the News
The World Wide Web Consortium has formally put forward highly controversial digital rights management as a new web standard. Dubbed Encrypted Media Extensions (EME), this anti-piracy mechanism was crafted by engineers from Google, Microsoft, and Netflix, and has been in development for some time. The DRM is supposed to thwart copyright infringement by stopping people from ripping video and other content from encrypted high-quality streams. But EME still faces considerable opposition. One of its most persistent vocal opponents, Cory Doctorow of the Electronic Frontier Foundation, argues that EME "would give corporations the new right to sue people who engaged in legal activity."
FBI spokesperson Kimberly Del Greco said, “The only information the FBI has and have collected in our database are criminal mugshot photos,” Del Greco stated, when asked by committee chairman Rep. Jason Chaffetz (R-UT) whether the FBI was collecting or storing photos of innocent people from other sources, like social media. “We do not have any other photos in our repository.” Jennifer Lynch, an attorney with the Electronic Frontier Foundation, said that Del Greco’s statement is false, noting the FBI repository does in fact include the photos of people not suspected of any crime. She referred to a section of the Georgetown report, which is based on FBI documents showing that photos of non-criminals comprise roughly 16% of the FBI’s NGI database.
EFF Senior Staff Attorney Jennifer Lynch emphasized that the Federal government needs to implement certain regulations to safeguard privacy issues regarding law enforcement’s use of facial recognition technology. “Face recognition and its accompanying privacy and civil liberties concerns are not going away,” Lynch said in her testimony.
You are what you browse. And chances are, advertisers know more than you realize about your digital hygiene. "Sometimes advertisers have your identity, but they really don't need to know who you are in order to precision target you with advertising," said the Electronic Frontier Foundation's (EFF) William Budington. "Chances are your digital fingerprint is distinct."
The US Third Circuit Court of Appeals today upheld a lower court ruling of contempt against an ex-cop who claimed he couldn't remember the password to decrypt his computer's hard drives. In so doing, the appeals court in Philadelphia avoided addressing a lower court's rejection of the defendant's argument that being forced to reveal his password violated his Fifth Amendment protection against self-incrimination. In a phone interview with The Register, Mark Rumold, senior staff attorney at the Electronic Frontier Foundation – which filed an amicus brief in this case arguing against compelled password production – said the ruling was disappointing but not entirely surprising and noted that the EFF's position is that individuals should not be compelled to provide passwords. "Any time suspects are forced to disclose the contents of their mind, that's enough to trigger the Fifth Amendment, end of story," said Rumold.
A U.S. appeals court on Monday rejected a fired police sergeant's stance that he has a Fifth Amendment right not to turn over computer passwords in a child porn investigation. A lawyer with the Electronic Frontier Foundation, who argued the case last year, disagreed. "You're being compelled to provide the contents of your mind. That is squarely prohibited by the Fifth Amendment," Senior Staff Attorney Mark Rumold said. "Law enforcement is asking (him) to produce evidence that they don't have to aid in his conviction."
Another option is to leave all of your devices behind and carry a travel-only phone free of most personal information. However, even this approach carries risks. “We also flag the reality that if you go to extreme measures to protect your data at the border, that itself may raise suspicion with border agents,” according to Sophia Cope, a staff attorney at the Electronic Frontier Foundation. “It’s so hard to tell what a single border agent is going to do.”
According to the purported CIA documents, spies have found ways to exploit holes in phone and computer software to grab messages when they haven't been encrypted yet. Although Apple, Google and Microsoft say they have fixed many of the vulnerabilities alluded to in the CIA documents, it's not known how many holes remain open. Cohn said people should still use encryption, even with these bypass techniques. "It's better than nothing," she said. "The answer to the fact that your front door might be cracked open isn't to open all your windows and walk around naked, too."
Wikileaks has offered to help the likes of Google and Apple identify the software holes used by purported CIA hacking tools -- and that puts the tech industry in something of a bind.
While companies have both a responsibility and financial incentive to fix problems in their software, accepting help from WikiLeaks raises legal and ethical questions. And it's not even clear at this point exactly what kind of assistance WikiLeaks can offer. If all goes well, WikiLeaks could emerge looking better than some parts of the U.S. government. "I am not a fan of WikiLeaks, but I don't think it is fair to throw rocks at everything they do," said Cindy Cohn, executive director of the Electronic Frontier Foundation, a group specializing in online privacy and other digital rights. "What WikiLeaks is demonstrating is that the CIA does not have the best interests of these companies at heart."
Several tech giants have said they are examining a trove of documents leaked earlier this week that purport to show the CIA's ability to hack into phones, computers, and smart TVs. Cindy Cohn, director of the Electronic Frontier Foundation, said the CIA had "failed to accurately assess the risk of not disclosing vulnerabilities." "Even spy agencies like the CIA have a responsibility to protect the security and privacy of Americans," she said.