EFF
Latest
There'll be no escape from the FBI's new facial recognition system
If you thought that the NSA wanted too much personal information, just wait a few months. The EFF is reporting that the FBI's new facial recognition database, containing data for almost a third of the US population, will be ready to launch this summer. Codenamed NGI, the system combines the bureau's 100 million-strong fingerprint database with palm prints, iris scans and mugshots. Naturally, this has alarmed privacy advocates, since it's not just felons whose images are added, but anyone who has supplied a photo ID for a government job or background check. According to the EFF's documents, the system will be capable of adding 55,000 images per day, and could have the facial data for anything up to 52 million people by next year. Let's just hope that no-one tells the Feds about Facebook, or we're all in serious trouble.
EFF lawyer questions Microsoft's ability to search our email, claims it's open to abuse
This week Microsoft revealed that, without a warrant, it accessed the Hotmail account of a French blogger in order to track down an employee leaking source code to some of its products, ultimately leading to that employee's arrest. Microsoft's actions created an uproar among users, causing it to spell out both its means, and its justification. Microsoft claims it needs to establish if "there is evidence sufficient for a court order" before conducting any searches, as allowed under its terms of service (the ones you read and agreed to). In response, Electronic Frontier Foundation fellow Andrew Crocker calls Redmond's claim that it can't obtain a warrant on itself a false premise with massive potential for abuse. Instead of "Warrants for Windows," he argues that bringing in the FBI and obtaining a warrant is not only possible, but that it would be in line with Microsoft's policy to require a warrant before revealing user info to others.
Privacy group blocks NSA from destroying phone records, calls them evidence
A US judge has temporarily stopped the National Security Agency (NSA) from destroying phone metadata it collected, thanks to an intervention by the Electronic Frontier Foundation (EFF). The privacy watchdog argued that the documents were key to upcoming lawsuits against the spy agency stemming from Edward Snowden's revelations. Ironically, the NSA itself wants to preserve the records for intelligence purposes, but a foreign surveillance court ordered them destroyed. The reason? It judged the records would actually violate the rights of those in the phone lists. However, the EFF claimed that court wasn't aware of an existing order issued in July to keep the documents and another filed back in 2008. A hearing is now scheduled for March 19th to determine if the metadata will be permanently destroyed or not -- with your privacy as the main argument either way.
Browsing on your Android phone just got safer, thanks to the EFF
In the wake of Edward Snowden's NSA revelations, finding ways to browse the internet more securely has become of paramount importance. In its mission to help netizens feel that little bit safer, the Electronic Frontier Foundation (EFF) has long offered its HTTPS Everywhere add-on for desktop browsers, and it's now looking to do the same on mobile. As of yesterday, you can install the HTTPS Everywhere on Firefox for Android, which automatically seeks out HTTPS connections on supported websites. Webpages will be loaded over an encrypted connection, letting you to check your email, shop online and browse the web without fear of a third-party, or surveillance agency like the NSA or GCHQ, intercepting your traffic. To install the add-on, make sure you have the latest version of Firefox for Android on your phone, then install the plugin via the EFF website. Once loaded, the app will display an icon in the address bar, ensuring your browser won't suffer the same fate as Angry Birds and other mobile apps.
Live from the Engadget CES Stage: the EFF's Julie Samuels
Electronic Frontier Foundation staff attorney Julie Samuels has quite possibly the greatest job title in the history of job titles: The Mark Cuban Chair to Eliminate Stupid Patents at EFF. She'll join us to speak about how said stupid patents are hampering innovation. January 8, 2014 5:30:00 PM EST
US judge rules warrantless gadget searches at the border aren't unconstitutional
A United States district judge has ruled that gadget searches upon crossing into the US aren't a breach of the First and Fourth Amendments. In 2010, the National Association of Criminal Defense Lawyers, National Press Photographers and grad student Pascal Abidor challenged the 2008 ruling that authorizes unwarranted device search-and-seizures, saying that they exist to counteract protected speech and certain confidentiality privileges. However, district judge Edward Korman remarks that because the chance of the searches is so low (he estimates odds of less than five in a million, although the government's count has been disputed) there aren't any grounds for dismissing the rulings. He further states that this is no different than having your baggage or person examined before crossing into the US, and that the government simply doesn't have enough resources to inspect the devices of everyone who enters the country. Most worrying however is when Korman says that it's "foolish, if not irresponsible" that the plaintiffs would store sensitive data on their gadgets in the first place. The ACLU is considering appealing the decision but attorney Catherine Crump tells the New York Times that for now the status quo remains, and in many areas of the country, "the government is free...to conduct all types of electronic device searches without reasonable suspicion." [Image credit: Flickr/Crashworks]
Judge tosses out Apple's motion regarding Lodsys
Apple licensed US Patent #772,078 from original owner Intellectual Ventures to allow for in-app purchases of iOS apps. The patent, now owned by Lodsys, covers "Methods and systems for gathering information from units of a commodity across a network." Lodsys started suing iOS developers for patent infringement and Apple filed a motion to intervene in patent infringement lawsuits in 2011. Patent trolls -- also known as Patent Assertion Entities ("PAEs") -- are "firms with a business model based primarily on purchasing patents and then attempting to generate revenue by asserting the intellectual property against persons who are already practicing the patented technologies," according to the FTC. According to Joe Mullin from Ars Technica, "Lodsys became one of the most-scorned patent holders in 2011, by making seemingly small cash demands (just 0.575 percent of your revenue, please!) against small app makers, who it said were infringing its patents that cover in-app purchasing and upgrades." Ars Technica further states that, "the East Texas judge [US District Judge Rodney Gilstrap] overseeing Lodsys' systematic patent attack on app developers has refused to even consider Apple's motion." This means that Lodsys is now free to "threaten developers for months, and perhaps even years, to come," according to Mullin. An amicus brief, which is loosely an offer to assist in understanding an issue being handled by a court by parties with a strong interest in the issue (but not part of the court action) was filed by the App Developers Alliance and the Electronic Frontier Foundation. The brief states: "Lodsys's pattern of sending out demand letters, suing a seemingly random sampling of app developers and then settling with those app developers, promises that those developers' claims of a right to use the technology in question will never be heard. The resulting uncertainty leaves developers in limbo. In fact, there have been reports that app developers are indeed pulling apps out of the US markets entirely. Charles Arthur, App Developers Withdraw from US as Patent Fears Reach 'Tipping Point', The Guardian (July 15, 2011)." Mullin recounts some of the pending suits and companies involved, and provides more detail on how those companies are handling the cases. "Apple's argument that the Lodsys patents are already paid for could have been a clean and effective way to shut down much of the Lodsys patent campaign." It looks like that isn't going to happen anytime soon. Related Stories FTC publishes a long list of questions it wants to ask "patent trolls", Ars Technica, 9/27/13. FTC Seeks to Examine Patent Assertion Entities and Their Impact on Innovation, Competition, FTC, 9/27/13. Lodsys offers to settle patent dispute with fortunate developer, TUAW, 8/8/13. Apple allowed to intervene in Lodsys patent case, TUAW, 4/13/12. Lodsys now going after apps with More Apps buttons, TUAW, 7/13/11. Apple files motion to intervene in Lodsys suit, TUAW, 6/10/11.
NSA collected up to 56,000 emails not connected to terrorism a year, blames error
We can't say as though we're particularly surprised to see such numbers, but, well, at least they're finally coming to light. According to The Washington Post, newly declassified court documents highlight how the NSA collected up to 56,000 e-mails per year, over a three year period. The docs detail why the collection of such "wholly domestic" information was ruled unconstitutional by a judge in the Foreign Intelligence Surveillance Court, though the NSA stated that the surveillance was unintentional, adding that it reported said information to the court. As part of the ruling, the intelligence agency was required to investigate limits to its data collection -- the NSA claims to have since addressed the problem. The newly available information was made public thanks to a recently field EFF lawsuit. Update: Want to crawl through some of that information? The White House has begun posting key docs to Tumblr, of all places.
The Engadget Show 45: Security with Cory Doctorow, John McAfee, Microsoft, the EFF and more!
Welcome to the wild world of security and surveillance. From CCTV to massive government spying initiatives, there's no escaping it. Recent high-profile leaks have served as a sobering reminder of just how present it is in all of our lives, so we figured what better time to take a deep dive? We kick things off with one of the strangest (and raciest) segments in Engadget Show history: a visit to the set of John McAfee's latest web video. The one-time security software guru and fugitive discusses the state of antivirus, bath salts and offers some unsolicited advice to Edward Snowden, one exile to another. Trevor Timm of the Electronic Frontier Foundation sits down for an animated discussion of recent NSA surveillance revelations, including a breakdown of which major tech companies are doing right by their user base. Boing Boing editor, sci-fi author and privacy activist Cory Doctorow climbs a tree in San Diego to discuss Wikileaks, the NSA, the "surveillance state" and more. "Edward Snowden is a hero," he begins, not speaking on behalf of the EFF, mind you -- and things get really good from there. Cryptographer and computer security specialist Bruce Schneier also chimes in on wiretapping, whistleblowing and "security theater." Next up, we pay a visit to The New Yorker's midtown office to talk Strong Box, the magazine's secure deposit box for anonymous whistleblowers. The team behind Ubisoft's Watch Dogs joins us to discuss partnering with computer security company Kaspersky to bring a realistic portrait of the world of hacking to its much anticipated title. And one-time hacker turned head of security community outreach at Microsoft, Katie Moussouris, discusses Redmond's Bluehat bounty program and working with the hacking community to build safer software. All that, plus the usual prognosticating from resident philosopher John Roderick in this month's Engadget Show, just after the break.
Electronic Frontier Foundation sues NSA, calls surveillance programs unconstitutional
Earlier today, the Electronic Frontier Foundation sued the Obama administration over concerns surrounding the NSA's extensive surveillance programs, just weeks after the ACLU did the same. Filed on behalf of human rights, religious and environmental activist groups, the suit argues that the federal government's so-called Associational Tracking Program is inherently unconstitutional because it threatens stipulations found in the Bill of Rights, like freedom of speech and the right to assembly. The list of plaintiffs is extensive, and the suit has united groups with varying mission statements, like Human Rights Watch, Greenpeace and the National Organization for the Reform of Marijuana Laws. To read the complaint in full, head on over to the source link below.
EFF looks at rules controlling NSA surveillance, sees big risks for Americans
While The Guardian undoubtedly garnered attention when it posted court papers detailing data collection rules for the NSA, it also provided a lot of detail that isn't easy to digest. The Electronic Frontier Foundation is more than willing to break down those rules, however -- and it doesn't like what it sees. It's concerned that there are too many exceptions letting the NSA store and transmit private information, with little oversight preventing investigators from seeing more US data than they should. Allegedly, the rules could defy American rights to anonymous speech; they may also violate attorney-client privileges both inside and outside of the US. We have a hunch that the NSA might disagree with this interpretation of its authority, but you can see all the points of contention for yourself at the link below. [Image credit: David Drexler, Flickr]
EFF report knocks Verizon, praises Twitter for protecting user data
The Electronic Frontier Foundation has released its annual "Who Has Your Back?" report, ranking 18 companies by how well they protect user information from government eyes. Twitter and Sonic.net get high scores from the EFF, as they meet all six of the organization's privacy guidelines, which include requiring a warrant for sharing content and telling users about government data requests. On the other end of the spectrum are MySpace and Verizon, both of which score zero out of six stars. Meanwhile, Apple and AT&T get one gold star each, and Google, Dropbox and LinkedIn are tied for second place. You'll find the complete breakdown in the EFF 's comprehensive infographic (partially displayed above), and the full report is available via the source link.
Humble Bundle game sales now coming weekly, starting with Bastion
Who would've thought that letting consumers pay what they think is fair for quality games would prove popular? That's the concept behind Humble Bundle, and so far, it's been rather good to developers and charities alike. Now, deals from the company are set to get a whole lot more frequent, as it's just announced weekly game sales that'll supplement the monthly bundle offers. You'll find a new game from Humble Bundle go up for sale each Tuesday, and to kick things off, the company is starting with Bastion, an RPG from Supergiant Games. Just $1 nets you a Steam key to the game, but if common decency isn't enough of a reason to pay more, you'll find bonus content and merchandise up for grabs, too. This week's charities include the EFF and Child's Play, but you've only got seven days to act before another game takes its place. Best start checking it out, and you can start with a demo of Bastion after the break.
The Engadget Interview: EFF's Julie Samuels talks patents, podcasting and the SHIELD Act
We've heard it shouted from the mountaintops more times than we'd care to mention: the patent system is fundamentally broken. But that manner of righteous indignation can often fail to make an impression on those attempting to live their lives unaffected on the sidelines, as hardware behemoths level a seemingly endless string of suits based on often overly broad language. One's perspective shifts easily, however, when targets change and the defendants themselves are no longer aggressively litigious corporations with an arsenal of filing cabinets spilling over with intellectual property, as was the case when one company used a recently granted patent to go after a number of podcasting networks. When we wanted to get to the bottom of this latest example in a long line of arguably questionable patent litigation, we phoned up Julie Samuels, a staff attorney at the Electronic Frontier Foundation who has also been designated the organization's Mark Cuban Chair to Eliminate Stupid Patents. Samuels has been fighting the battle against dangerously broad patents for some time now, recently traveling to DC to support passage of the SHIELD Act (Saving High-tech Innovators from Egregious Legal Disputes), a congressional bill that would impose heavy fines against so-called patent trolls. We spoke to Samuels about supposed trolls, podcasts, SHIELD and how those with microphones can make their voices heard. Note: The owner of the podcasting patent in question declined to comment on the matter.
Smartphone petition breaks 100,000 signatures, forces White House response
The petition to reinstate the DMCA protection of smartphone unlockers has reached 100,000 signatories on We The People. As it's now hit the golden limit, the White House will have to issue an official response explaining its stance on the matter. The petition also asked that if the Librarian of Congress wouldn't bring back the exemption, that a bill should be passed that enshrines the right into law. As soon we see the message from the West Wing, we'll let you know what they say.
Unlocking new phones now banned under DMCA, the EFF weighs in
It was great while it lasted, but the days of users legally unlocking their own phones is over. Back in October of last year, the Library of Congress added an exemption to the DMCA to allow folks to free their new phones for 90 days. That three month window has now closed. Of course, carriers are still free to offer unlocked handsets themselves, and some will also unlock them for you as long as certain conditions are met. "Legacy" or used handsets purchased before today can still be unlocked without any finger-wagging from federal courts. So, what does this mean exactly? Well, Electronic Frontier Foundation attorney Mitch Stoltz told us, "What's happening is not that the Copyright Office is declaring unlocking to be illegal, but rather that they're taking away a shield that unlockers could use in court if they get sued." This does make lawsuits much more likely according to him, but it's still up to the courts to decide the actual legality of phone unlocking. Indeed, it's a grim day for those who want true freedom over their own devices. Stoltz said to us, "This shows just how absurd the Digital Millennium Copyright Act is: a law that was supposed to stop the breaking of digital locks on copyrighted materials has led to the Librarian of Congress trying to regulate the used cellphone market."
Live from the Engadget CES Stage: an interview with the EFF's Julie Samuels (update: video embedded)
The topic no one wants to talk about at CES? Yep, it's gonna be a half-hour of frank patent litigation talk with the Electronic Frontier Foundation's Julie Samuels. If you care at all about legal kerfuffles, you're not gonna want to miss this one. January 9, 2013 5:30 PM EST Check out our full CES 2013 stage schedule here! Update: video embedded
Time Warner Cable and Verizon plan to redirect, throttle internet users accused of piracy (video)
We've been wondering what major American internet providers would do to thwart supposed pirates beyond nag them senseless; other than leaks surrounding AT&T's reeducation process, we've mostly been left in the dark. There's a better picture of the consequences now that Time Warner Cable and Verizon have unveiled their strategies at an Internet Society conference. Verizon's approach is an attempt to straddle the line between angry media studios and the basic need to communicate: if copyright complaints reach the fifth or sixth notice, Verizon will throttle the connection for two to three days without instituting outright blocks. TWC's method may be tougher to ignore -- the cable provider will redirect claimed infringers to a custom page and restrict what they can visit. While it's not clear just how limited access will be, it's doubtful anyone will want to find out. Not surprisingly, critics like the Electronic Frontier Foundation aren't happy with the restrictions as a whole, and point to the Center for Copyright Information allegedly going back on its vows of impartiality -- it notes that the anti-piracy initiative's reviewer is a previous RIAA lobbying firm, and that many of the real technical details are partially censored despite promises of transparency. The Center hasn't responded to those challenges, but we're somewhat comforted when it claims there won't be draconian attempts to catch everyone, at least not in the foreseeable future. We'd still be sure to lock down any WiFi hotspots to avoid false accusations; ignoring any ISP warnings could soon lead to more than just a sternly-worded message.
DMCA update shuts down new phone unlocking next year, allows rooting (but not for tablets)
And so it passed that Congress didst layeth its blessing on the jailbreaking and rooting of all manner of devices; the hacking community saw the miracle and rejoiced. But that amendment to the DMCA two years ago was just a temporary exemption and the Electronic Frontier Foundation has been vigorously lobbying to get it reinstated. The Library of Congress has now done just that through a new three year extension, but with some serious caveats: After 90 days, unlocking of new phones will be verboten and all tablet mods will still be illegal. This differs from the 2010 decision which did allow unlocking, because the Librarian decided that a recent copyright ruling means fair use rules no longer apply to a handset's OS. It also said the exception isn't needed anymore because carrier rules regarding unlocking are now more liberal -- although the lawmaker may be confounding chicken with egg by that reasoning.
Federal appeals court says warrantless wiretapping is legal
A federal appeals court has ruled today that the US government can tap into Americans' communications without worrying over frivolous things like "being sued" by its people. In what most sane civilians will probably see as a depressing loss of protection, a three-judge panel of the 9th US Circuit Court of Appeals ruled that citizens can sue the United States for damages stemming from the use of information collected via wiretap, but not for the collection of information itself. In typical pass-the-buck fashion, Wired reports that Judge Michael Daly Hawkins and Judge Harry Pregerson added the following: "Although such a structure may seem anomalous and even unfair, the policy judgment is one for Congress, not the courts." Alrighty. For those unaware, the back and forth surrounding this issue extends back to Congress' authorization of the Bush spy program in 2008, and more specifically, a pair of US lawyers and the now-defunct al-Haramain Islamic Foundation -- a group that was granted over $2.5 million combined in legal fees after proving that they were spied on sans warrants. The full report can be found in the PDF below.
