EFF in the News
Chairman Lamar Smith (R-Texas) and oversight subcommittee Chairman Darin LaHood (R-Ill.) sent a letter to EPA Inspector General Arthur Elkins on Tuesday asking him to investigate “a group of approximately a dozen career EPA officials … using an encrypted messaging application, Signal, to discuss potential strategies against any attempts by newly appointed political officials to redirect the EPA’s priorities.” Not all communications between employees count as federal records. According to a National Archives Bulletin, records are only created while “conducting business” and federal employees are legally allowed to have personal accounts outside the federal records system. “At some point, you have to let employees have a personal life,” said Ernesto Falcon, legislative director for the Electronic Frontier Foundation.
It’s worth noting, though, that unlike other secure messaging apps, like standard-bearer Signal, Confide’s encryption is closed source and proprietary, meaning no one outside the company knows what’s going on under the hood of the app. “One key is always, do you make code publicly available that’s been audited where features have been inspected by the security community so that it can arrive at some consensus,” says Electronic Frontier Foundation legal fellow Aaron Mackey. “My understanding with Confide, at least right now, is that it’s not clear whether that’s occurred.”
Can agents force you to unlock your phone or laptop? No. But they can ask you to comply voluntarily and make the experience rather uncomfortable if you resist. Travelers must decide how much trouble they’re willing to put up with.Travelers who are not citizens could have further problems, especially if they’re flying into the United States. While citizens are guaranteed re-entry, foreign nationals could be denied entry, and the law isn’t clear on permanent residents, said Sophia Cope, a staff lawyer for the Electronic Frontier Foundation, a nonprofit organization that defends civil liberties in the digital age.
While you can delete your Facebook account or leave your Fitbit at home if you’re going somewhere you’d rather not be tracked, you can’t simply turn off your pacemaker. Not only does deactivating a pacemaker require a doctor, in some cases doctors actually refuse. What happens when privacy violations are committed by devices inside of us, devices that we can’t just turn off via settings? “EFF is concerned that as technology advances, the erosion of individual privacy in personally identifiable health information increases,” Stephanie Lacambra, the Electronic Frontier Foundation’s criminal defense attorney, said.
Privacy issues are moving under our skin—now the devices that keep us alive and healthy can also be used against us in the court of law. What happens when privacy violations are committed by devices inside of us, devices that we can’t just turn off via settings? “EFF is concerned that as technology advances, the erosion of individual privacy in personally identifiable health information increases,” Stephanie Lacambra, the Electronic Frontier Foundation’s criminal defense attorney.
Donald Trump may be the best thing that could happen to Snap’s upcoming initial public offering. It’s not just that Snap’s Snapchat app stands to gain millions of users as people flee the noxious political cloud that has enveloped Facebook like pollution on a red-alert day in Beijing. There’s an even more significant way the new president will help the company: He is stoking fears about privacy and an Orwellian surveillance state, and Snap is one of the few social media companies that doesn’t base its business model on knowing everything it can about you. The new NSA policies “are widening the aperture for abuse to happen, just as abuses are becoming more likely,” says Nate Cardozo, an attorney with the Electronic Frontier Foundation.
GOP aside, the White House is required to conduct all business correspondence over White House email for preservation purposes. However, since the contents of those encrypted messages cannot be revealed, it’s unclear whether anyone’s breaking the law. Aaron Mackey, a legal fellow at the Electronic Frontier Foundation, said compliance with the PRA depends on what staff members are talking about. While the privacy-focused organization advocates for encryption, Mackey said when statutes set rules for archiving communications, they have to be followed for transparency and record-keeping. "It’s unclear to me whether these individuals – assuming the report is right – they’re using a particular messaging app – are discussing personal matters or if they’re discussing government business, creating documents and records that should be preserved."
When you buy something you naturally think that -- you know-- you own it. But when it comes to products that contain software you don’t. That odd and fundamentally unfair state of affairs is why two members of Congress – a Democrat and a Republican – have teamed to reform a key provision of copyright law and give consumers the right to actually own stuff they’ve paid for. “The point is to make sure that people’s rights stay intact in the digital space,” says Ernesto Falcon, legislative counsel to the Electronic Frontier Foundation, which is supporting the Your Own Device Act.
As with any tool designed for military and civilian uses, there are dangers of these hacking programs falling into the wrong hands. To be sure, the misuse of government-grade exploits unnerves many civil liberties groups. “Governments shouldn’t be able to use them to crack down on free speech or dissidents,” says Andrew Crocker, staff attorney for the Electronic Frontier Foundation (EFF), which is suing the Ethiopian government on behalf of a blogger, now residing in Maryland, who alleges his Skype communications were tapped through malware made by German surveillance-tech company Gamma Group.
Speaking at a conference in Atlanta on Feb. 2, Ohlhausen drew a distinction between a "notice-and-choice approach" to privacy protection and a "harms-based approach," an approach one privacy advocate called "outrageous." The difference? The "notice-and-choice" approach, generally favored by the Obama FTC, basically gives consumers the choice to "opt out" of sharing certain types of information. The "harms-based" approach, on the other hand, seeks to protect consumers only from privacy breaches that are harmful. Sophia Cope, staff attorney for the Electronic Frontier Foundation, calls the harm-based approach outrageous and says it is "exactly what companies have been hoping for.""It removes consumer choice and control over their privacy," Cope said.