Difference between revisions of "Electronic Frontier Foundation: Annual update"

From DevSummit
Jump to navigation Jump to search
(Created page with " =The EFF= Electronic Frontier Foundation- what’s the news? - Has four branches: law, activism, technologies, international - Is widely interested in privacy, free speech...")
 
Line 11: Line 11:
  
 
- really small legislative team, but this year the EFF has been doing a lot of legislation
 
- really small legislative team, but this year the EFF has been doing a lot of legislation
 +
 
- [702](https://www.eff.org/702-spying)
 
- [702](https://www.eff.org/702-spying)
 +
 
- [SESTA - stop enabling sex traffickers act](https://stopsesta.org/)
 
- [SESTA - stop enabling sex traffickers act](https://stopsesta.org/)
 +
 
- [Computer Front and Abuse Act](https://www.eff.org/issues/cfaa)
 
- [Computer Front and Abuse Act](https://www.eff.org/issues/cfaa)
 +
 
- 1986 federal hacking statue
 
- 1986 federal hacking statue
 +
 
- super vague
 
- super vague
 +
 
- based on the hit movie War Games with Matthew Broderick
 
- based on the hit movie War Games with Matthew Broderick
 +
 
- “it is a violation of federal law to access a computer without permission”  
 
- “it is a violation of federal law to access a computer without permission”  
 +
 
- In practice, this covers TOS violations if the violated company sends an email revoking permission to access the site
 
- In practice, this covers TOS violations if the violated company sends an email revoking permission to access the site
 +
 
- used to protect trade secrets
 
- used to protect trade secrets
 +
 
- supposed to be “anti-hacking”, but what does that even mean?
 
- supposed to be “anti-hacking”, but what does that even mean?
 +
 
- autonomous vehicle legislation
 
- autonomous vehicle legislation
 +
 
- honest ads act
 
- honest ads act
 +
 
- filed comments with the FEC about the importance of protecting anonymous online speech
 
- filed comments with the FEC about the importance of protecting anonymous online speech
 +
 
- lack of transparency around advertising practices will be more useful than removing anonymity
 
- lack of transparency around advertising practices will be more useful than removing anonymity
 +
 
- [linkedIn vs HiQ](https://www.eff.org/deeplinks/2017/08/judge-cracks-down-linkedins-shameful-abuse-computer-break-law)
 
- [linkedIn vs HiQ](https://www.eff.org/deeplinks/2017/08/judge-cracks-down-linkedins-shameful-abuse-computer-break-law)
 +
 
- cease & desist about bots on sites
 
- cease & desist about bots on sites
 +
 
- intermediary liability: when should a web platform be held liable for the acts of its users?
 
- intermediary liability: when should a web platform be held liable for the acts of its users?
 +
 
- the fight over the CDA gave rise to [CDA230](https://www.eff.org/issues/cda230), which describes when a platform can be held liable, and establishes that the platforms can’t be prosecuted under state criminal or civil law
 
- the fight over the CDA gave rise to [CDA230](https://www.eff.org/issues/cda230), which describes when a platform can be held liable, and establishes that the platforms can’t be prosecuted under state criminal or civil law
 +
 
- [SESTA](https://stopsesta.org/) would remove these protections for platforms that host sex trafficking, which would require all platforms to protect themselves by censoring sex
 
- [SESTA](https://stopsesta.org/) would remove these protections for platforms that host sex trafficking, which would require all platforms to protect themselves by censoring sex
 +
 
- especially because states define sex trafficking so differently
 
- especially because states define sex trafficking so differently
 +
 
- SESTA puts a lot of faith in automated filters, which are not silver bullets for this purpose, and [disproportionally affect marginalized communities](https://www.eff.org/deeplinks/2017/09/stop-sesta-whose-voices-will-sesta-silence)
 
- SESTA puts a lot of faith in automated filters, which are not silver bullets for this purpose, and [disproportionally affect marginalized communities](https://www.eff.org/deeplinks/2017/09/stop-sesta-whose-voices-will-sesta-silence)
 +
 
- [sec 1201 of the DMCA](https://www.eff.org/issues/dmca)
 
- [sec 1201 of the DMCA](https://www.eff.org/issues/dmca)
 +
 
- DMCA legistlated copyright on the internet
 
- DMCA legistlated copyright on the internet
 +
 
- 1201 makes breaking DRM illegal
 
- 1201 makes breaking DRM illegal
 +
 
- currently, there’s a 3 year process for requesting permission to break DRM
 
- currently, there’s a 3 year process for requesting permission to break DRM
 +
 
- [which is stupid and unconstitutional, and the EFF is suing the copyright office about this](https://www.eff.org/press/releases/eff-lawsuit-takes-dmca-section-1201-research-and-technology-restrictions-violate)
 
- [which is stupid and unconstitutional, and the EFF is suing the copyright office about this](https://www.eff.org/press/releases/eff-lawsuit-takes-dmca-section-1201-research-and-technology-restrictions-violate)
 +
 
- hardware modding is good for hobbyists as well as security; outside testing and scrutiny can find problems before the problems hurt people
 
- hardware modding is good for hobbyists as well as security; outside testing and scrutiny can find problems before the problems hurt people
 +
 
- [US vs. Carpenter](https://www.eff.org/document/united-states-v-carpenter-sixth-circuit-court-appeals-csli): Does the 4th amendment apply to data held by third parties?
 
- [US vs. Carpenter](https://www.eff.org/document/united-states-v-carpenter-sixth-circuit-court-appeals-csli): Does the 4th amendment apply to data held by third parties?
  
Line 43: Line 71:
  
 
- grassroots organizing, fighting laws through citizen action
 
- grassroots organizing, fighting laws through citizen action
 +
 
- Intellectual property issues - patents, copyrights, trademarks
 
- Intellectual property issues - patents, copyrights, trademarks
 +
 
- [EFA - Electronic Frontier Alliance](https://www.eff.org/electronic-frontier-alliance)
 
- [EFA - Electronic Frontier Alliance](https://www.eff.org/electronic-frontier-alliance)
 +
 
- local chapters addressing the needs of their communities
 
- local chapters addressing the needs of their communities
 +
 
- chapters started out being called things like “EFF Austin”, but now are encouraged to find their own identites
 
- chapters started out being called things like “EFF Austin”, but now are encouraged to find their own identites
 +
 
- public surveillance
 
- public surveillance
- [community control over police surveillance](https://www.aclu.org/issues/privacy-technology/surveillance-technologies/community-control-over-police-surveillance) - before buying equipment, police offices must present to a board about the impact, intent, and policies of the equipment.  similar to New York’s POST act, except the POST act prevents the city council from saying no
+
 
 +
- [community control over police surveillance](https://www.aclu.org/issues/privacy-technology/surveillance-technologies/community-control-over-police-surveillance) - before buying equipment, police offices must present to a board about the
 +
impact, intent, and policies of the equipment.  similar to New York’s POST act, except the POST act prevents the city council from saying no
 +
 
 
- protecting library check-out records
 
- protecting library check-out records
 +
 
- benefits to chapters:
 
- benefits to chapters:
 +
 
- signal boosts across EFA
 
- signal boosts across EFA
 +
 
- training
 
- training
 +
 
- sharing knowledge and resources with other chapters and with the EFF
 
- sharing knowledge and resources with other chapters and with the EFF
  
Line 58: Line 98:
  
 
- the EFF was the first non-profit to hire technologists
 
- the EFF was the first non-profit to hire technologists
 +
 
- focused on privacy and encryption
 
- focused on privacy and encryption
 +
 
- [https everywhere!](https://www.eff.org/https-everywhere) - oportunistic encryption add-on  
 
- [https everywhere!](https://www.eff.org/https-everywhere) - oportunistic encryption add-on  
 +
 
- [let’s encrypt](https://letsencrypt.org/) - removes gatekeeping on ssl certificates
 
- [let’s encrypt](https://letsencrypt.org/) - removes gatekeeping on ssl certificates
 +
 
- [certbot](https://certbot.eff.org/) - bring https to people and orgs who can’t afford it
 
- [certbot](https://certbot.eff.org/) - bring https to people and orgs who can’t afford it
 +
 
- CAs invented Extended Validation so they could keep charging money
 
- CAs invented Extended Validation so they could keep charging money
 +
 
- browser extensions to anonymize traffic
 
- browser extensions to anonymize traffic
 +
 
- [privacy badger](https://www.eff.org/privacybadger)
 
- [privacy badger](https://www.eff.org/privacybadger)
 +
 
- adds and site add-ons can track you across the web in order to record and predict your behavior
 
- adds and site add-ons can track you across the web in order to record and predict your behavior
 +
 
- privacy badger takesn an algorithmic, heuristic approach to blocking
 
- privacy badger takesn an algorithmic, heuristic approach to blocking
 +
 
- identifies potential trackers, verifies that they are tracking, and then blocks them
 
- identifies potential trackers, verifies that they are tracking, and then blocks them
 +
 
- targeted advertising is bad for you
 
- targeted advertising is bad for you
  
Line 77: Line 128:
  
 
* [stingray](https://www.eff.org/pages/cell-site-simulatorsimsi-catchers)
 
* [stingray](https://www.eff.org/pages/cell-site-simulatorsimsi-catchers)
 +
 
- a cell site simulator, which tricks your phone into thinking that it’s talking to a phone tower, so that your phone sends all the SMS, voice, data identifying info to the catcher
 
- a cell site simulator, which tricks your phone into thinking that it’s talking to a phone tower, so that your phone sends all the SMS, voice, data identifying info to the catcher
 +
 
- requires a warrant, but the warrant request can be for something very different from what they’re actually doing, like “wiretap”
 
- requires a warrant, but the warrant request can be for something very different from what they’re actually doing, like “wiretap”
 +
 
- reports every ping to a cell tower
 
- reports every ping to a cell tower
 +
 
- including pings sent from inside the home, which is protected by the 4th amendment
 
- including pings sent from inside the home, which is protected by the 4th amendment
 +
 
- can triangulate cell location by gauging signal strength
 
- can triangulate cell location by gauging signal strength
 +
 
- can also modify text messages x_x
 
- can also modify text messages x_x

Revision as of 00:43, 29 November 2017


The EFF

Electronic Frontier Foundation- what’s the news?

- Has four branches: law, activism, technologies, international - Is widely interested in privacy, free speech

Law

- really small legislative team, but this year the EFF has been doing a lot of legislation

- [702](https://www.eff.org/702-spying)

- [SESTA - stop enabling sex traffickers act](https://stopsesta.org/)

- [Computer Front and Abuse Act](https://www.eff.org/issues/cfaa)

- 1986 federal hacking statue

- super vague

- based on the hit movie War Games with Matthew Broderick

- “it is a violation of federal law to access a computer without permission”

- In practice, this covers TOS violations if the violated company sends an email revoking permission to access the site

- used to protect trade secrets

- supposed to be “anti-hacking”, but what does that even mean?

- autonomous vehicle legislation

- honest ads act

- filed comments with the FEC about the importance of protecting anonymous online speech

- lack of transparency around advertising practices will be more useful than removing anonymity

- [linkedIn vs HiQ](https://www.eff.org/deeplinks/2017/08/judge-cracks-down-linkedins-shameful-abuse-computer-break-law)

- cease & desist about bots on sites

- intermediary liability: when should a web platform be held liable for the acts of its users?

- the fight over the CDA gave rise to [CDA230](https://www.eff.org/issues/cda230), which describes when a platform can be held liable, and establishes that the platforms can’t be prosecuted under state criminal or civil law

- [SESTA](https://stopsesta.org/) would remove these protections for platforms that host sex trafficking, which would require all platforms to protect themselves by censoring sex

- especially because states define sex trafficking so differently

- SESTA puts a lot of faith in automated filters, which are not silver bullets for this purpose, and [disproportionally affect marginalized communities](https://www.eff.org/deeplinks/2017/09/stop-sesta-whose-voices-will-sesta-silence)

- [sec 1201 of the DMCA](https://www.eff.org/issues/dmca)

- DMCA legistlated copyright on the internet

- 1201 makes breaking DRM illegal

- currently, there’s a 3 year process for requesting permission to break DRM

- [which is stupid and unconstitutional, and the EFF is suing the copyright office about this](https://www.eff.org/press/releases/eff-lawsuit-takes-dmca-section-1201-research-and-technology-restrictions-violate)

- hardware modding is good for hobbyists as well as security; outside testing and scrutiny can find problems before the problems hurt people

- [US vs. Carpenter](https://www.eff.org/document/united-states-v-carpenter-sixth-circuit-court-appeals-csli): Does the 4th amendment apply to data held by third parties?

activism

- grassroots organizing, fighting laws through citizen action

- Intellectual property issues - patents, copyrights, trademarks

- [EFA - Electronic Frontier Alliance](https://www.eff.org/electronic-frontier-alliance)

- local chapters addressing the needs of their communities

- chapters started out being called things like “EFF Austin”, but now are encouraged to find their own identites

- public surveillance

- [community control over police surveillance](https://www.aclu.org/issues/privacy-technology/surveillance-technologies/community-control-over-police-surveillance) - before buying equipment, police offices must present to a board about the impact, intent, and policies of the equipment. similar to New York’s POST act, except the POST act prevents the city council from saying no

- protecting library check-out records

- benefits to chapters:

- signal boosts across EFA

- training

- sharing knowledge and resources with other chapters and with the EFF

technology

- the EFF was the first non-profit to hire technologists

- focused on privacy and encryption

- [https everywhere!](https://www.eff.org/https-everywhere) - oportunistic encryption add-on

- [let’s encrypt](https://letsencrypt.org/) - removes gatekeeping on ssl certificates

- [certbot](https://certbot.eff.org/) - bring https to people and orgs who can’t afford it

- CAs invented Extended Validation so they could keep charging money

- browser extensions to anonymize traffic

- [privacy badger](https://www.eff.org/privacybadger)

- adds and site add-ons can track you across the web in order to record and predict your behavior

- privacy badger takesn an algorithmic, heuristic approach to blocking

- identifies potential trackers, verifies that they are tracking, and then blocks them

- targeted advertising is bad for you

international team

- [supporting imprisoned bloggers & technologists, helping free them](https://www.eff.org/offline)

Scary current things

- a cell site simulator, which tricks your phone into thinking that it’s talking to a phone tower, so that your phone sends all the SMS, voice, data identifying info to the catcher

- requires a warrant, but the warrant request can be for something very different from what they’re actually doing, like “wiretap”

- reports every ping to a cell tower

- including pings sent from inside the home, which is protected by the 4th amendment

- can triangulate cell location by gauging signal strength

- can also modify text messages x_x