EFF: the Final Leaked TPP Text Is All That We Feared (eff.org) 193

An anonymous reader writes: Wikileaks has released the finalized Intellectual Property text of the Trans-Pacific Partnership (TPP), which international negotiators agreed upon a few days ago. Unfortunately, it contains many of the consumer-hostile provisions that so many organizations spoke out against beforehand. This includes the extension of the copyright term to life plus 70 years, and a ban on the circumvention of DRM. The EFF says, "If you dig deeper, you'll notice that all of the provisions that recognize the rights of the public are non-binding, whereas almost everything that benefits rightsholders is binding. That paragraph on the public domain, for example, used to be much stronger in the first leaked draft, with specific obligations to identify, preserve and promote access to public domain material. All of that has now been lost in favor of a feeble, feel-good platitude that imposes no concrete obligations on the TPP parties whatsoever." The EFF walks us through all the other awful provisions as well — it's quite a lengthy analysis.

US Government Will Not Force Companies To Decode Encrypted Data... For Now (washingtonpost.com) 103

Mark Wilson writes: The Obama administration has announced it will not require companies to decrypt encrypted messages for law enforcement agencies. This is being hailed as a "partial victory" by the Electronic Frontier Foundation; partial because, as reported by the Washington Post, the government "will not — for now — call for [such] legislation." This means companies will not be forced to build backdoors into their products, but there is no guarantee it won't happen further down the line. The government wants to continue talks with the technology industry to find a solution, but leaving things in limbo for the time being will create a sense of unease on both sides of the debate. The EFF has also compiled a report showing where the major tech companies stand on encryption.

SIgn Of the Times: Calif. Privacy Protections Signed Into Law 41

The EFF reports a spot of bright news from California: Governor Jerry Brown today signed into law the California Electronic Communications Privacy Act. CalECPA, says the organization, "protects Californians by requiring a warrant for digital records, including emails and texts, as well as a user's geographical location. These protections apply not only to your devices, but to online services that store your data. Only two other states have so far offered these protections: Maine and Utah." The ACLU provides a fact sheet (PDF) about what the bill entails, which says: SB 178 will ensure that, in most cases, the police must obtain a warrant from a judge before accessing a person's private information, including data from personal electronic devices, email, digital documents, text messages, and location information. The bill also includes thoughtful exceptions to ensure that law enforcement can continue to effectively and efficiently protect public safety in emergency situations. Notice and enforcement provisions in the bill provide proper transparency and judicial oversight to ensure that the law is followed.
Electronic Frontier Foundation

EFF Joins Nameless Coalition and Demands Facebook Kills Its Real Names Policy 232

Mark Wilson writes: Facebook has seen heavy criticism for its real names (or 'authentic identities' as they are known to the social network) policy. Over the last year, all manner of rights groups and advocates have tried to convince Facebook to allow users to drop their real name in favor of a pseudonym if they want. Now the Electronic Frontier Foundation is part of the 74-member strong Nameless Coalition and has written to Facebook demanding a rethink on the ground of safety, privacy, and equality. This is far from being the first time Facebook has been called on to allow the use of 'fake names', and the latest letter is signed by LGBT groups, freedom advocates, privacy supporters, and feminist organizations.
Electronic Frontier Foundation

EFF: DMCA Hinders Exposing More Software Cheats Like Volkswagen's 166

ideonexus writes: Automakers have argued that the 1998 Digital Millennium Copyright Act makes it unlawful for researchers to review the code controlling their vehicles without the manufacturer's permission, making it extremely difficult to expose software cheats like the one Volkswagen used to fake emissions tests. Arguing that this obfuscation of code goes so far as to endanger lives at times, the Electronic Frontier Foundation (EFF) maintains that, "When you entrust your health, safety, or privacy to a device, the law shouldn't punish you for trying to understand how that device works and whether it is trustworthy."

How the Car Industry Has Hidden Its Software Behind the DMCA 126

Lucas123 writes: The DCMA has allowed carmakers to keep third parties from looking at the code in their electronic control modules. The effect has been that independent researchers are wary of probing vehicle code, which may have lead companies like Volkswagen to get away with cheating emissions tests far longer than necessary. In a July letter to the U.S. Copyright Office, the Environmental Protection Agency expressed its own concern of the protection provided by the DMCA to carmakers, saying it's "difficult for anyone other than the vehicle manufacturer to obtain access to the software." Kit Walsh, an attorney with the Electronic Frontier Foundation, said the legal uncertainly created by the DMCA "makes it easier for manufacturers to conceal intentional wrongdoing. The EFF has petitioned the U.S. Copyright Office for an exemption to the DMCA for embedded vehicle code so that independent research can be performed on electronic control modules (ECMs), which run a myriad of systems, including emissions. Eben Moglen was right.
United States

EU May Forbid the Transfer of Personal Data To the US 202

An anonymous reader writes: As the Snowden revelations have shown, personal data stored in the United States of America is not protected from the US government, be it through warrantless eavesdropping or national security letters. In light of this, the general attorney for the Court of Justice of the European Union has just issued an opinion requiring the US to be removed from the list of "safe harbors", where the transfer of personal data of European citizens is permitted. If the court follows his opinion, the change will have deep impact in the operations of large transnational Internet companies, between a US government that wants to keep on spying, and European authorities that will punish them if they let it happen.

New FCC Rules Could Ban WiFi Router Firmware Modification 242

An anonymous reader writes: Hackaday reports that the FCC is introducing new rules which ban firmware modifications for the radio systems in WiFi routers and other wireless devices operating in the 5 GHz range. The vast majority of routers are manufactured as System on Chip devices, with the radio module and CPU integrated in a single package. The new rules have the potential to effectively ban the installation of proven Open Source firmware on any WiFi router.

ThinkPenguin, the EFF, FSF, Software Freedom Law Center, Software Freedom Conservancy, OpenWRT, LibreCMC, Qualcomm, and others have created the SaveWiFi campaign, providing instructions on how to submit a formal complaint to the FCC regarding this proposed rule. The comment period is closing on September 8, 2015. Leave a comment for the FCC.
Electronic Frontier Foundation

EFF Releases Privacy Badger, an Addon That Algorithmically Blocks Online Trackers 136

New submitter zfc writes: Online tracking has become a pervasive invisible reality of the modern web. Most sites you load are likely to be full of ads, tracking pixels, social media share buttons, and other invisible trackers all harvesting data about your web browsing. These trackers use cookies and other methods to read unique IDs associated with your browser, the result being that they record all the sites you visit as you browse around the internet. This sort of tracking is invisible to most web users, meaning they never get the option to agree to or opt-out of it. Today the EFF has launched the 1.0 version of Privacy Badger, an extension designed to prevent these trackers from accessing unique info about you and your browsing.

TPP Copyright Chapter Leaks: Website Blocking, New Criminal Rules On the Way 258

An anonymous reader writes: Knowledge Ecology International (KEI) [Wednesday] morning released the May 2015 draft of the copyright provisions in the Trans Pacific Partnership (copyright, ISP annex, enforcement). The leak appears to be the same version that was covered by the EFF and other media outlets earlier this summer. Michael Geist unpacks the leaked documents, noting the treaty includes anti-circumvention rules that extend beyond the WIPO Internet treaties, new criminal rules, the extension of copyright term for countries like Canada and Japan, increased border measures, mandatory statutory damages in all countries, and expanding ISP liability rules, including the prospect of website blocking for Canada.
Electronic Frontier Foundation

EFF and MuckRock Need Your Help Tracking Biometric Surveillance 19

v3rgEz writes: Police departments are increasingly tracking your face, your fingerprints, your tattoos — and even your DNA. The Electronic Frontier Foundation and MuckRock are working to uncover how local agencies are tracking you and bring some much-needed transparency to the murky world of biometric surveillance through a free public records audit: Just put in some basic information about an agency near you, and they'll publicly file a request to see what vendors your city is using, how they protect your privacy, and more.
The Internet

EFF Coalition Announces New 'Do Not Track' Standard For Web Browsing 75

An anonymous reader writes: The Electronic Frontier Foundation, privacy company Disconnect, and several other organizations are publishing a new DNT standard. Partners in the coalition include: publishing site Medium, analytics service Mixpanel, AdBlock, and private search engine DuckDuckGo. Thought it's still a voluntary policy, the EFF hopes the new proposed standard will provide users better privacy online. "We are greatly pleased that so many important Web services are committed to this powerful new implementation of Do Not Track, giving their users a clear opt-out from stealthy online tracking and the exploitation of their reading history," said EFF Chief Computer Scientist Peter Eckersley. "These companies understand that clear and fair practices around analytics and advertising are essential not only for privacy but for the future of online commerce."

Hacking Team Breach Leaks Zero-Days, Renews Fight To Regulate Cyberweapons 123

Patrick O'Neill writes: In the days following a massive hack that confirmed Hacking Team's dealings with repressive regimes around the world, experts are wondering once again how to stop Western technology companies from equipping certain governments with weapons meant to attack journalists, human rights activists, and ordinary civilians. Regulation's backers say that "this is an industry that has failed to police itself," ACLU's Christopher Soghoian argued, but many including the EFF warn that overly broad legislation would harm more than help. In addition, wiredmikey points out that a number of exploits have been released in the wake of the hacking: Several exploits have been discovered, including ones for zero-day vulnerabilities, in the hundreds of gigabytes of data stolen by a hacker from the systems of surveillance software maker Hacking Team. Researchers at Trend Micro analyzed the leaked data and uncovered several exploits, including two zero-days for Adobe Flash Player. A readme document found alongside proof-of-concept (PoC) code for one of the Flash Player zero-days describes the vulnerability as "the most beautiful Flash bug for the last four years since CVE-2010-2161." In addition to the Flash Player exploits, researchers spotted an exploit for a Windows kernel vulnerability, a flaw that fortunately has already been patched. Adobe told SecurityWeek that it's aware of the reports and expects to release a patch on Wednesday.

SCOTUS Denies Google's Request To Appeal Oracle API Case 181

New submitter Neil_Brown writes: The Supreme Court of the United States has today denied Google's request to appeal against the Court of Appeals for the Federal Circuit's ruling (PDF) that the structure, sequence and organization of 37 of Oracle's APIs (application program interfaces) was capable of copyright protection. The case is not over, as Google can now seek to argue that, despite the APIs being restricted by copyright, its handling amounts to "fair use". Professor Pamela Samuelson has previously commented (PDF) on the implications if SCOTUS declined to hear the appeal. The Verge reports: "A district court ruled in Google's favor back in 2012, calling the API "a utilitarian and functional set of symbols" that couldn't be tied up by copyrights. Last May, a federal appeals court overturned that ruling by calling the Java API copyrightable. However, the court said that Google could still have lawfully used the APIs under fair use, sending the case back to a lower court to argue the issue. That's where Google will have to go next, now that the Supreme Court has declined to hear the issue over copyright itself.
Classic Games (Games)

Interviews: Ask Steve Jackson About Designing Games 111

Since starting his own company in 1980, Steve Jackson, founder and editor-in-chief of Steve Jackson Games, has created a number of hits, starting with Car Wars . . . followed shortly by Illuminati, and later by GURPS, the "Generic Universal Roleplaying System." In 1983, he was elected to the Adventure Gaming Hall of Fame - the youngest person ever so honored. He has personally won 11 Origins Awards. In the early 90's, Steve got international press due to the Secret Service's invasion of his office. The EFF helped make it possible for SJ Games to bring suit against the Secret Service and the U.S. government and win more than $50,000 in damages. His Ogre kickstarter a couple of years ago brought in close to a million dollars. His current hits are Munchkin, a very silly card game about killing monsters and taking their stuff, and Zombie Dice, in which you eat brains and try not to get shotgunned. His current projects include a variety of Munchkin follow-ups, and the continuing quest to get his games translated into digital form. Steve has agreed to put down the dice and answer any questions you may have. As usual, ask as many as you'd like, but please, one per post.

ICANN Seeks Comment On Limiting Anonymized Domain Registration 86

angry tapir writes: Privacy advocates are sounding the alarm over a potential policy change (PDF) that would prevent some people from registering website addresses without revealing their personal information. ICANN, the regulatory body that oversees domain names, has asked for public comment on whether it should prohibit the private registration of domains which are "associated with commercial activities and which are used for online financial transactions."

"Let's Encrypt" Project To Issue First Free Digital Certificates Next Month 97

An anonymous reader writes: Let's Encrypt, the project that hopes to increase the use of encryption across websites by issuing free digital certificates, is planning to issue the first ones next month. Backed by the EFF, the Mozilla Foundation, the Linux Foundation, Akamai, IdenTrust, Automattic, and Cisco, Let's Encrypt will provide free-of-charge SSL and TSL certificates to any webmaster interested in implementing HTTPS for their products. The Stack reports: "Let's Encrypt's root certificate will be cross-signed by IdenTrust, a public key CA owned by smartphone government ID card provider HID Global. Website operators are generally hesitant to use SSL/TLS certificates due to their cost. An extended validation (EV) SSL certificates can cost up to $1,000. It is also a complication for operators to set up encryption for larger web services. Let's Encrypt aims to remove these obstacles by eliminating the related costs and automating the entire process."

Microsoft Research Paper Considers Serving Web-ads From Localhost 231

An anonymous reader writes: A paper from Microsoft researchers (PDF) posits the possibility of 'pushing' web ads to a user's own computer and serving them into pre-arranged containers on web pages, with the EFF or ACLU serving as privacy mediators between the user and the advertisers who want to engage them. However the framework — dubbed 'Privad' — would need to get installed on the user's system by the same familiar means which the likes of Superfish use. The report admits that Privad would probably need to be disseminated "through adware-style software bundling, shopping discounts, toolbars or other incentives."

Cybersecurity and the Tylenol Murders 74

HughPickens.com writes: Cindy Cohn writes at EFF that when a criminal started lacing Tylenol capsules with cyanide in 1982, Johnson & Johnson quickly sprang into action to ensure consumer safety. It increased its internal production controls, recalled the capsules, offered an exchange for tablets, and within two months started using triple-seal tamper-resistant packaging. Congress ultimately passed an anti-tampering law but the focus of the response from both the private and the public sector was on ensuring that consumers remained safe and secure, rather than on catching the perpetrator. Indeed, the person who did the tampering was never caught.

According to Cohn the story of the Tylenol murders comes to mind as Congress considers the latest cybersecurity and data breach bills. To folks who understand computer security and networks, it's plain that the key problem are our vulnerable infrastructure and weak computer security, much like the vulnerabilities in Johnson & Johnson's supply chain in the 1980s. As then, the failure to secure our networks, the services we rely upon, and our individual computers makes it easy for bad actors to step in and "poison" our information. The way forward is clear: We need better incentives for companies who store our data to keep it secure. "Yet none of the proposals now in Congress are aimed at actually increasing the safety of our data. Instead, the focus is on "information sharing," a euphemism for more surveillance of users and networks," writes Cohn. "These bills are not only wrongheaded, they seem to be a cynical ploy to use the very real problems of cybersecurity to advance a surveillance agenda, rather than to actually take steps to make people safer." Congress could step in and encourage real security for users—by creating incentives for greater security, a greater downside for companies that fail to do so and by rewarding those companies who make the effort to develop stronger security. "It's as if the answer for Americans after the Tylenol incident was not to put on tamper-evident seals, or increase the security of the supply chain, but only to require Tylenol to "share" its customer lists with the government and with the folks over at Bayer aspirin," concludes Cohn. "We wouldn't have stood for such a wrongheaded response in 1982, and we shouldn't do so now."

NSA-Reform Bill Fails In US Senate 135

New submitter Steven King writes with a link to The Daily Dot's report that the U.S. Senate has rejected the controversial USA Freedom Act, thus "all but guaranteeing that key provisions of the USA Patriot Act will expire"; had it passed, the bill would have allowed continued use of some mass data-collection practices, but with the addition of stronger oversight. From the article: The Senate failed to reach agreement on passage of the USA Freedom Act, a bill to reauthorize and reform Section 215 of the USA Patriot Act, which the government has used to conduct bulk surveillance of Americans' phone records. The House of Representatives passed the bill last week by an overwhelming bipartisan majority, but Senate Democrats, who unified behind the bill, did not get enough Republican votes to assure passage. The linked piece also mentions that the EFF shifted its position on this bill, after a panel of Federal judges ruled that the Feds at the NSA had overstepped their bounds in collecting a seemingly unlimited trove of metadata relating to American citizen's phone calls.