ATTENTION ==========>> Post your story now in a forum at forums.altnews.com.au
Here’s the deal: right now, there’s a petition demanding reform to the Electronic Communications Privacy Act (known by its acronym, ECPA), a would-be privacy law passed in 1986. The Justice Department has argued this outdated law gives them the right to read your old emails and the documents you store in the cloud with a simple subpoena, rather than a judge-issued warrant. That’s crazy—and unconstitutional—but we’ve got a chance to fix it. If we can get 100,000 signatures on this petition before December 12, President Obama will be forced to go on the record on this issue.
ECPA reform is within our reach. It’s got momentum in Congress and a ton of support from industry. And although this is a very different issue from NSA mass spying, the attention on over-reaching surveillance has brought new life to the debate. Now we just have to show there’s grassroots support for protecting the privacy of our documents and emails. Signing this petition is the first step.
Related Issues: Privacy
Despite the U.S. Trade Representative's concerted efforts to push through a deal, the Trans-Pacific Partnership Agreement (TPP) will not be completed by the self-imposed deadline of the end of this year. That announcement, made in Singapore today at a closed press conference, is welcome: the U.S. Trade Representative's accelerated timeline has served as yet another means of restricting transparency, and a key pressure point in its campaign to get the U.S. Congress to abdicate its oversight role by granting "fast track authority." If you're in the U.S., you can contact your legislators and tell them to oppose that effort.
The closed press conference itself was representative of the needless secrecy surrounding the negotiation of this agreement. While the TPP ministers laid out the new timeline and opened the floor to questions, public interest groups were limited to the lobby of the building—not even allowed to stand in the back of the room and watch.
Of course, the announcement also comes just days after a leaked document showed major rifts in the positions of different countries and highlighted a number of substantive proposals where the United States has failed to secure international support for its stances. The TPP ministers announced "substantial progress" in the agreement, but no firm explanation of how the situation had changed since the release of those documents.
Without such an explanation, the public continues to rely on leaks to get important information about the agreement. And while they have been very helpful, leaks are no substitute for transparency. With both this most recent and earlier disclosures—such as the WikiLeaks publication last month of an entire draft proposal for the chapter titled "Intellectual Property"—the public gets just a snapshot, which may be out of date and incomplete.
There is one surefire way for negotiating countries to eliminate these leaks. They could simply release these documents, which are, after all, being negotiated in the public's name. Instead, the public has gotten glances only through the efforts of whistleblowers and groups like WikiLeaks. Even absent substantive complaints about the text—which are many—the completely opaque negotiation process is enough to strip the agreement of its legitimacy.
For the U.S. Trade Representative to ask for fast track authority against that backdrop is audacious, and for Congress to even consider it is irresponsible. Even without public text, the pushback against this agreement has been overwhelming. In just the past week we've seen Chilean legislators demanding their government provide more transparency to negotiations, Nobel prize-winning economist Joseph Stiglitz raise 12 "grave risks" presented by the leaked chapter, and even the Holy See take a stance against the policy-laundering associated with opaque multinational agreements.
Efforts to rush the agreement to completion despite those complaints are misguided at best, so it's a good thing that those efforts have stalled for the time being. But any reprieve is likely to be short, and in the new year negotiators are likely to ramp up the pressure.
The U.S. Trade Representative has been negotiating as if it already had fast track authority; our best hope in the U.S. of getting some oversight for this agreement is to ensure it doesn't get it. Contact your legislators today and tell them: no fast track authority for shady backroom deals.Related Issues: Free SpeechInternationalTrans-Pacific Partnership AgreementTransparency
Commercial unmanned aerial systems are set to start flying over US airspace in 2015. In November the Federal Aviation Administration released its final privacy rules for the six drone “test sites” that the agency will use to evaluate how drones will be integrated into domestic air traffic. These new privacy requirements were issued just days after Senator Markey (D-MA) introduced a new bill, the Drone Aircraft Privacy and Transparency Act, intended to codify essential privacy and transparency requirements within the FAA's regulatory framework for domestic drones and drone test sites.
In 2012 Obama signed the Federal Aviation Administration Modernization and Reform Act, which mandated that the FAA implement “test sites” to fly domestic drones before opening the door to nationwide regulations and licensing for commercial drone flying. 24 states have applied to be FAA drone test sites. While the FAA's rules do establish minimal transparency guidelines for the new drone test sites, the new rules apply only to the test sites and do not apply to the drones that are already authorized to fly.
While we appreciate the steps the FAA has taken so far, the agency could and should go further to require similar transparency from all drone operators. The FAA has already authorized almost 1,500 permits for domestic drones since 2007, but, despite our two Freedom of Information Act lawsuits for drone data, we still don’t know much about where these drones are flying and what data they are collecting.
It is especially important for the FAA to define basic data collection procedures for domestic drones because the technology enables a kind of surveillance not achievable by manned aerial or ground-based law enforcement or commercial entities. Some drones are capable of staying in the air for 16-24 hours at a time, much longer than a manned aircraft ever could. Drones can fly altitudes above 20,000 feet with super high resolution cameras and can monitor and track many people at once or intercept phone calls and text messages. Drones also cost far less to purchase, operate and maintain than helicopters and planes.
A number of drone bills have been introduced in Congress over the last two years, but Senator Markey's proposed legislation is demanding of both the FAA and drone operators when it comes to protecting the constitutional rights of Americans. The Drone Aircraft Privacy and Transparency Act calls for the FAA to institute and enforce guidelines for all licensed domestic drone flights—not just test sites—that include clear data minimization procedures, as well as transparency rules that require drone test site operators to disclose their data collection practices and how drone operators use, retain, and share all collected data.
Markey's bill requires the FAA to create a publicly searchable database of all awarded drone operator licenses, the logistical details of their operation, and each drone operator's data collection and minimization statement. Creating a database like this is within the FAA’s purview. The agency already runs other databases about aircrafts in national airspace, listing who is in the air, accident reports, and safety information.
Law enforcement agencies across the country are already flying drones without set national privacy guidelines in place. But at this point our most successful tactic for learning more about drones has been to sue for access to information. The American public shouldn't have to submit a FOIA request just to know if drones are overhead. Senator Markey’s bill is a strong start to what needs to be an ongoing conversation about the future of American privacy standards in light of the coming age of domestic drones. We need more lawmakers to speak up for greater transparency and accountability of both government and commercial operation of drones in our national airspace.
Until there are laws in place that mandate transparency, we encourage you to submit requests to your local law enforcement agency and city council to learn more about drone flights in your area. We've partnered with MuckRock, an open government organization dedicated to helping people send requests for public records, to campaign for greater transparency about drones that are already flying in the United States. If you're wondering what your own police agency may be doing with drones, go here and fill out this simple form so MuckRock can send in a public records request for you.
Related Issues: PrivacySurveillance DronesTransparencyRelated Cases: Drone Flights in the U.S.
Today, there are full-page advertisements running in the New York Times, Washington Post, Politico, Roll Call, and The Hill. They all have the same message: big tech companies are calling on Congress to rein in the mass surveillance. You can read the full message on the newly-launched Reform Government Surveillance site.
This is a victory for users—with the companies taking a giant step forward in supporting their customers’ rights. The five basic principles they announced today include:
While these are all valuable, the first one particularly heartened us: “Governments should limit surveillance to specific, known users for lawful purposes, and should not undertake bulk data collection of Internet communications.” With these principles, the companies are joining digital citizens worldwide in demanding a stop to the unrestrained, mass surveillance of our digital lives.
This is an important moment in the fight for surveillance reform. Right now, the United States Congress is facing a fundamental decision about how it will handle mass surveillance confirmed by the Snowden disclosures. There are bills that would rein in the mass surveillance in a meaningful way and others that would entrench the worst of the NSA’s surveillance practices into law. The primary bill championing reform is the USA FREEDOM Act, which EFF has praised as a strong step in the right direction even if it doesn’t go as far as we’d like. On the other hand, Senator Feinstein is pushing the so-called FISA Improvements Act, which attempts to legalize the bulk data collection of the NSA. (Join EFF in killing the bill.)
The events of the last six months have shown that pressure from the general public can help change things for the better. Since June, users around the world have been demanding an end to bulk collection of our digital communications—and have been calling on companies to join us in the fight. Just after the world began to see internal NSA documents exposing massive unchecked spying, EFF and Access Now launched a petition calling on big companies to demand surveillance reform. We targeted it at those companies that had been named in the Washington Post and Guardian articles about PRISM, the code-name for a secret NSA surveillance program.
The leaked files indicated the government had access to servers of nine major U.S. companies, including Facebook, Google, and AOL. The companies dispute that they had cooperated with the government in allowing direct access to millions of peoples’ digital communications, though sometimes with strange phrasings in their denials. We asked questions about the program, and then launched a grassroots campaign in partnership with Access Now demanding that US tech companies join individuals in calling for surveillance reform.
More recently, we learned that the NSA was getting direct access to major service providers, by stealing information off of links between the companies’ data centers—without the companies’ knowledge. This shows that policy reform is not the only thing necessary. While policy reform can protect against unconstitutional surveillance orders coming through the front door, encryption is just as important, protecting the backdoor against warrantless spying. In response, EFF called for tech companies to take steps to encrypt their data, as well as take the policy fight to Congress and the courts.
Over the last few weeks, several major companies have announced plans to increase encryption (see Encrypt the Web Report). Companies like Twitter, Facebook, and Google already had many of the encryption measures we think should be standard across the board; companies like Microsoft and Yahoo have committed to taking definite steps the near future.
But notably absent from the coalition are telecom companies, like Verizon and AT&T. These companies have long been considered the weak link when it comes to government access request. AT&T just announced that it would not respond to shareholder requests to be transparency about its relationship with the NSA.
So while this is a moment to celebrate, the battle is far from won. We’re looking forward to encouraging these companies to engage even more in fighting for users’ privacy rights in Congress even as they increase their digital security. We also urge companies to sign onto our robust international surveillance and human rights principles, which are in alignment with the five principles published by the tech companies, but include more protections for users.Related Issues: NSA SpyingRelated Cases: First Unitarian Church of Los Angeles v. NSA
Today, EFF—along with Engine, the App Developers Alliance, and Public Knowledge—filed a brief asking the Supreme Court to retain some sanity in the law and tighten up the rules around fee shifting. Fee shifting, sometimes called "loser pays," is already in the Patent Act. While the statute currently says that "the court in exceptional cases may award reasonable attorney fees to the prevailing party," the Federal Circuit has created a standard that makes this law essentially meaningless—fees are granted in but the smallest fraction of cases.
Properly applied, fee shifting can be an important tool to reign in patent trolls. Those trolls use the ballooning cost of patent litigation to extort quick settlements from potential defendants. Facing years in court and millions of dollars in legal fees, it's no wonder that so many defendants chose to not fight back. Of course, not fighting back only emboldens the trolls.
As we wrote in our brief:
The consequence of the Federal Circuit's withering of Section 285 protection is the creation of an industry of patent abusers, decimating the very small businesses and startups that drive American innovation. The intimidating cost of patent litigation is often sufficient to defeat those small parties before they even enter the courthouse door. These costs are not just legal fees: they are also the stress associated with litigation; employee time lost in deposition, discovery, and trial; and the stifling of productive output during the pendency of litigation. Thus, facing the threat of a lawsuit, a potential defendant finds itself with virtually no choice but to settle, even if it believes it has a meritorious noninfringement or invalidity case. And the proverbial analogy continues full-circle: feeding a troll just emboldens that troll to act again, while blighting the innovators upon whom the trolls feed.
Enter fee shifting. If defendants had reason to believe they might recover their costs and fees, even in some cases, it only stands to reason that more companies would join the ranks of those taking the fight back to the trolls.
The Supreme Court is not alone in looking into fee shifting. The Innovation Act, which just passed out of the House of Representatives, includes a provision that would strengthen fee shifting. And the White House, too, has explicitly endorsed expanding fee shifting. We'll be watching closely in the coming months and continue to petition courts and policy makers to level the playing field by giving those who face the threat of patent trolls tools to fight back.Files: octane_v_icon_eff_amicus_brief.pdfRelated Issues: Patents
For several weeks now, former Navy chaplain and Colorado Assembly candidate Gordon Klingenschmitt has been on a campaign to shut down the YouTube account of People for the American Way's Right Wing Watch (“RWW”) project. RWW reports and comments on the political views of folks like Klingenschmitt, using their own words. As we all learned in Writing 101: show, don’t tell.
Klingenschmitt apparently doesn’t appreciate the criticism those clips engender, so he’s been using false copyright claims to get them taken down. Now, with help from EFF and Hogan Lovells, PFAW is fighting back, demanding that Klingenschmitt end his campaign.
Some background: RWW’s YouTube account has over 2,000 video clips, from a variety of sources, cataloguing statements by right-wing political and religious figures. These video clips are used by RWW in its blog, and also by journalists and other opinion makers, in order to expose what RWW sees as extremist rhetoric. Among those clips are several dozen excerpted from Klingenschmitt’s show, also hosted on YouTube, called Pray in Jesus’ Name.
In response, Klingenschmitt’s filed a series of Digital Millennium Copyright Act (“DMCA”) takedown notices with YouTube targeting those clips. Because YouTube has a policy of shutting down accounts after three takedown notices, Klingenschmitt’s bogus complaints caused RWW’s entire account to be taken offline - twice.
Why bogus? Because the videos are clearly protected fair uses. The clips are noncommercial and transformative. The clips are placed in a distinct news and editorial context, for entirely different purposes from those motivating the original work. As such, RWW’s work is precisely the type of use the fair use doctrine was designed to protect. RWW uses only short clips, no more than necessary for the purpose of facilitating public commentary. And, the clips do not harm any market for Klingenschmitt’s works. Finally, the RWW blog and YouTube channel serve the public interest by advancing political criticism and debate.
It appears that Klingenschmitt does not care much about legal niceties like fair use. He’s publicly bragged about the campaign, and made it abundantly clear that his goal is not legal but political. RWW has challenged every takedown notice, using YouTube’s counter-notification process, and Klingenschmitt has never taken the next step of actually backing up his bogus claim by filing a lawsuit against PFAW (which he has to do to keep the videos down after a counter-notice). Instead, he just sends more notices.
As we have noted before, the “three strikes and you’re out” approach to DMCA notices taken by YouTube and other service providers is ripe for this kind of abuse. YouTube has made some improvements, but there’s much more service providers could do. (PFAW has a petition to YouYUbe asking them to change theri policies; you can support it here).
In the meantime, however, Klingenschmitt is now on notice: RWW’s clips are lawful fair uses, and it’s time to stop claiming otherwise. Klingenschmitt has plenty of tools for challenging RWW’s reporting and commentary, beginning with his own show. After all, the best answer to speech you don’t like is more speech. But he needs to take the DMCA out of his toolkit, now.Files: eff.hl_.lttkling.pdfRelated Issues: Free SpeechNo Downtime for Free SpeechIntellectual PropertyDMCA
Stephanie Lenz’s effort to hold Universal Music Group accountable for abusing the Digital Millennium Copyright Act (“DMCA”) to take down a home video of her toddler “dancing” to Prince in the kitchen is one step closer to fruition. Today, EFF and co-counsel Keker & Van Nest LLP filed an opening brief on behalf of Ms. Lenz in the federal Court of Appeals for the Ninth Circuit. And, as we explain in the brief, the case concerns whether Internet users—from Ms. Lenz to remix artists to scholars to documentary filmmakers—have any real protection against wrongful accusations of copyright infringement.Privacy info. This embed will serve content from youtube.com
Over the years, the case has garnered a great deal of media coverage. One reason for the interest is that Ms. Lenz was accused of infringement for doing something parents do all the time: documenting and sharing precious moments in the lives of their children. And it was not infringement: Ms. Lenz’s video was an obvious fair use, and protected expression under the First Amendment. Unfortunately, Universal's takedown policy was blind to fair use, and, therefore, guaranteed to result in these kinds of takedowns.
Section 512(f) of the DMCA is supposed to prevent this kind of abuse, by allowing users to hold copyright holders accountable when they misrepresent, in a DMCA notice, that the copy posted online is infringing. Universal claims that Congress never intended to require content owners to consider fair use before sending such notices.
Universal is wrong. When it passed the DMCA, Congress didn’t intend to give copyright holders a broad power to make other people’s speech disappear, without robust protection against abuse. That’s why Congress required copyright holders to consider whether a given use is authorized by law, as well as whether the copyright owner or its agent gave permission.
The brief also urges the Court to clarify that the sender of a takedown notice is required make reasonable determinations about the law. In other words, if a copyright holder is going to claim someone violates copyright law, it should first have some idea of what qualifies as a violation. Too often, we have seen copyright owners send takedown notices informed by only the vaguest notion of what actually qualifies as infringement. As we explain:
A law that grants a private actor the power to do what even a court cannot—cause the prior restraint of speech based on a purely ex parte review—alters not only the traditional contours of copyright protection but of our fundamental free speech doctrines. Such a law can only be tolerated, if at all, if the exercise of that power is tied to an obligation to understand what the law is, and to make reasonable assertions based on that understanding.
Ms. Lenz’s case offers the Ninth Circuit an opportunity to confirm that the DMCA balance remains what Congress intended and what the statute plainly provides. Let's hope the court takes it.var mytubes = new Array(1); mytubes = '%3Ciframe src=%22http://www.youtube.com/embed/N1KfJHFWlhQ?rel=1%26amp;autoplay=1%26amp;wmode=opaque%26?autoplay=1%22 width=%22400%22 height=%22250%22 class=%22video-filter video-youtube vf-n1kfjhfwlhq%22 frameborder=%220%22%3E%3C/iframe%3E'; Files: lenz.opening.public.pdfRelated Issues: Free SpeechIntellectual PropertyDMCARelated Cases: Lenz v. Universal
Patent reform is moving along nicely on Capitol Hill, but today we got some more really big news. The Supreme Court has agreed to take on the question of patentable subject matter. Specifically, it's time to talk about software patents.
A brief refresher: under the law, one cannot patent laws of nature, natural phenomena, or abstract ideas. Recently, the Supreme Court clarified this standard in two cases (here and here) that dealt with laws of nature. Despite clear guidance from the Court, when the Federal Circuit addressed the question as it relates to abstract ideas (read, software), it basically punted, failing to produce any meaningful rule of law for lower courts to follow. Even worse, it continued to muddy the waters by upholding crazy abstract patents like the one for watching an advertisement online before getting access to copyrighted content.
Today, the Supreme Court stepped in. It agreed to hear a case called Alice v. CLS Bank. We wrote about why that mattered here, but suffice it to say that the Court will be facing fundamental questions about whether many so-called software patents are impermissibly abstract.
We're glad that patent reform has momentum and that policymakers are targeting patent trolls. But the root of that problem, which has largely been missing from the public debate, is patent quality, specifically of software-related inventions. There can be no doubt: we have a problem with low-quality, abstract software patents in this country. We are incredibly glad to see the Supreme Court take on this important question and we look forward to weighing in.Related Issues: PatentsRelated Cases: Abstract Patent Litigation
We’ve asked the companies in our Who Has Your Back Program what they are doing to bolster encryption in light of the NSA’s unlawful surveillance of your communications. We’re pleased to see that four companies—Dropbox, Google, SpiderOak and Sonic.net—are implementing five out of five of our best practices for encryption. In addition, we appreciate that Yahoo! just announced several measures it plans to take to increase encryption, including the very critical encryption of data center links, and that Twitter has confirmed that it has encryption of data center links in progress. See the infographic.
By adopting these practices, described below, these service providers have taken a critical step towards protecting their users from warrantless seizure of their information off of fiber-optic cables. By enabling encryption across their networks, service providers can make backdoor surveillance more challenging, requiring the government to go to courts and use legal process. While Lavabit’s travails have shown how difficult that can be for service providers, at least there was the opportunity to fight back in court.
While not every company in our survey has implemented every recommendation, each step taken helps, and we appreciate those who have worked to strengthen their security. We hope that every online service provider adopts these best practices and continues to work to protect their networks and their users.
Crypto Survey Results
UPDATE, November 20, 2013: Facebook and Tumblr have provided further information to supplement the Encrypt the Web Report. We're pleased to report that Tumblr is planning to upgrade its web connections to HTTPS this year and implement HSTS by 2014, and Facebook is working on encrypting data center links and implementing STARTTLS.
UPDATE, November 22, 2013: Google has provided further information to supplement the report on its use of HSTS. See the updated chart below and the notes for more information.
UPDATE, December 5, 2013: Microsoft has provided further information, announcing a plan to expand encryption across all its services, including encrypting links between data center and implementing forward secrecy by the end of 2014.Encrypts data center linksSupports HTTPSHTTPS Strict (HSTS)Forward SecrecySTARTTLSundeterminedlimitedundeterminedundetermined
Notes: The information in this chart comes from several sources; the companies who responded to our survey questions; information we have determined by independently examining the listed websites and services and published reports. Some of the surveyed companies did not respond to the survey.
Recognizing that some of these steps will take time to implement, we gave credit to companies that either (1) have implemented or (2) have concrete plans to implement the listed encrytion process, as noted.
For STARTTLS, the red and grey shading indicates whether or not the company is a major email service provider. While encourage all companies to implement STARTTLS, even if they only provide email for their own employees, the issue is most critical for companies that provide email communications to the public.
Google implements HSTS on a set of services1, including mail, drive and accounts, via pre-loading in the Chrome browser. This list was also preloaded in the Firefox browser, however, due to a bug, this preload list is currently non functional (Nov. 22, 2013). We understand that a resolution is in progress.
This graphic is also available as an image file.
Why Crypto Is So Important
The National Security Agency’s MUSCULAR program, which tapped into the fiber-optic lines connecting the data centers of Internet giants like Google and Yahoo, exposed the tremendous vulnerabilities companies can face when up against as powerful an agency as the NSA. Bypassing the companies’ legal departments, the program grabbed extralegal access to your communications, without even the courtesy of an order from the secret rubber-stamp FISA court. The program is not right, and it’s not just.
With that in mind, EFF has asked service providers to implement strong encryption. We would like to see encryption on every step of the way for a communication on its way to, or within, a service provider’s systems.
For starters, we have asked companies to encrypt their websites with Hypertext Transfer Protocol Secure (HTTPS) by default. This means that when a user connects to their website, it will automatically use a channel that encrypts the communications from their computer to the website.
We have also asked them to flag all authentication cookies as secure. This means cookie communications are limited to encrypted transmission, which directs web browsers to use these cookies only through an encrypted connection. That stops network operators from stealing (or even logging) users' identities by sniffing authentication cookies going over insecure connections.
To ensure that the communication remains secure, we have asked companies to enable HTTP Strict Transport Security (HSTS). HSTS essentially insists on using secure communications, preventing certain attacks where a network pretends that the site has asked to communicate insecurely.
All of these technologies are now industry-standard best practices. While they encrypt the communications from the end user to the server and back, the MUSCULAR revelations have shown this is not enough. Accordingly, we have asked service providers to encrypt communications between company cloud servers and data centers. Anytime a users’ data transits a network, it should be strongly encrypted, in case an attacker has access to the physical data links or has compromised the network equipment.
In addition, we have asked for email service providers to implement STARTTLS for email transfer. STARTTLS is an opportunistic encryption system, which encrypts communications between email servers that use the Simple Mail Transfer Protocol (SMTP) standard. When a user emails someone on a different provider (say, a Hotmail user writing to a Gmail user), the mail message will have to be delivered over the Internet. If both email servers understand STARTTLS, then the communications will be encrypted in transit. If only Gmail does but Hotmail does not (the current situation), they will be in the clear and exposed to eavesdropping, so it’s critical to get as many email service providers as possible to implement the system.
Finally, we have asked companies to use forward secrecy for their encryption keys. Forward secrecy, sometimes called ‘perfect forward secrecy,’ is designed to protect previously encrypted communications, even if one of the service providers’ keys is later compromised. Without forward secrecy, an attacker who learns a service provider’s secret key can use it to go back and read previously incomprehensible encrypted communications—perhaps ones that were recorded months or years in the past.
Al igual que el año pasado y el anterior a ese, la EFF recibe las fiestas de fin de año con una nueva lista de deseos; cosas que nos encantaría que sucedieran para nosotros y cada usuario de internet en el mundo por estas fiestas. Estas son algunas de las acciones de parte de gobiernos, empresas e individuos, que nos encantaría ver en este nuevo año.
Los ciudadanos, organizaciones, funcionarios de privacidad, y gobiernos deberían unirse en torno a los Principios Internacionales sobre la Aplicación de los Derechos Humanos a la Vigilancia de las Comunicaciones y sumar sus voces para dejar claro que la vigilancia masiva viola las normas internacionales de derechos humanos.
El Departamento de Justicia debería notificar a todos los que han sido condenados por un delito utilizando evidencia, derivada directa o indirectamente, a partir de los programas de vigilancia sin orden judicial (y no sólo notificar a un minúsculo y privilegiado grupo de acusados??).
Todos los sitios de Internet deberían adoptar las mejores prácticas de cifrado para cada una de las conexiones en cada momento, incluyendo PFS, STARTTLS, HSTS, y el tráfico cifrado entre los centros de datos.
Cada dispositivo inalámbrico debería permitirte cambiar tu dirección MAC (un número de serie del hardware), y ningún nuevo estándar de tecnología debería ser diseñado para transmitir los números de serie de hardware persistentes en el aire o en una red. (Si el dispositivo sigue enviando el mismo número de serie del hardware, como dispositivos wifi y teléfonos celulares, entre otros, quien sea que esté en el otro extremo o que logre incerceptar su comunicación puede reconocer su identidad y hacer un seguimiento de su ubicación. Las empresas y los gobiernos ya están tomando ventaja de esto para construir bases de datos masivas de nuestros dispositivos.)
No hace falta decir que 2013 ha sido un año importante para la transparencia, la seguridad, la privacidad y más. Veámoslo a lo grande haciendo que algunos de estos importantes deseos se hagan realidad.Related Issues: DRMDefend Your Right to Repair!Terms Of (Ab)UseInternationalInternational Privacy StandardsMass Surveillance TechnologiesState Surveillance & Human RightsCell TrackingEncrypting the WebLocational PrivacyNSA SpyingRFIDSecurityComputer Fraud And Abuse Act ReformTransparency