Electronic Frontier Foundation: Annual update

From DevSummit
Jump to navigation Jump to search


Electronic Frontier Foundation- what’s the news?

- Has four branches: law, activism, technologies, international - Is widely interested in privacy, free speech


- really small legislative team, but this year the EFF has been doing a lot of legislation

- [702](https://www.eff.org/702-spying)

- [SESTA - stop enabling sex traffickers act](https://stopsesta.org/)

- [Computer Front and Abuse Act](https://www.eff.org/issues/cfaa)

- 1986 federal hacking statue

- super vague

- based on the hit movie War Games with Matthew Broderick

- “it is a violation of federal law to access a computer without permission”

- In practice, this covers TOS violations if the violated company sends an email revoking permission to access the site

- used to protect trade secrets

- supposed to be “anti-hacking”, but what does that even mean?

- autonomous vehicle legislation

- honest ads act

- filed comments with the FEC about the importance of protecting anonymous online speech

- lack of transparency around advertising practices will be more useful than removing anonymity

- [linkedIn vs HiQ](https://www.eff.org/deeplinks/2017/08/judge-cracks-down-linkedins-shameful-abuse-computer-break-law)

- cease & desist about bots on sites

- intermediary liability: when should a web platform be held liable for the acts of its users?

- the fight over the CDA gave rise to [CDA230](https://www.eff.org/issues/cda230), which describes when a platform can be held liable, and establishes that the platforms can’t be prosecuted under state criminal or civil law

- [SESTA](https://stopsesta.org/) would remove these protections for platforms that host sex trafficking, which would require all platforms to protect themselves by censoring sex

- especially because states define sex trafficking so differently

- SESTA puts a lot of faith in automated filters, which are not silver bullets for this purpose, and [disproportionally affect marginalized communities](https://www.eff.org/deeplinks/2017/09/stop-sesta-whose-voices-will-sesta-silence)

- [sec 1201 of the DMCA](https://www.eff.org/issues/dmca)

- DMCA legistlated copyright on the internet

- 1201 makes breaking DRM illegal

- currently, there’s a 3 year process for requesting permission to break DRM

- [which is stupid and unconstitutional, and the EFF is suing the copyright office about this](https://www.eff.org/press/releases/eff-lawsuit-takes-dmca-section-1201-research-and-technology-restrictions-violate)

- hardware modding is good for hobbyists as well as security; outside testing and scrutiny can find problems before the problems hurt people

- [US vs. Carpenter](https://www.eff.org/document/united-states-v-carpenter-sixth-circuit-court-appeals-csli): Does the 4th amendment apply to data held by third parties?


- grassroots organizing, fighting laws through citizen action

- Intellectual property issues - patents, copyrights, trademarks

- [EFA - Electronic Frontier Alliance](https://www.eff.org/electronic-frontier-alliance)

- local chapters addressing the needs of their communities

- chapters started out being called things like “EFF Austin”, but now are encouraged to find their own identites

- public surveillance

- [community control over police surveillance](https://www.aclu.org/issues/privacy-technology/surveillance-technologies/community-control-over-police-surveillance) - before buying equipment, police offices must present to a board about the impact, intent, and policies of the equipment. similar to New York’s POST act, except the POST act prevents the city council from saying no

- protecting library check-out records

- benefits to chapters:

- signal boosts across EFA

- training

- sharing knowledge and resources with other chapters and with the EFF


- the EFF was the first non-profit to hire technologists

- focused on privacy and encryption

- [https everywhere!](https://www.eff.org/https-everywhere) - oportunistic encryption add-on

- [let’s encrypt](https://letsencrypt.org/) - removes gatekeeping on ssl certificates

- [certbot](https://certbot.eff.org/) - bring https to people and orgs who can’t afford it

- CAs invented Extended Validation so they could keep charging money

- browser extensions to anonymize traffic

- [privacy badger](https://www.eff.org/privacybadger)

- adds and site add-ons can track you across the web in order to record and predict your behavior

- privacy badger takesn an algorithmic, heuristic approach to blocking

- identifies potential trackers, verifies that they are tracking, and then blocks them

- targeted advertising is bad for you

International team

- [supporting imprisoned bloggers & technologists, helping free them](https://www.eff.org/offline)

Scary current things

- a cell site simulator, which tricks your phone into thinking that it’s talking to a phone tower, so that your phone sends all the SMS, voice, data identifying info to the catcher

- requires a warrant, but the warrant request can be for something very different from what they’re actually doing, like “wiretap”

- reports every ping to a cell tower

- including pings sent from inside the home, which is protected by the 4th amendment

- can triangulate cell location by gauging signal strength

- can also modify text messages x_x