News feeds

Heads Up Internet: Time to Kill Another Dangerous CFAA Bill

eff.org - Fri, 27/05/2016 - 08:21

The Computer Fraud and Abuse Act (CFAA), the federal “anti-hacking” statute, is long overdue for reform. The 1986 law—which was prompted in part by fear generated by the 1983 techno­thriller WarGames—is vague, draconian, and notoriously out of touch with how we use computers today. Unfortunately, Sens. Sheldon Whitehouse and Lindsey Graham are on a mission to make things worse. They've proposed (for the second time) legislation that fails to address any of the CFAA’s problems while simply creating more confusion. And they may try to sneak their proposal through as an amendment to the Email Privacy Act—the very same sneaky tactic they tried last year.

Their latest proposal is ostensibly directed at stopping botnets. It's even named it the “Botnet Prevention Act of 2016.” But the bill includes various provisions that go far beyond protecting against attacks by zombie computers:

First, the bill would expand the CFAA’s existing prohibition against selling passwords to trafficking in any "means of access." The broadening is unnecessary and misguided, as other statutes—like the U.S. code section concerned fraud in connection with access devices—already cover what the authors seem to be targeting. The bill also doesn't define "means of access," another sign of its poor drafting. With no guidance, it’s unclear how broadly prosecutors or courts will apply this provision. The provision could make criminals of paid researchers who test access in order to identify, disclose, and fix vulnerabilities.

Second, the bill empowers government officials to obtain court orders to force companies to hack computer users for a wide range of activity completely unrelated to botnets. What's worse is that the bill allows the government to do this without any requirement of notice to non-suspect or innocent customers or companies, including botnet victims. It's understandable that the government does not want to tip off potential suspects, but those not suspected of committing any crime should be notified when their computers are part of a criminal investigation.

Third, the bill would create a new felony offense of damaging "critical infrastructure." But this conduct, too, is already captured under the CFAA’s existing provisions. The section is yet another classic example of overcriminalization and redundancy—especially at a time when Congress is debating a significant decriminalization bill. And although “critical infrastructure” may sound limited, the definition in the bill tracks the Department of Homeland Security’s definition, which includes software companies and ISPs. Plus, given the provision’s steep penalties and limits on judges’ discretion to reduce sentences or allow sentences to run concurrently (rather than back-to-back), it will simply give prosecutors even more leverage to force defendants into plea deals.

These changes would only increase—not alleviate—the CFAA’s harshness, overbreadth, and confusion.

As noted, this isn’t the senators' first attempt to take the CFAA in the wrong direction. Last year, they tried to slip similarly terrible measures through Congress via an amendment to the notorious Cybersecurity Information Sharing Act of 2015 (CISA). Sens. Whitehouse and Graham’s proposal was ultimately not included in CISA, which Whitehouse blamed on the "pro-botnet" caucus, but in reality, it’s because a lot of people—including a lot of EFF supporters—spoke out against the egregious CFAA amendment.    

The senators’ proposal has no grounding in what would actually keep us—or our computers—safe. Rather, it seems motived by the same vague fears of a hypothetical computer takeover that overtook Congress (after watching a clip from WarGames) back in 1986. In that way, Whitehouse and Graham may be keeping true to the CFAA’s roots. But now it’s time to focus on reality.

Just as last year, EFF will oppose the senators' proposal—in whatever form it takes. What we need is reform that reigns in the CFAA, not a measure that makes things worse.

var mytubes = new Array(1); mytubes[1] = '%3Ciframe src=%22https://www.youtube-nocookie.com/embed/dlAnINBkl4o?rel=0%26amp;controls=0?autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22360%22 width=%22480%22%3E%3C/iframe%3E';
Share this: Join EFF
Categories: Aggregated News

EFF Applauds Jury Verdict In Favor of Fair Use in Oracle v. Google

eff.org - Fri, 27/05/2016 - 07:34

A jury unanimously and correctly found today that Google's use of 37 Java package names and some 11,000 lines of "declaring code" in its Android operating system was lawful fair use, showing once again that our robust fair use doctrine is doing the crucial work of ensuring copyright law doesn’t undermine innovation. This verdict comes after an earlier district court opinion finding the API labels in question uncopyrightable was reversed by the Federal Circuit and the Supreme Court declined to hear the case.

The Google verdict is an an important validation of the idea that developing interoperable software need not require permission or a license. As Google attorney Robert Van Nest said in his closing arguments, the law expressly endorses fair use—it's a right, not an "excuse," as Oracle attorneys had claimed.

Still, the fair use victory is bittersweet. Judge William Alsup's previous opinion that the API labels in question are not copyrightable was the correct one, based on a reasonable reading of the copyright law in question. The Federal Circuit decision to reverse that opinion was not just wrong but dangerous. While developers of interoperable software can take some comfort in the fact that reimplementation may be fair use, a simpler and fairer solution would simply have been to recognize API labels as a system or method of operation not restricted by copyright.

The case is not yet closed. Oracle has announced that it will appeal the decision—at which point it will go back to the Federal Circuit, with a reported $9 billion still on the line. Should that appeal happen, the appeals court should at least partially redeem itself by respecting this jury's finding and leaving this important fair use victory intact.

var mytubes = new Array(1); mytubes[1] = '%3Ciframe src=%22https://www.youtube-nocookie.com/embed/dlAnINBkl4o?rel=0%26amp;controls=0?autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22360%22 width=%22480%22%3E%3C/iframe%3E'; Related Cases: Oracle v. Google
Share this: Join EFF
Categories: Aggregated News

Secret New Internet Rules in the Trade in Services Agreement

eff.org - Fri, 27/05/2016 - 06:55

This week new materials from the Trade in Services Agreement (TISA) were released by Wikileaks, revealing that negotiators from around the world have been continuing to craft new rules that will affect all Internet users, without public scrutiny or consultation. One of the biggest surprises that dropped is a document containing new proposals, mostly from the United States, that will apply to all services. Some of these new provisions are relevant to the Internet and digital rights:

  • Article X.3 would prohibit a country from giving preferential treatment to Internet content based on its origin or the nationality of those who created it. This is directed at policies such as the recent European proposal to require Netflix in Europe to carry a certain proportion of European-produced content, mirroring similar existing rules for television broadcasters. We tend to agree that any policy that erects artificial national or regional walls around Internet services is against users' interests. However, seeking to force new international rules on this topic in a closed trade agreement is both quixotic and exclusionary. There is very little likelihood that the other TiSA parties will accept this without exceptions broad enough to swallow the rule. This particularly applies to Europe, where the protection of local cultural diversity, including through film and television quotas, is unwavering. More importantly, any new rules on Internet content quotas would impact the interests of many stakeholders who are excluded from the TISA discussions, including those of creators, consumers, and platforms.
  • Article X.4 would prohibit a country from requiring a foreign service provider to transfer a particular technology or proprietary knowledge to the country where it provides those services, while also prohibiting the country from requiring the service provider to use, or not to use, a particular technology. This text fairly closely follows Article 9.10 of the TPP's Investment chapter, and on the surface it may seem unobjectionable. But can we safely assume that it will never be a legitimate policy objective for governments to require or to disallow the use of a particular technology in imported products and services? For example, it may be that a national parliament resolves to disallow the use of insecure cryptographic algorithms such as MD5 in imported consumer products, for reasons of protecting end user safety and security. We would certainly want to know more about any such government mandates before welcoming them, but should a closed-door trade agreement be used to prevent such proposals even being placed on the table for discussion by our elected representatives? We think not.
Electronic Commerce

In addition to this new annex, there have been some changes to the existing text, most relevantly in the Electronic Commerce chapter. The changes are noteworthy, but fall short of being significant, and the text remains far from settled. They include:

  • Much back-and-forth continues between the parties, reflected in Articles 2 and 4 of the chapter, about how to balance the free flow of information across borders with the protection of personal data. It is notable that six of the parties (including Canada, Chile, and Mexico) are now suggesting that the free flow of information isn't suited for resolution in a trade agreement at all, simply proposing "The Parties recognize that each Party may have its own regulatory requirements concerning the transfer of information by electronic means." Meanwhile the United States, suffering blowback from its financial services industry over the exclusion of that sector from the Electronic Commerce chapter in the Trans-Pacific Partnership (TPP), notes, "The possible applicability of this Article to financial services is under consideration."
  • The provision in Article 6 on "Transfer or Access to Source Code" now contains an important new rider from Japan and Switzerland. They suggest that the prohibition on a party demanding access to product source code of products from foreign service providers could be overridden "to achieve a legitimate public policy objective, provided that such measures are not applied in a manner which would constitute a means of arbitrary or unjustifiable discrimination or disguised a restriction on trade." Although this is something of an improvement, experience in trade disputes under existing WTO treaties shows that there is significant room for disagreement over the interpretation of what is a "legitimate public policy objective".
  • The language on "Open Networks, Network Access and Use" continues to be rather messy, and is no closer to promoting meaningful best practice standards in net neutrality than in the previous draft. There are some changes however, including the integration of a previously separate provision on interoperability of governmental online procedures and services, and new proposed language that would require each party to "endeavor not to restrict the ability of service suppliers to supply services over the Internet on a cross-border and technologically neutral basis." It remains difficult to tell exactly how this provision will end up looking, once all of the bracketed text and competing proposals have been resolved.
  • There has been some pushback against the text, now in Article 8, on the "Location of Computing Facilities." If changes proposed by countries such as Canada, Chile and Peru are accepted, countries would retain more latitude to adopt national requirements about local hosting of data where these "seek to ensure the security and confidentiality of communications." A similar "legitimate public policy objective" exception is also proposed. These proposals point towards a possible ultimate softening of this provision that will upset U.S. technology companies while failing to make locally-hosted communications any more secure or confidential.
No New Proposals for Users

What remains notably absent from the TISA text are any new proposals that would protect or benefit users, such as a legally binding human rights clause, a provision requiring countries to provide safe harbors from liability for platforms that publish user content, or a requirement that each country has laws for the protection of personal information. Neither is it likely that we will see these, as long as users are barred from the negotiation room.

It can be important to set global standards for the Internet, and sometimes even do so in the form of treaties (like the Marrakesh Treaty). But TISA, like the TPP, is a parody of what an inclusive treaty negotiation process should be, and therefore it's hardly surprising that this latest leak reveals a draft instrument that fails to address the true concerns of Internet users. The latest revisions tinker around the edges of the previously-released draft, softening some of the most ill-considered proposals, but it remains a flawed agreement coming from an even more fatally flawed process.

var mytubes = new Array(1); mytubes[1] = '%3Ciframe src=%22https://www.youtube-nocookie.com/embed/dlAnINBkl4o?rel=0%26amp;controls=0?autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22360%22 width=%22480%22%3E%3C/iframe%3E';
Share this: Join EFF
Categories: Aggregated News

Unaffordable Housing in America

sjlendman.blogspot.com - Fri, 27/05/2016 - 01:39
Unaffordable Housing in America
by Stephen Lendman
According to the National Low Income Housing Coalition (NLIHC) report, titled “Out of Reach 2015,” income inequality in America makes housing increasingly unaffordable.
“(I)n no state, metropolitan area, or county can a full-time worker earning the prevailing minimum wage afford a modest two-bedroom apartment,” it said.
At $7.25 an hour, the federal minimum wage, it would take 112 hours a week, 52 weeks a year, meaning all work and sleep with no time for anything else. 
Stagnant wages, declining benefits, high inflation (8.8% according to economist John Williams, not the phony 1.1% CPI), and protracted Main Street Depression conditions created a deplorable situation for growing millions.
Not only isn’t America beautiful, modestly priced housing is increasingly unaffordable. According to NLIHC president and CEO Diane Yentel, “(t)he federal government has the resources to end the shortage of housing affordable to the lowest income families.”
“It is simply a matter of how those resources are allocated. Instead of subsidizing the mortgages of higher income people, we must invest in making rental housing more affordable and available to those most in need of assistance.”
Trillions of dollars go for warmaking and benefits for America’s privileged class. Most others are increasingly on their own. Millions are one lost paycheck away from hunger, homelessness and despair.
The world’s richest country cares little about its most disadvantaged, why poverty is a growth industry and one in four working aged Americans have no jobs. Potemkin village illusion conceals reality.
In contrast, million dollar book deals and 6-figure speech payments await Obama when he leaves office in January - already very rich, about to become super-rich, cashing in on serving monied interests throughout his tenure, waging class war on most others.
Problems affecting ordinary Americans don’t concern him. An affluent lifestyle awaits. Reportedly he’ll move into an 8,200 square foot, 9-bedroom luxury home in Washington’s upscale Kalorama neighborhood, two miles from the White House.
Former Clinton aide Joe Lockhart owns the mansion. Obama will pay $22,000 in monthly rent. It would take an average low-wage US worker up to 12 or more years to cover its annual rental cost - provided he or she didn’t eat, own a car or have medical, transportation, or utility expenses.
The community is home to Washington’s political elites. Former presidents William Howard Taft, Woodrow Wilson, Warren Harding, Herbert Hoover and Franklin Roosevelt lived there.
In March, Obama said he’ll remain in Washington at least until his youngest daughter finishes Sidwell Friends School - uncaring about the global human misery he caused, unaccountable for war crimes too appalling to ignore.
Stephen Lendman lives in Chicago. He can be reached at lendmanstephen@sbcglobal.net. 
His new book as editor and contributor is titled "Flashpoint in Ukraine: US Drive for Hegemony Risks WW III."
http://www.claritypress.com/LendmanIII.html
Visit his blog site at sjlendman.blogspot.com. 

Listen to cutting-edge discussions with distinguished guests on the Progressive Radio News Hour on the Progressive Radio Network.

West Hails Release of Ukrainian Killer

sjlendman.blogspot.com - Thu, 26/05/2016 - 22:56
West Hails Release of Ukrainian Killer
by Stephen Lendman
Ukrainian pilot Nadezhda Savchenko involved with the infamous Nazi-infested Aidar battalion is an unapologetic killer. 
Last March, she was convicted in a Russian court on multiple charges, including murdering two Russian journalists in Donbass - Igor Kornelyuk and Anton Voloshin. In June 2014, she sent coordinates of their location to an Aidar artillery unit.
The attack on their position killed them along with Ukrainian civilians. On March 22, RT International’s Murad Gazdiev twittered “(t)he court has no doubts about #Savchenko’s guilt on all counts.”
Russia’s Investigative Committee collected reliable evidence, including eyewitness testimonies. In pronouncing sentence, Judge Leonid Stepanenko said she was well “aware of the extent and social danger of her actions…”
She was sentenced to 22 years in prison. Charges of killing civilians were dropped, the court saying it “ha(d) no authority to try her for murdering Ukrainian civilians.”
Kiev outrageously called her a prisoner of war. In March 2015, she was awarded the title of “hero of Ukraine.” She admitted directing artillery fire at two Russian journalists.
While imprisoned in Russia for murder, she was elected to Ukraine’s parliament and her nation’s permanent mission to the Parliamentary Assembly of the Council of Europe.
During trial proceedings, she remained defiant, interrupting Judge Stepanenko, singing the Ukrainian national anthem and chanting “(g)lory to Ukraine! Death to our enemies!”
On Wednesday, she returned home, swapped for two illegally held Russian nationals (Alexander Alexandrov and Yevgeny Yerofeyev, falsely accused of being combatants in Donbass), greeted by US-appointed oligarch president Petro Poroshenko. 
Reports indicated the exchange was agreed on late Monday during a phone conversation between Putin, Germany’s Angela Merkel, France’s Francois Hollande and Poroshenko.
European Parliament president Martin Schulz, EU foreign policy chief Federica Mogherini and German Foreign Minister Frank-Walter Steinmeier outrageously hailed the good news.
Russian upper house Federation Council President Valentina Matviyenko said “(i)t’s very sad for a country where they make national heroes out of representatives of radical nationalist organizations, people with blood on their hands, accomplices to fascists.”
“As for Savchenko, there’s no reason to make her a national hero because it’s been proved by a Russian court that she was guilty in the deaths of Russian journalists, among other things.”
While in custody, Obama and other Western leaders disgracefully called for her release. John Kerry ludicrously called it “an important part of fulfilling Russia’s commitments under the Minsk agreements.”
Neocon US UN envoy Samantha Power said Washington is “overjoyed” at Savchenko’s release. As expected, she blasted what she called “farcical Russian legal proceedings” - ignoring the high crime of murder and Washington’s direct involvement in Ukraine’s war on its own Donbass citizens.
Stephen Lendman lives in Chicago. He can be reached at lendmanstephen@sbcglobal.net. 
His new book as editor and contributor is titled "Flashpoint in Ukraine: US Drive for Hegemony Risks WW III."
http://www.claritypress.com/LendmanIII.html
Visit his blog site at sjlendman.blogspot.com. 

Listen to cutting-edge discussions with distinguished guests on the Progressive Radio News Hour on the Progressive Radio Network.

NYT: Imperial Press Agent

sjlendman.blogspot.com - Thu, 26/05/2016 - 22:38
NYT: Imperial Press Agent
by Stephen Lendman
Times propaganda supports America’s imperial agenda, its Syria coverage some of the worst in memory.
Managed news misinformation and Big Lies consistently substitute for reliable news and information readers need to know.
The Times perpetuates the myth of America’s war on terrorism, its phony intention to degrade and destroy ISIS - the monster it created and supports along with other terrorist groups used as imperial foot soldiers. 
Instead of debunking official Big Lies, The Times proliferates them - its latest propaganda piece claiming US airstrikes “are hitting more significant ISIS targets” when no reliable information suggests they’re hitting any.
They continue aiding the monster they claim to oppose, providing weapons and other material support. 
Not according to The Times, claiming unnamed “military officials saying they have corrected the poor intelligence collection and clumsy process for identifying targets that initially plagued the campaign, and are now hitting targets like oil rigs and secret cash coffers that finance the terrorist group’s war machine.”
There’s more. The Times says these targets were previously avoided “for fear of causing civilian casualties.”
Fact: US airstrikes target infrastructure and government sites, not terrorists America supports.
Fact: Civilians are harmed most in all US wars. Most casualties are noncombatants, often the vast majority. The notion of Pentagon commanders protecting them is a gross perversion of truth.
US Central Command head General Charles Q. Brown Jr. turned truth on its head, saying “(w)e’re hitting them where it hurts a lot more than we were in the past. Every bomb now has a greater impact.”
US warplanes began bombing Syrian targets illegally in September 2014 - aiding, not degrading or destroying ISIS and other terrorist groups, imperial aggression on the phony pretext of combating terrorism.
It took Russia’s real war on this scourge beginning last September to change things dramatically on the ground.
According to Moscow’s Deputy Security Council Secretary Evgeny Lukanov, Russian airstrikes and Syrian forces eliminated about 28,000 ISIS and Jabhat al-Nusra fighters.
Washington takes credit for their military successes, ISIS and Jabhat al-Nusra weakened because of their combined efforts.
The Times giving US forces credit for turning the corner in Syria is pure rubbish. Russian air power and intelligence along with rejuvenated government ground forces made the difference.
America’s imperial agenda threatens world peace, Russia the best hope to preserve it - what Times reports never explain.
Stephen Lendman lives in Chicago. He can be reached at lendmanstephen@sbcglobal.net. 
His new book as editor and contributor is titled "Flashpoint in Ukraine: US Drive for Hegemony Risks WW III."
http://www.claritypress.com/LendmanIII.html
Visit his blog site at sjlendman.blogspot.com. 

Listen to cutting-edge discussions with distinguished guests on the Progressive Radio News Hour on the Progressive Radio Network.

Will Rhode Island Double Down on the CFAA's Faults?

eff.org - Thu, 26/05/2016 - 14:27
Security research could earn you a prison sentence if this bill passes.

Legislators in Rhode Island have advanced a dangerous bill that would duplicate and exacerbate the faults of the federal Computer Fraud and Abuse Act (CFAA). Four organizations joined EFF this week in signing a letter and supporting memo to state legislators explaining the bill's faults and why it should not pass.

In addition to threatening innocent activities like security research, whistleblowing in the public interest, and anyone who violates a corporate Terms of Service (TOS) agreement to access confidential information, the bill would place enormous power in the hands of prosecutors, impose steep criminal penalties without even requiring an intent to obtain financial gain, and compound the problematic vagueness of terms in existing Rhode Island state law.

Rhode Island House Bill 7406 Substitute A, and companion Senate Bill 2584, would create a new offense of "unauthorized access to confidential information" under the state's existing computer crime statute. According to the bill's proponents, it aims to punish and deter the commercially motivated theft of trade secrets.

Yet under the proposal, severe legal penalties would threaten any number of activities well beyond the theft of trade secrets for commercial gain.

Among the bill's many fault's, the first and foremost is its duplication of existing laws which already address this issue by criminalizing "intentional access" to computer information. There has been no independent showing that previously enacted laws have proven inadequate to protect confidential data.

Moreover, the proposed new crimes would not require prosecutors to prove that a defendant intentionally aimed to steal or monetize commercial secrets. Instead, they would apply to anyone who intends to "view...copy, or download" information that turns out to be confidential, including academic researchers, security researchers, or corporate whistleblowers who act in the public interest. The bill's overbroad state-of-mind provisions threaten innocent activity.

Two sets of terms within the proposed law are especially overbroad.

For instance, it criminalizes anyone who accesses information "without authority," which sweeps broadly and could encompass anyone who violates a corporate Terms of Service ("TOS") agreement. But violations of TOS agreements are ubiquitous, often harmless, and rendering them subject to criminal penalties would unnecessarily restrain the way innocent people use online services.

In addition, the term "access" under Rhode Island state law has been defined to include "approach and communicate with," in sharp contrast to a more traditional definition that would require actually "gaining access to" data that is meaningfully protected. It makes no sense for a computer crime bill to threaten anyone who merely "communicate[s] with" a data source, whatever their intention.

Similarly, the bill protects any data that is "protected by disclosure," without requiring that those protections be effective or meaningful. Under the bill's proposed terms, an Internet user could risk a felony charge by simply accessing an otherwise public link that had not been published. Data so priceless that its owners take no active steps to secure it should not be deemed so sensitive that people who do access it should face criminal penalties.

A more sensible way to define unauthorized access would be to limit the scope of a proposed criminal act to include only efforts to intentionally circumvent effective code-based restrictions on access. This is important to protect people whose innocent actions would place them at legal risk under the bill's current definitions.

This is especially important because the proposed penalties are severe: violations of the proposed Rhode Island law would carry a five year prison term, potentially "stackable" with violations of a substantially similar existing law for a total of 10 years.

Should the law force a security researcher working to protect user privacy to risk being ordered to serve a 10 year prison sentence? Of course not.

We hope that the Rhode Island state House rejects the bill despite the Judiciary Committee's approval, and that the Senate rejects the proposal as it deserves.

var mytubes = new Array(1); mytubes[1] = '%3Ciframe src=%22https://www.youtube-nocookie.com/embed/dlAnINBkl4o?rel=0%26amp;controls=0?autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22360%22 width=%22480%22%3E%3C/iframe%3E';
Share this: Join EFF
Categories: Aggregated News

Advertising

 


Advertise here!

Syndicate content
All content and comments posted are owned and © by the Author and/or Poster.
Web site Copyright © 1995 - 2007 Clemens Vermeulen, Cairns - All Rights Reserved
Drupal design and maintenance by Clemens Vermeulen Drupal theme by Kiwi Themes.
Buy now