EFF in the News
“These heinous attacks must not be used to justify further erosion of our security, civil liberties or privacy,” said Cindy Cohn, executive director of the Electronic Frontier Foundation. “At this point, there is no confirmation that end-to-end encryption was used by the attackers, much less that the use of that encryption is what led the world’s intelligence services to fail to detect the plot before the tragedy.”
Privacy advocacy group the Electronic Frontier Foundation, or EFF, reacted with concern to the developments.
“We were shocked and saddened to learn of the attacks in Paris and Beirut. But these heinous attacks must not be used to justify further erosion of our security, civil liberties or privacy,” EFF Executive Director Cindy Cohn told Defense One in an email. “At this point there is no confirmation that end-to-end encryption was used by the attackers, much less that the use of that encryption is what led the world’s intelligence services to fail to detect the plot before the tragedy. What we do know is that strong encryption is crucial to allow political organizers, government officials, and ordinary people around the world to protect their security, privacy and safety from criminals and terrorists alike. Any ‘backdoor’ into our communications will inevitably (and perhaps primarily) be used for illegal and repressive purposes rather than lawful ones.”
It's become far more common since Edward Snowden revealed the government was siphoning data from American tech companies. "In the U.S. we are not fans of the government looking over everyone's shoulder all the time and essentially that's what encryption prevents," Electronic Frontier Foundation spokesperson Jeremy Gillula said.
But for years, the intelligence community has argued for a back door, a way for the NSA to get in and flush the bad guys out. "It's got to stop and we have to have the mechanism to fight back," Feinstein said.
Tech companies have begun siding with privacy advocates. "A back door doesn't know who's accessing it. If you put a master key in there, you know for sure that is going to be the target of every hacker on the planet," Gillula said.
U.S. officials exploit Paris attack to vilify whistleblowers, the plight of the transgender community in the nation's capital and how consumers are letting companies spy on them. Alyona cuts through the spin in the Free Speech Zone.
Guest: Amul Kalia, Intake Coordinator, Electronic Frontier Foundation
“There’s no way of preventing a terrorist from installing a Russian [encryption] app or a Brasilian app,” notes Nate Cardozo, staff attorney for the Electronic Frontier Foundation. “The US or UK government could mandate [backdoors], but Open Whisper Systems is not going to put in a backdoor in their product period and neither is PGP. So as soon as a terrorist is sophisticated enough to know how to install that, any backdoor is going to be defeated.”
Nate Cardozo, a lawyer on the civil liberties team at the Electronic Frontier Foundation, went even further, suggesting that the back-door push by the intelligence and law enforcement community is less about terrorism and more about collecting as much information as possible. He accused the CIA's Brennan of political opportunism — using the Paris tragedy to push for an existing agenda.
"We are in a golden age of surveillance. Right now it is easier for the CIA, the NSA, the FBI to surveil anyone, anytime, anywhere than it ever has been, even despite encryption," Cardozo tells All Tech.
"If we learned anything from the Snowden revelations, it's that the NSA and intelligence agencies around the world, including in France, are not suffering from the lack of information, rather they're suffering from the exact opposite. They have so much data that they're collecting, they have trouble filtering the signal from the noise."
As with any other stored personal data controlled by a private company, Hello Barbie is also vulnerable to subpoenas and hacking.
According to Lee Tien, a senior staff attorney at the Electronic Frontier Foundation, a company like ToyTalk is likely considered a “remote computing service” (RCS) under the law—meaning that unlike a phone company or an email host, you probably don’t need a court order to subpoena its data.
“Unfortunately, the RCS protections aren’t so great,” Tien told the Kernel via email. “The government can get even speech content with a mere subpoena with prior notice to the subscriber or user.”
The CMU researchers might have gone too far if they not only found a weakness in the Tor networks but then used it to identify everyone using the hidden Internet, said Jeremy Gillula, staff technologist with the Electronic Frontier Foundation, a San Francisco nonprofit that advocates for online privacy.
"We're all for security research and discovering vulnerabilities like this," he said. "But there's a difference between discovering the vulnerability and then abusing it. It seems to us like they crossed an ethical line."
“The formative experiences of new internet users may have long-term influences on their behaviour online,” according to Jeremy Malcolm, Senior Global Policy Analyst at the Electronic Frontier Foundation.
“There is a risk that free access to predominantly foreign internet services will limit the interaction of new users in local online communities, will stifle
access to local innovative sites and services, and provide an unbalanced perspective of online life that may be unduly influenced by big content companies and advertisers.”
“You don’t want this to be looking like the tax code,” said Lee Tien, senior staff attorney at the Electronic Frontier Foundation, a civil liberties group. “Isn’t it better to have simple rules that employees can follow?”