Difference between revisions of "Electronic Frontier Foundation: Annual update"
(Created page with " =The EFF= Electronic Frontier Foundation- what’s the news? - Has four branches: law, activism, technologies, international - Is widely interested in privacy, free speech...") |
|||
Line 11: | Line 11: | ||
- really small legislative team, but this year the EFF has been doing a lot of legislation | - really small legislative team, but this year the EFF has been doing a lot of legislation | ||
+ | |||
- [702](https://www.eff.org/702-spying) | - [702](https://www.eff.org/702-spying) | ||
+ | |||
- [SESTA - stop enabling sex traffickers act](https://stopsesta.org/) | - [SESTA - stop enabling sex traffickers act](https://stopsesta.org/) | ||
+ | |||
- [Computer Front and Abuse Act](https://www.eff.org/issues/cfaa) | - [Computer Front and Abuse Act](https://www.eff.org/issues/cfaa) | ||
+ | |||
- 1986 federal hacking statue | - 1986 federal hacking statue | ||
+ | |||
- super vague | - super vague | ||
+ | |||
- based on the hit movie War Games with Matthew Broderick | - based on the hit movie War Games with Matthew Broderick | ||
+ | |||
- “it is a violation of federal law to access a computer without permission” | - “it is a violation of federal law to access a computer without permission” | ||
+ | |||
- In practice, this covers TOS violations if the violated company sends an email revoking permission to access the site | - In practice, this covers TOS violations if the violated company sends an email revoking permission to access the site | ||
+ | |||
- used to protect trade secrets | - used to protect trade secrets | ||
+ | |||
- supposed to be “anti-hacking”, but what does that even mean? | - supposed to be “anti-hacking”, but what does that even mean? | ||
+ | |||
- autonomous vehicle legislation | - autonomous vehicle legislation | ||
+ | |||
- honest ads act | - honest ads act | ||
+ | |||
- filed comments with the FEC about the importance of protecting anonymous online speech | - filed comments with the FEC about the importance of protecting anonymous online speech | ||
+ | |||
- lack of transparency around advertising practices will be more useful than removing anonymity | - lack of transparency around advertising practices will be more useful than removing anonymity | ||
+ | |||
- [linkedIn vs HiQ](https://www.eff.org/deeplinks/2017/08/judge-cracks-down-linkedins-shameful-abuse-computer-break-law) | - [linkedIn vs HiQ](https://www.eff.org/deeplinks/2017/08/judge-cracks-down-linkedins-shameful-abuse-computer-break-law) | ||
+ | |||
- cease & desist about bots on sites | - cease & desist about bots on sites | ||
+ | |||
- intermediary liability: when should a web platform be held liable for the acts of its users? | - intermediary liability: when should a web platform be held liable for the acts of its users? | ||
+ | |||
- the fight over the CDA gave rise to [CDA230](https://www.eff.org/issues/cda230), which describes when a platform can be held liable, and establishes that the platforms can’t be prosecuted under state criminal or civil law | - the fight over the CDA gave rise to [CDA230](https://www.eff.org/issues/cda230), which describes when a platform can be held liable, and establishes that the platforms can’t be prosecuted under state criminal or civil law | ||
+ | |||
- [SESTA](https://stopsesta.org/) would remove these protections for platforms that host sex trafficking, which would require all platforms to protect themselves by censoring sex | - [SESTA](https://stopsesta.org/) would remove these protections for platforms that host sex trafficking, which would require all platforms to protect themselves by censoring sex | ||
+ | |||
- especially because states define sex trafficking so differently | - especially because states define sex trafficking so differently | ||
+ | |||
- SESTA puts a lot of faith in automated filters, which are not silver bullets for this purpose, and [disproportionally affect marginalized communities](https://www.eff.org/deeplinks/2017/09/stop-sesta-whose-voices-will-sesta-silence) | - SESTA puts a lot of faith in automated filters, which are not silver bullets for this purpose, and [disproportionally affect marginalized communities](https://www.eff.org/deeplinks/2017/09/stop-sesta-whose-voices-will-sesta-silence) | ||
+ | |||
- [sec 1201 of the DMCA](https://www.eff.org/issues/dmca) | - [sec 1201 of the DMCA](https://www.eff.org/issues/dmca) | ||
+ | |||
- DMCA legistlated copyright on the internet | - DMCA legistlated copyright on the internet | ||
+ | |||
- 1201 makes breaking DRM illegal | - 1201 makes breaking DRM illegal | ||
+ | |||
- currently, there’s a 3 year process for requesting permission to break DRM | - currently, there’s a 3 year process for requesting permission to break DRM | ||
+ | |||
- [which is stupid and unconstitutional, and the EFF is suing the copyright office about this](https://www.eff.org/press/releases/eff-lawsuit-takes-dmca-section-1201-research-and-technology-restrictions-violate) | - [which is stupid and unconstitutional, and the EFF is suing the copyright office about this](https://www.eff.org/press/releases/eff-lawsuit-takes-dmca-section-1201-research-and-technology-restrictions-violate) | ||
+ | |||
- hardware modding is good for hobbyists as well as security; outside testing and scrutiny can find problems before the problems hurt people | - hardware modding is good for hobbyists as well as security; outside testing and scrutiny can find problems before the problems hurt people | ||
+ | |||
- [US vs. Carpenter](https://www.eff.org/document/united-states-v-carpenter-sixth-circuit-court-appeals-csli): Does the 4th amendment apply to data held by third parties? | - [US vs. Carpenter](https://www.eff.org/document/united-states-v-carpenter-sixth-circuit-court-appeals-csli): Does the 4th amendment apply to data held by third parties? | ||
Line 43: | Line 71: | ||
- grassroots organizing, fighting laws through citizen action | - grassroots organizing, fighting laws through citizen action | ||
+ | |||
- Intellectual property issues - patents, copyrights, trademarks | - Intellectual property issues - patents, copyrights, trademarks | ||
+ | |||
- [EFA - Electronic Frontier Alliance](https://www.eff.org/electronic-frontier-alliance) | - [EFA - Electronic Frontier Alliance](https://www.eff.org/electronic-frontier-alliance) | ||
+ | |||
- local chapters addressing the needs of their communities | - local chapters addressing the needs of their communities | ||
+ | |||
- chapters started out being called things like “EFF Austin”, but now are encouraged to find their own identites | - chapters started out being called things like “EFF Austin”, but now are encouraged to find their own identites | ||
+ | |||
- public surveillance | - public surveillance | ||
− | - [community control over police surveillance](https://www.aclu.org/issues/privacy-technology/surveillance-technologies/community-control-over-police-surveillance) - before buying equipment, police offices must present to a board about the impact, intent, and policies of the equipment. similar to New York’s POST act, except the POST act prevents the city council from saying no | + | |
+ | - [community control over police surveillance](https://www.aclu.org/issues/privacy-technology/surveillance-technologies/community-control-over-police-surveillance) - before buying equipment, police offices must present to a board about the | ||
+ | impact, intent, and policies of the equipment. similar to New York’s POST act, except the POST act prevents the city council from saying no | ||
+ | |||
- protecting library check-out records | - protecting library check-out records | ||
+ | |||
- benefits to chapters: | - benefits to chapters: | ||
+ | |||
- signal boosts across EFA | - signal boosts across EFA | ||
+ | |||
- training | - training | ||
+ | |||
- sharing knowledge and resources with other chapters and with the EFF | - sharing knowledge and resources with other chapters and with the EFF | ||
Line 58: | Line 98: | ||
- the EFF was the first non-profit to hire technologists | - the EFF was the first non-profit to hire technologists | ||
+ | |||
- focused on privacy and encryption | - focused on privacy and encryption | ||
+ | |||
- [https everywhere!](https://www.eff.org/https-everywhere) - oportunistic encryption add-on | - [https everywhere!](https://www.eff.org/https-everywhere) - oportunistic encryption add-on | ||
+ | |||
- [let’s encrypt](https://letsencrypt.org/) - removes gatekeeping on ssl certificates | - [let’s encrypt](https://letsencrypt.org/) - removes gatekeeping on ssl certificates | ||
+ | |||
- [certbot](https://certbot.eff.org/) - bring https to people and orgs who can’t afford it | - [certbot](https://certbot.eff.org/) - bring https to people and orgs who can’t afford it | ||
+ | |||
- CAs invented Extended Validation so they could keep charging money | - CAs invented Extended Validation so they could keep charging money | ||
+ | |||
- browser extensions to anonymize traffic | - browser extensions to anonymize traffic | ||
+ | |||
- [privacy badger](https://www.eff.org/privacybadger) | - [privacy badger](https://www.eff.org/privacybadger) | ||
+ | |||
- adds and site add-ons can track you across the web in order to record and predict your behavior | - adds and site add-ons can track you across the web in order to record and predict your behavior | ||
+ | |||
- privacy badger takesn an algorithmic, heuristic approach to blocking | - privacy badger takesn an algorithmic, heuristic approach to blocking | ||
+ | |||
- identifies potential trackers, verifies that they are tracking, and then blocks them | - identifies potential trackers, verifies that they are tracking, and then blocks them | ||
+ | |||
- targeted advertising is bad for you | - targeted advertising is bad for you | ||
Line 77: | Line 128: | ||
* [stingray](https://www.eff.org/pages/cell-site-simulatorsimsi-catchers) | * [stingray](https://www.eff.org/pages/cell-site-simulatorsimsi-catchers) | ||
+ | |||
- a cell site simulator, which tricks your phone into thinking that it’s talking to a phone tower, so that your phone sends all the SMS, voice, data identifying info to the catcher | - a cell site simulator, which tricks your phone into thinking that it’s talking to a phone tower, so that your phone sends all the SMS, voice, data identifying info to the catcher | ||
+ | |||
- requires a warrant, but the warrant request can be for something very different from what they’re actually doing, like “wiretap” | - requires a warrant, but the warrant request can be for something very different from what they’re actually doing, like “wiretap” | ||
+ | |||
- reports every ping to a cell tower | - reports every ping to a cell tower | ||
+ | |||
- including pings sent from inside the home, which is protected by the 4th amendment | - including pings sent from inside the home, which is protected by the 4th amendment | ||
+ | |||
- can triangulate cell location by gauging signal strength | - can triangulate cell location by gauging signal strength | ||
+ | |||
- can also modify text messages x_x | - can also modify text messages x_x |
Revision as of 00:43, 29 November 2017
The EFF
Electronic Frontier Foundation- what’s the news?
- Has four branches: law, activism, technologies, international - Is widely interested in privacy, free speech
Law
- really small legislative team, but this year the EFF has been doing a lot of legislation
- [702](https://www.eff.org/702-spying)
- [SESTA - stop enabling sex traffickers act](https://stopsesta.org/)
- [Computer Front and Abuse Act](https://www.eff.org/issues/cfaa)
- 1986 federal hacking statue
- super vague
- based on the hit movie War Games with Matthew Broderick
- “it is a violation of federal law to access a computer without permission”
- In practice, this covers TOS violations if the violated company sends an email revoking permission to access the site
- used to protect trade secrets
- supposed to be “anti-hacking”, but what does that even mean?
- autonomous vehicle legislation
- honest ads act
- filed comments with the FEC about the importance of protecting anonymous online speech
- lack of transparency around advertising practices will be more useful than removing anonymity
- [linkedIn vs HiQ](https://www.eff.org/deeplinks/2017/08/judge-cracks-down-linkedins-shameful-abuse-computer-break-law)
- cease & desist about bots on sites
- intermediary liability: when should a web platform be held liable for the acts of its users?
- the fight over the CDA gave rise to [CDA230](https://www.eff.org/issues/cda230), which describes when a platform can be held liable, and establishes that the platforms can’t be prosecuted under state criminal or civil law
- [SESTA](https://stopsesta.org/) would remove these protections for platforms that host sex trafficking, which would require all platforms to protect themselves by censoring sex
- especially because states define sex trafficking so differently
- SESTA puts a lot of faith in automated filters, which are not silver bullets for this purpose, and [disproportionally affect marginalized communities](https://www.eff.org/deeplinks/2017/09/stop-sesta-whose-voices-will-sesta-silence)
- [sec 1201 of the DMCA](https://www.eff.org/issues/dmca)
- DMCA legistlated copyright on the internet
- 1201 makes breaking DRM illegal
- currently, there’s a 3 year process for requesting permission to break DRM
- [which is stupid and unconstitutional, and the EFF is suing the copyright office about this](https://www.eff.org/press/releases/eff-lawsuit-takes-dmca-section-1201-research-and-technology-restrictions-violate)
- hardware modding is good for hobbyists as well as security; outside testing and scrutiny can find problems before the problems hurt people
- [US vs. Carpenter](https://www.eff.org/document/united-states-v-carpenter-sixth-circuit-court-appeals-csli): Does the 4th amendment apply to data held by third parties?
activism
- grassroots organizing, fighting laws through citizen action
- Intellectual property issues - patents, copyrights, trademarks
- [EFA - Electronic Frontier Alliance](https://www.eff.org/electronic-frontier-alliance)
- local chapters addressing the needs of their communities
- chapters started out being called things like “EFF Austin”, but now are encouraged to find their own identites
- public surveillance
- [community control over police surveillance](https://www.aclu.org/issues/privacy-technology/surveillance-technologies/community-control-over-police-surveillance) - before buying equipment, police offices must present to a board about the impact, intent, and policies of the equipment. similar to New York’s POST act, except the POST act prevents the city council from saying no
- protecting library check-out records
- benefits to chapters:
- signal boosts across EFA
- training
- sharing knowledge and resources with other chapters and with the EFF
technology
- the EFF was the first non-profit to hire technologists
- focused on privacy and encryption
- [https everywhere!](https://www.eff.org/https-everywhere) - oportunistic encryption add-on
- [let’s encrypt](https://letsencrypt.org/) - removes gatekeeping on ssl certificates
- [certbot](https://certbot.eff.org/) - bring https to people and orgs who can’t afford it
- CAs invented Extended Validation so they could keep charging money
- browser extensions to anonymize traffic
- [privacy badger](https://www.eff.org/privacybadger)
- adds and site add-ons can track you across the web in order to record and predict your behavior
- privacy badger takesn an algorithmic, heuristic approach to blocking
- identifies potential trackers, verifies that they are tracking, and then blocks them
- targeted advertising is bad for you
international team
- [supporting imprisoned bloggers & technologists, helping free them](https://www.eff.org/offline)
Scary current things
- a cell site simulator, which tricks your phone into thinking that it’s talking to a phone tower, so that your phone sends all the SMS, voice, data identifying info to the catcher
- requires a warrant, but the warrant request can be for something very different from what they’re actually doing, like “wiretap”
- reports every ping to a cell tower
- including pings sent from inside the home, which is protected by the 4th amendment
- can triangulate cell location by gauging signal strength
- can also modify text messages x_x