Compare cell phone plans using Wirefly's innovative plan comparison tool ×
Electronic Frontier Foundation

US Customs and Border Protection Wants To Know Who You Are On Twitter (eff.org) 346

An anonymous reader quotes a report from Electronic Frontier Foundation: U.S. border control agents want to gather Facebook and Twitter identities from visitors from around the world. But this flawed plan would violate travelers' privacy, and would have a wide-ranging impact on freedom of expression -- all while doing little or nothing to protect Americans from terrorism. A proposal has been issued by U.S. Customs and Border Protection to collect social media handles from visitors to the United States from visa waiver countries. The Electronic Frontier Foundation opposes the proposal and has commented on it individually and as part of a larger coalition. "CBP specifically seeks 'information associated with your online presence -- Provider/Platform -- Social media identifier' in order to provider DHS 'greater clarity and visibility to possible nefarious activity and connections' for 'vetting purposes,'" reports EFF. "In our comments, we argue that would-be terrorists are unlikely to disclose social media identifiers that reveal publicly available posts expressing support for terrorism." They say this plan "would unfairly violate the privacy of innocent travelers," would cause "innocent travelers" to "engage in self-censorship, cutting back on their online activity out of fear of being wrongly judged by the U.S. government," and would lead to a "slippery slope, where CBP would require U.S. citizens and residents returning home to disclose their social media handles, or subject both foreign visitors and U.S. persons to invasive device searches at ports of entry with the intent of easily accessing any and all cloud data."
Electronic Frontier Foundation

EFF Accuses T-Mobile of Violating Net Neutrality With Throttled Video (arstechnica.com) 57

An anonymous reader writes: T-Mobile's new "unlimited" data plan that throttles video has upset the Electronic Frontier Foundation (EFF), which accuses the company of violating net neutrality principles. The new $70-per-month unlimited data plan "limits video to about 480p resolution and requires customers to pay an extra $25 per month for high-definition video," reports Ars Technica. "Going forward, this will be the only plan offered to new T-Mobile customers, though existing subscribers can keep their current prices and data allotments." EFF Senior Staff Technologist Jeremy Gillula told the Daily Dot, "From what we've read thus far it seems like T-Mobile's new plan to charge its customers extra to not throttle video runs directly afoul of the principle of net neutrality." The FCC's net neutrality rules ban throttling, though Ars notes "there's a difference between violating 'the principle of net neutrality' and violating the FCC's specific rules, which have exceptions to the throttling ban and allow for case-by-case judgements." "Because our no-throttling rule addresses instances in which a broadband provider targets particular content, applications, services, or non-harmful devices, it does not address a practice of slowing down an end user's connection to the internet based on a choice made by the end user," says the FCC's Open Internet Order (PDF). "For instance, a broadband provider may offer a data plan in which a subscriber receives a set amount of data at one speed tier and any remaining data at a lower tier." The EFF is still determining whether or not to file a complaint with the Federal Communications Commission.
DRM

Cory Doctorow On What iPhone's Missing Headphone Jack Means For Music Industry (fastcompany.com) 394

Rumors of Apple's next iPhone missing a headphone jack have been swirling around for more than a year now. But a report from WSJ a few weeks ago, and another report from Bloomberg this week further cemented such possibility. We've talked about it here -- several times -- but now Cory Doctorow is shedding light on what this imminent change holds for the music industry. Reader harrymcc writes: Fast Company's Mark Sullivan talked about the switch with author and EFF adviser Cory Doctorow, who thinks it could lead to music companies leveraging DRM to exert more control over what consumers can do with their music.From the article:"If Apple creates a circumstance where the only way to get audio off its products is through an interface that is DRM-capable, they'd be heartbreakingly naive in assuming that this wouldn't give rise to demands for DRM," said Doctorow. If a consumer or some third-party tech company used the music in way the rights holders didn't like, the rights holders could invoke the anti-circumvention law written in Section 1201 of the Digital Millennium Copyright Act (DMCA). Steve Jobs famously convinced the record industry to remove the DRM from music on iTunes; is there really any reason to believe the industry might suddenly become interested in DRM again if the iPhone audio goes all digital? "Yes -- for streaming audio services," Doctorow says. "I think it is inevitable that rights holder groups will try to prevent recording, retransmission, etc." Today it's easy to record streamed music from the analog headphone jack on the phone, and even to convert the stream back to digital and transmit it in real time to someone else. With a digital stream it might not be nearly so easy, or risk-free."Doctorow shares more on BoingBoing.
DRM

EFF Asks FTC To Demand 'Truth In Labeling' For DRM (techdirt.com) 122

An anonymous reader quotes a report from Techdirt: Interesting move by Cory Doctorow and the EFF in sending some letters to the FTC making a strong case that DRM requires some "truth in labeling" details in order to make sure people know what they're buying. The argument is pretty straightforward (PDF): "The legal force behind DRM makes the issue of advance notice especially pressing. It's bad enough when a product is designed to prevent its owner from engaging in lawful, legitimate, desirable conduct -- but when the owner is legally prohibited from reconfiguring the product to enable that conduct, it's vital that they be informed of this restriction before they make a purchase, so that they might make an informed decision. Though many companies sell products with DRM encumbrances, few provide notice of these encumbrances. Of those that do, fewer still enumerate the restrictions in plain, prominent language. Of the few who do so, none mention the ability of the manufacturer to change the rules of the game after the fact, by updating the DRM through non-negotiable updates that remove functionality that was present at the time of purchase." In a separate letter (PDF) from EFF, along with a number of other consumer interest groups, but also content creators like Baen Books, Humble Bundle and McSweeney's, they suggest some ways that a labeling notice might work.
Electronic Frontier Foundation

'Mayhem' Wins $2M In DARPA's AI Hacking Contest, Draws EFF Scrutiny (eff.org) 11

Here's the highlight reel from the DARPA-sponsored "Cyber Grand Challenge" competition. Slashdot reader alphadogg writes: Cyber-reasoning platform Mayhem pulled down the $2 million first prize in a competition...that pitted entrants against each other in the classic hacking game Capture the Flag, never before played by programs running on supercomputers. A team from Carnegie Mellon University spin-out All Secure entered Mayhem in the competition against six other programs played in front of thousands in the ballroom of the Paris hotel in Las Vegas. Most of the spectators were in town for the DEF CON hacker conference starting Friday at the same site.
The Electronic Frontier Foundation wrote "We think that this initiative by DARPA is very cool, very innovative, and could have been a little dangerous." Sharing their blog post about automated security research, the EFF's staff technologist Peter Eckersley writes: EFF is asking, does research like that need a safety protocol?
Electronic Frontier Foundation

Malware Linked To Government of Kazakhstan Targets Journalists, Political Activists and Lawyers, Says Report (eff.org) 23

An anonymous reader quotes a report from EFF: Journalists and political activists critical of Kazakhstan's authoritarian government, along with their family members, lawyers, and associates, have been targets of an online phishing and malware campaign believed to be carried out on behalf of the government of Kazakhstan, according to a new report by the Electronic Frontier Foundation (EFF). Malware was sent to Irina Petrushova and Alexander Petrushov, publishers of the independent newspaper Respublika, which was forced by the government of Kazakhstan to stop printing after years of exposing corruption but has continued to operate online. Also targeted are family members and attorneys of Mukhtar Ablyazov, co-founder and leader of opposition party Democratic Choice of Kazakhstan, as well as other prominent dissidents. The campaign -- which EFF has called "Operation Manul," after endangered wild cats found in the grasslands of Kazakhstan -- involved sending victims spearphishing emails that tried to trick them into opening documents which would covertly install surveillance software capable of recording keystrokes, recording through the webcam, and more. Some of the software used in the campaign is commercially available to anyone and sells for as little as $40 online.
Crime

Clerk Printed Lottery Tickets She Didn't Pay For But Didn't Break Hacking Law (arstechnica.com) 110

Violating a company rule is not -- and should not be -- a computer crime, that was the ruling of the Oregon Supreme Court in State v. Nascimento file. The Oregon's highest court ruled that while a convenience store clerk was guilty of stealing lottery tickets through the store's computer system, she did not violate the state's anti-hacking law while doing so. ArsTechnica shares more details: The Electronic Frontier Foundation, which appeared on Caryn Nascimento's behalf during the case as an amicus curae (friend of the court), announced the narrow victory on Tuesday. According to the Supreme Court's decision, the case dates back to 2007, when Nascimento began working at Tiger Mart, a small convenience store in Madras, Oregon, about 120 miles southeast of Portland. In late 2008 and early 2009, a company vice president began investigating what appeared to be cash shortages at that store, sometimes about $1,000 per day. After reviewing video recordings that correlated with Nascimento's work schedule, this executive began to suspect that she was buying lottery tickets but not paying for them. Eventually, Nascimento was charged not only with aggravated first-degree theft but also of violating the state's computer crime law, which includes language that "any person who knowingly and without authorization uses, accesses or attempts to access any computer, computer system, computer network, or any computer software, program, documentation or data contained in such computer, computer system or computer network, commits computer crime." She was convicted on both charges at trial. On appeal before the Oregon Supreme Court, Nascimento's lawyers argued that while their client may have violated a company policy to not print lottery tickets that she did not receive payment for, she was, in fact, authorized to access the lottery printing computer.
Microsoft

Court Ruling Shows The Internet Does Have Borders After All (csoonline.com) 47

itwbennett writes: Microsoft's recent victory in court, when it was ruled that the physical location of the company's servers in Ireland were out of reach of the U.S. government, was described on Slashdot as being "perceived as a major victory for privacy." But J. Trevor Hughes, president and CEO of the International Association of Privacy Professionals (IAPP) has a different view of the implications of the ruling that speaks to John Perry Barlow's vision of an independent cyberspace: "By recognizing the jurisdictional boundaries of Ireland, it is possible that the Second Circuit Court created an incentive for other jurisdictions to require data to be held within their national boundaries. We have seen similar laws emerge in Russia -- they fall under a policy trend towards 'data localization' that has many cloud service and global organizations deeply concerned. Which leads to a tough question: what happens if every country tries to assert jurisdictional control over the web? Might we end up with a fractured web, a 'splinternet,' of lessening utility?"
DRM

EFF Is Suing the US Government To Invalidate the DMCA's DRM Provisions (boingboing.net) 93

Cory Doctorow, writes for BoingBoing: The Electronic Frontier Foundation has just filed a lawsuit that challenges the Constitutionality of Section 1201 of the DMCA, the "Digital Rights Management" provision of the law, a notoriously overbroad law that bans activities that bypass or weaken copyright access-control systems, including reconfiguring software-enabled devices (making sure your IoT light-socket will accept third-party lightbulbs; tapping into diagnostic info in your car or tractor to allow an independent party to repair it) and reporting security vulnerabilities in these devices. EFF is representing two clients in its lawsuit: Andrew "bunnie" Huang, a legendary hardware hacker whose NeTV product lets users put overlays on DRM-restricted digital video signals; and Matthew Green, a heavyweight security researcher at Johns Hopkins who has an NSF grant to investigate medical record systems and whose research plans encompass the security of industrial firewalls and finance-industry "black boxes" used to manage the cryptographic security of billions of financial transactions every day. Both clients reflect the deep constitutional flaws in the DMCA, and both have standing to sue the US government to challenge DMCA 1201 because of its serious criminal provisions (5 years in prison and a $500K fine for a first offense).Doctorow has explained aspects of this for The Guardian today. You should also check Huang's blog post on this.
Electronic Frontier Foundation

EFF Delivers 210,000 Signatures Opposing Trans-Pacific Partnership (eff.org) 101

An anonymous Slashdot reader writes: "The TPP is simply bad for tech users and innovators," writes the Electronic Frontier Foundation, arguing the proposed trade agreement for the Pacific Rim "exports the most onerous parts of U.S. copyright law and prevents the U.S. from improving them in the future, while failing to include the balancing provisions that work for users and innovators, such as fair use." At a press conference, the EFF delivered 210,000 signatures gathered in conjunction with other activist groups "to call on Democratic Party Leader Nancy Pelosi to stop the Trans-Pacific Partnership from going to a vote during the 'lame duck' session of Congress following the November election."

More signatures are still being collected online, to be delivered on July 21. In a statement, the EFF adds that the TPP also "does nothing to safeguard the free and open Internet, by including phony provisions on net neutrality and encryption, trade secrets provisions that carry no exceptions for journalism or whistleblowing, and a simplistic ban on data localization...to buy off big tech."

Crime

Password Sharing Is a Federal Crime, Appeals Court Rules (vice.com) 165

An anonymous reader writes from a report via Motherboard: An appeals court ruled Wednesday that sharing passwords can be a violation of the Computer Fraud and Abuse Act, a catch-all "hacking" law that has been widely used to prosecute behavior that bears no resemblance to hacking. Motherboard reports: "In this particular instance, the conviction of David Nosal, a former employee of Korn/Ferry International research firm, was upheld by the Ninth Circuit Court of Appeals, who said that Nosal's use of a former coworker's password to access one of the firm's databases was an 'unauthorized' use of a computer system under the CFAA. In the majority opinion, Judge Margaret McKeown wrote that 'Nosal and various amici spin hypotheticals about the dire consequences of criminalizing password sharing. But these warnings miss the mark in this case. This appeal is not about password sharing.' She then went on to describe a thoroughly run-of-the-mill password sharing scenario -- her argument focuses on the idea that Nosal wasn't authorized by the company to access the database anymore, so he got a password from a friend -- that happens millions of times daily in the United States, leaving little doubt about the thrust of the case. The argument McKeown made is that the employee who shared the password with Nosal 'had no authority from Korn/Ferry to provide her password to former employees.' At issue is language in the CFAA that makes it illegal to access a computer system 'without authorization.' McKeown said that 'without authorization' is 'an unambiguous, non-technical term that, given its plain and ordinary meaning, means accessing a protected computer without permission.' The question that legal scholars, groups such as the Electronic Frontier Foundation, and dissenting judge Stephen Reinhardt ask is an important one: Authorization from who?"
Government

As It Searches For Suspects, The FBI May Be Looking At You (technologyreview.com) 90

schwit1 quotes the MIT Technology Review: The FBI has access to nearly 412 million photos in its facial recognition system—perhaps including the one on your driver's license. But according to a new government watchdog report, the bureau doesn't know how error-prone the system is, or whether it enhances or hinders investigations.

Since 2011, the bureau has quietly been using this system to compare new images, such as those taken from surveillance cameras, against a large set of photos to look for a match. That set of existing images is not limited to the FBI's own database, which includes some 30 million photos. The bureau also has access to face recognition systems used by law enforcement agencies in 16 different states, and it can tap into databases from the Department of State and the Department of Defense. And it is in negotiations with 18 other states to be able to search their databases, too...

Adding to the privacy concerns is another finding in the GAO report: that the FBI has not properly determined how often its system makes errors and has not "taken steps to determine whether face recognition systems used by external partners, such as states and federal agencies, are sufficiently accurate" to support investigations.

The Courts

Federal Court: The Fourth Amendment Does Not Protect Your Home Computer (eff.org) 309

An anonymous reader writes: The EFF reports that a federal court in Virginia today ruled that a criminal defendant has no "reasonable expectation of privacy" in his personal computer (PDF), located inside his home. The court says the federal government does not need a warrant to hack into an individual's computer. EFF reports: "The implications for the decision, if upheld, are staggering: law enforcement would be free to remotely search and seize information from your computer, without a warrant, without probable cause, or without any suspicion at all. To say the least, the decision is bad news for privacy. But it's also incorrect as a matter of law, and we expect there is little chance it would hold up on appeal. (It also was not the central component of the judge's decision, which also diminishes the likelihood that it will become reliable precedent.) But the decision underscores a broader trend in these cases: courts across the country, faced with unfamiliar technology and unsympathetic defendants, are issuing decisions that threaten everyone's rights.
Security

Comodo Attempting to Register 'Let's Encrypt' Trademarks, And That's Not Right (letsencrypt.org) 120

Let's Encrypt is a nonprofit aimed at encrypting the entire web. It provides free certificates, and its service is backed by EFF, Mozilla, Cisco, Akamai and others. Despite it being around for years, security firm Comodo, which as of 2015, was the largest issuer of SSL certificates with a 33.6% market share on 6.6% of all web domains, last year in October filed for the trademark Let's Encrypt. The team at Let's Encrypt wrote in a blog post today that they have asked Comodo to abandon its "Let's Encrypt" applications, directly but it has refused to do so. The blog post adds: We've forged relationships with millions of websites and users under the name Let's Encrypt, furthering our mission to make encryption free, easy, and accessible to everyone. We've also worked hard to build our unique identity within the community and to make that identity a reliable indicator of quality. We take it very seriously when we see the potential for our users to be confused, or worse, the potential for a third party to damage the trust our users have placed in us by intentionally creating such confusion. By attempting to register trademarks for our name, Comodo is actively attempting to do just that. Update: 06/23 22:25 GMT by M :Comodo CEO has addressed the issue on company's forum (screenshot).
The Courts

Court Slams Record Companies in New Vimeo/DMCA Ruling (arstechnica.com) 23

Remember when Capitol Records sued Vimeo over copyright-violating videos? They just lost in court again, when an Appeals court overruled three lower court decisions. Slashdot reader NewYorkCountryLawyer shares the specifics of the Appeals court's findings: [T]he Copyright Office was dead wrong in concluding that pre-1972 sound recordings aren't covered by the DMCA... the judge was wrong to think that Vimeo employees' merely viewing infringing videos was sufficient evidence of "red flag knowledge"... a few sporadic instances of employees being cavalier about copyright law did not amount to a "policy of willful blindness" on the part of the company. "The decision once again affirms that the DMCA extends immunity to a service provider for the infringement of their customers if the service provider removes material at the request of the right holder," writes Ars Technica.
Databases

FBI Can Access Hundreds of Millions of Face Recognition Photos (eff.org) 97

An anonymous reader writes from a report via EFF: The federal Government Accountability Office published a report on the FBI's face recognition capabilities that says the FBI has access to hundreds of millions of photos. According to the GAO report, the FBI's Facial Analysis, Comparison, and Evaluation (FACE) Services unit not only has access to the FBI's Next Generation Identification (NGI) face recognition database of nearly 30 million civil and criminal mug shot photos, but it also has access to the State Department's Visa and Passport databases, the Defense Department's biometric database, and the drivers license databases of at least 16 states. This totals 411.9 million images, most of which are Americans and foreigners who have committed no crimes. In May, it was reported that the FBI is keeping information contained in the NGI database private and unavailable. It argues in a proposal that the database should be exempt from the Privacy Act.
Privacy

Thousands of Email Addresses Accidentally Disclosed By Let's Encrypt (letsencrypt.org) 81

An anonymous reader writes "Let's Encrypt, the certificate authority best known for offering free SSL/TLS certificates, has reported that it accidentally disclosed thousands of user email addresses due to a bug with an automated emailing system." Executive Director Josh Aas posted this announcement: On June 11 2016 (UTC), we started sending an email to all active subscribers who provided an email address, informing them of an update to our subscriber agreement. This was done via an automated system which contained a bug that mistakenly prepended between 0 and 7,618 other email addresses to the body of the email... The problem was noticed and the system was stopped after 7,618 out of approximately 383,000 emails (1.9%) were sent. Each email mistakenly contained the email addresses from the emails sent prior to it, so earlier emails contained fewer addresses than later ones.

We take our relationship with our users very seriously and apologize for the error... If you received one of these emails we ask that you not post lists of email addresses publicly.

Google

Google Announces Support of the Controversial TPP (recode.net) 231

An anonymous reader writes: Google has announced in a blog post Friday their support for the controversial Trans-Pacific Trade Partnership (TPP). Recode reports: "The trade agreement includes key provisions about the global passage of digital data, intellectual property and copyright -- measures that have drawn criticism from both the political right and left, including several outspoken tech groups. Google's endorsement isn't exactly full-throated, but its stake clearly demonstrates another key area of support with the Obama administration, to which Google is close." Google's SVP and general counsel Kent Walker wrote: "The TPP is not perfect, and the trade negotiation process would certainly benefit from greater transparency. We will continue to advocate for process reforms, including the opportunity for all stakeholders to have a meaningful opportunity for input into trade negotiations." The company has already shown support of the TPP behind the Internet Association, which endorsed the trade agreement in March. Google joins a list of other tech titans, like Apple and Microsoft, who have shown their support as well. The Electronic Frontier Foundation calls the TPP a "secretive, multinational trade agreement" that will restrict IP laws and enforce digital policies that "benefit big corporations at the expense of the public." The TPP is still awaiting congressional approval after being signed in February.
Government

NSA Releases New Snowden Documents (vice.com) 155

An anonymous reader writes: Hundreds of internal NSA documents have been declassified and released to VICE in response to their FOIA lawsuit. They're now sharing them all online, calling it "an extraordinary behind-the-scenes look at the efforts by the NSA, the White House, and US Senator Dianne Feinstein to discredit Snowden [that] call into question aspects of the U.S. government's long-running narrative about Snowden's time at the NSA." The documents officially confirm that Snowden had also worked with the CIA, and show a vigorous internal discussion about how to respond to Snowden's leaks that apparently led the NSA to erroneously assert that Snowden hadn't voiced his objections about the surveillance of U.S. citizens within the NSA before going public.

Living in Russia now, Snowden himself refused to comment on the new releases, with his attorney saying Snowden "believes the NSA is still playing games with selective releases, and [he] therefore chooses not to participate in this effort. He doesn't trust that the intelligence community will operate in good faith."

The EFF is also marking the three-year anniversary of Snowden's leaks, saying they led directly to the first legislation curtailing the NSA's power in over 30 years and changed the way the world perceives government surveillance. Snowden was inspired in part by a desire to keep the internet free, saying in 2014 that "I remember what the Internet was like before it was being watched, and there's never been anything in the history of man that's like it."
Microsoft

EFF Petitioned To Investigate Windows 10 Upgrades (change.org) 312

An anonymous reader writes: One of the most frustrating things about the ongoing stream of stories about Windows 10 upgrades is that there seems to be no way to hold Microsoft to account. Or perhaps there is: a petition asking the Electronic Frontier Foundation to investigate has now been posted on Change.org.
The petition argues "people are being tricked or forced into upgrading to Windows 10 from their current, preferred version of Windows," and describes Microsoft's actions as "ignorantly unethical at best and malicious at worst."

Slashdot Top Deals