WebProNews

Tag: EFF

  • Amazon’s Ring and Google Nest Give Footage to Police Without Warrants

    Amazon’s Ring and Google Nest Give Footage to Police Without Warrants

    Amazon’s Ring and Google Nest devices are popular home security options, but users may want to look elsewhere if privacy is a concern.

    Ring and Nest devices are used in homes and businesses alike, but a new report says Amazon and Google are giving police access to footage from the devices without a warrant and without the owner’s permission.

    The revelation occurred as a result of Senator Edward Markey’s inquiries regarding Amazon’s practices. The Senator has become increasingly concerned over the role private companies play in mass surveillance.

    “As my ongoing investigation into Amazon illustrates, it has become increasingly difficult for the public to move, assemble, and converse in public without being tracked and recorded,” said Senator Markey. “We cannot accept this as inevitable in our country.”

    In response to Senator Markey’s inquiry, Amazon acknowledged that it does provide law enforcement with access to user footage without permission or a warrant.

    “So far this year, Ring has provided videos to law enforcement in response to an emergency request only 11 times,” the company wrote in response. “In each instance, Ring made a good-faith determination that there was an imminent danger of death or serious physical injury to a person requiring disclosure of information without delay.”

    Read more: Ring Is a Case Study in Bad Privacy Policy

    Amazon is not alone in this practice. Google’s Terms of Service make it clear the company has similar policies.

    “If we reasonably believe that we can prevent someone from dying or from suffering serious physical harm, we may provide information to a government agency — for example, in the case of bomb threats, school shootings, kidnappings, suicide prevention, and missing persons cases. We still consider these requests in light of applicable laws and our policies.”

    Not everyone is convinced by Amazon’s response and it’s unlikely Google’s will score many points either.

    “The ’emergency’ exception to this process allows police to request video directly from Amazon, and without a warrant,” writes Jason Kelley and Matthew Guariglia for the EFF, specifically about Amazon. “But there are insufficient safeguards to protect civil liberties in this process. For example, there is no process for a judge or the device owner to determine whether there actually was an emergency. This could easily lead to police abuse: there will always be temptation for police to use it for increasingly less urgent situations.”

    Additional Privacy Issues

    Sharing information with the police is not the only concern. Senator Markey, as well as the EFF, also raise concerns about the distance at which Ring devices can record audio.

    “Earlier this year, Consumer Reports revealed that Ring’s audio capabilities are more powerful than anyone anticipated, collecting conversation-level audio from up to 25-feet away,” Kelley and Guariglia add. “This has disturbing implications for people who walk, bike, or even drive by dozens of these devices every day, not knowing that their conversations may have been captured and recorded. The company also refused to commit to eliminating the default setting of automatically recording audio.”

    Ring has a longstanding history of privacy issues, and Google is no stranger to privacy controversies. The fact that both companies are sharing data without authorization, not to mention one of them broadly recording mass amounts of indiscriminate audio, should be a major concern for everyone involved.

  • EFF: Google Chrome’s ‘Manifest V3 is Deceitful and Threatening’

    EFF: Google Chrome’s ‘Manifest V3 is Deceitful and Threatening’

    The Electronic Frontier Foundation (EFF) is calling out Google’s Manifest V3 (MV3) browser extension plans, calling them “deceitful and threatening.”

    MV3 represents a significant change to how Chrome browser extensions are implemented. In an effort to increase compatibility, Mozilla has already announced that Firefox will adopt MV3 too.

    According to the EFF, however, MV3 represents a major threat to privacy and security, thanks to the limits it places on how extensions work.

    Manifest V3, or Mv3 for short, is outright harmful to privacy efforts. It will restrict the capabilities of web extensions—especially those that are designed to monitor, modify, and compute alongside the conversation your browser has with the websites you visit. Under the new specifications, extensions like these– like some privacy-protective tracker blockers– will have greatly reduced capabilities. Google’s efforts to limit that access is concerning, especially considering that Google has trackers installed on 75% of the top one million websites.

    The EFF aren’t the only ones warning about MV3.

    “A web browser is supposed to act on behalf of the user and respect the user’s interests,” says Jonathan Mayer, Princeton University. “Unfortunately, Chrome now has a track record as a Google agent, not a user agent. It is the only major web browser that lacks meaningful privacy protections by default, shoves users toward linking activity with a Google Account, and implements invasive new advertising capabilities. Google’s latest changes will break Chrome privacy extensions, despite academic research demonstrating that no change is necessary. These user-hostile decisions are all directly attributable to Google’s surveillance business model and enabled by its dominance of the desktop browser market.”

    “Nearly all browser extensions as you know them today will be affected in some way: the more lucky ones will ‘only’ experience problems, some will get crippled, and some will literally cease to exist,” writes AdGuard’s Andrey Meshkov.

    It’s unlikely Google will back down from its MV3 plans, given how much it relies on the very kinds of trackers many privacy extensions are designed to combat. Hopefully, however, Mozilla will rethink its adoption of MV3, given the company’s commitment to privacy and security.

  • Apple Will Check Photo Uploads for Child Sex Abuse Images

    Apple Will Check Photo Uploads for Child Sex Abuse Images

    Apple will begin checking photos being uploaded to its iCloud service against a database of Child Sexual Abuse Material (CSAM), in an effort to protect children.

    In the battle over encryption — known as the Crypto Wars — governments have often used protecting children as justification for promoting backdoors in encryption and security. Unfortunately, not matter how well-intentioned, as we have highlighted before, there is no way to securely create a backdoor in encryption that will be safe from exploitation by others.

    Apple appears to be trying to offer a compromise solution, one that would preserve privacy, while still protecting children.

    Apple outlined how its CSAM system will work:

    Apple’s method of detecting known CSAM is designed with user privacy in mind. Instead of scanning images in the cloud, the system performs on-device matching using a database of known CSAM image hashes provided by NCMEC and other child safety organizations. Apple further transforms this database into an unreadable set of hashes that is securely stored on users’ devices.

    Before an image is stored in iCloud Photos, an on-device matching process is performed for that image against the known CSAM hashes. This matching process is powered by a cryptographic technology called private set intersection, which determines if there is a match without revealing the result. The device creates a cryptographic safety voucher that encodes the match result along with additional encrypted data about the image. This voucher is uploaded to iCloud Photos along with the image.

    Using another technology called threshold secret sharing, the system ensures the contents of the safety vouchers cannot be interpreted by Apple unless the iCloud Photos account crosses a threshold of known CSAM content. The threshold is set to provide an extremely high level of accuracy and ensures less than a one in one trillion chance per year of incorrectly flagging a given account.

    Needless to say, Apple’s announcement has been met with a variety of responses. The Electronic Frontier Foundation (EFF), in particular, has been highly critical of Apple’s decision, even accusing the company of going back on its former privacy stance and embracing backdoors.

    The EFF is particularly concerned Apple’s new system could be broadened to include speech, or virtually anything, governments may not approve of. While there is certainly a concern the system could be abused that way, it’s also a far cry from using an on-device method for screening something as vile as CSAM vs using it to monitor speech.

    In many ways, Apple’s new approach to combatting CSAM is somewhat similar to its approach to combatting malware. There have been times in the past when Apple took the liberty of proactively removing particularly dangerous malware from devices. Critics could argue that Apple could extend that, at the behest of governments, to removing any programs deemed offense. But that hasn’t happened. Why? Because there’s a big difference between removing malware and censoring applications.

    The National Center for Missing & Exploited Children, admittedly a critic of end-to-end encryption, praised Apple’s decision.

    “With so many people using Apple products, these new safety measures have lifesaving potential for children who are being enticed online and whose horrific images are being circulated in child sexual abuse material,” John Clark, chief executive of the NCMEC, said in a statement, via Reuters. “The reality is that privacy and child protection can co-exist.”

    Ultimately, only time will tell if Apple has struck the right balance between privacy and child protection. It’s worth noting Microsoft, Google and Facebook already have similar systems in place, but Apple believes its system offers significant benefits in the realm of privacy.

    In addition to going a long way toward protecting children, it’s also possible Apple’s willingness to make this concession will disarm one of the biggest arguments against end-to-end encryption, preserving the technology against legislative action.

  • EFF Partners With DuckDuckGo, Adopts Its HTTPS Dataset

    EFF Partners With DuckDuckGo, Adopts Its HTTPS Dataset

    The Electronic Frontier Foundation (EFF) is partnering with DuckDuckGo to include the latter’s HTTPS dataset in its HTTPS Everywhere browser extension.

    The EFF and DuckDuckGo are closely aligned in their commitment to protecting user privacy. DuckDuckGo’s privacy browser extension for the desktop, and its standalone privacy browser for iOS, rely on the company’s Smarter Encryption technology.

    Smarter Encryption upgrades a standard unencrypted (HTTP) website connection to an encrypted (HTTPS) connection where possible. Smarter Encryption is more advanced than many competing options, since DuckDuckGo crawls and re-crawls the web to keep its dataset current.

    The EFF is now adopting DuckDuckGo’s Smart Encryption dataset for use in its own HTTPS Everywhere browser extension. Like Smart Encryption, HTTPS Everywhere is designed to help upgrade insecure connections. The EFF’s solution previously used “a crowd-sourced list of encrypted HTTPS versions of websites,” a less efficient and less comprehensive solution than DuckDuckGo’s.

    “DuckDuckGo Smarter Encryption has a list of millions of HTTPS-encrypted websites, generated by continually crawling the web instead of through crowdsourcing, which will give HTTPS Everywhere users more coverage for secure browsing,” said Alexis Hancock, EFF Director of Engineering and manager of HTTPS Everywhere and Certbot web encrypting projects. “We’re thrilled to be partnering with DuckDuckGo as we see HTTPS become the default protocol on the net and contemplate HTTPS Everywhere’s future.”

    “EFFs pioneering work with the HTTPS Everywhere extension took privacy protection in a new and needed direction, seamlessly upgrading people to secure website connections,” said Gabriel Weinberg, DuckDuckGo founder and CEO. “We’re delighted that EFF has now entrusted DuckDuckGo to power HTTPS Everywhere going forward, using our next generation Smarter Encryption dataset.”

  • Google Wants a More Private Web, Will Not Build ‘Alternate Identifiers’ to Replace Cookies

    Google Wants a More Private Web, Will Not Build ‘Alternate Identifiers’ to Replace Cookies

    Google has announced it has no intention to build or use “alternate identifiers” as a replacement to cookies for tracking individuals.

    Google stunned the industry when it announced it would remove support for third-party cookies in Chrome, which currently has roughly 70% of the web browser market. While useful for providing site functionality, cookies are often used to track individuals across websites and build a startlingly complete picture of a person’s interests and browsing habits.

    Some had thought Google might develop alternative identifier solutions to replace cookies, but the company has firmly shot that idea down. David Temkin, Director of Product Management, Ads Privacy and Trust, outlined the company’s plans in a blog post:

    That’s why last year Chrome announced its intent to remove support for third-party cookies, and why we’ve been working with the broader industry on the Privacy Sandbox to build innovations that protect anonymity while still delivering results for advertisers and publishers. Even so, we continue to get questions about whether Google will join others in the ad tech industry who plan to replace third-party cookies with alternative user-level identifiers. Today, we’re making explicit that once third-party cookies are phased out, we will not build alternate identifiers to track individuals as they browse across the web, nor will we use them in our products.

    Temkin reiterated the company’s commitment to its Federated Learning of Cohorts (FLoC) API. FLoC is designed to hide an individual in the crowd, essentially providing privacy through obscurity. Some are not convinced, however, with the EFF labeling FLoC “a terrible idea.”

    Still, given Google’s history of ignoring and abusing individuals’ privacy, a history that has resulted in lawsuits, its refreshing to see the company take at least some stand for privacy.

    Keeping the internet open and accessible for everyone requires all of us to do more to protect privacy — and that means an end to not only third-party cookies, but also any technology used for tracking individual people as they browse the web. We remain committed to preserving a vibrant and open ecosystem where people can access a broad range of ad-supported content with confidence that their privacy and choices are respected. We look forward to working with others in the industry on the path forward.

  • Ring Making Major Changes To Improve Privacy

    Ring Making Major Changes To Improve Privacy

    After ongoing issues, Ring has informed users it is implementing a number of changes to improve privacy and security.

    Ring’s blog post comes as the company is trying to do damage control over a number of mishandled privacy issues. First there were multiple reports of the company’s cameras being hacked, followed by VICE investigating the service’s security and finding it wanting, to say the least. The worst revelation came when the Electronic Frontier Foundation (EFF) found that Ring was sharing personally identifiable data with a number of companies, without properly disclosing it to consumers. Ring’s response did nothing to help the situation, admitting they were sharing data with more companies than they said, but that customers should trust they were doing it responsibly.

    In the company’s blog post, Ring tries to address multiple concerns, beginning with two-factor authentication.

    “While we already offered two-factor authentication to customers, starting today we’re making a second layer of verification mandatory for all users when they log into their Ring accounts,” reads the blog post. “This added authentication helps prevent unauthorized users from gaining access to your Ring account, even if they have your username and password.”

    The company also addressed its data sharing policies.

    “Ring does not sell your personal information to anyone. We occasionally collaborate with third-party service providers that specialize in delivering different benefits, such as identifying and solving your problems faster when you contact Ring Community Support, providing you with personalized Ring offers and discounts, and communicating important alerts about your devices, like when your battery is low. Collaborating with these third-party service providers allows us to deliver the best possible Ring experience to you.”

    Ring says it is implementing a number of changes. First it is temporarily pausing most third-party analytics data sharing. Second, the company is also providing customers a way of opting out of third-party data sharing for personalized ads.

    Overall, this is a good first step for the company. If Ring had built its service with these steps already in place, they would not have spent the last couple of months losing customer trust and doing damage control.

  • Ring Is a Case Study In Bad Privacy Policy

    Ring Is a Case Study In Bad Privacy Policy

    Ring has been in the news for its ongoing struggles with privacy issues. Its latest response, not to mention its approach in general, could serve as a case study of what not to do.

    Ring was first in the news over a number of incidents where individuals were able to hack the cameras, spy on and interact with the owners. Following that, VICE tested Ring’s security and found it was abysmal. The nail in the coffin was the Electronic Frontier Foundation’s (EFF) investigation that showed Ring was sharing a load of identifiable information with third-parties. The worst part is that users were not notified of what data was being collected and shared, let alone given a way to control or opt-out of the collection.

    Now CBS News is reporting that “although it confirmed that it shares more data with third parties than it previously told users, the company said in a statement that it contractually limits its partners to use the data only for ‘appropriate purposes,’ including helping Ring improve its app and user experience.”

    Essentially, the company is saying “yes, we got caught doing something we shouldn’t have been doing, but you should totally trust us that we’re doing it responsibly.”

    Ring’s troubles and their response should be a lesson to every company that deals with customers’ private data: A strong commitment to privacy should NEVER be an afterthought, add-on or damage control. In an era when hackers are eager to take advantage of weak data policies, when companies look to profit from their customers’ data and when an interconnected world means that a single breach can have far-reaching consequences—privacy must be built-in from the ground up.

    The fact that it should especially be built-in from the ground up in a service that is designed specifically to protect user privacy and security should go without saying. However, since Ring obviously needed someone to say it, the company should stand as an example of what not to do when it comes to protecting customer privacy.

  • Ring Uses Android Doorbell App to Surveil Customers

    Ring Uses Android Doorbell App to Surveil Customers

    The Electronic Frontier Foundation (EFF) has discovered that Ring’s Android doorbell camera app is being used to surveil customers.

    According to the EFF, the Ring Android app is “packed with third-party trackers sending out a plethora of customers’ personally identifiable information (PII). Four main analytics and marketing companies were discovered to be receiving information such as the names, private IP addresses, mobile network carriers, persistent identifiers, and sensor data on the devices of paying customers.”

    Specifically, the data is shared with Branch, AppsFlyer, MixPanel and Google’s Crashalytics. EFF’s investigation was able to uncover what data was being sent to each entity.

    Branch is a “deep linking” platform that receives several unique identifiers, “as well as your device’s local IP address, model, screen resolution, and DPI.”

    AppsFlyer is “a big data company focused on the mobile platform,” and receives information that includes unique identifiers, when Ring was installed, interactions with the “Neighbors” section and more. Even worse, AppsFlyer “receives the sensors installed on your device (on our test device, this included the magnetometer, gyroscope, and accelerometer) and current calibration settings.”

    MixPanel receives the most information, including “users’ full names, email addresses, device information such as OS version and model, whether bluetooth is enabled, and app settings such as the number of locations a user has Ring devices installed in.”

    It’s unknown what data is sent to Crashalytics, although it’s likely that’s the most benign of the data-sharing partnerships.

    The worst part is that, while all of these companies are listed in Ring’s third-party services list, the amount of data collection is not. As a result, there is no way for a customer to know how much data is being collected or what is being done with it, let alone have the option to opt out of it.

    Ring has been in the news recently for several high-profile security issues, including its cameras being hacked and a VICE investigation revealing an abysmal lack of basic security features. While both of these can be chalked up to errors or incompetence, this latest discovery is deeply disturbing because it speaks to how Ring is designed to function—namely as a way for the company to profit off of surveilling its own customers.

  • Which Companies Best Protect Your Data from the Government’s Prying Eyes?

    According to the Electronic Frontier Foundation’s annual report on companies’ commitment to protecting user data, Adobe, Apple, Wikimedia, WordPress, and Yahoo have your back more than everyone else.

    The EFF’s Who Has Your Back? report looks at 24 major tech companies and awards stars based on five criteria – whether or not they 1) follow industry-accepted best practices (requiring warrants, publishing transparency reports, etc.); 2) tell users about government data requests; 3) publicly disclose the company’s data retention policies; 4) disclose the number of times governments seek the removal of user content or accounts and how often the company complies; and 5) oppose backdoors.

    The EFF says that overall, it has seen improvement just in the past few months. But the organization calls out some companies for failing to take steps it recommended to protect user privacy – including WhatsApp, Google, and Twitter.

    In the months that EFF has been talking to companies to develop “Who Has Your Back,” there has already been significant improvement in privacy practices. For example, just days ago Amazon released its first-ever transparency report.

     

    But it’s not all good news. For more than a year, EFF has urged Google and Twitter to commit to telling users about government data requests, even when that notice must be delayed due to an ongoing emergency or a gag order, but both companies have yet to improve their policies and earn a star. WhatsApp received only one star despite notice last year from EFF that it was going to be included in “Who Has Your Back” and an acquisition by Facebook that gave it plenty of resources to protect its customers.

    Here’s the final chart for 2015:

    Screen Shot 2015-06-18 at 9.28.54 AM

    “We are pleased to see major tech companies competing on privacy and user rights. Practices that encourage transparency with users about government data requests are becoming the default for companies across the web. While we’re only able to judge a small selection of the tech industry, we believe this is emblematic of a broader shift. Perhaps invigorated by the ongoing debates around government surveillance and in response to growing public attention around these issues, more and more companies are voluntarily speaking out about government data requests and giving users tools to fight back,” says the EFF.

    You can check out the entire report here.

    Image via Apple

  • The Messaging Apps You Use the Most Are Woefully Insecure

    The Messaging Apps You Use the Most Are Woefully Insecure

    It’s likely that every single day, you use a messaging app to communicate with friends and family. It’s also likely that the messaging app you’re using is unequipped to protect your privacy.

    The Electronic Frontier Foundation (EFF) has just released a scorecard featuring 39 messaging apps ranging in popularity from the relatively small Silent Phone and CryptoCat to the ubiquitous iMessage and Facebook Messenger. The scorecard measures the security of each app using seven different criteria.

    That includes the questions … Is your communication encrypted in transit? Is your communication encrypted with a key the provider doesn’t have access to? Can you independently verify your correspondent’s identity? Are past communications secure if your keys are stolen? Is the code open to independent review? Is the crypto design well-documented? and Has there been an independent security audit?

    Spoiler alert – it’s not good. The messaging landscape is woefully insecure.

    In fact, only six applications garnered a perfect score: ChatSecure, CryptoCat, Signal/Redphone, Silent Phone, Silent Text, and TextSecure.

    Every other app failed in at least one of the aforementioned areas.

    “The revelations from Edward Snowden confirm that governments are spying on our digital lives, devouring all communications that aren’t protected by encryption,” said EFF Technology Projects Director Peter Eckersley. “Many new tools claim to protect you, but don’t include critical features like end-to-end encryption or secure deletion. This scorecard gives you the facts you need to choose the right technology to send your message.”

    Out of the most popular apps to be rated, Apple’s iMessage and FaceTime had the best security score (five out of seven).

    Services like AIM, Blackberry Messenger, Secret, and Yahoo Messenger were only able to garner one check mark – for messages being encrypted in transit.

    Popular apps like WhatsApp, Snapchat, Skype, and Facebook Messenger only grabbed two checks.

    “We’re focused on improving the tools that everyday users need to communicate with friends, family members, and colleagues,” said EFF Staff Attorney Nate Cardozo. “We hope the Secure Messaging Scorecard will start a race-to-the-top, spurring innovation in stronger and more usable cryptography.”

    Eckersley told Ars Technica that even a perfect score on the EFF’s security scorecard did mean the apps are 100 percent recommended.

    “Getting a perfect score here is more the first step than final victory. We still need usability studies, metadata protection, independently commissioned audits, and other measures of security before we try to get the whole network to switch to one of these options,” he said.

    He went on to say that “good cryptographic design should not cause significant inconvenience.”

    Check out the full report here.

    Image via EFF, Secure Messaging Scorecard

  • Twitter Acquires Mitro Labs, As EFF Helps Turn Mitro Into Open Source Project

    Twitter is apparently on something of an acquisition spree. This week, we already learned that Twitter acquired Madbits, which specializes in deep/machine learning. Earlier this week, it announced the acquisition of CardSpring.

    On its earnings call this week, Twitter also announced that it closed the previously announced acquisition of Tap Commerce. Now, it has acquired Mitro Labs, apparently for its talent (via TechCrunch).

    The Mitro team will join Twitter in New York, and work on “a variety of geo-related projects,” while Mitro, its multiple user password product, will live on as an open source project with code on Github. The Electronic Frontier Foundation has been helping them in turning it into “a sustainable, community-run project”.

    According to Mitro Labs, it will continue to operate as is for the foreseeable future. They had this to say in a blog post:

    We want to thank our users, institutional investors (especially Stan Reiss at Matrix and Rich Miner at Google Ventures), and angel investors for helping us build a product that is both secure and usable. We’d also like to thank Twitter for their support as we make this transition.

    The EFF discusses its role in the project here.

    Image via Mitro Labs

  • Post Snowden, Tech Companies Are Much More Transparent and Protective of User Privacy

    In May of 2013, the Electronic Frontier Foundation published their third-ever “Who Has Your Back” report, which looks at major tech companies and how they stack up when it comes to protecting user data and privacy. In the six criteria the EFF uses to judge each company, only two received perfect six-star ratings. Many top companies, like Apple and Yahoo, only received one measly star out of six. It was clear that many of the companies people trust with their most personal information were dropping the ball when it came to protecting it from prying eyes, as well as letting users know when the government came a-pryin’.

    Then something big happened. About a month after that report hit the internet, a journalist named Glenn Greenwald published documents given to him by one Edward Snowden, a former contractor for the NSA. The documents detailed a massive surveillance initiative that saw the U.S. government collecting troves of data on American citizens (and some abroad), and even suggested that some of the same tech companies in the EFF’s report had been a party to the spying.

    These revelations, along with the many that came after, caused quite the stir and ignited a heated debate over privacy, data security, government overreach, and national safety interests. People became more aware of the potential for companies to play fast and loose with their personal data, and companies were forced to shift policies in order to regain users’ trust.

    Or at least that’s the picture that the EFF’s new Who Has Your Back report is painting.

    In the 2014 report, nine companies received perfect six-star ratings when it comes to protecting user privacy: Apple, Credo Mobile, Dropbox, Facebook, Google, Microsoft, Sonic.net, Twitter, and Yahoo. Last year, both Apple and Yahoo only received one star, Facebook had received three, and Google had five. The only two companies that had perfect ratings in 2013 both kept their perfect scores this year: Sonic.net and Twitter.

    So, what are the stars for? The EFF’s criteria consists of six things: Does the company require a warrant for content; Does the company tell users about government data requests; Does the company publish a transparency report? Does the company publish law enforcement guidelines; Does the company fight for users’ rights in the courts; and Does the company fight for users’ privacy rights in Congress.

    For the more visually inclined, here’s a comparison of 2013 and 2014’s star charts. It’s clear to see that there is significantly more gold in 2014.

    2013

    2014

    For the first time in the history of the report, all companies are at least doing one thing to protect user privacy. The big blemishes on 2014’s list are major telecoms AT&T and Comcast (no surprises there), Amazon.com, and newcomer Snapchat–who the EFF urges to step it up.

    “Snapchat stands out in this report: added for the first time this year, it earns recognition in only one category, publishing law enforcement guidelines. This is particularly troubling because Snapchat collects extremely sensitive user data, including potentially compromising photographs of users. Given the large number of users and nonusers whose photos end up on Snapchat, Snapchat should publicly commit to requiring a warrant before turning over the content of its users’ communications to law enforcement. We urge them to change course,” they say.

    To answer the question of why the big change (for most major companies at least), the EFF gives credit to the Edward Snowden leaks, which they say prompted “significant policy reform” from major tech companies.

    “These changes in policy were likely a reaction to the releases of the last year, which repeatedly pointed to a close relationship between tech companies and the National Security Agency. Tech companies have had to work to regain the trust of users concerned that the US government was accessing data they stored in the cloud. This seems to be one of the legacies of the Snowden disclosures: the new transparency around mass surveillance has prompted significant policy reforms by major tech companies.”

    And it’s really been transparency that’s had the most focus in the post-Snowden era. Many companies saw the publishing of a data request transparency report as a way to say “look, we’re not trying to hide anything from you.” As the EFF notes, even major ISPs like AT&T, Comcast, and Verizon now publish transparency reports.

    You can check out the EFF’s incredibly detailed report of each company featured on the list here.

    Images via EFF

  • Here’s Everything You Need To Know About The NSA

    Even before the Snowden leaks of last year, the EFF had their suspicions in regards to what the NSA was up to. The group even tried to get the government to spill the beans a few times through lawsuits that never went anyway. As you can imagine, the Snowden leaks helped their cause greatly, and now they’re trying to educate the public on just how far the NSA goes.

    EFF Senior Staff Attorney Kurt Opsahl gave a talk at CCC late last year called “Through a PRISM, Darkly: Everything We Know About The NSA Spying.” The hour-long talk has just recently been uploaded to YouTube and it gives a brief overview of what the Snowden leaks have exposed in the months since the first leak regarding Verizon handing over Americans’ phone records.

    Here’s the full synopsis:

    From Stellar Wind to PRISM, Boundless Informant to EvilOlive, the NSA spying programs are shrouded in secrecy and rubber-stamped by secret opinions from a court that meets in a faraday cage. The Electronic Frontier Foundation’s Kurt Opsahl explains the known facts about how the programs operate and the laws and regulations the U.S. government asserts allows the NSA to spy on you.

    If you ever wanted to know what all the hubbub was about when it comes to the NSA, this is the video for you.

    Image via EFForg/YouTube

  • Now Celebrities Are Even Coming Out Against The NSA

    It’s sometimes hard for the celebrity to relate to the common folk. After all, they don’t have to worry about many of things that us plebeians have to deal with on a daily basis. Every once in a while, however, an issue comes along that we can all stand behind – like a right to privacy.

    The latest moral crisis to ruffle the feathers of both the common man and celebrities is the recent leaks regarding the NSA’s surveillance programs. Under Section 215 of the Patriot Act, the agency is given the power to collect Americans’ phone metadata in bulk, and not even the rich and powerful are immune.

    To that end, some famous celebrities alongside privacy advocates have created a short video for the EFF called, “Stop Watching Us.” It’s like one of those celebrity-filled “Save the children” ads, but without the guilt trip. As a bonus, John Cusack makes an appearance. Check it out:

    If the impassioned pleas of Wil Wheaton, Maggie Gyllenhaal and Oliver Stone have moved you to action, you can join the movement at Stop Watching Us. It’s a Web site set up by the EFF and Mozilla to collect signatures that will then be sent to Congress to let them know that you don’t like what the NSA is not doing.

    [Image: EFForg/YouTube]

  • Declassified NSA Documents Reveal Privacy Violations

    Following pressure from lawsuits by both the ACLU and the Electronic Frontier Foundation, the federal government has released 14 documents concerning privacy violations committed by the NSA in their collection of private data from US citizens. Both lawsuits were based on what the ACLU and EFF believe is a misinterpretation of Section 215 of the Patriot Act. According to the USA Patriot Improvement and Reauthorization Act of 2005, any data obtained under Section 215 of the Patriot Act:

    “must be `relevant’ to an authorized preliminary or full investigation to obtain foreign intelligence information not concerning a U.S. person or to protect against international terrorism or clandestine intelligence activities. The provision also requires a statement of facts to be included in the application that shows there are reasonable grounds to believe the tangible things sought are relevant, and, if such facts show reasonable grounds to believe that certain specified connections to a foreign power or an agent of a foreign power are present, the tangible things sought are presumptively relevant.”

    What the 14 documents that were declassified reveal is that the NSA has not been following this revised version of the Patriot Act, but rather gathering whatever information they want despite the fact that they have had several rendezvous with the FISA court (Foreign Intelligence Surveillance Act) regarding the legality of their collections. The FISA court is the court that issues surveillance warrants for perceived foreign threats on US soil. This court was established after the passing of the Foreign Intelligence Surveillance Act in the 1970’s, following the events of Watergate.

    The court cases filed by the ACLU and EFF concerned the actions of the NSA between the years 2006 to 2009. During this time, the NSA collected information on citizens that was not deemed legal under the warrant granted to them by the FISA court. In fact, in 2009 alone, the NSA flagged and gathered information on more than 17,000 citizens, and under 2,000 of those people were on the “flag” list given to the NSA by the FISA order, a list that was composed of people with reasonable articulable suspicion (RAS) of terroristic activity.

    The documents released by the federal government show several court hearings and proceedings that occurred between the NSA and FISA courts concerning this blatant disregard for person privacy. The best reason the NSA could come up for as to why they illegally collected information on more than 17,000 people in one year: “there was no single person who had a complete technical understanding of the BR FISA architecture.” In short, we had an entire governmental agency which specifically deals with the national security of arguably the most powerful nation on the earth, and not one of them could understand the BR FISA, which is a simple document outlining what is and what is not acceptable when gathering information concerning foreign threats within US borders…..

    So, what does all of this tell us? For one, it shows us that government officials may be even more clueless when it comes to legal standards than our friends at the ACLU and even the EFF. Secondly, it shows us that the American people can still use legal means to accomplish large and important goals (except for the fact that it took an extremely large illegal activity by Edward Snowden to even bring the subject to light, and despite the fact that the Director of National Intelligence, James Clapper, wants us to believe that this is another step toward government transparency ). Lastly, it shows us that the events of 9/11 have had much more lasting impact than any American could have imagined, and in ways that we would have never considered. While every American recognizes the events of that day as a tragic loss of American life, no American thought that we would now live in a country in which almost all of our civil liberties and freedoms have been compromised at the behest of “protection from terrorism”. So while this may be a small victory for the American people in regards of data privacy and government transparency, it still reveals how much we actually lost on 9/11, and how much the “terrorists” won.

    Image via Twitter

  • Lawsuit Against NSA Can Move Forward As Judge Smacks Down State Secret Defense

    Many of the questionable actions taken by our government in the wake of the 9/11 terrorist attacks have been defended on the grounds of state secrecy or executive privilege. It’s been pretty effective thus far in stopping challenges mounted against secret surveillance programs, but the state secret defense has just been dealt a substantial blow.

    You may recall the EFF has been involved in a pretty important class action lawsuit called Jewel v. NSA. The lawsuit was filed in 2008, but has been dismissed and reinstated more times than I would like to count. The latest update came this week when the the U.S. District Judge for Northern California ruled that the lawsuit couldn’t be dismissed under the state secrets privilege, and allowed it to progress.

    “The court rightly found that the traditional legal system can determine the legality of the mass, dragnet surveillance of innocent Americans and rejected the government’s invocation of the state secrets privilege to have the case dismissed,” said Cindy Cohn, EFF’s Legal Director. “Over the last month, we came face-to-face with new details of mass, untargeted collection of phone and Internet records, substantially confirmed by the Director of National Intelligence. Today’s decision sets the stage for finally getting a ruling that can stop the dragnet surveillance and restore Americans’ constitutional rights.”

    In short, the court found that the lawsuit as a whole couldn’t be thrown out. It did, however, say that some evidence must be kept secret. That’s a given, and I don’t think anybody could complain about that. It’s still a major win to see a court agree that citizens can challenge secret wiretapping laws.

    It will be interesting to see where Jewel goes now. The lawsuit already had a lot of evidence that pointed to the NSA engaging in mass surveillance, but now the plaintiffs have plenty more evidence thanks to the Snowden leaks. Of course, it’s not a given that the court will allow such evidence, but it will undoubtedly inform the proceedings going forward.

    [h/t: techdirt]

  • EFF: Twitter Has Your Back, Apple Not So Much When It Comes to Protecting User Data

    The Electronic Frontier Foundation, champions of the public interest in matters related to free speech and digital privacy, has just released their latest report on which companies actively help protect your data from the government. It’s called the “Who has your back” report and this is the third year that EFF has published it.

    The methodology is simple enough. The EFF looks at 18 prominent tech companies including Facebook, Twitter, Google, Yahoo, Apple, and Amazon, and judges them based on 6 different categories (up from 4 last year). It then awards stars to the companies if their actions in those categories are on the side of protecting user rights.

    This year, Twitter and ISP Sonic.net were the only two companies to receive full 6-star ratings from the EFF. Last year, they were the top two performers in the report, scoring a 3.5 and 4 star rating, respectively.

    Here are the 6 categories that the EFF looks at for their report:

    1. Does the company require a warrant for content of communications?
    2. Does the company tell users about government data requests?
    3. Does the company publish transparency reports?
    4. Does the company publish law enforcement guidelines?
    5. Does the company fight for users’ privacy rights in court?
    6. Does the company fight for users’ privacy in Congress?

    Verizon and Myspace received zero stars, while Apple, AT&T, and Yahoo received 1 star. On the flip side, Dropbox, Google, LinkedIn, and Spideroak got nearly perfect marks, coming in with 5 stars out of 6.

    Readers of this year’s annual privacy and transparency report should be heartened, as we are, by the improvements major online service providers made over the last year. While there remains room for improvement in areas such as the policies of location service providers and cellphone providers like AT&T and Verizon, certain practices – like publishing law enforcement guidelines and regular transparency reports – are becoming standard industry practice for Internet companies.

    And we are seeing a growing, powerful movement that comprises civil liberties groups as well as major online service providers to clarify outdated privacy laws so that there is no question government agents need a court-ordered warrant before accessing sensitive location data, email content, and documents stored in the cloud.

    Remember: you entrust most of these companies with almost everything in your digital life – photos, personal info, location, financial info. It’s important to know exactly where each stands in terms of protecting that info against prying eyes. The EFF warns that the absence of a star doesn’t necessarily mean that the company is thwarting user rights in that category – it simply may mean that they haven’t been given the chance to defend user rights in that arena. Here’s the EFF’s full star report:

  • EFF Joins r/Gaymers’ Fight Against Trademark Holder

    EFF Joins r/Gaymers’ Fight Against Trademark Holder

    One reddit community, with the help of the Electronic Frontier Foundation, is taking on a trademark holder who they say was wrongfully granted a trademark registration for a term that belongs in the public domain.

    Gaymer is a broad term used to describe members of the LGBT community, who also happen to be avid gamers. The terms has been around since the early 90s, according to the EFF.

    r/gaymers is a subreddit with over 21,000 subscribers. There, members of the gaymer community discuss games, host video chats, schedule multiplayer sessions – you know, gamer stuff. A lot of the content posted to r/gaymers doesn’t necessary have to do with gaming – some of it centers on the LGBT experience. They’ve been under attack from Chris Vizzini, “gaymer” trademark owner and operator of the website gaymer.org. He sent a cease and desist letter to r/gaymers back in August of 2012, requesting that reddit “cease and desist any further use of gaymer in association with reddit’s services and requested that reddit respond to the letter by assuring Registrant of reddit’s compliance with the terms of the letter.”

    Instead of complying with that request, members of r/gaymers lawyered up and now they have the EFF on their side, who have filed a petition against Vizzini’s registered trademark on the “gaymer” term.

    You can check out the full petition here.

    Vizzini has taken to reddit (about 4 months ago, around the time of the cease and desist letter) to defend his position:

    As a trademark and word mark holder, it’s my responsibility to defend the marks, otherwise I could lose them.

    I started Gaymer.org in 2003 and began to build Gaymer as a brand. Thats why I trademarked and word marked the name. At that time, there was only one other site around dedicated to gay gamers. I have spent countless hours and thousands of dollars on Gaymer.org. I have done so gladly as it’s brought happiness to many people.

    I have received many nasty emails and comments on my site, not to mention what’s been said on the reddit site.

    I cannot stress this enough. I have no problem with other gay gaming sites. I think it’s great others exist. The only problem I have is when the Gaymer name is used. That infringes on the word mark. A perfect example of this is gaygamer.net. Its a great website for gay gamers but does not use “gaymer” in its name therefore I have no problem.

    He went on to say that he didn’t want the r/gaymer subreddit removed, just renamed.

    Member or r/gaymer and the EFF don’t buy it, however.

    “This registration should never have been granted,” said EFF Intellectual Property Director Corynne McSherry. “Gaymer is a common term that refers to members of this vibrant gaming community, and we are happy to help them fight back and make sure the term goes back to the public domain where it belongs.”

    And here’s what r/gaymer mod ozuri had to say in a lengthy post:

    Personally, I rely on intellectual property law for my livelihood. I work in video games and my career benefits directly from the existence and enforcement of trademark and copyright law (though I am acting here simply as an individual and do not represent my company in any fashion). So I’m not someone who is anti-intellectual property protection. For me, digital IP protection is about not penalizing creative people in the digital space simply because they lack the ability to protect their ideas the same way they can in the physical world. I also believe that spurious claims like the one asserted by gaymer.org undermine the legitimacy of the system and give breath to a vocal group of individuals who believe that the system is inherently broken.

    Second, reddit is not a haven for trademark infringement. They will not protect you if you infringe a trademark. But this case isn’t about infringement, it’s about harassment and the enforcement of an illegitimately granted trademark. Specifically, we believe that an entity should not be allowed to co-opt a group’s identity for personal enrichment, power, or ego.

    So the actions we have taken are not because we don’t believe in intellectual property protection. They are because we believe the term “gaymer” is a word that should remain in the public domain, free for use and not “owned” by any particular individual or organization.

    It’s an interesting case, as it appears that reddit’s LGBT gaming community isn’t backing down. What do you think about the trademark? Should the term “gaymer” be able to be registered?

  • Mark Cuban, Notch Donate 500K For Patent Reform

    The Electronic Frontier Foundation (EFF), a nonprofit organization that champions the public intrest in digital rights battles, today announced that it has received two huge donations from very different entrepreneurs.

    Mark Cuban and Markus “Notch” Persson have each donated $250,000 dollars toward the EFF’s goal of reforming software patent laws. Cuban is the billionaire owner of the Dallas Mavericks and Notch is the outspoken creator of the popular video game Minecraft.

    “The current state of patents and patent litigation in this country is shameful,” said Cuban. “Silly patent lawsuits force prices to go up while competition and innovation suffer. That’s bad for consumers and bad for business. It’s time to fix our broken system, and EFF can help. So that’s why part of my donation funds a new title for EFF Staff Attorney Julie Samuels: ‘The Mark Cuban Chair to Eliminate Stupid Patents’.”

    Cuban has been outspoken in the past about his hatred of patent trolls and poor patent laws. Back in April 2012, Cuban ranted about the current state of technology patents while discussing a lawsuit between Facebook and Yahoo.

    Notch pioneered a pricing model for Minecraft based on how finished the game was at the time of purchase. He also founded Mojang, a new Swedish indie-game developer that has taken in over $80 million since the release of Minecraft.

    “Temporary fixes aren’t good enough – we need deep and meaningful reform to protect software development and keep it as free and democratic as possible,” said Notch. “New games and other technological tools come from improving on old things and making them better – an iterative process that the current patent environment could shut down entirely. This is a dangerous path we’re on, and I’m glad to help EFF move us in the right direction.”

    The EFF’s Defend Innovation project proposes seven ways in which the U.S. patent system could be reformed for the better, including shorter terms for software patents; allowing winning parties in patent litigation to recover fees and costs; and protecting inventors who independently invent an already patented idea. The organization stated that the Cuban/Notch donations will go to the hiring of a new attorney experienced in patent reform and to the organization’s continuing efforts to push for patent reform through the courts, activism campaigns, and public education.

  • EFF Needs Your Help In Stopping Dangerous 3D Printer Patents

    EFF Needs Your Help In Stopping Dangerous 3D Printer Patents

    The Electronic Frontier Foundation recently sent out a call to arms for help in identifying patents that could threaten continued innovation in the field. Through this, the group found a number of patents that could very well lead to stifled innovation. Now the group is enacting part two of its plan and they need your help.

    The EFF announced today that it has uncovered four patents that “seem overly broad and dangerous to the open source community.” They fear that the applicants could use these patents to create a monopoly on technology that “was known or was obvious before the patent was filed.”

    To achieve their goals, the EFF is calling upon volunteers to look for documents published before the filing of the patents. These documents must prove prior art so that the patents in question will not be granted on the grounds that the techniques described in them already existed.

    The EFF has already done much of the grunt work. Each of the four patents have links to some prior art that the group has already found. There’s always a need for more, however, as more evidence of prior art will help convince the patent office that the patents in question are illegitimate.

    Here’s the four patents that the EFF is currently targeting with the links to each patent’s prior art documents:

    Target 1: U.S. PATENT APP. NO. 12/976,111
    PRINT HEAD ASSEMBLY FOR USE IN FUSED DEPOSITION MODELING SYSTEM

    This application relates to inkjet-style removable print head cartridges used in Fused Deposition Modeling (FDM) printing.

    Target 2: U.S. PATENT APP. NO. 12/976,204
    PRINT HEAD FOR USE IN FUSED DEPOSITION MODELING SYSTEM

    This application relates to a print head cartridge with a liquefier pump assembly for use in FDM printing.

    Target 3: U.S. PATENT APP. NO. 12/687,996
    METHOD FOR GENERATING AND BUILDING SUPPORT STRUCTURES WITH DEPOSITION-BASED DIGITAL MANUFACTURING SYSTEMS

    This application relates to a method of building up support structures layer-by-layer for 3D-printed objects.

    Target 4: U.S. PATENT APP. NO. 13/043,876
    BUILD MATERIALS AND APPLICATIONS THEREOF

    This blandly-titled application relates to 3D printing with a material that can be cured (particularly with UV light), and also claims every object that is printed with such a method.

    If you happen to find any more cases of prior art for the above patents, you can send them over to the EFF at 3dprinting@eff.org.

    It’s not guaranteed that these patents will be granted. Even if they are, the applicants may not use them to restrict 3D printing in any noticeable way. With that being said, we’re already seeing companies who own 3D printing patents suing startups that are creating cheaper 3D printers. The complaints may be legitimate, but some feel that established 3D printers are trying to squash competition before it becomes too big of a threat to their business.

  • Humble Bundle For Android 4 Brings Sword & Sworcery To Android

    A common criticism of Android is that it doesn’t get all of the games that Apple’s iOS gets. This is true, but it’s quickly becoming a moot point. More and more developers are jumping on board the Android train, and six games hit Android for the first time today with the fourth Humble Bundle for Android.

    Android players, and PC gamers, can pay as much, or as little, as they want for five excellent games. Those games are Splice, Eufloria, Waking Mars, Crayon Physics Deluxe and Superbrothers: Sword & Sworcery EP. Those who beat the average of $5.89 will also get the charming Machinarium. All the game sare playable on Android, Windows, Mac and Linux.

    Many of these games are already available on the PC, Mac, Linux and iOS, but it’s the first time any of these games have been available on Android. Superbrothers: Sword & Sworcery is an especially welcome addition as iOS players have been gushing about the game for over a year now. Android players will finally get to experience one of the finest games, and soundtracks, of the touch generation.

    In the past, the Humble Bundle has brought in hundreds of thousands of dollars for developer and groups like EFF and Child’s Play Charity. Even if you already own some of the games on offer, it’s always good to send some money to the groups working to make the world a better place.

    Even better, you could gift the games to a friend who doesn’t own any of them. It’s a cheap early Christmas gift that offers many hours of entertainment.