Aggregated News

Is This Justice? Charging an Eighth Grader with a Felony for “Hacking” - Sat, 18/04/2015 - 04:24

A 14-year-old eighth grader in Florida, Domanik Green, has been charged with a felony for “hacking” his teacher’s computer. The “hacking” in this instance was using a widely known password to change the desktop background of his teacher’s computer with an image of two men kissing. The outrage of being charged with a felony for what essentially amounts to a misguided prank should be familiar to those who follow how computer crimes are handled by our justice system.

Usually, when it comes to bad laws related to computer hacking, or unauthorized access, the focus is the federal Computer Fraud and Abuse Act (CFAA). However, this instance highlights that many states have their own version of the federal statute, with their own overbroad and insensible language, including Florida.

In fact, the Florida statute is even harsher than the CFAA. A lowest level offense under CFAA (1030(c)(2)(A)) is a misdemeanor, but in Florida, the lowest level offense (815.06(2)(A)) is a felony. Furthermore, the Florida statute also neglects to define what “authorized” or “unauthorized” means, and under these facts a reasonable person may think they are authorized if the passwords had been widely used by students.

In explaining why felony charges were brought against the teenager, Pasco County Sheriff Chris Nocco stated:

Even though some might say this is just a teenage prank, who knows what this teenager might have done...

The teacher’s computer reportedly had sensitive encrypted information related to the Florida Comprehensive Assessment Test (FCAT). However, the school and the sheriff have admitted that they found no evidence that the student tampered with or even intended to tamper with those files. Additionally, it has been reported that the school had terrible operational security where weak passwords, teachers entering passwords in front of students, and students regularly using teacher credentials, was prevalent. This further highlights the complications of using a statute to prosecute crimes that does not clearly define what it aims to criminalize.

Undeterred, the Sheriff goes on to say:

If information comes back to us and we get evidence (that other kids have done it), they're going to face the same consequences…

The arbitrary practice of how computer crime laws are applied is not just an exclusive feature of federal prosecutorial discretion, but local law enforcement also engages in such behavior. The idea of giving prosecutors and police discretion on charging decisions is generally seen as a good thing, but the plight of Domanik Green shows otherwise. The aggressive use of discretion here could have long-lasting consequences for a 14-year old child who will deal with the consequences of a felony­­—difficult job prospects, loss of voting rights, inability to carry a firearm, etc.—for a juvenile prank.

Charging decisions and punishment should be proportional to the harm a person causes. The only thing that “making an example” out of Domanik Green accomplishes is to make an example of how out of whack our computer crime laws—and the prosecutorial discretion that accompanies it—are. We call on Pasco County to do the sensible thing and not ruin Domanik Green’s life. This is not justice.

Related Issues: Computer Fraud And Abuse Act Reform
Share this:   ||  Join EFF
Categories: Aggregated News

EFF's Podcasting Patent Win Highlights a Disturbing Trend - Sat, 18/04/2015 - 02:54

It's time to take a closer look at EFF's recent victory against bogus patents and highlight what we and others concerned about our patent system are up against. The United States Patent and Trademark Office (USPTO), acting on our request for review, last week invalidated claims from a patent Personal Audio LLC was using to assert that it invented podcasting.  At stake was the right of bloggers, podcasters, and broadcasters to air content, including popular shows like "This American Life"  and "Stuff You Should Know," online and operate their websites free of costly "settle or we’ll sue" threats from Personal Audio. The USPTO's decision works to stop the self-described "holding company" from using these patent claims to go after more companies, after previously targeting comedian and podcaster Adam Corolla, CBS, and others with patent lawsuits.

Personal Audio claimed that it invented the process of updating a website regularly with new, related content creating a series or episodes—basically podcasting—in 1996. EFF proved to the USPTO that claiming ownership over this process was preposterous—putting a series of shows online for everyone to enjoy had been around since at least 1993. Early examples include Internet pioneer Carl Malamud’s "Geek of the Week," although the USPTO relied on publications discussing the work of the Canadian Broadcasting Corporation (CBC) and CNN’s online news program.

Personal Audio’s patent is part of a disturbing trend involving claims of invention and ownership over obvious processes lacking the kind of innovation for which the patent system was created to nurture and protect. We’re seeing entities claiming they invented all types of technologies that are nothing more than a formerly paper-based task making the natural progression to the digital world.  These ''inventions'' include things like the screen that asks users ''are you sure'' before paying bills online. That patent’s claims, asserted by Joao Bock Transactions Systems, are written in vague terms describing a ''processing device'' that ''processes information regarding a banking transaction'' and ''generates a signal containing information for authorizing or disallowing the transaction.''

The Personal Audio patent we challenged described an ''apparatus for disseminating a series of episodes represented by media files via the Internet as said episodes become available.'' The company’s lawyer sought to convince the USPTO that CNN’s online news show wasn’t an example of  invalidating ''prior art''—patent lingo for the same or pretty much the same invention—because the CNN broadcasts were about different things,  such as saving whales one day and bad weather in California on the next. This, Personal Audio argued, meant that CNN didn’t show a system with episodes. Sound like a stretch? Here’s how USPTO Administrative Patent Judge Trenton Ward reacted to that reasoning at the December oral arguments hearing in our case: ''So are you saying an episode indicates a series that must be watched in a specific order?'' he asked Personal Audio attorney Michael Femal. ''You can watch them out of order if you would like to, Your Honor, but there is a given order to episodes,'' Femal said. Even a show like Twilight Zone isn’t episodic because each program tells a different story, Femal continued, to which Ward responded, ''Twilight Zone, no episodes in Twilight Zone?''

The judge may have felt he was entering the Twilight Zone as Femal then went on to argue that the earliest podcasters didn’t explain they were using servers to put their content online, and since the patent distinguishes that podcasting involves servers, that meant it invented podcasting first. CNN described its system as an internet newsroom ''accessed via the World Wide Web,'' Ward told Femal. ''It is your argument that a person of skill in the art reading that would not understand that that would require a server..?'' Ward asked. (A ''person of skill'' is patent lingo for someone familiar with the technology at issue. The concept is used to determine whether the technology is truly an invention or obvious to a skilled person.)  Femal said people would realize that a processor was involved but would have no idea ''what is behind the curtain.''

In their April 10 decision, Judge Ward and his two fellow patent judges rejected Personal Audio’s arguments that episodes must be in a given order and have the same theme and also ruled that claiming computers are used to post to the web ''would be trivial to'' a person familiar with how the Internet works. The fact that time and money is spent arguing these obvious points is part of what’s wrong with our patent system. Our fight to shield podcasting from Personal Audio’s bogus patent sword was supported by more than a thousand people who donated to our Save Podcasting campaign. The company tried to get a federal judge to force us to disclose the donors—but we successfully persuaded the judge to reject that request, and ultimately won our petition before the USPTO to invalidate the patent. The case highlights once again how badly reform is needed to fix our patent system so that true innovation is encouraged, rewarded, and protected and costly fights over whether the Internet relies on computers are a thing of the past.

Related Issues: PatentsPatent Busting ProjectPatent TrollsRelated Cases: EFF v. Personal Audio LLC
Share this:   ||  Join EFF
Categories: Aggregated News

Fast Track Bill Would Legitimize White House Secrecy and Clear the Way for Anti-User Trade Deals - Fri, 17/04/2015 - 07:51

Following months of protest, Congress has finally put forth bicameral Fast Track legislation today to rush trade agreements like the Trans-Pacific Partnership (TPP) and the Transatlantic Trade and Investment Partnership (TTIP) through Congress. Sens. Orrin Hatch and Ron Wyden, and Rep. Paul Ryan, respectively, introduced the bill titled the Bipartisan Congressional Trade Priorities and Accountability Act of 2015. With Fast Track, lawmakers will be shirking their constitutional authority over trade policy, letting the White House and the U.S. Trade Representative pass Internet rules in back room meetings with corporate industry groups. If this passes, lawmakers would only have a small window of time to conduct hearings over trade provisions and give a yea-or-nay vote on ratification of the agreement without any ability to amend it before they bind the United States to its terms.

The Fast Track bill contains some minor procedural improvements from the version of the bill introduced last year. However, these fixes will do little to nothing to address the threats of restrictive digital regulations on users rights in the TPP or TTIP. The biggest of these changes is language that would create a new position of Chief Transparency Officer that would supposedly have the authority to “consult with Congress on transparency policy, coordinate transparency in trade negotiations, engage and assist the public, and advise the United States Trade Representative on transparency policy.”

However, given the strict rules of confidentiality of existing, almost completed trade deals and those outlined in the Fast Track bill itself, we have no reason to believe that this officer would have much power to do anything meaningful to improve trade transparency, such as releasing the text of the agreement to the public prior to the completion of negotiations. As it stands, the text only has to be released to the public 60 days before it is signed, at which time the text is already locked down from any further amendments.

There is also a new "consultation and compliance" procedure, about which Public Citizen writes [pdf]:

The bill’s only new feature in this respect is a new “consultation and compliance” procedure that would only be usable after an agreement was already signed and entered into, at which point changes to the pact could be made only if all other negotiating parties agreed to reopen negotiations and then agreed to the changes (likely after extracting further concessions from the United States). That process would require approval by 60 Senators to take a pact off of Fast Track consideration, even though a simple majority “no” vote in the Senate would have the same effect on an agreement.

Thus, essentially the Fast Track bill does the same as it ever did—tying the hands of Congress so that it is unable to give meaningful input into the agreement during its drafting, or to thoroughly review the agreement once it is completed.

A main feature of the bill is its negotiation objectives, which set the parameters within which the President is authorized to negotiate the agreement. If Congress considers that the text ultimately deviates from these objectives, it can vote the agreement down. Some of these negotiation objectives have been added or changed since the previous Fast Track bill, but none of these provide any comfort to us on the troubling issues from the Intellectual Property, E-Commerce, and Investment chapters of the TPP. Indeed, some of the new text raise concerns. For example:

  • Governments are to “refrain from implementing trade-related measures that impede digital trade in goods and services, restrict cross-border data flows, or require local storage or processing of data”. Data flows and the location of the processing of data aren't solely or even primarily trade issues; they are human rights issues that can affect privacy, free expression and more. The discussion about whether laws that require local storage and processing of certain kinds of sensitive personal data are protective of user rights, for instance, cannot take place in the secret enclaves of a trade negotiation. The bill does allow for exceptions as required to further "legitimate policy objectives", but only where these "are the least restrictive on trade" and "promote an open market environment".
  • Trade secrets collected by governments are to be protected against disclosure except in "exceptional circumstances to protect the public, or where such information is effectively protected against unfair competition". But there are other cases in which there may be an important public interest in the disclosure of such trade secrets, such as where they reveal past misdeeds, or throw transparency onto the activities of corporations executing public functions.

But more troubling than what has been included in the negotiating objectives, is what has been excluded. There is literally nothing to require balance in copyright, such as the fair use right. On the contrary; if a country's adoption of a fair use style right causes loss to a foreign investor, it could even be challenged as a breach of the agreement, under the investor-state dispute settlement (ISDS) provisions. Further, the "Intellectual Property" section of today's bill is virtually identical to the version introduced in 2002, and what minor changes there are do not change the previous text's evident antipathy for fair use. So while the new bill has added, as an objective, "to ensure that trade agreements foster innovation and promote access to medicines," an unchanged objective is "providing strong enforcement of intellectual property rights." What happens if those two objectives are in conflict? For example, in many industries, thin copyright and patent restrictions have proven to be more conducive to innovation than the thick, "strong" measures the bill requires. Some of our most innovative industries have been built on fair use and other exceptions to copyright—and that's even more obvious now than it was in 2002. The unchanged language suggests the underlying assumption of the drafters is that more IP restrictions mean more innovation and access, and that's an assumption that's plainly false.

All in all, we do not see anything in this bill that would truly remedy the secretive, undemocratic process of trade agreements. Therefore, EFF stands alongside the huge coalition public interest groups, professors, lawmakers, and individuals who are opposed to Fast Track legislation that would legitimize the White House's corporate-captured, backroom trade negotiations. The Fast Track bill will likely come to a vote by next week—and stopping it is one sure-fire way to block the passage of these secret, anti-user deals.

If you're on Twitter, help us call on influential members of Congress to come out against this bill.

Additional Resources:

Read the text of the Bipartisan Congressional Trade Priorities and Accountability Act of 2015 here.

Read about all of our concerns with the TPP agreement:

Share this:   ||  Join EFF
Categories: Aggregated News

On the Clipper Chip's Birthday, Looking Back on Decades of Key Escrow Failures - Fri, 17/04/2015 - 06:07

On this day in 1993, the Clinton White House introduced the Clipper Chip, a plan for building in hardware backdoors to communications technologies. The chip would be used in American secure voice equipment, giving law enforcement agencies the explicit ability to decrypt its traffic using a key stored by the government. The White House promised that only law enforcement with proper "legal authorization" could access that key—and thus, the contents of the communications.

Obviously, the Clipper Chip never took hold. Key escrow generally encountered massive public opposition, and the security of the Clipper Chip specifically was demonstrated to be fundamentally flawed [PDF] by security researchers like Matt Blaze. By 1996 the Clipper Chip proposal was dead; one might hope, too, that the government would give up the idea of mandating backdoors into encrypted communications. Of course, as anybody who is following the current debate over encryption, privacy, and law enforcement knows, that was not the case.

Key escrow was a bad idea in 1993. It was a bad idea when the National Security Agency began attempting to covertly insert backdoors into cryptographic standards from 2000 on. It was a bad idea when the Obama administration indicated a desire to legislate key escrow in 2010. And it's a bad idea now, coming from law enforcement agencies like the FBI and supported by the NSA, to insert new backdoors that a so-called government "golden key" can unlock. (Because time is a flat circle, it's worth noting that the phrase "Golden Key" also dates back nearly 20 years—as the name of an EFF coalition campaign against, you guessed it, key escrow.)

The FBI has complained about the impending doom of communications "going dark" for decades now. You can read FBI testimony from the 1990s that is virtually indistinguishable from the same misguided statements today. As the overwhelming majority of security experts will tell you, inserting backdoors in the security software we rely on makes us all less safe. As we articulated over 20 years ago, "key escrow" is really "key surrender," and isn't part of a coherent security strategy. And that's just one of the epic failures the come from government efforts to regulate cryptography.

It does a disservice to the public to call the current brouhaha over backdoors a "debate." In a debate, different sides present facts and arguments, and somebody can win. The FBI, the NSA, and others have retreated from that strategy. After all, the facts are in on crypto backdoors—they are not necessary, they do not work, and they make us less safe. As we look back over EFF's 25 years, and the 22 years since the Clipper Chip entered the scene, let's hope we can finally make these pointless and dangerous proposals a thing of the past.

Related Issues: Cyber Security LegislationSecurity
Share this:   ||  Join EFF
Categories: Aggregated News

EFF at 25: Remembering the Case that Established Code as Speech - Fri, 17/04/2015 - 04:49

One of EFF's first major legal victories was Bernstein v. Department of Justice, a landmark case that resulted in establishing code as speech and changed United States export regulations on encryption software, paving the way for international e-commerce. We represented Daniel J. Bernstein, a Berkeley mathematics Ph.D. student, who wished to publish an encryption algorithm he developed, the source code for a program to run the algorithm, and a mathematical paper describing and explaining the algorithm.

At the time—the early 90s—the US government designated encryption software as a "munition" to be regulated for national security purposes with intensive export restrictions, based on a litany of fear-mongering, techno-ignorant reasons. The law required Bernstein to submit his ideas, register as an arms dealer, and apply for a export license merely to publish his work online. (Infuriatingly, the State Department also warned him they would deny him a license if he actually applied, because his technology was too secure.)

So, EFF assembled a crack legal team and, in February of 1995, sued the US government on behalf of Bernstein. Not only did these regulations chill the speech of individuals like Daniel Bernstein, they hampered American business by limiting the export of encryption technologies and methods. Then, as now, EFF saw clearly the importance of protecting speech online and the necessity of encryption to building a web with privacy and security protections.

The court eventually ruled that the export control laws on encryption violated Bernstein's First Amendment rights by prohibiting his constitutionally protected speech, leading to regulatory changes that made it easier to publish encryption software online without the approval of the US government. Along the way, Judge Marilyn Hall Patel in the Northern District of California issued the crucial first ruling that found that code is speech and so is protected by the First Amendment.

This court can find no meaningful difference between computer language, particularly high-level languages as defined above, and German or French....Like music and mathematical equations, computer language is just that, language, and it communicates information either to a computer or to those who can read it...

-Judge Patel, April 15, 1996

Today it may seem obvious that communication using programming languages is protected by the First Amendment. But before this decision, no judge had formalized that principle in a ruling. Bernstein helped pave the way for the growing use of encryption that makes web browsing and activities like banking and shopping more secure, and its recognition of code as speech helped build the legal foundation for online rights being recognized alongside offline ones.

For EFFers, this case resonates beyond those important results: one of the lawyers on that crack legal team was Cindy Cohn, who became our longtime legal director and recently moved to the Executive Director position.

In honor of EFF's 25th anniversary, we're highlighting pivotal moments from the fight for digital civil liberties. EFF members have made it possible for EFF's attorneys and activists to champion digital rights in courts and beyond. Please donate to EFF to ensure we can continue to fight for the users.

Related Issues: Free SpeechExport ControlsPrivacySecurityRelated Cases: Bernstein v. US Department of Justice
Share this:   ||  Join EFF
Categories: Aggregated News

Want to Record The Cops? Know Your Rights - Fri, 17/04/2015 - 04:17

There are some very disturbing videos circulating the Internet right now, depicting the deaths of unarmed civilians at the hands of trained, armed men. Many of these videos even show individuals being shot in the back, or as they try to flee.

These are videos of police officers in America killing unarmed black men like Oscar Grant and Eric Garner. And, as the most recent case shows, without these recordings, much of America might not have any idea exactly how much of a problem this is.

Citizen videos of law enforcement encounters are more valuable than ever. And for those who are wondering—it is legal to record the police.

The police don’t always seem aware of this. There have been incidents across the country of police telling people to stop filming, and sometimes seizing their camera or smartphone, or even arresting them, when they don’t comply.

In the most recent citizen-filmed incident to gain widespread media attention, on April 4, white police officer Michael Slager shot and killed 50-year-old black man Walter Scott in the back as he ran away in North Charleston, South Carolina. Bystander Feiden Santana filmed the encounter, which started with a traffic stop. After Santana’s video surfaced, the officer was arrested and charged with murder. Santana said that he is scared of what might happen to him. He also considered deleting the video, and doing nothing with it. And Santana is not the only person who may be intimidated by the prospect of filming the police, with good reason.

That’s why, in addition to EFF Attorney Sophia Cope's legal analysis highlighting some of the recent case law establishing the right to film police officers, we’re sharing some basic information cop watchers should know.

What Courts Have Said

Courts across the country have held that there is a First Amendment right to openly record the police. Courts have also held, however, that individuals cannot interfere with police operations, and that wiretapping statutes that prohibit secretly recording may apply to recording the police. But underlying these decisions is the understanding that recording the police is constitutionally protected.

Know Your Rights and Be Safe

While it has been established that individuals have the right to record the police, what happens on the street frequently does not match the law. Also, if you’re thinking about filming the police, it’s likely you’ll have more police encounters than you otherwise would. 

The National Lawyers Guild (NLG) is a bar association that does police accountability work. The National Lawyers Guild Legal Observer program is focused on watching the police at protests. CopBlock and Cop Watch are loosely organized groups that have chapters across the country, and provide resources on filming the police everyday. 

Here are the most essential things to keep in mind:

  • Stay calm and courteous, even though the situation may be stressful. Remember—if you get arrested or get into an altercation with the police, you won’t be able to keep filming them!
  • Be sure that you are not interfering with police operations, and stand at a safe distance from any encounter you film.
  • Your right to record audio surreptitiously of police carrying out their duties in public may vary from state to state. You should check your state law to know the fullest extent of your rights, but the lowest risk way to record is to hold your device in plain view of the officers.
  • Do not lie to police officers. If they ask whether you are recording, answer honestly.
  • If the police start interacting with you, treat the encounter as you would any encounter with law enforcement—in fact, you may want to be extra careful, since as the repeated incidents of police seizing cameras and smartphones demonstrate, it may make you more of a target.
  • If you are at a demonstration, police will often issue a dispersal order—in general, they will declare a protest an unlawful assembly and tell people to leave. Unless you are granted permission to stay, that order applies to you, too. If you do not comply, you should expect to be arrested.
  • While it is not legal for an officer to order you to move because you are recording, they may still order you to move. If you do not comply you could be arrested. If you do want to comply, consider complying with the smallest movement possible, and verbally confirming that you are complying with their orders. For example, if you are standing five feet from an officer, and they say “You need to move back,” you might want to consider calmly saying “yes, officer, I am moving back” while taking a few steps back.

Below are some helpful resources and tips related to interacting with and filming the police from these groups and EFF:

  • The National Lawyers Guild (NLG) “Know Your Rights” pamphlet (available in multiple languages) provides basic information you should know for interacting with the police.
  • The NLG Legal Observer Program training manual has tips for filming the police at protests, many of which are useful for filming any encounter.
  • Cop Watch has resources and examples here.
  • EFF’s Know Your Rights guide provides information on what you need to know if the police want to search your electronic devices.

Why Focus on Citizen Recording When Departments Are Implementing Bodycams? 

As the conversation about police accountability continues to take place across the country, body cameras are often proposed as a solution, and they are getting a lot of attention in the news right now. “Bodycam” recordings have made a difference in some cases. But many transparency and accountability advocates including EFF, have expressed reasonable doubts about their efficacy.  States are trying to grapple with the many privacy issues they raise, mostly by considering exempting the footage from public records act requests. And while “bodycams” may be a contentious subject, there’s little doubt that it is citizen footage of law enforcement encounters that has really fueled the current debate about police accountability.

Keep Taping

As North Charleston Pastor Nelson Rivers said: “If not for the video, we would still be following the narrative from the officer. If not for this video, the story would be entirely different.” Scott’s family agrees. After watching the video, his brother stated: “I think that if that man never showed the video we would not be at the point that we’re at right now.” And North Charleston Councilwoman Dorothy Williams had this to say: “I'm asking all the citizens of North Charleston to continue taping.”

You don’t have to live in North Charleston to know why that’s a good idea.

Disclosure: Nadia Kayyali serves as the Vice-President for the National Lawyers Guild SF Bay Area Chapter, has served on the NLG’s national board, and has been involved with the NLG legal observer program nationally for over four years.

Share this:   ||  Join EFF
Categories: Aggregated News

Police Must Respect the Right of Citizens to Record Them - Fri, 17/04/2015 - 04:15

“I’m asking all the citizens of North Charleston to continue taping.”

That is what Councilwoman Dorothy Williams said in response to the shooting death of Walter Scott. She and others recognize that the story would have been very different without the video showing that a white police officer shot the unarmed black man several times in the back as he ran away from a traffic stop in North Charleston, South Carolina. Both NBC News and Huffington Post imagined the story absent the video.

The tragic encounter was filmed by 23-year-old bystander Feiden Santana. After Santana released his video, the officer was arrested and charged with murder. Santana decided to share the video with Scott’s family because he knew it contradicted the official police account.

This case exemplifies why an important component of police accountability is the ability of citizens to record officers carrying out their public duties. Thankfully Santana was not harassed for wielding his cell phone, but many people have been: officers have ordered people to stop recording, seized their devices, deleted the photos or video/audio recordings, and even arrested people.

The Justice Department report on the Ferguson Police Department issued last month chronicled a pattern of abusive and unconstitutional behavior by police officers when citizens tried to record them (see pages 26-28). One officer arrested a woman after she began recording her husband’s arrest by the officer. As the report explains, “The officer became irate, declaring, ‘you don’t videotape me!’”

Some federal appeals courts and the Justice Department have recognized the right of citizens to record the police, although the Supreme Court has not squarely ruled on the issue. Recent cases have specifically addressed recording the police in the age of the cell phone, which can record pictures, video and audio (with audio recording implicating wiretap laws).

In 2011, the U.S. Court of Appeals for the First Circuit issued an opinion in Glik v. Cunniffe. Simon Glik had used his cell phone to record both video and audio of Boston police officers arresting another man. The officers then arrested Glik for making the recording, but the charges were later dropped. Glik sued the officers and the City of Boston for violating his constitutional rights.

The First Circuit held that the First Amendment “unambiguously” protects the right of citizens to record the police – and government officials generally – carrying out their official duties in public. The court stated, “Ensuring the public’s right to gather information about their officials not only aids in the uncovering of abuses, but also may have a salutary effect on the functioning of government more generally.”

The details of the case are important. Relying on the fact that Glik had stood about 10 feet away from the officers, the court stated, “Such peaceful recording of an arrest in a public space that does not interfere with the police officers’ performance of their duties is not reasonably subject to limitation.”

The First Circuit also held that the Boston police violated the Fourth Amendment because they did not have probable cause to arrest Glik. Because Glik’s recording of the other man’s arrest included audio, the officers accused Glik of violating the Massachusetts wiretap statute. Massachusetts is an “all-party consent” state, meaning that all parties to a conversation must consent to it being recorded; whereas the federal Wiretap Act and other states’ laws are “one-party consent” statutes, meaning that only one party to a conversation needs to consent to it being recorded.

The First Circuit noted that although the Massachusetts wiretap statute protects both private and public conversations (notwithstanding the First Amendment), it only prohibits “secret” audio recording where the parties to a conversation are unaware that they are being recorded. By contrast, the court found that the officers were on notice: Glik held his cell phone – “a device commonly known to record audio” – in “plain view” of the officers and one officer, in fact, knew that Glik was recording audio because the officer asked Glik if he was doing so and Glik replied in the affirmative.

Thus, the court held that Glik did not violate the Massachusetts wiretap statute because he did not make the audio recording surreptitiously – even though the officers were engaged in a public “conversation” with the arrestee and no one consented to being recorded. (In 2014, a Massachusetts woman was charged with violating the wiretap statute for making a secret audio recording of her own arrest by hiding her smartphone in her purse, but the charge was later dropped.)

In 2012, the U.S. Court of Appeals for the Seventh Circuit issued an opinion in ACLU of Illinois v. Alvarez. The ACLU challenged the constitutionality of the Illinois wiretap statute, which, like the Massachusetts law, protected both private and public conversations and required the consent of all parties to a conversation. Unlike the Massachusetts wiretap statute, however, the Illinois statute prohibited all audio recording, not only surreptitious audio recording. The ACLU of Illinois was fearful of prosecution because it intended to record police officers performing their official duties in public as part of an accountability program.

The Seventh Circuit granted a preliminary injunction and held that the Illinois wiretap statute likely violated the First Amendment because it prohibited the audio recording – a “medium of expression” – of public conversations of police officers where no privacy interests existed. The court said that the Illinois legislature was not justified in “criminalizing this particular method of preserving and publishing the public communications of these public officials.” Though it was not central to the decision, the court also noted that the ACLU’s plan was to openly – not surreptitiously – record police officers in public.

The Seventh Circuit was quick to emphasize, however, that the right to record the police is not a right to interfere with police operations. The court said, “Nothing we have said here immunizes behavior that obstructs or interferes with effective law enforcement or the protection of public safety.” Thus, “While an officer surely cannot issue a ‘move on’ order to a person because he is recording, the police may order bystanders to disperse for reasons related to public safety and order and other legitimate law enforcement needs.”

In line with these federal cases, in March 2014, the Illinois Supreme Court held in two cases that the state wiretap statute was unconstitutional under the First Amendment precisely because it protected public conversations where the parties had no expectation of privacy, and it criminalized even open recording where the parties were on notice that their conversation was being recorded.  

In December, the Illinois legislature sought to cure the constitutional deficiencies of the wiretap statute: it narrowed the law to make it a crime to record a private conversation in a surreptitious manner. While it may be difficult to determine when parties have a reasonable expectation of privacy and thus are having a “private” conversation even in a public place, we hope that this law will not be used to justify the arrest of Illinois citizens making audio recordings of police officers carrying out their official duties in public.

Last year, the city of Baltimore settled with Christopher Sharp for $250,000 after he filed a lawsuit alleging violations of his constitutional rights. Police officers had seized his cell phone and deleted his recordings, which included the arrest of one of his friends by the officers.

In that case, to the delight of civil libertarians, the Justice Department twice weighed in to defend citizens’ rights: in a statement of interest filed in the district court, and in a letter sent to the Baltimore Police Department. In the statement of interest, the Justice Department wrote, “The First Amendment protects the rights of private citizens to record police officers during the public discharge of their duties.”

The statement of interest also addressed the seizure of Sharp’s cell phone, explaining that under the Fourth Amendment the police cannot seize a cell phone (or other device) without a warrant unless the officer has probable cause to believe that the device holds evidence of a crime and there is an emergency (i.e., “exigent circumstances”) justifying a warrantless seizure. Even if the warrantless seizure is justified, the police may not search the device without a warrant based on probable cause – and they certainly may not delete files.

If a person is arrested (which Sharp was not), the police may not search a cell phone simply based on the fact of the arrest – they must generally obtain a warrant from a judge.

In 2012, partially in response to the Sharp case, EFF joined a letter to Attorney General Eric Holder calling on law enforcement authorities to respect the First Amendment right of citizens to record the police.

Unfortunately, Baltimore police apparently have not learned their lesson. In December, a woman filed a lawsuit after she was allegedly pulled from her car and tased while attempting to record the arrest of another man.

The District of Columbia Police Department is a good example of a robust policy directing officers to respect the right of citizens to record the police. Issued in 2012, the heart of the policy states, “The Metropolitan Police Department recognizes that members of the general public have a First Amendment right to video record, photograph, and/or audio record MPD members while MPD members are conducting official business or while acting in an official capacity in any public space, unless such recordings interfere with police activity.”

EFF urges more police departments and more courts to recognize the clear First Amendment right of citizens to record police officers carrying out their public duties.

See my colleague Nadia Kayyali’s related blog post that includes tips and resources on how to safely record and interact with the police.

Related Issues: Free SpeechKnow Your RightsSearch Incident to ArrestRelated Cases: Riley v. California and United States v. Wurie
Share this:   ||  Join EFF
Categories: Aggregated News

What If MLK’s “Letter from Birmingham Jail” Had Been a Facebook Post? - Fri, 17/04/2015 - 03:29

“Never before have I written so long a letter. I'm afraid it is much too long to take your precious time. I can assure you that it would have been much shorter if I had been writing from a comfortable desk, but what else can one do when he is alone in a narrow jail cell, other than write long letters, think long thoughts and pray long prayers?”

- Martin Luther King, Jr., “Letter from Birmingham City Jail”

April 16, 1963

Martin Luther King Jr.’s “Letter from Birmingham City Jail” is considered by many civil-rights historians to be one of the seminal writings of the era, on par with King’s “I Have a Dream” speech. But while King’s moving oration at the Lincoln Memorial was delivered directly to thousands, his impassioned letter was composed in solitary confinement and would not have seen the light of day without the help of several brave and dedicated intermediaries.

In the spring of 1963, King was arrested after he and others in the racial equality movement defied a court injunction against public protesting. From behind bars, he obtained a copy of a joint-statement written by white religious leaders criticizing his methods. King felt compelled to respond. As the daughters of King’s attorney, Arthur Shores, explain in their father’s biography, King scribbled his response in the margins of old newspapers and on toilet paper and other paper scraps; his lawyers smuggled the notes out of the jail to be transcribed, then they smuggled the edits back into the jail for King to review. Eventually, the letter made it onto the pages of several influential newspapers. 

 If King were a prisoner in the state of Alabama today, those supporters may very well have first published the letter on King’s Facebook page. But under current Alabama law, that would have been a crime:

Section 14-11-70

Prohibited activities; violations.

(a) No inmate in the custody of the Department of Corrections or city and county jails shall establish or maintain an account on any Internet-based social networking website.

(b) For purposes of this section, social networking website means an Internet-based website that has any of the following capabilities:

(1) Allows users to create web pages or profiles about themselves that are available to the general public or to any other users.

(2) Offers a mechanism for communication among users, such as a forum, chat room, electronic mail, or instant messaging.

(c) Any inmate or other person working in conjunction with a state correction's inmate who violates this section shall be guilty of a misdemeanor, punishable by a fine not to exceed five hundred dollars ($500).

Alabama’s law not only forbids inmates from having active social networking profiles, but it also defines “social networking” so broadly that it encompasses any site that offers web-based email. And any person who assists a state inmate in accessing a social networking website, such as acting as a go-between, could also face prosecution. (King, however, was a city inmate.)

Alabama is only one of many states that have enacted regulations barring inmates from accessing social media, and many other states have consequences far harsher than Alabama’s $500 fine. For example:

  • In New Mexico, state Corrections Department regulations forbid inmates from accessing the Internet through third parties. One inmate was sentenced to 90 days in solitary confinement after his family updated his Facebook page.
  • In Indiana, a prisoner was sent to solitary confinement, and his sister was cut off from communicating with him, after she posted a videogram he had made through the prison’s communications system to Facebook as part of a social media campaign to raise attention for his case.
  • In South Carolina, hundreds of inmates have been sentenced to solitary confinement for accessing Facebook—both through intermediaries and contraband cell phones—with some receiving decades-long sentences. The South Carolina Department of Corrections has also sent hundreds of takedown requests to Facebook, successfully getting Facebook to suspend inmate accounts—an alarming new censorship trend.

In defending these policies, corrections officials argue that inmates can use Facebook to plan criminal activities and harass victims. But banning all online or social media speech by inmates is far too broad and restrictive of a measure to deal with such a narrow problem. While such uses of social media should be addressed, this is not a strong enough reason to indiscriminately ban all inmate speech over social media or on the Internet. Inmates have First Amendment rights, too. 

Social media can be beneficial to the rehabilitation process by allowing inmates to maintain connections with the outside world, including their support network of families and friends. And as we have already seen, society benefits when prisoners are able to engage in public debate. Rev. Martin Luther King Jr. is only one example. Chelsea Manning and Barrett Brown are two others.

Since being sentenced to 35 years in prison for being a Wikileaks source, Manning has contributed insightful essays to The Guardian’s Comment if Free opinion blog, with covers issues ranging from ISIS and CIA torture to the treatment of transgender individuals in prison. Manning also recently joined Twitter (@xychelsea); she composes tweets over the phone to her communications consultants at FitzGibbon Media, who then transcribe and post the comments online.

Similarly, journalist Barrett Brown, who has been incarcerated for crimes stemming from an FBI investigation into the high-profile breach of an intelligence contractor’s data systems, also has been publishing articles while in custody. His work has appeared in publications such as The Daily Beast and Vice, as well as the Free Barrett Brown Tumblr page. Alarmingly, earlier this month, his access to the prison email system was abruptly cut off after he began corresponding with journalist Glenn Greenwald about contributing pieces to The Intercept.  

Inmates may lose many liberties when they enter the correction system, but the ability to participate in debate online should not be one of them. Censorship of prisoners is also censorship of society at large because it deprives the public of the freedom to read the long letters, consider the long thoughts, and hear the long prayers of people who have lost their freedom.  

Related Issues: Free Speech
Share this:   ||  Join EFF
Categories: Aggregated News

Fighting for Patent Reform in Washington, D.C. - Fri, 17/04/2015 - 03:00

EFF primarily fights awful software patents with legal challenges, explaining to judges how trivial non-innovations aren’t worthy of a government-granted monopoly, which bad actors then wield to bully small businesses and users into forking over huge sums of money. With every busted and narrowed software patent—like the recently tackled podcasting patent—we’re another step closer to protecting the future of innovation.

This month, we’re taking a different approach.

I’ve spent two weeks in Washington, D.C., with my colleague Daniel Nazer, educating members of Congress and their staffers about how the current patent system hurts innovation and free speech and what they can do about it. We also shared our concerns with staff at the Patent Office and the White House.

The main focus: Defend Innovation, our newest report on our broken patent system. 

This report is more than just EFF’s ideas for patent reform (though it includes many of those). It’s the result of more than two years of research, interviews, and data collection. We surveyed the concerns of software developers, entrepreneurs, legal professionals, students, and everyday technology users affected by the current patent system. We held town halls at major tech companies in Silicon Valley and interviewed individual programmers, and we launched a petition where users could submit comments and share their feedback on proposals to address these issues. Over 16,500 of you spoke up. 

All of this research culminated in over thirty pages that highlight just how broken the current patent system is: not only does it create a chilling effect on innovation and new technologies—exactly opposite of its intended goal—but it is readily abused by bad actors and patent trolls.

Daniel and I are meeting with dozens of policy makers and co-hosting a briefing on the Hill, alongside our friends at R Street and Public Knowledge. Not only are we spreading stories about the worst abuses of the patent system—including that of our latest client, Ruth Taylor, a photographer sued for hosting photo competitions on her hobby site—but we’re laying out clear steps to address them. Many of these are in line with current legislative reform proposals, such as the House’s Innovation Act.

This trip to Washington is the final piece in our three-year Defend Innovation project. We’re going to be assessing the results of the campaign and thinking about what we should do next to fix software patents. Thanks to all the EFF supporters who contributed to this project. You've infused vital public interest concerns into the conversation about fixing patents, which has brought real reform within reach.

Related Issues: Legislative Solutions for Patent Reform
Share this:   ||  Join EFF
Categories: Aggregated News

La Iniciativa de Facebook y sus Aliados Nos Dejan - Thu, 16/04/2015 - 13:57

Durante la VII Cumbre de las Américas llevada a cabo en Panamá del 10 al 11 de abril pasado, gobernantes del continente como el anfitrión panameño Juan Carlos Varela, Cristina Fernández de Argentina, Dilma Rousseff de Brasil, Ollanta Humala de Perú, entre otros, posaron para la foto con un convidado especial: Mark Zuckerberg, el fundador de Facebook, promotor y vocero del portal es un proyecto liderado por Facebook que reúne a empresas de tecnología, ONGs y comunidades locales, con la supuesta noble finalidad de conectar a “dos terceras partes del mundo sin acceso a la red”, según anuncian en su portal.

Entre otras empresas participantes de están Nokia, Ericsson, Qualcomm, Samsung, siendo su proyecto principal la elaboracion de un app que proporciona ciertos servicios básicos gratuitos en los mercados donde el acceso a Internet puede ser menos asequible.

Desde el año 2014 brinda acceso a una serie de aplicaciones mínimas (datos del clima, salud, clasificados, librerías) en ciertos países africanos y asiáticos. En 2015, ya sentó bases en Colombia, Guatemala y Panamá (en las próximas semanas), siendo Paraguay un país de prueba bajo la modalidad Facebook Libre a medidados del 2013.

Las intenciones de parten de un problema real: la brecha digital. Millones de ciudadanos en el mundo entero no tienen ninguna forma de acceder a internet, y es una problemática urgente de resolver para los próximos años.  Sin embargo, ésta propuesta del tipo tasa cero que promueve significa que las personas con menores recursos económicos tendrán acceso gratuito solamente a algunas porciones de la Internet. Para colmo, esa porción que supuestamente los beneficia, será decidida entre las grandes corporaciones que forman parte de, y peor aún, esta propuesta es impulsada como política pública desde el Estado.

En efecto, aquellos usuarios de no llegarán a conocer la “mar” de Internet, la que todos nosotros conocemos, que nos permite utilizar cualquier sitio sin ningún tipo de discriminación y/o priorización de ciertas aplicaciones. Sin embargo, los usuarios que accedan a Internet a través del portal disfrutarán de una Internet “pecera”, en el cual tendrán que pagar por todos aquellos servicios que no son parte de la tasa cero (empresas pequeñas, desarrolladores de apps, sitios web novedosos, etc.), y probablemente terminen resignándose a que este paquete sea la totalidad de internet.

Presencia en Colombia

"Estamos haciendo una gran alianza, Facebook y Colombia, para darle acceso a millones de colombianos que de otra forma no tendrían posibilidad de tener acceso a internet" [sic], así lo manifestó el presidente Juan Manuel Santos el 14 de enero pasado en el lanzamiento de en el país, el primero en Latinoamérica.

Los activistas locales ya habían advertido en más de una ocasión que este proyecto tiene más cuestionamientos que bondades, a pesar de la tendencia de de ir expandiéndose en la región como la síntesis de internet.

La Fundación Karisma ha afirmado tajantemente que “ no es Internet”, llamando la atención a los aspectos de prácticas anticompetitivas y la privacidad de los usuarios. Carolina Botero, Directora Ejecutiva de la Fundación Karisma, compartió su postura con EFF desde Bogotá:

"nos preocupa mucho que se presente a como estrategia de política pública para el acceso universal a Internet, ésto compromete los derechos de todos y además desdibuja la obligación del gobierno de disminuir la brecha digital de sus ciudadanos por una apuesta de acceso a algunas aplicaciones que, incluso si son interesantes, van asociadas a un interés comercial de una multinacional que el Estado está directamente respaldando".

RedPaTodos, una coalición de usuarios de Internet en Colombia, resaltó que jamás será gratuito como lo anuncian porque el costo lo pagarán los usuarios con sus datos personales, brindando beneficios económicos por la cantidad de clientes a la compañía Tigo, que asciende a más de 8 millones de colombianos.

¿Tú también, Brasil?

El país más grande de América del Sur, que ha sido un líder en defender el derecho a la privacidad a nivel internacional en estrados como la ONU; con la elaboración del Marco Civil da Internet y ser protagonista de NETMundial, se uniría a generando un contrasentido.

Al encontrarse la presidenta Rousseff y Zuckerberg en Panamá para discutir la futura versión brasileña de (a estrenarse en junio), las políticas públicas de acceso a Internet, neutralidad de redes y privacidad entraron en un punto muerto.

El Gobierno Federal y Facebook usarán como punto de partida la región de Heliópolis, zona carente del estado de São Paulo, para llevar “inclusión digital”, según la información oficial. Activistas brasileños como Sérgio Amadeu, João Carlos Caribé y Raphael Tsavkko han sido claros: el acuerdo entre Rousseff y Facebook puede destruir el Marco Civil da Internet.

Los siguientes pasos

Tras el anuncio del lanzamiento de para Panamá a través de la compañía Digicel, el Instituto Panameño de Derecho y Nuevas Tecnologías (IPANDETEC) lanzó una petición dirigida al presidente Varela para que se respete la neutralidad de la red en el país centroamericano.

Otra reunión clave de Zuckerberg fue con el presidente del Perú, Ollanta Humala, en la que conversaron para una posible implementación de en ese país, donde el 66% de la población aún no dispone de acceso a internet según datos del regulador Osiptel.

El mal llamado "Internet gratis" que promueve es limitado y aislado como el tipo de Internet que buscan erradictar en los países en vías de desarrollo.

¿Hará los datos más accesibles en América Latina, o serán los datos de los latinoamericanos más accesibles para Facebook, y en consecuencia para los Estados Unidos?

Es cierto que Facebook no es el único contenido disponible a través de, y que también son parte otros contenidos tales como Wikipedia. Sin embargo, el problema va más allá de cuáles son los sitios que estarán incluidos en el paquete de tasa cero a los que los usuarios con menos recursos económicos tendrán acceso; esto recae en el concepto mismo que ni Facebook ni sus socios corporativos (ni los gobiernos) deben promover la compilación de estos servicios. Más allá de las buenas intenciones de Facebook y el puñado de empresas aliadas, estas iniciativas dejarán a los usuarios de la región

Share this:   ||  Join EFF
Categories: Aggregated News

Three Paths to Better Open Wireless Routers - Thu, 16/04/2015 - 09:32

For the past few years, EFF and a coalition of other organizations has been campaigning for more and better Open Wireless networks. Unlocked, password-free wireless networks are in many respects the most convenient, efficient, and privacy-protective way to access the Internet, and running one is a considerate and neighbourly thing to do. But typical router hardware does not support open wireless very well, making it tricky or impossible for households to share some portion of their bandwidth without potentially slowing down their own connections.

This post explores what the essential features that make for a good open router, and three paths could get us there: out-of-the-box support from router manufacturers; standalone firmware; and features in open source router projects like OpenWRT.

What Makes a Good Open Wireless Router?

Most currently deployed consumer router hardware has no good support or UI for running open and password locked networks in parallel with tunable bandwidth allocation between the two. But it's clear that good open routers should have a number of features:

  • Good support for open wireless out of the box—a prominent, one-click configuration option during the setup flow that creates an open network with traffic partitioned from the main password-locked one;
  • Good traffic management for simultaneous open and password-locked wireless, so that the a guest watching Netflix or YouTube doesn't slow things to a crawl.
  • A well designed, modern management interface that is free of avoidable security vulnerabilities like CSRF and which supports auto-updating to fix more obscure bugs when they are discovered.
  • If the management UI is cloud-based, it is essential that it allows trully anonymous usage, for people who would prefer that their router vendor not know their identity and home IP address.Cloud-management UI should always have a local-network fallback alternative, in case the provider goes out of businesses, their network is unreachable for some reason, or other things do not go according to plan.
  • Support for modified, free/open source firmware based on OpenWRT or other projects.
  • Freedom from binary firmware blobs

So, how do we get there?

Path 1: Support from Hardware Manufacturers

By far the best way to get high-quality versions of the features above is to ensure they are present when you open the box and supported by the router manufacturer. For that reason, we are planning to start evaluating a number next-generation router projects on how well they deliver support for open wireless. Stay tuned for developments on that front!

Path 2: Standalone Open Wireless router firmware

Last year, EFF began some experiments with a variant of OpenWRT that prioritizes good out-of-the-box open wireless support, in combination with simpler and more secure UI than the OpenWRT defaults. Initially we had hoped that that firmware project would be a direct, simple and scalable way to deploy high-quality open routers, by shipping convenient mobile apps or browser extensions that could automate the detection and reflashing process for owners of compatible hardware.

Unfortunately, we've encountered some obstacles on that path. In particular, once we obtained our first field data on router prevalence, we saw that none of the router models we expected to be able to support well have market shares above around 0.1%. Though we anticipated a fragmented market, that extreme degree of router diversity means that we would need to support dozens of different hardware platforms in order to be available to any significant number of users, and that does not seem to be an efficient path to pursue. Without a good path to direct deployment, EFF is deprioritizing our work on the freestanding router firmware project.

Path 3: Open Wireless as a feature in OpenWRT

Fortunately, there are some other valuable uses for our open router code; the most significant aim is to merge its user interface and network configuration components as options in the upstream OpenWRT codebase, so that any OpenWRT user can choose to use them.

The firmware project will continue as an independent open source effort with support from the prpl foundation, ThoughtWorks, and others. That project has some important and exciting milestones to reach— and merging its features and UI as options in OpenWRT is prominent among them.

This weekend, Riscure is hosting a hackathon in their San Francisco offices, in conjuction with ThoughtWorks, a major contributor to the first version of the Open Wireless firmware. We invite developers in the Bay Area to join in and help secure a more vibrant, open future for the planet's wireless networks.

Related Issues: Open Wireless
Share this:   ||  Join EFF
Categories: Aggregated News

New Surveillance Self-Defense Playlist for LGBTQ Youth - Wed, 15/04/2015 - 06:19

The Internet provides a wide-range of resources for LGBTQ youth to find community, health information, and other resources to explore and understand their identities. Unfortunately, many of these resources get censored, either intentionally or as collateral damage from the use of other filters. It can be difficult to access online resources without being outed to peers, family, and online advertisers. Young people need space to explore and experiment without fear that their curiosity will be punished or logged on their permanent records. Today we unveil a new playlist on Surveillance Self-Defense tailored to help young people safely access the information they need.

Only 43 percent of gender-nonconforming youth have a supportive family member. This means that the majority of such young people have to fend for themselves in finding health information, community, and other resources to explore their identities. Families may mistreat or disown LGBTQ children and explicitly work to deny them access to the wider resources and communities that can help.

This playlist is designed to help young people navigate social media and protect themselves from snooping and outing by ad companies that track online activity, social media, and their peers. It covers personal computers, shared computers (such as those at a library or school), and mobile devices.

This is one of many SSD playlists; each one is customized to the needs of a particular community or type of person and draws on our larger database of anti-surveillance resources. LGBTQ activists may wish to consult the SSD playlist for activists and protesters, and LGBTQ persons living in countries that persecute them may wish to consult our guide for protecting yourself against government surveillance and the excellent guide Tactical Technology Collective for LGBTI persons in Sub-Saharan Africa. Tactical Technology's guide concentrates on African individuals and human rights defenders, but has useful details regarding broad, common threats, such as entrapment, extortion, harassment, and unauthorized access to devices.

These resources speak to what individuals can do to protect themselves, but privacy is a community effort. As such, there are things that friends and organizations serving marginalized communities can do to protect vulnerable youth. In particular, organizations catering for LGBTQ youth can provide for HTTPS encrypted access to their websites to secure against external keyword censorship and monitoring. They can decline to include social media and analytics beacons on their site which track readers that may leak information about user interests to other organizations. Friends can install software that allows for secure communications, such as OTR for instant messaging, so they can be there for others who don't feel comfortable opening up on heavily-surveilled platforms. And, finally, the people who run those platforms can work harder to understand that by making assumptions like “privacy is dead,” or that it is somehow dishonest to trust your friends more than you trust Facebook, or that you “shouldn't be doing” anything online that you don't want to share with Google, they're inflicting harm on a vulnerable population.

Share this:   ||  Join EFF
Categories: Aggregated News

All Eyes on Virginia as Lawmakers Face Major Surveillance Decisions - Tue, 14/04/2015 - 03:44

Virginia may be home to the Central Intelligence Agency, the Drug Enforcement Administration, and the FBI National Academy, but it could also soon be home to some of the toughest regulations on local law enforcement use of surveillance technologies.

All lawmakers need to do is stand up to the governor.

This legislative session, the Virginia General Assembly passed a series of bills to protect its citizens’ privacy from a variety of emerging police technologies. Gov. Terry McAuliffe has already signed legislation requiring police to get a warrant before using devices commonly known as “Stingrays,” to track cell phone users in real time. But the governor sent two other sets of bills regarding drones and Automatic License Plate Readers (ALPR) back to the General Assembly with proposed amendments that would significantly weaken the bills' privacy protections.

On April 15, Virginia lawmakers will decide whether to stand up for privacy. If they reject the governor’s amendments with a simple majority, the bill goes back to the governor, who still can veto the bills.  But if a two-thirds majority passes the bills without the amendments, they will pass into law regardless of the governor’s position.

We’re calling on all Virginians to tell their lawmakers to stand up for privacy by passing these bills for a second time and making them veto-proof. Send an email now.

Warrants for Drones

Two years ago, the Virginia General Assembly placed a moratorium on police use of drones to give lawmakers time to pass appropriate regulations. The moratorium expires July 1, 2015.

In anticipation of that deadline, the General Assembly passed H.B. 2125 and S.B. 1301. These bills would broadly require law enforcement to get a warrant before using unmanned aerial systems.

The legislation includes a few special exceptions, such as Amber Alerts (when a child goes missing), Senior Alerts (when a senior adult goes missing), and Blue Alerts (when a police officer is seriously injured or killed). The legislation does allow government agencies to use drones for non-law enforcement purposes, such as monitoring wildfires or traffic, without a warrant. However, the regulations would ensure that evidence obtained by drones without a warrant is not admissible in court. In addition, the bill prohibits state and local governments from deploying weaponized drones except at two special testing/training facilities.

The governor sent the legislation back to the General Assembly with a few small amendments that could make a huge difference to Virginians’ privacy.

Rather than require a warrant for all law enforcement use of drones, the governor's amendments only require warrants for “active criminal investigations,” leaving the door open for persistent, untargeted drone surveillance.  Rather than ban the use of evidence collected without a warrant by drones, the governor's amendments created a procedural loophole where otherwise forbidden evidence could be introduced under a different set of legal standards.

As the ACLU of Virginia told the governor [PDF]: “If the amendments are not rejected by the legislature, which we hope that they will be, there will effectively be no warrant requirement for drones in Virginia, and the language requiring a a warrant for drone use fill be meaningless and a virtual sham on the public.”

Limits to ALPR

In 2013, Virginia Attorney General Ken Cuccinelli issued a formal legal opinion [PDF] to the state police about Automatic License Plate Readers, high-speed camera systems that are capable of scanning and collecting thousands of data points on drivers each day. Cuccinelli concluded that “passive” collection of driver information through ALPRs was not lawful under Virginia’s data privacy laws.  To put it another way: police could use ALPRs for targeted investigations, but they couldn’t just put these high-speed cameras on patrols cars and traffic poles to collect information on everyone, without suspicion, for future potential use.

But, as the Washington Post reported, local agencies disagreed, with some holding on to data for up to two years.  

With H.B. 1673 and S.B. 965, the General Assembly spelled out that police can’t use mass surveillance technologies, including ALPR or future technologies, to collect personal information on Virginians when the collection isn’t connected to a criminal investigation. With ALPR, police would not be allowed to keep passively collected data for more than seven days. 

That could be the shortest ALPR retention period enacted into state law anywhere in the country. However, the governor’s amendments would allow police to hold passively collected ALPR data for 60 days and, as the ACLU explained, “disseminate it to other agencies without limit.”

Surveillance on the Spot

We’re not asking Virginia’s lawmakers to pass a legislative package from scratch. These bills were already passed once before with overwhelming majorities.  Instead, we’re asking them to stand by their convictions and pass the bills a second time, without allowing the governor to second-guess the privacy interests of regular Virginians.

The Commonwealth of Virginia has the opportunity to lead the nation in state-level surveillance reform. Take action and contact your delegate and senator today.

Files:  aclu_letter_to_mcauliffe_-_surveillance_bills.pdfRelated Issues: TransparencyRelated Cases: Drone Flights in the U.S.Automated License Plate Readers (ALPR)
Share this:   ||  Join EFF
Categories: Aggregated News

The FCC is Keeping an Eye on Interconnection, But More Clarity is Needed - Tue, 14/04/2015 - 03:25

When a customer signs up for Internet access from a broadband provider such as Comcast or Verizon, they're signing up for more than just access to that ISP's network. After all, ISPs provide the "last mile" connection to their customers, but these ISPs do not own the entire infrastructure of the Internet. To reach the rest of the Internet, traffic needs to leave the physical network owned by the ISP and travel over other networks owned by other parties. Sometimes these other parties are other ISPs, and sometimes they are content providers such as Netflix or "content delivery networks" such as Akamai that serve content from a variety of clients. Either way, it is these interconnections, where two networks exchange traffic with each other, that make the Internet what it is: an interconnected network of networks. How well these interconnections function (and whether or not they're subject to persistent congestion) has a huge impact on the quality of people's Internet connections. That's why it's vital that net neutrality principles apply not only to an ISP's own network, but to its interconnection arrangements as well.

Fortunately the FCC's net neutrality order reflects this. As the FCC put it, the promise to customers that they would be able to access the Internet through the ISP's service included a commitment to make the interconnection arrangements necessary to follow through on that promise.

For this reason, the FCC's order specifically requires that interconnection arrangements be reasonable and non-discriminatory. Unfortunately that's a pretty vague standard, and even the FCC admits they don't know yet what that will mean in practice. They simply say they will examine interconnection issues on a case-by-case basis.

On the one hand, addressing interconnection problems on a case-by-case basis makes sense: interconnection presents more complex neutrality issues than content, applications, services, and devices do. This is because it is not typical or essential for every ISP to interconnect with every other possible partner. But to reduce uncertainty (and to prevent ISP gamesmanship), the FCC should at least explain some of the guidelines it expects ISPs to follow when it comes to interconnections.

For example, it would be a violation of net neutrality principles for an ISP to create a paid prioritization scheme so that its business partners will be able to interconnect directly with the ISP's network but their competitors will have to agree to more onerous terms, or be outright refused direct interconnection for anti-competitive reasons. Alternatively, an ISP could allow its business parters to interconnect deeper inside its own network (and thus closer to customers) than its competitors, thus effectively prioritizing its business partners' traffic.

If an ISP uses its gatekeeper power in this way, or refuses to interconnect in a way that reconstructs a throttling or paid prioritization arrangement, that would be a violation of net neutrality and something the FCC should make clear it will discipline in the case-by-case process it has adopted.

While we don't know for sure if this is what the FCC is thinking about interconnection, we know they're at least paying attention. With a little more clarity, we hope this means interconnection arrangements won't fall into a loophole ISPs can use to circumvent net neutrality principles.

Related Issues: Net NeutralityTransparencyRelated Cases: Net Neutrality Lobbying
Share this:   ||  Join EFF
Categories: Aggregated News

EFF Signs Joint Letter Urging Canada to Dismiss Anti-Terror Legislation, Bill C-51 - Tue, 14/04/2015 - 02:52

EFF has signed on to a joint letter with more than 100 organizations and individuals to urge Canadian members of parliament to vote against Canada's anti-terror legislation, Bill C-51. The reckless bill contains vague language and proposes broad, unchecked surveillance powers that threaten the right to privacy and free expression in Canada. Canadian MPs are set to vote on Bill C-51 for the third and final time shortly after they return from recess on April 20.  In an effort to educate fellow residents, Canadians are rallying to oppose Bill C-51 with a Week of Education to Stop C-51 from April 13 to April 20.  With this legislation threatening to strip Canadians of some basic fundamental freedoms, it’s time for the House of Commons to listen to its constituents’ warnings and vote to dismiss Bill C-51.

You can read the full coalition statement below:

The Right Honourable Stephen Harper, P.C., M.P., Prime Minister of Canada
Office of the Prime Minister
80 Wellington Street
Ottawa, ON K1A 0A2

Dear Prime Minister,

We, the undersigned organizations and individuals, call for the immediate and unconditional dismissal of Bill C-51: Anti-Terrorism Act, 2015. We are extremely concerned by the potential impact of this legislation, which fails to strike the balance between protecting Canadians and safeguarding our cherished rights and freedoms as protected in the Charter.

Bill C-51 has been widely criticized by experts and Canadians across the country as being irresponsible, dangerous, and ineffective. This law will detrimentally impact our social frameworks, democratic values and fundamental rights. Our security agencies currently possess wide-ranging powers to address security threats, and the need for this broad legislation has not been demonstrated. While minor amendments to the bill have been suggested, amendments cannot repair such an extensive and dangerous piece of legislation.

As Canadians learn more about and better understand the bill, their concern for its contents and potential impact continues to grow. The bill’s consultation process has been incredibly hasty, not even allowing for our own Privacy Commissioner to speak to the potential impact that this broad legislation could have. Legislation that could in any way affect our rights and freedoms cannot be created in such a rushed manner. Canadians must be consulted, and expert recommendations and criticism must be factored into shaping the country’s policies.

We agree with the over 179,000 Canadians who have called on the government to scrap this irresponsible, dangerous and ineffective legislation through and other petitions. Bill C-51 is fundamentally flawed and the proposed amendments do little to mitigate the erosion of our rights and freedoms if it is passed into law. We write to you requesting that the federal government listen to the wishes of the majority of Canadians, and withdraw this piece of legislation. We will not be pressured or scared into sacrificing our rights and freedoms.

Yours sincerely,

Amnesty Canada
BC Civil Liberties Association (BCCLA)
BC Freedom of Information and Privacy Association (FIPA)
Canadian Association of Professional Employees / Association canadienne des employés professionnels
Canadian Civil Liberties Association
Canadian Journalists for Free Expression (CJFE)
Centre for Law and Democracy
Centre for Free Expression, Ryerson University
CWA/SCA Canada
Electronic Frontier Foundation
Free Dominion
Greenpeace Canada
Institute for the Study of Privacy Issues (ISPI)
International Civil Liberties Monitoring Group (ICLMG)
National Council of Canadian Muslims (NCCM)
PEN Canada
Pirate Party of Canada
Privacy & Access Council of Canada
Privacy International
Public Service Alliance of Canada, BC Region
Real Art Gaining Strength
Right to Know Coalition of Nova Scotia (RTKNS)
Samuelson-Glushko Canadian Internet Policy & Public Interest Clinic (CIPPIC)
Telecommunities Canada
Youth Vote Canada

Dr. Adam Molnar, Lecturer, Department of Criminology, Deakin University
Alexander Ferworn, CD, Professor, Associate Chair and Graduate Program Director, Department of Computer Science, Ryerson University
Ali Miri, Professor, School of Computer Science, Ryerson University
Andrew Clement, Professor, Faculty of Information, University of Toronto
Ann Cavoukian, Ph.D., Executive Director, The Privacy and Big Data Institute, Ryerson University
Professor Anver Saloojee, Ryerson University
April Lindgren, Associate Professor, Ryerson University School of Journalism
Arnold Amber, President, Canadian Journalists for Free Expression
Arthur Cockfield, Professor, Queen's University Faculty of Law
Avner Levin, Associate Professor and Chair, Law & Business Department, Ted Rogers School of Management, Ryerson University
Barry Grills, Past Chair, The Writers' Union of Canada, Past Chair, Book and Periodical Council
Bill Bonner, Ph.D., Associate Professor, Faculty of Business Administration, University of Regina
Carl Benn, PhD, Professor, Department of History, Ryerson University
Chris MacDonald, Associate Professor, Director, Jim Pattison Ethical Leadership Education & Research Program, Ted Rogers School of Management, Ryerson University
Dr. Christopher Parsons, Managing Director of the Telecom Transparency Project, Citizen Lab at the Munk School of Global Affairs, University of Toronto
Cindy Blackstock, Associate Professor, University of Alberta
Professor Colin J. Bennett, Department of Political Science, University of Victoria
Dagmar Rajagopa, Ph.D., Retired Professor of Economics, Ryerson University
David H. Flaherty, Professor Emeritus, University of Western Ontario
Professor David Lyon, FRSC, Queen's University
Professor Dave Mason, School of Computer Science, Ryerson University
David Checkland, Associate Professor, Department of Philosophy, Ryerson University
David J. Phillips, Associate Professor, Faculty of Information, University of Toronto
Dwayne Winseck, Professor, School of Journalism and Communication, Carleton University
Eva Hourihan Jansen, PhD Candidate, Faculty of Information, University of Toronto
George F. Bielmeier, Professor Emeritus, School of Social Work, Ryerson University
Grant Buckler, Journalist, Member of CJFE Canadian Issues Committee
Greg Elmer, Professor of Media, Ryerson University
Heida Mani, Mining Consultant
Professor Henry Navarro, School of Fashion, Ryerson University
Jaclyn Law, Co-Editor, CJFE Review of Free Expression in Canada
Dr. Javad Alirezaie, PhD, PEng, SMIEEE, Professor, CVIP Lab Director, Electrical & Computer Engineering, Ryerson University
Jonathan Obar, Assistant Professor, Faculty of Social Science and Humanities, University of Ontario Institute of Technology
Joseph H. Carens, Professor of Political Science, University of Toronto
Kathleen Greenaway, Ph.D., Research Fellow, Privacy & Cyber Crime Institute, Ryerson University
Kathryn Church, PhD, Director and Associate Professor, School of Disability Studies, Ryerson University
Laurence Kearley, Barrister and Solicitor, Associate Professor (Privacy Law), University of Ottawa
Leslie Regan Shade, Associate Professor, Faculty of Information, University of Toronto
Linying (Lin) Dong, Associate Professor, Ph.D., Ted Rogers School of Information Technology Management, Ryerson University
Lynn Lavallee, PhD, Associate Professor, Associate Director, School of Social Work, Ryerson University
Mary Elizabeth Rubens, Entertainment lndustry Professional, Producer, Writer, Actor
Matthew Bouchard, Doctoral Student, Faculty of Information, University of Toronto
Dr. Mehrunnisa Ali, Professor, Ryerson University
Mel Watkins, Emeritus Professor, University of Toronto
Michael Carter, PhD Candidate, Surveillance Studies Centre, Queen’s University
Michael Geist, Canada Research Chair in Internet and E-commerce Law, University of Ottawa
Mitu Sengupta, Associate Professor, Department of Politics & Public Administration, Ryerson University
Nalini K. Singh, Academic Librarian, Faculty of Information, University of Toronto
Neil Thomlinson, Ph.D., Associate Professor, Politics & Public Administration, Ryerson University
Paul Jonathan Saguil, Barrister and Solicitor, Member of CJFE Canadian Issues Committee
Paul Knox, Associate Professor, School of Journalism, Ryerson University
Peter Jacobsen, Founding partner, Bersenas Jacobsen Chouest Thomson Blackburn LLP, and Chair of CJFE Canadian Issues Committee
Peter Puxley, Former Parliamentary Bureau Chief, CBC Radio News, former Senior Producer on CBC TV's The National Magazine
Philip Coppack, Ph.D., Professor of Geography, Ryerson University
Philippa Lawson, Barrister & Solicitor
Rainerio Tayco, Communist Party of Canada
Rebecca Noone, PhD Student, Faculty of Information, University of Toronto
Reza Hamidizadeh, CEO, Ontario International Trading Inc.
Robert Hudyma, Professor Ryerson University
Ron Deibert, Director, The Canada Centre for Global Security Studies and the Citizen Lab, Munk School of Global Affairs, University of Toronto
Ronald Stagg, Professor, Ryerson University
Samuel Trosow, Associate Professor, Faculty of Law and Faculty of Information & Media Studies, University of Western Ontario
Dr. Sandra Smeltzer, Associate Professor, Faculty of Information and Media Studies, University of Western Ontario
Sarah Spinks, Secretary-Treasurer, Spin Free Productions Inc.
Dr. Sedef Arat-Koc, Associate Professor, Department of Politics and Public Administration, Ryerson University
Seyed M. Hashemi, Professor, Ryerson University
Stephanie Perrin, PhD candidate, University of Toronto
Terry Costantino, PhD Candidate, Faculty of Information, University of Toronto
Professor Toni Samek, University of Alberta
Valentina Capurri, Assistant Professor, Department of Geography and Environmental Studies, Ryerson University

Share this:   ||  Join EFF
Categories: Aggregated News

Las Violaciones de la Neutralidad de la Red Ponen en Peligro la Libertad de los Usuarios - Sat, 11/04/2015 - 11:20

La neutralidad de la red requiere que todos los datos que viajan a través de Internet sean tratados igualmente. Esto significa que las empresas de telecomunicaciones no deben bloquear contenidos en función de su origen o destino, ni deben discriminar y/o priorizar ciertas aplicaciones, tampoco imponer tasas especiales de acceso que harían más difícil que los contenidos puedan llegar a sus usuarios.

En Paraguay, recientemente, las empresas de telefonía solicitaron a la Comisión Nacional de Telecomunicaciones (CONATEL), que las aplicaciones que proveen llamadas de voz sobre datos como WhatsApp sean reguladas y cuenten con una licencia para operar en el país.

A mediados de marzo, WhatsApp habilitó la opción de llamadas entre usuarios, primero a aquellos con el sistema operativo Android, y en las redes sociales y medios de comunicación en Paraguay se divulgaron acusaciones contra los bloqueos unilaterales a WhatsApp desde las telefónicas.

Estos bloqueos no permitían hacer uso de la opción de llamadas vía WhatsApp, y las empresas no rechazaron ni desmintieron que lo hayan hecho. Sin embargo, una resolución sobre Internet y Transmisión de Datos del año 2009 de CONATEL, prohíbe cualquier tipo de bloqueo, degradación y/o interferencia en el tráfico de los usuarios de Internet.

"Art. 26: EI prestador que provea el Servicio deberá respetar el principio de neutralidad de las redes; por el que no podrá interferir o degradar el tráfico recibido o generado por el usuario, ni variar la capacidad contratada según el tipo de contenido, aplicación, origen o destino decidido por el usuario" (Resolución de Directorio 190/2009).

Tras una reunión entre la Cámara de Operadores Móviles de Paraguay y la CONATEL el pasado 30 de marzo, ha quedado claro que las telefónicas exigen que WhatsApp y/o cualquier otra aplicación que ofrezca llamadas sea regulada por el Estado bajo la denominación de "Servicio de Telecomunicaciones", como lo confirmó Eduardo Nery González, titular del ente regulador a Radio Cardinal AM.

En efecto, según Nery González, el servicio de llamadas de WhatsApp es un servicio de telecomunicaciones, en la opinión de las compañías:

“Para ellos, se dan todos los supuestos para indicar que el servicio de llamadas que está ofreciendo WhatsApp a través de su sistema ya se enmarca dentro de un servicio de telecomunicaciones y por lo tanto debería ser regulado, tener una licencia de la institución reguladora y que no se preste el servicio de manera tan abierta como se estaba publicitando”.

Sin embargo, CONATEL aclara:

“...mientras que no se determine que esta modalidad de llamadas por medio de aplicaciones, constituya un Servicio tipificado por la Ley de Telecomunicaciones, las Operadoras del Servicio de Acceso a Internet y Transmisión de Datos deben respetar las normativas y reglamentos existentes, no debiendo interferir o degradar el tráfico recibido o generado y en tal sentido el bloqueo de datos y sitios de forma unilateral no está permitido”, publicó el regulador en un comunicado que llegó a todos los medios locales.

De las cuatro operadoras de telefonía móvil en Paraguay (Tigo, Personal, Claro, Vox), la empresa Tigo (propiedad del conglomerado Millicom), la más grande en cantidad de clientes en Paraguay, fue la única que emitió un pronunciamiento en el que no negó ni tampoco rechazó haber bloqueado unilateralmente las llamadas vía WhatsApp.

La empresa sostuvo que seguirá ofreciendo Facebook y WhatsApp en la modalidad de tasa cero (zero rating), excepto en las llamadas vía la aplicación de mensajería móvil. Un servicio clasificado como tasa cero permite el acceso de forma gratuita a partir del dispositivo móvil del abonado, una oferta “beneficiosa” para el usuario final, pero perjudicial para la competencia, sobre todo de aquellos servicios que no son parte de la tasa cero (empresas pequeñas, desarrolladores de apps, sitios web, etc.)

En términos prácticos, significa que las personas con menores recursos económicos tendrán acceso solamente a algunas porciones de la Internet, y esa porción de la Internet a la que los usuarios podrán beneficiarse será decidida entre grandes corporaciones (Facebook, WhatsApp, etc) y los ISPs locales.

Para poner en contexto, el debate sobre WhatsApp y zero ratings ocurre en el momento en el que Paraguay debatirá en consulta pública la reforma de la Ley 642/95 de Telecomunicaciones, que data del año 1995 y que actualmente no menciona Internet en ninguno de sus artículos y cuyos avances no están contemplados.

La acción de las telefónicas en Paraguay y otros países de América Latina sientan un precedente peligroso y podría tener un efecto perjudicial sobre los esfuerzos para aprovechar las tecnologías para el desarrollo económico y social, la protección de la libertad de expresión y la reducción de la brecha digital.

Share this:   ||  Join EFF
Categories: Aggregated News

EFF Busts Podcasting Patent, Invalidating Key Claims at Patent Office - Sat, 11/04/2015 - 05:50
Ruling from USPTO Invalidates All Claims Used to Threaten Podcasters

San Francisco - The U.S. Patent and Trademark Office (USPTO) invalidated key claims in the so-called “podcasting patent” today after a petition for review from the Electronic Frontier Foundation (EFF)—a decision that significantly curtails the ability of a patent troll to threaten podcasters big and small.

“We’re grateful for all the support of our challenge to this patent. Today is a big victory for the podcasting community” said EFF Staff Attorney Daniel Nazer, who also holds the Mark Cuban Chair to Eliminate Stupid Patents. “We’re glad the Patent Office recognized what we all knew: ‘podcasting’ had been around for many years and this company does not own it.”

The “podcasting patent” became big news in 2013, when a company called Personal Audio, LLC, began demanding licensing fees from podcasters including comedian Adam Carolla and three major television networks. Personal Audio doesn’t do podcasting itself, but instead used its patent to claim infringement and collect payouts from actual creators.

In petitions filed with Patent Office, EFF showed that Personal Audio did not invent anything new before it filed its patent application, and, in fact, other people were podcasting for years previously. Earlier examples of podcasting include Internet pioneer Carl Malamud's "Geek of the Week" online radio show and online broadcasts by CNN and the Canadian Broadcasting Corporation (CBC).

“We have a lot to celebrate here,” said EFF Staff Attorney Vera Ranieri. “But unfortunately, our work to protect podcasting is not done. Personal Audio continues to seek patents related to podcasting. We will continue to fight for podcasters, and we hope the Patent Office does not give them any more weapons to shake down small podcasters.”

EFF partnered with attorneys working pro bono and the Cyberlaw Clinic at Harvard's Berkman Center for Internet and Society to craft the petition for review with the USPTO.

For the full decision on the Personal Audio “podcasting patent”:

Contact:  Daniel NazerStaff Vera RanieriStaff
Share this:   ||  Join EFF
Categories: Aggregated News

Crypto & Privacy Village is Heading to Tribeca Film Festival - Fri, 10/04/2015 - 08:49

EFF, Tony Arcieri, Justin Culbertson, Whitney Merrill, and Peter Teoh are excited to announce that we’ll be bringing the Crypto & Privacy Village to the Tribeca Film Festival. The Crypto & Privacy Village is a place to pick up tips and tricks about computer security and privacy and learn about encryption, and we’re excited to bring that experience to the international film community. DEF CON and the Tribeca Film Festival will be hosting the Village April 23 to 25 at Spring Studios. We hope you'll catch us there!

Our appearance at Tribeca builds on a successful inaugural Crypto & Privacy Village at last year's DEF CON 22. The first ever Crypto & Privacy Village included a wide array of events and resources, including talks by security professionals and guides on how to secure devices. It also provided a place to hang out, talk crypto, or just play some games and puzzles. 

Taking the Village to the Tribeca Film Festival will bring a fun, interactive, and in-depth discussion of privacy and cryptography—the science of securing communications—to a whole new audience. The Village at Tribeca will be housed on the sixth floor of Spring Studios. The studios are intended to be the central hub for Tribeca attendees and will have various talks, shows, and exhibits. The Village will offer attendees talks on important computer security topics, hands on activities, and practical tips and tricks for better security. It will also feature art, puzzles, how-to guides, and some of our favorite movie clips about hacking.

The Crypto & Privacy Village at Tribeca is especially exciting because it signals the growing understanding that everyone should be concerned about computer security and privacy—including filmmakers and film lovers.  That’s not accidental. After all, digital security was essential to the making of Laura Poitras's Academy award winning documentary CITIZENFOUR.

We'll be joined by DEF CON Village veterans the Lockpick Village, Tamper Evident Village, and the Hardware Hacking Village. We’re excited to bring a part of DEF CON—and better computer security—to Tribeca. 

Get ready!



Share this:   ||  Join EFF
Categories: Aggregated News

The Federal HTTPS-Only Standard: Necessary and Overdue - Fri, 10/04/2015 - 06:25

The White House Office of Management and Budget has published a new standard recommending full HTTPS on all federal web sites and web services. They are accepting public comments until April 14; if you care about privacy and security, you should weigh in.

This post is our public comment: we whole-heartedly support the federal government's adoption of this essential cybersecurity standard. We also urge all state, local, and national governments worldwide to follow suit, as soon as possible.

HTTPS, the secure version of HTTP, protects web browsing activity by encrypting and authenticating everything sent between an individual and a web server. It is rapidly replacing insecure HTTP on the Internet and security experts are making plans to provide warnings when accessing HTTP pages.

Without HTTPS, a person's browsing activity can be monitored by anyone who controls their network or simply uses the same WiFi network (using a technique called ARP poisoning). For many people, the list of possible snoops could include their employer, school, ISP, national spy agencies, parents, spouse, and/or fellow library patrons. HTTPS is not a silver bullet for all security and privacy problems,1 but no site can be secure or private without it.

Unfortunately, federal web sites have lagged far behind industry in implementing HTTPS. The most popular commercial web sites, like Google, Facebook, and Twitter, have used HTTPS-only for years. But many federal web sites don't implement HTTPS at all, making it impossible to access them securely. Other sites implement HTTPS, but don't make it the default. And some offer HTTPS but with out-of-date, insecure software and configurations.

Government web sites receive a wide array of confidential information. That information absolutely needs to be protected from eavesdropping. But HTTPS doesn't just protect uploaded information like social security numbers. It also protects the confidentiality of what people read. A few examples of how failure to deploy HTTPS puts citizens at risk:

This is just a sample of the many protected groups who need and deserve real confidential access to government services.

Fortunately, deployment of HTTPS is easier and cheaper than it has ever been. We call on the federal government to implement the HTTPS-Only Standard as quickly as possible. State, local, and national governments worldwide should do the same.

If you agree, please share your views with the government by submitting a public comment to the Office of Management and Budget, either by email, or through GitHub. We also encourage you to contact your state governor and CIO requesting implementation of the HTTPS-Only Standard.

By the way: you are welcome to use any or all of this document in your own public comments. Like all content on the EFF website, it is Creative Commons-licensed. This page in particular is under CC0.

  • 1. For instance, HTTPS can't guarantee that sites don't have security bugs like CSRF or XSS vulnerabilities; without additional protections like Tor, a Web user's anonymity can still be at risk because the IP address of their computer and the servers they communicate with are still exposed to network observers; without tools like Privacy Badger users may be vulnerable to various forms of third party tracking. Even less obviously, in some cases the content a user is downloading or the features of a site they are using can be inferred by an observer performing traffic analysis on the size of packets they are sending and receiving.

Share this:   ||  Join EFF
Categories: Aggregated News

El Debate En Favor De La Retención de Datos En Paraguay Apela A La Sensibilidad Pública - Thu, 09/04/2015 - 09:04

Tras el rechazo unánime en la Cámara de Diputados del proyecto de retención de datos que obliga a los ISPs y telcos locales a almacenar por 12 meses los metadatos de las comunicaciones de todos los internautas en Paraguay, la difusión masiva de unas fanpages que divulgaban materiales de pornografía infantil intenta utilizarse para revertir aquella decisión legislativa, ahora que Pyrawebs ha pasado al Senado para que sea definitivamente aprobada o rechazada.

Estas fanpages, que según versiones oficiales se creó en México, lograron obtener un poco más de 5.000 "Me Gusta" desde Paraguay durante los últimos días de la Semana Santa. La página fue hallada por varios usuarios de Twitter y Facebook, que lograron que Facebook lo diera de baja, ante el masivo alcance y rechazo que obtuvo. Desde el viernes 3 de Abril, usuarios de redes sociales reportaron estos hechos en la cuenta oficial de Twitter del Ministerio Público @fiscalia_prensa.

La campaña de rechazo ciudadano al proyecto de Ley de Retención de Datos de Tráfico denominada “Pyrawebs”, en alusión a los delatores de la dictadura militar paraguaya, ha sido descalificada por varios fiscales del Ministerio Público, quienes organizaron una conferencia de prensa para comunicar el avance de las investigaciones del caso pornografía infantil en una tribuna para defender el proyecto de ley.

El proyecto de ley Pyrawebs obliga a los ISPs y las empresas de telecomunicaciones a retener los metadatos de todos los dispositivos fijos y móviles locales hasta por 12 meses, y cuyos datos pueden ser accedido por un Juez de Garantías mediante orden judicial. El proyecto establece que la retención puede hacerse para cualquier tipo de hecho punible, no solo el delito de pedofiilia.

El lenguaje del proyecto es tan ambiguo en relación a la información que deben almacenar, que obliga no solo a las compañías de telefonía e internet a retener los datos sino también a los cibercafés, librerías, universidades y plazas públicas que brindan acceso a internet.

Como en otras propuestas de retención de datos alrededor del mundo, la recolección indiscriminada de datos abre la posibilidad de quebrantar la confidencialidad entre doctores y pacientes, abogados y clientes, periodistas y sus fuentes, etc.

"El proyecto pyrawebs es tan ambiguo porque pretende la persecución de hechos punibles graves como el terrorismo y la pedofilia, pero en realidad toca todos los hechos punibles como calumnia, sobornos e incluso descargas que infrinjan las normas de copyright", manifestó el sociólogo y activista del software libre Luis Alonzo Fulchi, miembro de la ONG TEDIC, que ha seguido de cerca el proyecto de ley.

Paraguay deben mantener sus actuales obligaciones en materia de derechos humanos al presentar primero una ley genuina que proteja sus datos personales. De igual forma, los proyectos de retención de datos deben cumplir con los principios de legalidad, objetivo legítimo, necesidad, proporcionalidad, debido proceso entre otros.

Que el Senado paraguayo trate de revertir el rechazo al proyecto e intente aprobarlo sería un insulto a la dolorosa historia paraguaya, ignorando décadas de dictadura, vigilancia descontrolada, violaciones a la intimidad, persecuciones políticas… prácticas que lesionaron a la sociedad.

Nadie rechaza la necesidad de investigar delitos gravísimos como la pornografía infantil, pero esto no debe llevar a justificar proyectos que extralimitan la investigación de estos hechos, que siempre se han conducido de forma específica y no masiva.

Únanse a los activistas paraguayos en su lucha contra la ley Pyrawebs. La ONG TEDIC comparte el sitio así como un vídeo explicativo de los peligros de la retención de datos aquí.

Share this:   ||  Join EFF
Categories: Aggregated News



Advertise here!

Syndicate content
All content and comments posted are owned and © by the Author and/or Poster.
Web site Copyright © 1995 - 2007 Clemens Vermeulen, Cairns - All Rights Reserved
Drupal design and maintenance by Clemens Vermeulen Drupal theme by Kiwi Themes.
Buy now