This week EFF joined an amicus brief in support of a college student who was expelled from school for comments he made on Facebook.
Craig Keefe was a nursing student at a public college in Minnesota when he posted several comments on his Facebook profile expressing frustration about certain aspects of the nursing program, including what he considered to be favoritism of female students. Keefe also engaged in a dispute with one of his classmates, calling her a "stupid bitch." While his Facebook profile was publicly viewable, he was off-campus when he posted his comments and did not use any school resources.
Keefe’s Facebook comments were brought to the attention of school administrators, who concluded that the comments constituted "behavior unbecoming of the profession and transgression of professional boundaries."
Keefe sued the school administrators under 42 U.S.C. §1983, a federal statute that gives citizens a right to sue state government institutions or officials for violations of individual rights under the federal Constitution. He argued that the expulsion violated his free speech and due process rights under the First and Fourteenth Amendments. A federal trial judge in Minnesota disagreed and ruled in favor of the school administrators.
We joined the Student Press Law Center, American Booksellers Foundation for Free Expression, and the National Coalition Against Censorship in filing the amicus brief in support of Keefe in the Eighth Circuit Court of Appeals. The brief argues that the First Amendment protects Keefe because his comments, in part, related to matters of public concern, including alleged gender discrimination in the nursing program. The brief also highlights Supreme Court precedent that states that college students have greater free speech rights than minor students, and that off-campus speech receives greater protection than on-campus speech.
While courts across the country have been struggling with determining how much jurisdiction public school officials should have over the social media lives of students, we believe that Keefe’s case involves a clear violation of his constitutional rights.Related Issues: Free Speech
Share this: || Join EFF
San Francisco - The Electronic Frontier Foundation (EFF) and a coalition of technology and free speech organizations are asking the United States Court of Appeals for the Ninth Circuit to fix a disastrously wrongheaded copyright ruling that required an online service provider to take offline—and keep offline—a controversial video that has been the center of a global debate.
This case, Garcia v. Google, centers on "The Innocence of Muslims," a short video on YouTube that sparked protests worldwide in the fall of 2012 with its anti-Islamic content. The video was even linked for a time to the attack on an American diplomatic compound in Benghazi, Libya, although that was later refuted.
"The Innocence of Muslims" includes a five-second performance from an actress named Cindy Lee Garcia, who says she was tricked into appearing in the film. Garcia sued Google under copyright law, insisting she had a copyright interest in her performance and demanding that Google take the video off YouTube and all other platforms. A district court refused to order the removal, noting that Garcia was not likely to succeed with her claim. A three-judge panel from the Ninth Circuit agreed that the claim was "debatable," but still ordered Google to remove all copies of "Innocence of Muslims" until the case was resolved.
"Based on an absurd copyright claim, the Ninth Circuit issued a order requiring an online platform to edit the historical record," said EFF Intellectual Property Director Corynne McSherry. "The ruling may have been well-intentioned, but it was both bad law and bad policy and that will have dangerous consequences for future creators."
The ruling shocked many in the legal and creative communities, and Google appealed the panel's ruling to the full Ninth Circuit. In an amicus brief filed in that appeal today, EFF argues that the panel's order violates basic legal procedure, ignores the public's free speech rights, and undermines core copyright principles.
"Ms. Garcia understandably wants to distance herself from this film. She was hoodwinked, and she has legal options to hold the producer of this film to account. However, copyright infringement is not one of those options," said EFF Staff Attorney Vera Ranieri. "If allowed to prevail, this case will prompt abuse of the copyright system and chill protected speech."
The American Civil Liberties Union, the American Library Association, the Association of College and Research Libraries, the Association of Research Libraries, the Center for Democracy and Technology, New Media Rights, and Public Knowledge joined EFF in this brief.
For the full amicus brief in Garcia v. Google:
For more on this case:
Electronic Frontier Foundation
Share this: || Join EFF
Today EFF is proud to join 35 groups from 19 countries around the world to officially launch the campaign website of a new global coalition for net neutrality, at http://www.thisisnetneutrality.org/.
The breadth and diversity of this coalition underlines how net neutrality has truly become a global issue. While Internet users in the United States are speaking up in favor of the reclassification of broadband as a telecommunications service, across the Atlantic activists are also fighting to preserve Europe's open Internet, which has been placed in jeopardy again this week. (Europeans can take action here.)
Although the powerful players in the net neutrality debate and the appropriate solutions to address the problem differ from country to country, the underlying objectives of open Internet advocates around the world are the same. That's why we have decided to come together to clearly state those objectives with a unified voice. The first step in speaking together was to agree on a simple shared definition of net neutrality, translated into eleven languages:
Net neutrality requires that the Internet be maintained as an open platform, on which network providers treat all content, applications and services equally, without discrimination.
This definition doesn't imply that Internet providers can't use reasonable methods to manage their networks, for example to ensure that all applications from voice calls to downloads run smoothly, or to secure their networks from malicious uses like denial-of-service attacks. Neither does it mean they can't offer users different tiers of service at different price points, such as a residential-level service and a business-level service.
But it does mean that these measures must not be used as a pretext to police communications on their networks, to bestow unfair commercial advantages on their own or particular third-party content, or to create a walled garden where only certain applications, services or protocols are welcome.
Of course our work doesn't end with just a definition. Right now coalition members from around the world are working to develop an information bank that will be hosted at http://www.thisisnetneutrality.org/ containing details of net neutrality laws, policies and practices in their countries, which can be used as an advocacy and education resource. Using this information, we aim to prove that high speeds and low costs for users are compatible with an open, competitive Internet.
Help us spread the word about why net neutrality isn't just an issue that affects one country, but is a fundamental building block of the Internet we want around the world. Attached to this post are images that you can use to signal your support for this new global coalition on your social network of choice.Links Net NeutralityInternational
Share this: || Join EFF
In politics, as with Internet memes, ideas don't spread because they are good—they spread because they are good at spreading. One of the most virulent ideas in Internet regulation in recent years has been the idea that if a social problem manifests on the Web, the best thing that you can do to address that problem is to censor the Web.
It's an attractive idea because if you don't think too hard, it appears to be a political no-brainer. It allows governments to avoid addressing the underlying social problem—a long and costly process—and instead simply pass the buck to Internet providers, who can quickly make whatever content has raised rankles “go away.” Problem solved! Except, of course, that it isn't.
Amongst the difficult social problems that Web censorship is often expected to solve are terrorism, child abuse and copyright and trade mark infringement. In recent weeks some further cases of this tactic being vainly employed against such problems have emerged from the United Kingdom, France and Australia.UK Court Orders ISPs to Block Websites for Trade Mark Infringement
In a victory for luxury brands and a loss for Internet users, the British High Court last month ordered five of the country's largest ISPs to block websites selling fake counterfeit goods. Whilst alarming enough, this was merely a test case, leading the way for a reported 290,000 websites to be potentially targeted in future legal proceedings.
Do we imagine for a moment that, out of a quarter-million websites, none of them are false positives that actually sell non-infringing products? (If websites blocked for copyright infringement or pornography are any example, we know the answer.) Do we consider it a wise investment to tie up the justice system in blocking websites that could very easily be moved under a different domain within minutes?
The reason this ruling concerns us is not that we support counterfeiting of manufactured goods. It concerns us because it further normalizes the band-aid solution of content blocking, and deemphasises more permanent and effective solutions that would target those who actually produce the counterfeit or illegal products being promoted on the Web.Britain and France Call on ISPs to Censor Extremist Content
Not content with enlisting major British ISPs as copyright and trade mark police, they have also recently been called upon to block extremist content on the Web, and to provide a button that users can use to report supposed extremist material. Usual suspects Google, Facebook and Twitter have also been roped by the government to carry out blocking of their own. Yet to date no details have been released about how these extrajudicial blocking procedures would work, or under what safeguards of transparency and accountability, if any, they would operate.
This fixation on solving terrorism by blocking websites is not limited to the United Kingdom. Across the channel in France, a new “anti-terrorism” law that EFF reported on earlier was finally passed this month. The law allows websites to be blocked if they “condone terrorism.” “Terrorism” is as slippery a concept in France as anywhere else. Indeed France's broad definition of a terrorist act has drawn criticism from Human Rights Watch for its legal imprecision.Australian Plans to Block Copyright Infringing Sites
Finally—though, sadly, probably not—reports last week suggest that Australia will be next to follow the example of the UK and Spain in blocking websites that host or link to allegedly copyright material, following on from a July discussion paper that mooted this as a possible measure to combat copyright infringement.
How did this become the new normal? When did politicians around the world lose the will to tackle social problems head-on, and instead decide to sweep them under the rug by blocking evidence of them from the Web? It certainly isn't due to any evidence that these policies actually work. Anyone who wants to access blocked content can trivially do so, using software like Tor.
Rather, it seems to be that it's politically better for governments to be seen as doing something to address such problems, no matter how token and ineffectual, than to do nothing—and website blocking is the easiest “something” they can do. But not only is blocking not effective, it is actively harmful—both at its point of application due to the risk of over-blocking, but also for the Internet as a whole, in the legitimization that it offers to repressive regimes to censor and control content online.
Like an overused Internet meme that deserves to fade away, so too it is time that courts and regulators moved on from website blocking as a cure for society's ills. If we wish to reduce political extremism, cut off the production of counterfeits, or prevent children from being abused, then we should be addressing those problems directly—rather than by merely covering up the evidence and pretending they have gone away.Related Issues: Free SpeechInternational
Share this: || Join EFF
Yesterday, EFF filed an amicus brief at the Federal Circuit urging it to confirm that U.S. Patent No. 6,585,516 improperly claims ineligible abstract ideas. In the brief, we argue that the patent on using picture menus stored in a database to create meals should never have been granted in the first place. But more importantly, EFF argues that the Federal Circuit should confirm that quick, early decisions as to patent eligibility are vital to clearing our system of bad patents.
U.S. Patent 6,585,516, owned by DietGoal Innovations, LLC, is a pretty typical bad patent. It’s got a complex-sounding title (“Method and system for computerized visual behavior analysis, training, and planning”), a few practically-meaningless flow charts (look at all the arrows!), and a claim that says not much more than “showing pictures of meals on a computer so people can pick what to eat that day” (this is not actually the text of the claim, but it is a fair paraphrase).
DietGoal is also a typical troll. Since 2011 it’s sued over 70 different companies, including restaurant chains such as Pita Pit, Taco John’s, and Panda Express. This is a favorite tactic of trolls: go after those who rarely encounter patent litigation in hopes that they won’t fight back.
But at least one defendant did fight back: Bravo Media. Bravo was sued for offering the public recipes (and presumably pictures) from its “Top Chef” show. Unlike many defendants faced with a troll lawsuit, Bravo did not just settle. Instead, Bravo filed, and won, a motion for “summary judgment” (a court procedure that can end the case before it goes to a jury). The court found the patent invalid because it claimed matter that is ineligible for patent protection.
DietGoal appealed that decision, but given the Supreme Court’s recent decision in Alice v. CLS Bank regarding what patents can and can not cover, and a recent Federal Circuit opinion, we don’t expect DietGoal’s patent to survive. In fact, when Alice was decided, we used DietGoal’s patent as our example of the kind of patent that was destined to be thrown out. We said as much in our amicus brief.
But more importantly, we urge the Federal Circuit to recognize that courts should decide motions about whether patent claims are abstract (and therefore, invalid) as quickly as possible. Trolls, even when they have a patent that is likely invalid, often get to repeatedly sue companies because it is too expensive to fight back. Unfortunately, settling with a troll is often cheaper than fighting. The courts, however, can make it easier for defendants to fight by recognizing that whether a patent claims ineligible abstract ideas is often something that can be decided early, without massive expenses and without giving the troll the opportunity to extort settlement.
We filed the amicus brief on behalf of a diverse group of non-profits and industry associations: Application Developers Alliance, the Computer and Communications Industry Association, EFF, Engine Advocacy, the National Restaurant Association, and Public Knowledge.Related Issues: PatentsPatent Trolls
Share this: || Join EFF
"We want information to flow like water,” protesters yelled outside San Francisco City Hall in the pouring rain, rallying in support of keeping the Internet open. The rally was in advance of a public forum inside City Hall on the looming net neutrality debate.
The San Francisco Bay Area has been one of the most vocal places in the nation in the fight for net neutrality, and there's a reason: Internet openness is crucial to the path-breaking artists, technologies, and businesses that thrive in this state.
The Bay Area is home to some of the world’s most recognized technology companies and bleeding-edge inventors and creators. And although this region certainly has a heavy stake in the outcome of the FCC’s net neutrality decision, the vast majority of policy conversations are happening in DC.
That’s why EFF collaborated with other local and national organizations at San Francisco City Hall last Thursday to host “Bay Area Speaks: A People’s Hearing on the Future of the Internet.” Joined by Former FCC Commissioner Michael Copps, librarians, public officials, and environmental activists, hackers, entrepreneurs, and educators, everyday Internet users from diverse Bay Area communities packed the room at City Hall to testify on why Internet openness is central to our lives.The Rally Corporate telecom puppet by David Solnit
The evening began with a rally outside. Holding up a giant puppet of a suit holding a money bag labeled “I$P” and a briefcase that read “net profit,” demonstrators braved the rain Thursday evening to make sure their voice is heard. Protestors projected giant images in front of City Hall that read “Information Flows Vs. Slow Lanes” and “Net Freedom vs. Corporate Control.”
And as the rain poured, the net neutrality rally was joined in front of City Hall by demonstrators calling for justice for 43 disappeared students in Mexico. Back and forth in solidarity, activists shared the stage. Common threads emerged on corruption, transparency, and the centrality of organizing online for all projects of social justice and political change. A theme was clear: when corporations or governments control how we access information and connect to each other, democracy loses.Inside City Hall Jennifer Johns sings to a packed room.
The room was packed. Silently, Oakland musician and activist Jennifer Johns walked to the front before breaking out into a powerful song that brought the room to a focused attention.
EFF’s Intellectual Property Director Corynne McSherry kicked off the event, helping to remind us that only a few short months ago the FCC proposed a set of rules that would have given Internet providers clearance to charge websites to reach users faster.
But millions of people took action.
“And what happened?” McSherry asked the room. “The world changed. The FCC heard us load and clear… and last week we learned that the President heard us loud and clear.” The week before the hearing, net neutrality activists experienced a huge gain in momentum when President Obama came out in full support of bright-line net neutrality rules that would protect the open Internet, leaving the FCC to re-write their proposal.
Despite having received invitations, none of the FCC Commissioners made it to San Francisco for the night. Still, long time public interest champion and former FCC Commissioner Michael Copps flew in from Washington D.C. to speak. He reminded us what a world without net neutrality will looks like:
“If Internet service providers can unilaterally decide what news we can hear and what news we can’t, who can advocate online and who can’t, who can get the word out about rallies like the one here tonight… If they can decide that online fast lines will become the playground of the few rather than the common right of all of us, then we are in for real trouble in this country. And we will not be able to solve any of the problems that this country faces right now.”Internet Users Shared Their Stories Privacy info. This embed will serve content from youtube-nocookie.com
We heard from librarian Amy Sonnie, outreach director for Oakland Public Libraries, who pointed out, ”Net neutrality is critical for intellectual and academic freedom in the digital age.” Public interest advocates like Ana Montes from The Utility Reform Network, and Malkia Cyril from Media Action Grassroots Network, spoke out. Internet entrepreneurs and technologists like Dan Jasper CEO of Bay area ISP Sonic.net and Tim Pozar of Fandor.com joined the call for FCC rules that will protect net neutrality.
We heard from public officials like Oakland City Council President Rebecca Kaplan, Chris Witteman from the California Public Utilities Commission, and San Francisco Chief Officer of Innovation Jay Nath, all talking about how local governments are fighting for net neutrality rules that will protect local Internet users.
Musicians and artists spoke out. As Thao Nguyen, a popular independent musician put it, “It is plain to see now more than ever, that no musician can release a record, reach listeners or to grow a fan base without the ability to share their work unimpeded on the Internet.”
An organizer from Greenpeace shared how the centrality of the open Internet to their political organizing, Naomi Most from the Noisebridge hackerspace in San Francisco talked about the Internet has a level playing field, and advocacy interests of all stripes joined us: a representative from Engine Advocacy talked about the needs of startups, Paul Goodman of the Greenlining Institute talked about why net neutrality is an issue of particular importance for racial justice, and Dave Steer, advocacy director at Mozilla, talked about why they continue to fight for an open Internet.We Will Continue to Fight
Throughout this year four million Internet users commented to the FCC demanding regulators enact real, clear net neutrality rules that will prohibit Internet providers from speeding up or slowing down how we access parts of the web. Over 99% of the comments in the rulemaking were calling on the FCC to craft the kinds of rules that will protect Internet users from censorious and discriminatory conduct by Internet service providers.
To be more specific, Internet users are asking the FCC to change the way the service of providing access to the Internet is classified under federal law. Right now, the FCC legally considers Internet access to be an “information service,” but legally the FCC is only allowed to enact meaningful net neutrality consumer protections if Internet access is reclassified as a “telecommunications service” (under Title 2 of the 1934 Communications Act). As Dave Steer from Mozilla put it, “Full Title II reclassification is the cleanest, simplest path forward.”
The policies might seem complicated, but the concept isn’t. New political blogs, artist websites, startups, or growing businesses that can’t afford expensive fees for better service will face new barriers to success, leaving users with even fewer options and a less diverse Internet.
The future of the Internet is our future. It is why Bay Area activists stood with signs of giant cell phones and laptops in the rain outside San Francisco City Hall last Thursday.
And as the net neutrality debate looms in Washington D.C., we will continue to speak out, raise our voice, and we won’t stop fighting until we get the kinds of policies that will serve the information needs of our communities. Stay tuned. It’s not over yet.var mytubes = new Array(1); mytubes = '%3Ciframe src=%22//www.youtube-nocookie.com/embed/3y7VM6IjKzU%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; Related Issues: Net NeutralityStudent and Community Organizing
Share this: || Join EFF
Ever wanted to own the latest in “teamwork” technology? Well, you’re in luck. On December 8, Penn State is holding a large patent auction, and one of the items is U.S. Patent 8,442,839. This patent purports to describe an improved collaborative “decision-making process.” As well as being a good example of a silly patent, this month’s winner highlights concerns with universities trying to monetize their patent portfolio. Why would a university, which presumably has a mission of promoting knowledge and innovation, sell an unsuccessful patent that has no value except to a troll?
First, a little background. In April this year, Penn State held its first patent auction. It offered exclusive licenses to dozens of patents but only received a single bid (meaning that it likely didn’t even recover the cost of holding the auction). This is consistent with experience at other schools. Evidence shows that the vast majority of technology transfer offices lose money for their university. Selling old patents brings universities little revenue but risks contributing to the wider economic harm from patent trolling. Indeed, over 60 universities (paywall) have sold patents to infamous patent troll Intellectual Ventures.
Many, including EFF, have expressed concerns with universities selling to patent trolls. To its credit, Penn State says that it does not want to foster patent trolling. And it has included some licensing terms that will discourage trolls from buying its patents (including a six month bar on filing infringement actions). But it is difficult to see how a patent like U.S. Patent 8,442,839 would have value to anyone but a troll.
The patent, titled “Agent-based collaborative recognition-primed decision-making,” includes a single independent claim. Steps include “receiving information regarding a current situation to be analyzed,” interacting to receive “assistance in the form of assumptions or expectancies about the situation,” and using “collected information to determine whether a decision about the situation is evolving in an anticipated direction.”
The patent reads a little like what might result if you ate a dictionary filled with buzzwords and drank a bottle of tequila. A typical passage explains:
Story building also involves information gathering, but it is more than cue-driven information investigation, because the agents are still unclear about what cues to investigate. Therefore, the key is to identify a collection of cues which the team needs to pay attention to. Our model adopts a combination of two mechanisms: hypothesis exploration and experience synthesization.
In other words: learn from experience. The patent examiner originally rejected the application as not directed to patentable subject matter. Penn State responded by amending its claim to “include a team-oriented computer architecture that transforms subject matter.” In other words, it took an abstract patent and said, “Do it on a computer.”
Fortunately, the Supreme Court has put a stop to this kind of nonsense. We think Penn State’s patent would be found invalid under Alice v. CLS Bank. But even invalid patents have value to patent trolls. This is because they can use the cost of litigation to extort settlements. Indeed when patent trolls are actually forced to litigate to the merits, they lose over 75% of the time.
We urge Penn State and all universities to be more responsible. Instead of selling patents that have little value except as litigation weapons, universities should focus on true technology transfer—partnering with others to bring new technologies into the world. And universities should end their opposition to patent reform. We have a petition calling on universities to support patent reform here. Sign it now!Related Issues: PatentsInnovation
Share this: || Join EFF
It’s looking like we might be on the brink of another crypto war. The first one, in the 90s, was a misguided attempt to limit the public’s access to strong, secure cryptography. And since then, the reasons we need the good security provided by strong crypto have only multiplied. That’s why EFF has joined 20 civil society organizations and companies in sending a letter to the National Institute of Standards and Technology (NIST) to “re-emphasize the importance of creating a process for establishing secure and resilient encryption standards, free from back doors or other known vulnerabilities.”
As the letter points out, in September 2013, ProPublica, the Guardian, and the New York Times revealed that the NSA had systematically “circumvented or cracked much of the encryption, or digital scrambling” that protects the Internet, “collaborating with technology companies in the United States and abroad to build entry points into their products.” As ProPublica explained,
[T]he agency used its influence as the world’s most experienced code maker to covertly introduce weaknesses into the encryption standards followed by hardware and software developers around the world.
And these broken standards appear to have led to a serious impact on U.S. technology companies, which "may lose as much as $35 billion in the next three years from foreign customers choosing not to buy their products over concern they cooperate with spy programs.”
Although NIST has taken some steps to remedy these problems, more is needed “to rectify NIST’s trust deficit.” The letter lists specific recommendations to improve transparency, strengthen NIST’s cryptography work, and increase public understanding and engagement. For example:
NIST should establish a policy wherein the Agency publicly explains the extent and nature of the NSA’s consultation on future standards and any modifications thereto made at NSA’s request.and NIST should begin a review process to ensure that wherever possible the same information is published for standards that are currently in use.
The coalition’s recommendations were “heavily echoed in the reports submitted by the members of NIST’s appointed Committee of Visitors (CoV). The CoV is a distinguished panel of experts appointed by NIST. . .” The CoV also made recommendations to NIST, several of which are emphasized in the letter:
NIST must expand to include independent full-time technical expertise and additional funding in order to decrease reliance on the NSA and other members of the Intelligence Community.
We hope that NIST will take the recommendations seriously. U.S. businesses are suffering, and the NSA’s actions have made the Internet less safe for everyone. Serious action is needed to restore trust in NIST— and to protect the public good.
You can read the full text of the letter and see the signatories here.Files: coalition-nist-nov2014.pdfRelated Issues: Export ControlsPrivacyEncrypting the WebNSA Spying
Share this: || Join EFF
New Mexico law is so devoid of any established authority for this practice, a reasonable prosecutor, upon the exercise of diligent research could determine that the practice was very probably unlawful.
- Judge John Paternoster, Eighth Judicial District of New Mexico
The National Security Agency isn’t the only agency that’s willing to flout the laws of the land in order to obtain your telephone records. As we’re learning from a case out of New Mexico, local prosecutors may be to willing to ignore rights enshrined in the Constitution for an unfair advantage in criminal cases.
The case at hand involves the office of the District Attorney for the Eight District of New Mexico, which covers three counties in Northern New Mexico, including Taos. D.A. Donald Gallegos and one of his subordinates are facing disciplinary charges after they were caught issuing at least 91 bogus subpoenas to eight telephone companies for customer call records.
The subpoenas came to light during the prosecution of a 2013 armed robbery at an electric cooperative. Suspecting it was an inside job, the Taos police department worked with the prosecutor’s office to begin issuing subpoenas to telecoms for records related to dozens of phone records. Several batches of subpoenas were discovered related to other cases.
The problem is the District Attorney had no authority to issue “stand-alone subpoenas” under court rules, state law, or the New Mexico Constitution [PDF, PDF]. Prosecutors are only allowed to subpoena records when they represent a party in a case, (i.e. a grand jury has been convened or a criminal case has been filed) and they cannot use subpoenas during the police investigative process. Instead the prosecutor attached a generic case number—the kind usually reserved for miscellaneous court matters, such as bond forfeitures and oaths of office—not cellphone records requests.
The subpoenas weren’t signed by a judge or authorized by a grand jury. They weren’t even the right form [PDF] for issuing requests for records. As such, the subpoenas did not include the "essential" language alerting the recipient of remedies and protective measures. Rather, the documents threatened contempt of court sanctions for any telephone provider that failed to hand over the records.
A stand-alone subpoena, in improper form, issued and signed by a prosecutor in aid of police investigation, before a criminal cause is properly commenced, as in the instant facts is simply without precedent, analogy or lawful authority in New Mexico law.
The subpoenas in question were issued by the prosecutor without any judicial oversight, and allowed the police to obtain evidence during a criminal investigation without meeting the requirements of Article II 10 of the Constitution of New Mexico.
It is objectively unreasonable for the prosecutor to believe that his conduct was lawful.
The prosecutor had no reasonable basis in law for issuing the subpoenas and had no reasonable basis in law to present the evidence to the grand jury, and therefore acted in objective bad faith, and tainted the grand jury with evidence.
Judicial smackdowns don’t come much harder than that. The district attorney is appealing, but at the same time the oversight body authorized by the New Mexico Supreme Court to review allegations of attorney misconduct has completed its own investigation. The Disciplinary Board is now pursuing formal professional misconduct charges against the lawyers [PDF, PDF].
That process will play out over the next few months, but in the meantime there’s another piece of the puzzle worth addressing. If the subpoenas were so obviously illegal, why didn’t a single one of the telecommunications company question their legitimacy?
According to the filings, eight telecommunications providers complied with the questionable subpoenas and handed over customer call records. They are:Verizon AT&T (Cingular)
T-MobileCommnetCricket (since acquired by AT&T)Level 3 CommunicationsMetroPCSSprint/Nextel
As we told each of these providers in a letter [PDF], EFF strongly believes that part of a telecommunication company’s cost of doing business in any particular state is to ensure that local law enforcement requests for customer data comply with state law. That is particularly true when state laws, such as New Mexico’s, contain stronger legal protections than those that exist under the Fourth Amendment to the U.S. Constitution or the federal Stored Communications Act.
We are asking the involved companies to take a few concrete actions in response to the bad-subpoena scandal:
First, they should go back and review all subpoenas that the district attorney’s issued, determine if other subpoenas it received were similarly defective and release the actual numbers of subpoenas they processed that may have been illegal.
Second, they should review their own legal process to identify how the company’s legal compliance team assesses the validity of subpoenas under state law. Then they should institute new polices to make sure it doesn’t happen again.
Finally, they should confirm whether the customers targeted by the subpoenas were informed of the existence of these subpoenas. If not, customers should be informed immediately.
So far, T-Mobile is the only provider to respond to our letter. While Senior Corporate Counsel Patricia Cauldwell indicated that they were unaware of the controversy until we brought it to their attention, she argued that T-Mobile acted in good faith and defended the company’s practice of rejecting requests when they appear to be defective.
“[W]e would not expect to see a prosecutor in New Mexico use subpoenas like these again in a criminal investigation before convening a grand jury and we expect that the judicial system in New Mexico is well capable of correcting the problem,” Cauldwell wrote [PDF].
We’re not convinced that’s a safe bet. The telecommunications industry is very well aware that the public is becoming more and more skeptical of how these companies interact with intelligence and law enforcement agencies. But for all the NSA and FBI’s questionable practices, local law enforcement agencies are just as prone to shenanigans.
Phone companies need to not only tell cops to come back with a warrant or subpoena, but come back with one that’s actually legal.Files: 5-511_nmra.pdf 5-511_subpoena_form.pdf 2014.10.01_specification_of_charges_d_gallegos.pdf 2014.10.01_specification_of_charges_e_chavez.pdf 2014.04.08_decision_on_mtn_to_quash.pdf 2013nmconst.pdf letter_from_the_electronic_frontier_foundation_regarding_new_mexico_subpoenas.pdf letter-from-t-mobile-redacted.pdfRelated Issues: Know Your RightsCell Tracking
Share this: || Join EFF
This week EFF attended a meeting of the Human Rights Working Group of the Global e-Sustainability Initiative (GeSI), a global industry forum that includes many of the world's largest IT and communications companies, including AT&T, BlackBerry, HP, Microsoft, Telefónica, Verizon, and Vodafone.
Responding to both global and regional calls for industry to share more responsibility for the human rights impacts of ICT products and services, GeSI's human rights project aims to enliven greater vigilance amongst its members as to the human rights impacts of their activities throughout the supply chain.
GeSI members themselves are the best evidence of the need for this project. The most proximate example is given by the meeting's host AT&T, which a few days before the meeting announced that it had ceased to secretly track its mobile Internet users with unblockable super cookies. Frankly, a company with annual revenues exceeding a hundred billion dollars should not be making this kind of glaring obvious privacy mistake to begin with.
The new human rights projects which GeSI members are discussing, and which EFF broadly supports, aim to provide them with a clear road map of possible human rights impacts across the ICT value chain, with particular emphasis on the possible unforeseen impacts of new technologies, and drawing on case studies from GeSI members. We made the clear point that external stakeholders—and not just customers, but also other affected communities—should also be an integral part of that conversation.
Whilst we were grateful for the invitation and happy to contribute our views, we remain to be fully convinced that large ICT companies have yet given enough priority to addressing the human rights impacts of their operations. Too much of the industry discourse around human rights—as the GeSI working group actually acknowledged—revolves around how human rights impacts affect stakeholder perceptions and contribute to business risk, rather than placing the severity of those impacts on vulnerable stakeholders front and center.
This is not to doubt the sincerity of the corporate representatives who participated, many of whose jobs are dedicated to fulfilling their employers' corporate social responsibilities. Even so, there were some grumblings about “budget limitations”, about how activists “love bad news and ignore good news”, and how GeSI should “not be too ambitious” with its human rights projects. These point towards the need for a more fundamental cultural shift within industry boardrooms to ensure that human rights concerns receive priority attention.
It also underlines that we should not rely too heavily on self-regulation and corporate social responsibility to protect users' rights. This lesson was reinforced by EFF's experience with the Global Network Initiative (GNI, a representative from which was also present), which manifestly failed to prevent its corporate members from becoming complicit in the out-of-control NSA spying program.
Even so, we appreciate that GeSI (and the GNI) are conscious of industry's need to improve its sensitivity to its own human rights impacts, and to respond more proactively when vulnerable communities are exposed to harm. The latest planned GeSI human rights projects are a positive indication of this awareness, which we hope will be well supported by participants and will produce outcomes of value. For our part, EFF will surely continue to hold these ICT companies to a high standard should they ever slip up.Files: Presentation on Human Rights and Corporate ResponsibilityRelated Issues: InternationalThe Global Network Initiative
Share this: || Join EFF
If you missed our live teach-in yesterday on the Trans-Pacific Partnership (TPP) agreement and its restrictive, anti-user provisions, you can still check out the video of our discussion. It's embedded below. We invited experts from digital rights groups from several TPP countries—all members of the Fair Deal Coalition—and we discussed the various ways this massive, secret trade deal threatens our rights on the Internet and over our digital devices.
A recent leak of the TPP's Intellectual Property chapter confirmed that the provisions on anti-circumvention, copyright terms, ISP liability, and criminal enforcement has further deteriorated. But it also revealed new, dangerously vague text on the misuse of trade secrets which could be used to enact harsh criminal punishments against anyone who reveals or even accesses information through a "computer system" that is allegedly confidential. This language could have alarming consequences if nations are obligated to enact new laws that could be used to crack down on journalists and whistle blowers.
We held this teach-in because things are moving fast now. President Obama and the US Trade Representative are determined to conclude this agreement, organizing dozens of meetings with TPP delegates to resolve some of the longstanding disagreements in the text. On the US front, Congress is likely to introduce another Fast Track bill in January that would tie these representatives' own hands from debating or modifying the terms of this agreement after the White House has secretively negotiated it for years.
When the time comes, we’ll need to step up the fight against this agreement on a coordinated, global front. So watch this video, share it, and continue to spread the world about this secret, Hollywood-driven agenda to chip away at our digital rights.Privacy info. This embed will serve content from youtube-nocookie.com
var mytubes = new Array(1); mytubes = '%3Ciframe src=%22//www.youtube-nocookie.com/embed/YifI1tn1aJI?rel=0%22 allowfullscreen=%22%22 width=%22560%22 frameborder=%220%22 height=%22315%22%3E%3C/iframe%3E'; Related Issues: Fair Use and Intellectual Property: Defending the BalanceInternationalTrans-Pacific Partnership Agreement
Share this: || Join EFF
Recent years have seen a boom in the adoption of surveillance technology by governments around the world, including spyware that provides its purchasers the unchecked ability to target remote Internet users' computers, to read their personal emails, listen in on private audio calls, record keystrokes and passwords, and remotely activate their computer’s camera or microphone. EFF, together with Amnesty International, Digitale Gesellschaft, and Privacy International have all had experience assisting journalists and activists who have faced the illegitimate use of such software in defiance of accepted international human rights law.
Software like this is designed to evade detection by its victims. That's why we've joined together to support Detekt, a new malware detection tool developed by security researcher Claudio Guarnieri. Detekt is an easy-to-use, open source tool that allows users to check their Windows PCs for signs of infection by surveillance malware that we know is being used by government to spy on activists and journalists.
Some of the software used by states against innocent citizens is widely available on the Internet, while more sophisticated alternatives are made and sold by private companies and sold to governments everywhere from the United States and Europe to Ethiopia and Vietnam.
Detekt makes it easy for at-risk users to check their PCs for possible infection by this spyware, which often goes undetected by existing commercial anti-virus products.
Because Detekt is a best-effort tool and spyware companies make frequent changes to their software to avoid detection, users should keep in mind that Detekt cannot conclusively guarantee that your computer is not compromised by the spyware it aims to detect. However, we hope that the availability of this tool will help us to detect some ongoing infections, provide advice to infected users, and contribute to the debate around curbing the use of government spyware in countries where it is linked to human rights abuses.
We hope that members of the open source and information security communities will contribute to this important project.
Share this: || Join EFF
We are disappointed that the Senate has failed to advance the USA Freedom Act, a good start for bipartisan surveillance reform that should have passed the Senate.
The Senate still has the remainder of the current legislative session to pass the USA Freedom Act. We continue to urge the Senate to do so and only support amendments that will make it stronger. We strongly oppose any amendment that would water down the strong privacy, special advocate, and transparency provisions of the bill.
We also urge the Senate to remember that the USA Freedom Act is a first step in comprehensive surveillance reform. Future reform must include significant changes to Section 702 of the Foreign Intelligence Surveillance Amendments Act, to the operations of Executive Order 12333, and to the broken classification system that the executive branch counts on to hide unconstitutional surveillance from the public.Related Issues: NSA Spying
Share this: || Join EFF
Think you know how your local cops are spying on you? The ACLU of California’s “Making Smart Decisions About Surveillance: A Guide for Communities” is a new resource that can help you figure out what surveillance technology is being deployed in your community—and what you can do about it. And as we’ve pointed out, while we hope everyone continues to let Congress know that it’s time for real changes to spying by federal agencies, the use of surveillance techniques and technology by local law enforcement is an area ripe for grassroots organizing.
Although the guide is specifically directed at California, it contains a wealth of information and ideas that are helpful for grassroots activists across the country who are concerned about the proliferation of drones, automated license plate readers, facial recognition, and more in their community. From Washington state to Washington D.C., the model ordinance and tips are useful for any concerned residents.
The guide focuses on the need for community engagement, noting: “[T]he time to engage with your community is at the very beginning of the process, before any funding is sought, technology is acquired or system is used.”
Fortunately, ACLU provides a step by step process activists can take to ensure this happens, explaining how to do a “surveillance impact report.” The process includes an assessment of all costs—including potential costs to civil liberties:
Surveillance can easily intrude upon the rights of residents and visitors if it is used, or creates the perception that it may be used, to monitor individuals and groups exercising their rights to freedom of expression, association, and religion — freedoms that public officials are sworn to protect. In addition, surveillance can erode trust in law enforcement, making it harder for officers and community members to work together to keep the community safe.
We were especially pleased to see the focus on understanding technology. The guide recommends that a surveillance impact report include “information describing the technology, how it works, and what it collects, including technology specification sheets from manufacturers.”
This is an issue that we repeatedly emphasized during the fight around Oakland’s Domain Awareness Center, a surveillance system that could enable ubiquitous privacy and civil liberties violations against Oakland residents. The DAC was pushed through Oakland’s City Council with little review until activists put serious pressure on the Council.
In two letters, EFF pointed out that the Council didn’t appear to have a clear understanding of how the system would work and certainly hadn’t provided that information to the community. After a long battle, the DAC was reduced in scale—but not until after the cash-strapped city of Oakland was forced to spend money removing components of the system due to the community backlash.
The DAC fight is among the valuable case studies ACLU includes in the guide. These case studies provide inspiration and experience for anyone who wants to use the resources included. We hope that activists will use this guide as a way to ensure that, when it comes to local use of surveillance equipment, everyone knows: the community is watching the watchers.
Share this: || Join EFF
Once again, a federal court will decide whether police can track your movements over an extended period of time without a search warrant. Federal and state courts have divided over whether the Fourth Amendment requires police seek a search warrant to obtain historical cell site location information (CSLI)—the records of which cell phone towers your phone has connected to in the past. We’ve weighed in, filing a new amicus brief in one of the most important legal cases to watch in 2015.
In United States v. Davis, police obtained 67 days of cell site location information about Quartavious Davis without a search warrant and used it to pinpoint him at various robberies in Florida. When Davis’ case was on appeal before a three-judge panel of the Eleventh Circuit Court of Appeals, we joined a number of organizations and filed an amicus brief arguing that, because location information like CSLI reveals sensitive information about where a person has been, the Fourth Amendment requires a warrant. In June, the three judge panel agreed with us, finding Davis had a Fourth Amendment expectation of privacy in the location information generated by his cell phone and held police needed to get a warrant to access this information from the cell phone company.
The government was naturally unhappy with this ruling, as it conflicted with a 2013 decision from the Fifth Circuit Court of Appeals, which held police didn’t need a warrant to access this data. Additionally, the Davis panel decision got other federal judges questioning the government’s practices, so the government convinced all of the judges of the Eleventh Circuit to rehear the case en banc. With the full court now looking at the issue again, we filed a new amicus brief explaining why it’s reasonable for Americans generally and Floridians specifically to expect this sensitive location information is private and worthy of warrant protection.
A Pew Research Center study published last week showed that 82% of Americans consider the details of their physical location over time to be sensitive information—more sensitive than their relationship history, religious or political views, or the content of their text messages. It’s no surprise then that the last few months have seen a number of state courts and legislatures take steps to safeguard this data with warrant protection. That includes the Florida Supreme Court, which held last month police needed a warrant to track a person in real time via their cell phone.
As our brief in Davis makes clear, the fact that Florida has specifically promised its residents that their cell phone location records are private, and the fact that more and more Americans live in places that also protect this sensitive information, show it’s reasonable for people to expect CSLI is private, and it's unreasonable for the government to argue otherwise.
Interestingly, immediately after the Davis panel issued its opinion, we wondered whether telephone providers would begin to demand law enforcement use a warrant to get location information. And while we don’t know if providers are demanding warrants, AT&T did file an amicus brief in this case suggesting that the “third party doctrine”—the idea that there’s no Fourth Amendment protection for information disclosed to third parties, like a cell phone provider—should not control the court’s analysis. We’ve been saying the same thing for years.
The fact that one of the largest cell phone companies in the U.S. decided to weigh in only bolsters our point about the need to protect this sensitive data with a warrant. Even the phone companies recognize that cell phones are an integral part of modern life, capable of revealing detailed sensitive information about where we go and with whom. If state courts, legislatures, and the phone companies can all see why this information is sensitive and worthy of legal protection, why can’t the government?
We expect oral argument before the Eleventh Circuit sometime in the spring of 2015.Files: US v. Davis EFF En Banc Amicus BriefRelated Issues: PrivacyCell TrackingLocational PrivacyRelated Cases: United States v. Davis
Share this: || Join EFF
San Francisco - The Ninth Circuit Court of Appeals ruled today that Proposition 35, a 2012 California ballot initiative that would have restricted the rights of registered sex offenders to communicate on the Internet, is likely unconstitutional. The opinion affirms an earlier district court ruling in Doe v. Harris, a lawsuit filed by the American Civil Liberties Union (ACLU) of Northern California and the Electronic Frontier Foundation (EFF) in 2012.
Proposition 35, also known as the Californians Against Sexual Exploitation Act (CASE Act), requires anyone who is a registered sex offender—even people with decades-old, low-level offenses whose offenses were not related to the Internet—to turn over a list of all their Internet user names and online service providers to law enforcement. Under the law, more than 73,000 Californians would have been forced to provide this information to the government, and report any new account or screen name within 24 hours of setting it up, even if the new screen name is their own real name. Violations would have potentially resulted in years in prison.
"The Ninth Circuit has agreed that the onerous online speech restrictions required by Prop. 35 violate the First Amendment," said Linda Lye, senior staff attorney at the ACLU of Northern California. "The portions of Prop. 35 that unconstitutionally limit what people say online won't help us end human trafficking. Anonymity is key to protecting speech by unpopular or controversial groups and allowing robust political debate."
The ACLU of Northern California and EFF filed a lawsuit the day after the law was passed in 2012, challenging these reporting requirements as a burden on the First Amendment right to free and anonymous speech. A lower court agreed with the groups in January 2013 and issued a preliminary injunction, halting enforcement of the law. Today, the Ninth Circuit upheld that lower court ruling.
"[T]he CASE Act directly and exclusively burdens speech, and a substantial amount of that speech is clearly protected under the First Amendment," Ninth Circuit Judge Jay Bybee wrote in the opinion.
The court noted that the law was overly broad, affecting speech unrelated to sexual offenses, such as "blogging about political topics and posting comments to online news articles. " This creates the "inevitable effect of burdening sex offenders' ability to engage in anonymous online speech," Bybee wrote. The court also found that there was no evidence that throwing out this part of Proposition 35 would hamper the state's ability to investigate online sex offenses.
"We're pleased the court recognized important First Amendment principles of free and anonymous speech apply to everyone, regardless of what crimes they may have committed in the past," EFF Staff Attorney Hanni Fakhoury said. "While the law may be well-intentioned, its broad language opened the door for the government to chill free speech. Restrictions targeting sex offenders are often a stepping stone for the expansion of law enforcement power against other classes of unpopular people."
The court's ruling means the preliminary injunction prohibiting enforcement of the reporting requirements of the CASE Act remains in effect.Contact:
Media Relations Coordinator
Electronic Frontier Foundation
Share this: || Join EFF
Update, Nov 18: The USA Freedom Act does not renew the entirety of the Patriot Act, which consisted of over 100 sections changing numerous electronic surveillance laws. The USA Freedom Act does extend three provisions of the Patriot Act: the "lone wolf" provision, the "roving wire tap" provision, and a reformed Section 215.
The USA Freedom Act, the leading contender for NSA reform, is set for a vote this week. The bill has some problems, but is a major step forward for surveillance reform. That's why we're asking you to call your Senator and urge them to support the USA Freedom Act. Here's a rundown of what's to come, what you need to know, and what may happen this week:What is the USA Freedom Act and How Did we Get Here?
The USA Freedom Act is a bill that was first proposed last year by Senator Patrick Leahy and Representative Jim Sensenbrenner. The original version of the bill limited the NSA's call records collection program, introduced a special advocate into the secretive court overseeing the spying, mandated much needed transparency requirements, and included significant reform of Section 702 of the Foreign Intelligence Surveillance Amendments Act (FISAA), the law used to collect Americans’ communications in bulk.
It took several months, but the original version of the bill was finally taken up by the House of Representatives in May. Unfortunately, prior to a vote on the original bill in May, the House made significant, last-minute changes that watered down the bill’s privacy protections. Nevertheless, the House passed a new—weaker—“USA Freedom Act” against the protests of privacy advocates. In response, Senator Leahy vowed to move a stronger bill forward that provided meaningful surveillance reform.
What resulted is the current version of the USA Freedom Act, which was released in July of this year. The current version does many of the same things as the original bill except it doesn't offer significant reform of Section 702 of FISAA. The current version is the bill up for debate this week.Where We're Going
The Senate will hold two major votes this week. On Tuesday night, it will vote whether or not to move forward to debate the USA Freedom Act. Senator Leahy needs 60 Senators to vote in favor of moving forward. After obtaining the 60 votes, the Senate will then begin to debate the bill and any amendments. After the debate, it will probably hold another vote on Wednesday or Thursday on the final bill text, but could also wait until the first week of December. Stay tuned.
There is a very real possibility that the Senate—just like the House—may try to weaken the bill. That's why when you call your Senator it's important to stress that Senators support the USA Freedom Act and oppose any amendments that would weaken the bill.What You Can Do
Help us get to 60 votes by calling your Senator now. This is the most important step since the Senate must obtain 60 votes before it will begin to debate the USA Freedom Act. During the debate, we urge Senators to offer amendments that strengthen the bill. These amendments would:
- Ensure the illegal "backdoor" search of Americans' communications ends;
- Grant additional power to the "special advocate" in the secret FISA court;
- Shorten the FISA Amendments Act sunset to 2015;
- Enhance the Privacy and Civil Liberties Oversight Board powers;
- Provide Americans a clear path to assert legal standing to sue the government for privacy abuses;
- Ban the NSA from undermining commonly used encryption standards; and,
- Fix the National Security Letter statute.
After the debate, a final vote on the final text will probably occur Wednesday or Thursday.Time to Pass NSA Surveillance Reform
The first hurdle to overcome this week is the Tuesday vote. Once the Senate comes up with 60 votes, there may be a whirlwind of amendments altering the bill on Wednesday or Thursday. Stay tuned to our twitter account and home page for any analysis or statements on the amendments. A final vote on the bill will most likely occur Wednesday night or Thursday. And as we said last week when Senate Majority Leader Reid moved the USA Freedom Act forward: We urge the Senate to pass the bill without any amendments that will weaken it.Related Issues: PrivacyNSA Spying
Share this: || Join EFF
San Francisco - The Electronic Frontier Foundation (EFF) is helping to launch a new non-profit organization that aims to dramatically increase secure Internet browsing. Let's Encrypt is scheduled to offer free server certificates beginning in summer 2015.
"This project should boost everyday data protection for almost everyone who uses the Internet," said EFF Technology Projects Director Peter Eckersley. "Right now when you use the Web, many of your communications—your user names, passwords, and browsing histories—are vulnerable to hackers and others. By making it easy, fast, and free for websites to install encryption for their users, we will all be safer online."
Currently, most Internet traffic is unencrypted, meaning most interactions you have with websites leave your accounts vulnerable to eavesdropping by everyone from a minimally competent hacker to the U.S. government. The HTTPS protocol—in contrast to HTTP—encrypts your connection and verifies the authenticity of sites, protecting your data and personal information. EFF has been campaigning successfully for a number of years to spread HTTPS from payment pages and banking sites to email, social networking, and other types of sites. But there are still hundreds of millions of domains that lack this protection.
The new Let's Encrypt project aims to solve that. Let's Encrypt is a new free certificate authority, which will begin issuing server certificates in 2015. Server certificates are the anchor for any website that wants to offer HTTPS and encrypted traffic, proving that the server you are talking to is the server you intended to talk to. But these certificates have historically been expensive, as well as tricky to install and bothersome to update. The Let's Encrypt authority will offer server certificates at zero cost, supported by sophisticated new security protocols. The certificates will have automatic enrollment and renewal, and there will be publicly available records of all certificate issuance and revocation.
Let's Encrypt will be overseen by the Internet Security Research Group (ISRG), a California public benefit corporation. ISRG will work with Mozilla, Cisco Systems Inc., Akamai, EFF, and others to build the much-needed infrastructure for the project and the 2015 launch.
"The Let's Encrypt certificate authority will dramatically increase the ability of websites around the world to implement HTTPS, increasing the security of hundreds of millions of Internet users every day," said Eckersley.
For Let's Encrypt:
For more on Let's Encrypt and how it will work:
Technology Projects Director
Electronic Frontier Foundation
Share this: || Join EFF
Today EFF is pleased to announce Let’s Encrypt, a new certificate authority (CA) initiative that we have put together with Mozilla, Cisco, Akamai, IdenTrust, and researchers at the University of Michigan that aims to clear the remaining roadblocks to transition the Web from HTTP to HTTPS.
Although the HTTP protocol has been hugely successful, it is inherently insecure. Whenever you use an HTTP website, you are always vulnerable to problems, including account hijacking and identity theft; surveillance and tracking by governments, companies, and both in concert; injection of malicious scripts into pages; and censorship that targets specific keywords or specific pages on sites. The HTTPS protocol, though it is not yet flawless, is a vast improvement on all of these fronts, and we need to move to a future where every website is HTTPS by default.With a launch scheduled for summer 2015, the Let’s Encrypt CA will automatically issue and manage free certificates for any website that needs them. Switching a webserver from HTTP to HTTPS with this CA will be as easy as issuing one command, or clicking one button.
The biggest obstacle to HTTPS deployment has been the complexity, bureaucracy, and cost of the certificates that HTTPS requires. We’re all familiar with the warnings and error messages produced by misconfigured certificates. These warnings are a hint that HTTPS (and other uses of TLS/SSL) is dependent on a horrifyingly complex and often structurally dysfunctional bureaucracy for authentication.
Let's Encrypt will eliminate most kinds of erroneous certificate warnings
The need to obtain, install, and manage certificates from that bureaucracy is the largest reason that sites keep using HTTP instead of HTTPS. In our tests, it typically takes a web developer 1-3 hours to enable encryption for the first time. The Let’s Encrypt project is aiming to fix that by reducing setup time to 20-30 seconds. You can help test and hack on the developer preview of our Let's Encrypt agent software or watch a video of it in action here:
Let’s Encrypt will employ a number of new technologies to manage secure automated verification of domains and issuance of certificates. We will use a protocol we’re developing called ACME between web servers and the CA, which includes support for new and stronger forms of domain validation. We will also employ Internet-wide datasets of certificates, such as EFF’s own Decentralized SSL Observatory, the University of Michigan’s scans.io, and Google's Certificate Transparency logs, to make higher-security decisions about when a certificate is safe to issue.
The Let’s Encrypt CA will be operated by a new non-profit organization called the Internet Security Research Group (ISRG). EFF helped to put together this initiative with Mozilla and the University of Michigan, and it has been joined for launch by partners including Cisco, Akamai, and Identrust.
The core team working on the Let's Encrypt CA and agent software includes James Kasten, Seth Schoen, and Peter Eckersley at EFF; Josh Aas, Richard Barnes, Kevin Dick and Eric Rescorla at Mozilla; Alex Halderman and James Kasten and the University of Michigan.Related Issues: PrivacyEncrypting the WebSecurity
Share this: || Join EFF