EFF in the News
Privacy advocates say those secret deliberations have created a black box that keeps the public from seeing both why the government makes key surveillance decisions and how it justifies them. But the new law passed by Congress last week may shed some new light on these matters. "The larger step that the USA Freedom Act accomplishes is that it is bringing those things out to the public," says Mark Jaycox, a legislative analyst at the Electronic Frontier Foundation, a digital privacy advocacy group. The new law mandates that FISA court rulings that create "novel and significant" changes to surveillance law be declassified—and it is up to the judges to determine if the cases reach that threshold—though only after review by the attorney general and the director of national intelligence. While FISA court rulings have been leaked and occasionally declassified, the new law marks the first time Congress has attempted to make the court's decisions available to the public.
The DEA and other federal agencies are required by federal law to obtain approval from a senior Justice Department official before even seeking a warrant for electronic surveillance from a federal judge. No such law exists when the warrant is sought from a local judge. As Hanni Fakhoury, an attorney for the Electronic Frontier Foundation (EFF), explains, "That law exists to make sure that wiretap authority is not abused, that it's only used when totally appropriate. That's a burden. And if there's a way to get around that burden, the agents are going to try to get around it."
The Commerce Department's Bureau of Industry and Security guidelines are "tremendously overbroad, and appear to prohibit the sharing of vulnerability research without a license," says Electronic Frontier Foundation Executive Director Cindy Cohn. "This is incredibly dangerous; the same tools that are used to attack systems are also the ones we need to help discover flaws and attacks. BIS says it doesn't want to hurt vulnerability research, but its rules go much further than Wassenaar requires and further than other countries go. The result could be a complete backfire, making technologies we all rely upon less secure." (This week, BIS said its proposal was intended to curb the export of tools to control or develop what it deems intrusion software, but the technical clarification appears to have done little to assuage experts' concerns.)
As Hanni Fakhoury of the Electronic Frontier Foundation put it, “Don’t even think about deleting anything that may be harmful to you, because we may come after you at some point in the future for some unforeseen reason and we want to be able to have access to that data. And if we don’t have access to that data, we’re going to slap an obstruction charge that has a 20-year maximum on you.”
Dave Maass, an investigative researcher with a San Francisco-based electronic privacy group, the Electronic Frontier Foundation, noted that automatic license plate readers can reveal a wealth of information about a person’s daily routine and interests based on where they drive.
“It only takes a few data points to know where you work and where you live,” Maass said. “It can reveal a lot about your political affiliations. If police want to know where a reporter’s going, all they need is their license plate.”
What can be done about it: If you ask any privacy advocate for a list of their greatest fears, any change to Section 230 will likely be on it. Making platforms at all liable for content that users post is seen by many activists as a slippery slope that ends in the destruction of public discourse as we know it. "If you introduce liability, these companies don't have a particularly compelling reason to let everybody talk," says Danny O'Brien, the international director of the Electronic Frontier Foundation. "What would happen is that you would see conversations, arguments about issues like Israel and Palestine being pushed off networks."
A patent lawyer who sued the Electronic Frontier Foundation for defamation for writing about his invention in a "Stupid Patent of the Month" blog post has dropped the lawsuit.
"There was no settlement or agreement," EFF general counsel Kurt Opsahl told Ars in an e-mail. "It was a voluntary dismissal of a meritless lawsuit by Scott Horstemeyer."
The lawsuit, which was served on Monday and dropped on Thursday, named both the EFF and EFF lawyer Daniel Nazer, who authored the April blog post, as defendants.
Facebook’s change in policy, which took place at some point in the spring, came after the Electronic Frontier Foundation (EFF) called attention to a process that allowed prisons to remove accounts simply by submitting a notice. As a result, profiles—and any photos or comments they contained—simply vanished at the whim of prison officials.
The EFF, which has a full account of the changes, commended Facebook for the new procedures, but said the company should start including deleted prisoner accounts in its semi-annual Transparency Report, a document that reports on government censorship.
Others were equally baffled. Hanni Fakhoury, a former public defender and current lawyer with the Electronic Frontier Foundation, wasn't worried about the lack of usage records necessarily.
"An important tool for preventing use of the technology is to be clear with officers about what they can and can’t do," he told Ars. "It does both the officers and the public a disservice when decisions governing the use of the device are left to the whims of the officers in the field."
Jewel filed the case seven years ago, claiming the government acquires AT&T customers' email and other data using spy devices attached to the company's network. Digital watchdog group Electronic Frontier Foundation (EFF) represents Jewel in the action.