Slashdot Mirror

An anonymous reader quotes a senior investigative researcher at the EFF: Despite Facebook's repeated warnings that law enforcement is required to use "authentic identities" on the social media platform, cops continue to create fake and impersonator accounts to secretly spy on users. By pretending to be someone else, cops are able to sneak past the privacy walls users put up and bypass legal requirements that might require a warrant to obtain that same information...

EFF is now calling on Facebook to escalate the matter with law enforcement in the United States. Facebook should take the following actions to address the proliferation of fake/impersonator Facebook accounts operated by law enforcement, in addition to suspending the fake accounts.

- As part of its regular transparency reports, Facebook should publish data on the number of fake/impersonator law enforcement accounts identified, what agencies they belonged to, and what action was taken.

- When a fake/impersonator account is identified, Facebook should alert the users and groups that interacted with the account whether directly or indirectly.
The article also suggests updating Facebook's Terms of Service to explicitly prohibit fake/impersonator profiles by law enforcement groups, and updating Facebook pages of law enforcement groups to inform visitors when those groups have a written policy allowing fake/impersonator law enforcement accounts. "These four changes are relatively light lifts that would enhance transparency and establish real consequences for agencies that deliberately violate the rules..."

"Facebook's practice of taking down these individual accounts when they learn about them from the press (or from EFF) is insufficient to deter what we believe is a much larger iceberg beneath the surface."

The Electronic Frontier Foundation has published a new report calling for a "fiber for all" plan to combat the broadband access crisis in the United States. Government data and independent analysis show we are falling behind the rest of the developed world in this area, and "the U.S. is the only country that believes having no plan will solve this issue," writes Ernesto Falcon from the EFF. "We are the only country to completely abandon federal oversight of an uncompetitive, highly concentrated market that sells critical services to all people, yet we expect widely available, affordable, ultra-fast services. But if you live in a low-income neighborhood or in a rural market today, you know very well this is not working and the status quo is going to cement in your local broadband options to either one choice or no choice." From the report: Very small ISPs and local governments with limited budgets are at the frontline of deploying fiber to the home to fix these problems, but policymakers from the federal, state, and local level need to step up and lead. At least 19 states still have laws that prohibit local governments from deploying community broadband projects. Worst yet, both AT&T and Verizon are actively asking the FCC to make it even harder for small private ISPs to deploy fiber, so that the big incumbents can raise prices and suppress competition, a proposal EFF has urged the FCC to reject.

This is why we need to push our elected officials and regulators for a fiber-for-all-people plan to ensure everyone can obtain the next generation of broadband access. Otherwise, the next generation of applications and services won't be usable in most of the United States. They will be built instead for markets with better, faster, cheaper, and more accessible broadband. This dire outcome was the central thesis to a recently published book by Professor Susan Crawford (appropriately named Fiber) and EFF agrees with its findings. If American policymakers do not remedy the failings in the US market and actively pursue ways to drive fiber deployment with the goal of universal coverage, then a staggering number of Americans will miss out on the latest innovations that will occur on the Internet because it will be inaccessible or too expensive. As a result, we will see a worsening of the digital divide as advances in virtual reality, cloud computing, gaming, education, and things we have not invented yet are going to carry a monopoly price tag for a majority of us -- or just not be accessible here. This does not have to be so, but it requires federal, state, and local governments to get to work on policies that promote fiber infrastructure to all people. Most of the talk lately has been about 5G networks, but the less-spoken truth about these networks is that they need dense fiber networks to make them work. "One estimate on the amount of fiber investment that needs to occur is as much as $150 billion -- including fiber to the home deployments -- in the near future, and we are far below that level of commitment to fiber," the report says.

The Electronic Frontier Foundation has published a new report calling for a "fiber for all" plan to combat the broadband access crisis in the United States. Government data and independent analysis show we are falling behind the rest of the developed world in this area, and "the U.S. is the only country that believes having no plan will solve this issue," writes Ernesto Falcon from the EFF. "We are the only country to completely abandon federal oversight of an uncompetitive, highly concentrated market that sells critical services to all people, yet we expect widely available, affordable, ultra-fast services. But if you live in a low-income neighborhood or in a rural market today, you know very well this is not working and the status quo is going to cement in your local broadband options to either one choice or no choice." From the report: Very small ISPs and local governments with limited budgets are at the frontline of deploying fiber to the home to fix these problems, but policymakers from the federal, state, and local level need to step up and lead. At least 19 states still have laws that prohibit local governments from deploying community broadband projects. Worst yet, both AT&T and Verizon are actively asking the FCC to make it even harder for small private ISPs to deploy fiber, so that the big incumbents can raise prices and suppress competition, a proposal EFF has urged the FCC to reject.

This is why we need to push our elected officials and regulators for a fiber-for-all-people plan to ensure everyone can obtain the next generation of broadband access. Otherwise, the next generation of applications and services won't be usable in most of the United States. They will be built instead for markets with better, faster, cheaper, and more accessible broadband. This dire outcome was the central thesis to a recently published book by Professor Susan Crawford (appropriately named Fiber) and EFF agrees with its findings. If American policymakers do not remedy the failings in the US market and actively pursue ways to drive fiber deployment with the goal of universal coverage, then a staggering number of Americans will miss out on the latest innovations that will occur on the Internet because it will be inaccessible or too expensive. As a result, we will see a worsening of the digital divide as advances in virtual reality, cloud computing, gaming, education, and things we have not invented yet are going to carry a monopoly price tag for a majority of us -- or just not be accessible here. This does not have to be so, but it requires federal, state, and local governments to get to work on policies that promote fiber infrastructure to all people. Most of the talk lately has been about 5G networks, but the less-spoken truth about these networks is that they need dense fiber networks to make them work. "One estimate on the amount of fiber investment that needs to occur is as much as $150 billion -- including fiber to the home deployments -- in the near future, and we are far below that level of commitment to fiber," the report says.

The Electronic Frontier Foundation has published a new report calling for a "fiber for all" plan to combat the broadband access crisis in the United States. Government data and independent analysis show we are falling behind the rest of the developed world in this area, and "the U.S. is the only country that believes having no plan will solve this issue," writes Ernesto Falcon from the EFF. "We are the only country to completely abandon federal oversight of an uncompetitive, highly concentrated market that sells critical services to all people, yet we expect widely available, affordable, ultra-fast services. But if you live in a low-income neighborhood or in a rural market today, you know very well this is not working and the status quo is going to cement in your local broadband options to either one choice or no choice." From the report: Very small ISPs and local governments with limited budgets are at the frontline of deploying fiber to the home to fix these problems, but policymakers from the federal, state, and local level need to step up and lead. At least 19 states still have laws that prohibit local governments from deploying community broadband projects. Worst yet, both AT&T and Verizon are actively asking the FCC to make it even harder for small private ISPs to deploy fiber, so that the big incumbents can raise prices and suppress competition, a proposal EFF has urged the FCC to reject.

This is why we need to push our elected officials and regulators for a fiber-for-all-people plan to ensure everyone can obtain the next generation of broadband access. Otherwise, the next generation of applications and services won't be usable in most of the United States. They will be built instead for markets with better, faster, cheaper, and more accessible broadband. This dire outcome was the central thesis to a recently published book by Professor Susan Crawford (appropriately named Fiber) and EFF agrees with its findings. If American policymakers do not remedy the failings in the US market and actively pursue ways to drive fiber deployment with the goal of universal coverage, then a staggering number of Americans will miss out on the latest innovations that will occur on the Internet because it will be inaccessible or too expensive. As a result, we will see a worsening of the digital divide as advances in virtual reality, cloud computing, gaming, education, and things we have not invented yet are going to carry a monopoly price tag for a majority of us -- or just not be accessible here. This does not have to be so, but it requires federal, state, and local governments to get to work on policies that promote fiber infrastructure to all people. Most of the talk lately has been about 5G networks, but the less-spoken truth about these networks is that they need dense fiber networks to make them work. "One estimate on the amount of fiber investment that needs to occur is as much as $150 billion -- including fiber to the home deployments -- in the near future, and we are far below that level of commitment to fiber," the report says.

Long-time Slashdot reader retroworks shared this EFF article: Although relatively little news gets out of Xinjiang to the rest of the world, we've known for over a year that China has been testing facial-recognition tracking and alert systems across Xinjiang and mandating the collection of biometric data -- including DNA samples, voice samples, fingerprints, and iris scans -- from all residents between the ages of 12 and 65... Earlier this month, security researcher Victor Gevers found and disclosed an exposed database live-tracking the locations of about 2.6 million residents of Xinjiang, China, offering a window into what a digital surveillance state looks like in the 21st century...

Over a period of 24 hours, 6.7 million individual GPS coordinates were streamed to and collected by the database, linking individuals to various public camera streams and identification checkpoints associated with location tags such as "hotel," "mosque," and "police station." The GPS coordinates were all located within Xinjiang. This database is owned by the company SenseNets, a private AI company advertising facial recognition and crowd analysis technologies. A couple of days later, Gevers reported a second open database tracking the movement of millions of cars and pedestrians. Violations like jaywalking, speeding, and going through a red-light are detected, trigger the camera to take a photo, and ping a WeChat API, presumably to try and tie the event to an identity.

China may have a working surveillance program in Xinjiang, but it's a shockingly insecure security state. Anyone with an Internet connection had access to this massive honeypot of information... Even poorly-executed surveillance is massively expensive, and Beijing is no doubt telling the people of Xinjiang that these investments are being made in the name of their own security. But the truth, revealed only through security failures and careful security research, tells a different story: China's leaders seem to care little for the privacy, or the freedom, of millions of its citizens.
EFF also reports that a Chinese cybersecurity firm also recently discovered 468 exposed MongoDB servers on the internet, including databases containing detailed information about remote access consoles owned by China General Nuclear Power Group.

Meanwhile, ZDNet suggests that SenseNets may actually be "a government contractor, helping authorities track the Muslim minority, rather than a private company selling its product to another private entity. Otherwise, it would be hard to explain how SenseNets has access to ID card information and camera feeds from police stations and other government buildings."

A federal judge has blocked Washington State's 2004 cyberstalking law after ruling that a key provision violated First Amendment protections for free speech due to vague terms. "Its prohibitions against speech meant to 'harass, intimidate, torment or embarrass' weren't clearly defined, according to the judge, and effectively criminalized a 'large range' of language guarded under the Constitution," reports Engadget. "You could theoretically face legal action just by criticizing a public figure." From the report: The ruling came after a retired Air Force Major, Richard Rynearson III, sued to have the law overturned. He claimed that Kitsap County threatened to prosecute him under the cyberstalking law for criticizing an activist involved with a memorial to Japanese victims of U.S. internment camps during World War II. While Rynearson would use "invective, ridicule, and harsh language," the judge said, his language was neither threatening nor obscene.

Officials had contended that the law held up because it targeted conduct, not the speech itself. They also maintained that Rynearson hadn't shown evidence of a serious threat -- just that the prosecutor's office would see how Rynearson behaved and take action if necessary. A county court had already tossed out the activist's restraining order against Rynearson over free speech. It's not clear whether Washington will appeal the decision. If the ruling stays, though, it could force legislators to significantly narrow the scope if it wants a cyberstalking law to remain in place. This might also set a precedent that could affect legislation elsewhere in the country. The Electronic Frontier Foundation praises the judge's decision, adding: "This is all valuable speech that is protected by the First Amendment, and no state law should be allowed to undermine these rights. We are pleased that the judge has agreed."

A comprehensive multi-year study by the non-profit Epicenter.works, comparing the 30 member countries of the European Union (EU) on net neutrality enforcement, has found that zero rating business practices by wireless carriers have increased the cost of wireless data compared to countries without zero rating. From a report: This directly contradicts all of the assertions by major wireless carriers that their zero rating practices are "free data" for consumers. Based on the evidence, zero rating not only serves as a means to enhance ISPs' power over the Internet, but it's also how they charge consumers more money for wireless service. Zero rating was originally going to be banned by the FCC under the General Conduct Rule, but when the FCC changed leadership the agency promptly green lighted and encouraged the industry to engage in zero rating practices before it began its repeal of net neutrality.

The Electronic Frontier Foundation argues that police should not be allowed to force you to turn over your passcode or unlock your device. "The Fifth Amendment states that no one can be forced to be 'a witness against himself,' and we argue that the constitutional protection applies to forced decryption," writes the EFF. Last week, the non-profit digital rights group filed a brief making that case to the Indiana Supreme Court, which is set to decide if you can be forced to unlock your phone. From the report: The case began when Katelin Eunjoo Seo reported to law enforcement outside of Indianapolis that she had been the victim of a rape and allowed a detective to examine her iPhone for evidence. But the state never filed charges against Seo's alleged rapist, identified by the court as "D.S." (Courts often refer to minors using their initials.) Instead, the detective suspected that Seo was harassing D.S. with spoofed calls and texts, and she was ultimately arrested and charged with felony stalking. Along with a search warrant, the state sought a court order to force Seo to unlock her phone. Seo refused, invoking her Fifth Amendment rights. The trial court held her in contempt, but an intermediate appeals court reversed. When the Indiana Supreme Court agreed to get involved, it took the somewhat rare step of inviting amicus briefs. EFF got involved because, as we say in our brief filed along with the ACLU and the ACLU of Indiana, the issue in Seo is "no technicality; it is a fundamental protection of human dignity, agency, and integrity that the Framers enshrined in the Fifth Amendment."

Our argument to the Indiana Supreme Court is that compelling Seo to enter her memorized passcode would be inherently testimonial because it reveals the contents of her mind. Obviously, if she were forced to verbally tell a prosecutor her password, it would be a testimonial communication. By extension, the act of forced unlocking is also testimonial. First, it would require a modern form of written testimony, the entry of the passcode itself. Second, it would rely on Seo's mental knowledge of the passcode and require her to implicitly acknowledge other information such as the fact that it was under her possession and control. The lower appellate court in Seo added an intriguing third reason: "In a very real sense, the files do not exist on the phone in any meaningful way until the passcode is entered and the files sought are decrypted. . . . Because compelling Seo to unlock her phone compels her to literally recreate the information the State is seeking, we consider this recreation of digital information to be more testimonial in nature than the mere production of paper documents." Because entering a passcode is testimonial, that should be the end of it, and no one should be ordered to decrypt their device, at least absent a grant of immunity that satisfies the Fifth Amendment. The case gets complicated when you factor in a case from 1976 called Fisher v. United States, where the Supreme Court recognized an exception to the Fifth Amendment privilege for testimonial acts of production. "State and federal prosecutors have invoked it in nearly every forced decryption case to date," writes the EFF. "In Seo, the State argued that all that compelling the defendant to unlock her phone would reveal is that she knows her own passcode, which would be a foregone conclusion once it 'has proven that the phone belongs to her.'"

"As we argue in our amicus brief, this would be a dangerous rule for the Indiana Supreme Court to adopt. If all the government has to do to get you to unlock your phone is to show you know the password, it would have immense leverage to do so in any case where it encounters encryption."

The Electronic Frontier Foundation argues that police should not be allowed to force you to turn over your passcode or unlock your device. "The Fifth Amendment states that no one can be forced to be 'a witness against himself,' and we argue that the constitutional protection applies to forced decryption," writes the EFF. Last week, the non-profit digital rights group filed a brief making that case to the Indiana Supreme Court, which is set to decide if you can be forced to unlock your phone. From the report: The case began when Katelin Eunjoo Seo reported to law enforcement outside of Indianapolis that she had been the victim of a rape and allowed a detective to examine her iPhone for evidence. But the state never filed charges against Seo's alleged rapist, identified by the court as "D.S." (Courts often refer to minors using their initials.) Instead, the detective suspected that Seo was harassing D.S. with spoofed calls and texts, and she was ultimately arrested and charged with felony stalking. Along with a search warrant, the state sought a court order to force Seo to unlock her phone. Seo refused, invoking her Fifth Amendment rights. The trial court held her in contempt, but an intermediate appeals court reversed. When the Indiana Supreme Court agreed to get involved, it took the somewhat rare step of inviting amicus briefs. EFF got involved because, as we say in our brief filed along with the ACLU and the ACLU of Indiana, the issue in Seo is "no technicality; it is a fundamental protection of human dignity, agency, and integrity that the Framers enshrined in the Fifth Amendment."

Our argument to the Indiana Supreme Court is that compelling Seo to enter her memorized passcode would be inherently testimonial because it reveals the contents of her mind. Obviously, if she were forced to verbally tell a prosecutor her password, it would be a testimonial communication. By extension, the act of forced unlocking is also testimonial. First, it would require a modern form of written testimony, the entry of the passcode itself. Second, it would rely on Seo's mental knowledge of the passcode and require her to implicitly acknowledge other information such as the fact that it was under her possession and control. The lower appellate court in Seo added an intriguing third reason: "In a very real sense, the files do not exist on the phone in any meaningful way until the passcode is entered and the files sought are decrypted. . . . Because compelling Seo to unlock her phone compels her to literally recreate the information the State is seeking, we consider this recreation of digital information to be more testimonial in nature than the mere production of paper documents." Because entering a passcode is testimonial, that should be the end of it, and no one should be ordered to decrypt their device, at least absent a grant of immunity that satisfies the Fifth Amendment. The case gets complicated when you factor in a case from 1976 called Fisher v. United States, where the Supreme Court recognized an exception to the Fifth Amendment privilege for testimonial acts of production. "State and federal prosecutors have invoked it in nearly every forced decryption case to date," writes the EFF. "In Seo, the State argued that all that compelling the defendant to unlock her phone would reveal is that she knows her own passcode, which would be a foregone conclusion once it 'has proven that the phone belongs to her.'"

"As we argue in our amicus brief, this would be a dangerous rule for the Indiana Supreme Court to adopt. If all the government has to do to get you to unlock your phone is to show you know the password, it would have immense leverage to do so in any case where it encounters encryption."

An anonymous reader quotes the Internet Archive's blog Please join us for a Grand Re-opening of the Public Domain, featuring a keynote address by Creative Commons' founder, Lawrence Lessig, on January 25, 2019. Co-hosted by the Internet Archive and Creative Commons, this celebration will feature legal thought leaders, lightning talks, demos, and the chance to play with these new public domain works. The event will take place at the Internet Archive in San Francisco....

Join the creative, legal, library, and advocacy communities plus an amazing lineup of people who will highlight the significance of this new class of public domain works. Presenters include Larry Lessig, political activist and Harvard Law professor; Corynne McSherry, legal director of the Electronic Frontier Foundation; Cory Doctorow, science fiction author and co-editor of Boing Boing; Pam Samuelson, copyright scholar; and Jamie Boyle, the man who literally wrote the book on the public domain, and many others.
Attendees will also receive a discount on the world premiere of DJ Spooky's Quantopia: The Evolution of the Internet, a live concert commissioned by the Internet Archive "synthesizing data and art, both original and public domain materials, in tribute to the depth and high stakes of free speech and creative expression involved in our daily use of media."

Bird, an electric scooter rental company, sent a "Notice of Claimed Infringement" to news blog Boing Boing for reporting about people doing legal things that Bird does not like. EFF reports: Electric scooters have swamped a number of cities across the US, many of the scooters carelessly discarded in public spaces. Bird, though, has pioneered a new way to pollute the commons by sending a meritless takedown letter to a journalist covering the issue. The company cites the Digital Millennium Copyright Act and implies that even writing about the issue could be illegal. It's not.

Bird sent a "Notice of Claimed Infringement" over this article on Boing Boing, one of the Internet's leading sources of news and commentary. The article reports on the fact that large numbers of Bird scooters are winding up in impound lots, and that it's possible to lawfully purchase these scooters when cities auction them off, and then to lawfully modify those scooters so they work without the Bird app. The letter is necessarily vague about exactly how the post infringed any of Bird's rights, and with good reason: the post does no such thing, as we explain in a letter on behalf of Happy Mutants LLC, which owns and operates Boing Boing.

The post reports on lawful activity, nothing more. In fact, the First Amendment would have protected it even if reported on illegal conduct or advocated for people to break the law. (For instance, a person might lawfully advocate that an electric scooter startup should violate local parking ordinances. Hypothetically.) So, in a sense, it doesn't matter whether Bird is right or wrong when it claims that it's illegal to convert a Bird scooter to a personal scooter. Either way, Boing Boing was free to report on it.

Bird, an electric scooter rental company, sent a "Notice of Claimed Infringement" to news blog Boing Boing for reporting about people doing legal things that Bird does not like. EFF reports: Electric scooters have swamped a number of cities across the US, many of the scooters carelessly discarded in public spaces. Bird, though, has pioneered a new way to pollute the commons by sending a meritless takedown letter to a journalist covering the issue. The company cites the Digital Millennium Copyright Act and implies that even writing about the issue could be illegal. It's not.

Bird sent a "Notice of Claimed Infringement" over this article on Boing Boing, one of the Internet's leading sources of news and commentary. The article reports on the fact that large numbers of Bird scooters are winding up in impound lots, and that it's possible to lawfully purchase these scooters when cities auction them off, and then to lawfully modify those scooters so they work without the Bird app. The letter is necessarily vague about exactly how the post infringed any of Bird's rights, and with good reason: the post does no such thing, as we explain in a letter on behalf of Happy Mutants LLC, which owns and operates Boing Boing.

The post reports on lawful activity, nothing more. In fact, the First Amendment would have protected it even if reported on illegal conduct or advocated for people to break the law. (For instance, a person might lawfully advocate that an electric scooter startup should violate local parking ordinances. Hypothetically.) So, in a sense, it doesn't matter whether Bird is right or wrong when it claims that it's illegal to convert a Bird scooter to a personal scooter. Either way, Boing Boing was free to report on it.

Bird, an electric scooter rental company, sent a "Notice of Claimed Infringement" to news blog Boing Boing for reporting about people doing legal things that Bird does not like. EFF reports: Electric scooters have swamped a number of cities across the US, many of the scooters carelessly discarded in public spaces. Bird, though, has pioneered a new way to pollute the commons by sending a meritless takedown letter to a journalist covering the issue. The company cites the Digital Millennium Copyright Act and implies that even writing about the issue could be illegal. It's not.

Bird sent a "Notice of Claimed Infringement" over this article on Boing Boing, one of the Internet's leading sources of news and commentary. The article reports on the fact that large numbers of Bird scooters are winding up in impound lots, and that it's possible to lawfully purchase these scooters when cities auction them off, and then to lawfully modify those scooters so they work without the Bird app. The letter is necessarily vague about exactly how the post infringed any of Bird's rights, and with good reason: the post does no such thing, as we explain in a letter on behalf of Happy Mutants LLC, which owns and operates Boing Boing.

The post reports on lawful activity, nothing more. In fact, the First Amendment would have protected it even if reported on illegal conduct or advocated for people to break the law. (For instance, a person might lawfully advocate that an electric scooter startup should violate local parking ordinances. Hypothetically.) So, in a sense, it doesn't matter whether Bird is right or wrong when it claims that it's illegal to convert a Bird scooter to a personal scooter. Either way, Boing Boing was free to report on it.

chalsall (Slashdot reader #185), writes: The Great Internet Mersenne Prime Search (GIMPS) has discovered the largest known prime number, 2^82,589,933-1, having 24,862,048 digits. A computer volunteered by Patrick Laroche from Ocala, Florida made the find on December 7, 2018.

GIMPS has been on amazing lucky streak, finding triple the expected number of new Mersenne primes -- a dozen in the last fifteen years.
"This anomaly is not necessarily evidence that existing theories on the distribution of Mersenne primes is incorrect," notes GIMPS. "However, if the trend continues it may be worth further investigation. " They also report that the newly-discovered prime number "is more than one and a half million digits larger than the previous record prime number" -- and it's one of just 51 known Mersenne prime numbers ever discovered. "GIMPS, founded in 1996, has discovered the last 17..."

Patrick Laroche is one of thousands of volunteers using GIMPS' free software to hunt for prime numbers -- and is now eligible for a $3,000 "research discovery award," the group writes at mersenne.org. "GIMPS' next major goal is to win the $150,000 award administered by the Electronic Frontier Foundation offered for finding a 100 million digit prime number" -- of which $50,000 will be awarded to the discoverer, with another $50,000 going to a 501(c)(3) mathematics-related charity selected by GIMPS, and $50,000 retained by GIMPS to cover expenses and fund other awards.

Cloudflare is facing accusations that it's providing cybersecurity protection for at least seven terrorist organizations. "On Friday, HuffPost reported that it has reviewed numerous websites run by terrorist organizations and confirmed with four national security and counter-extremism experts that the sites are under the protection of Cloudflare's cybersecurity services," reports Gizmodo.

"Among Cloudflare's millions of customers are several groups that are on the State Department's list of foreign terrorist organizations, including al-Shabab, the Popular Front for the Liberation of Palestine, al-Quds Brigades, the Kurdistan Workers' Party (PKK), al-Aqsa Martyrs Brigade and Hamas -- as well as the Taliban, which, like the other groups, is sanctioned by the Treasury Department's Office of Foreign Assets Control (OFAC)," reports HuffPost.

"In the United States, it's a crime to knowingly provide tangible or intangible 'material support -- including communications equipment -- to a designated foreign terrorist organization or to provide service to an OFAC-sanctioned entity without special permission," the report continues. "Cloudflare, which is not authorized by the OFAC to do business with such organizations, has been informed on multiple occasions, dating back to at least 2012, that it is shielding terrorist groups behind its network, and it continues to do so." Gizmodo reports: The issue that HuffPost raises is whether Cloudflare is providing "material support" to sanctioned organizations. Some attorneys told HuffPost that it may be in violation of the law. Others, like the Electronic Frontier Foundation, argue that "material support" can and has been abused to silence speech. Cloudflare's general counsel, Doug Kramer, told Gizmodo over the phone that the company works closely with the U.S. government to ensure that it meets all of its legal obligations. He said that it is "proactive to screen for sanctioned groups and reactive to respond when its made aware of a sanctioned group" to which it may be providing services. HuffPost spoke with representatives from the Counter Extremism Project, who expressed frustration that they've sent four letters to Cloudflare over the last two years identifying seven terrorist-operated sites without receiving a reply. Kramer would not address any specific customers or situations when speaking with Gizmodo. He said that's simply company policy for reasons of protecting privacy.

v3rgEz writes: The Electronic Frontier Foundation and transparency non-profit MuckRock helped file over a thousand public records requests, looking into how local police departments were trading away sensitive data on where you drive and park, picked up by their use of automated license plate recognition devices. They've just published the results of those requests, including looking at how hundreds of departments freely share that data with hundreds of other organizations -- often with no public oversight. Explore the data yourself, or, if your town isn't yet in their database, requests its information free on MuckRock and they'll file a request for it. "[Automated license plate readers (ALPR)] are a combination of high-speed cameras and optical character recognition technology that can identify license plates and turn them into machine-readable text," reports the EFF. "What makes ALPR so powerful is that drivers are required by law to install license plates on their vehicles. In essence, our license plates have become tracking beacons. After the plate data is collected, the ALPR systems upload the information to a central a database along with the time, date, and GPS coordinates. Cops can search these databases to see where drivers have traveled or to identify vehicles that visited certain locations. Police can also add license plates under suspicion to 'hot lists,' allowing for real-time alerts when a vehicle is spotted by an ALPR network."

An anonymous reader quotes a report from TechCrunch: An unexpected declaration by whistleblower Edward Snowden filed in court [last] week adds a new twist in a long-running lawsuit against the NSA's surveillance programs. The case, filed by the EFF a decade ago, seeks to challenge the government's alleged illegal and unconstitutional surveillance of Americans, who are largely covered under the Fourth Amendment's protections against warrantless searches and seizures. It's a big step forward for the case, which had stalled largely because the government refused to confirm that a leaked document was authentic or accurate. News of the surveillance broke in 2006 when an AT&T technician Mark Klein revealed that the NSA was tapping into AT&T's network backbone. He alleged that a secret, locked room -- dubbed Room 641A -- in an AT&T facility in San Francisco where he worked was one of many around the U.S. used by the government to monitor communications -- domestic and overseas. President George W. Bush authorized the NSA to secretly wiretap Americans' communications shortly after the September 11 terrorist attacks in 2001.

Much of the EFF's complaint relied on Klein's testimony until 2013, when Snowden, a former NSA contractor, came forward with new revelations that described and detailed the vast scope of the U.S. government's surveillance capabilities, which included participation from other phone giants -- including Verizon (TechCrunch's parent company). Snowden's signed declaration, filed on October 31, confirms that one of the documents he leaked, which the EFF relied heavily on for its case, is an authentic draft document written by the then-NSA inspector general in 2009, which exposed concerns about the legality of the Bush's warrantless surveillance program -- Stellar Wind -- particularly the collection of bulk email records on Americans. "I read its contents carefully during my employment," he said in his declaration. "I have a specific and strong recollection of this document because it indicated to me that the government had been conducting illegal surveillance."

An anonymous reader quotes a report from TechCrunch: An unexpected declaration by whistleblower Edward Snowden filed in court [last] week adds a new twist in a long-running lawsuit against the NSA's surveillance programs. The case, filed by the EFF a decade ago, seeks to challenge the government's alleged illegal and unconstitutional surveillance of Americans, who are largely covered under the Fourth Amendment's protections against warrantless searches and seizures. It's a big step forward for the case, which had stalled largely because the government refused to confirm that a leaked document was authentic or accurate. News of the surveillance broke in 2006 when an AT&T technician Mark Klein revealed that the NSA was tapping into AT&T's network backbone. He alleged that a secret, locked room -- dubbed Room 641A -- in an AT&T facility in San Francisco where he worked was one of many around the U.S. used by the government to monitor communications -- domestic and overseas. President George W. Bush authorized the NSA to secretly wiretap Americans' communications shortly after the September 11 terrorist attacks in 2001.

Much of the EFF's complaint relied on Klein's testimony until 2013, when Snowden, a former NSA contractor, came forward with new revelations that described and detailed the vast scope of the U.S. government's surveillance capabilities, which included participation from other phone giants -- including Verizon (TechCrunch's parent company). Snowden's signed declaration, filed on October 31, confirms that one of the documents he leaked, which the EFF relied heavily on for its case, is an authentic draft document written by the then-NSA inspector general in 2009, which exposed concerns about the legality of the Bush's warrantless surveillance program -- Stellar Wind -- particularly the collection of bulk email records on Americans. "I read its contents carefully during my employment," he said in his declaration. "I have a specific and strong recollection of this document because it indicated to me that the government had been conducting illegal surveillance."

An anonymous reader quotes a report from the Electronic Frontier Foundation: The Electronic Frontier Foundation (EFF) launched a virtual reality (VR) experience on its website today that teaches people how to spot and understand the surveillance technologies police are increasingly using to spy on communities. Spot the Surveillance, which works best with a VR headset but will also work on standard browsers, places users in a 360-degree street scene in San Francisco. In the scene, a young resident is in an encounter with police. Users are challenged to identify surveillance tools by looking around the scene. The experience takes approximately 10 minutes to complete. The surveillance technologies featured in the scene include a body-worn camera, automated license plate readers, a drone, a mobile biometric device, and pan-tilt-zoom cameras. The project draws from years of research gathered by EFF in its Street-Level Surveillance project, which shines a light on how police use, and abuse, technology to spy on communities.

An anonymous reader quotes a report from the Electronic Frontier Foundation: The Electronic Frontier Foundation (EFF) launched a virtual reality (VR) experience on its website today that teaches people how to spot and understand the surveillance technologies police are increasingly using to spy on communities. Spot the Surveillance, which works best with a VR headset but will also work on standard browsers, places users in a 360-degree street scene in San Francisco. In the scene, a young resident is in an encounter with police. Users are challenged to identify surveillance tools by looking around the scene. The experience takes approximately 10 minutes to complete. The surveillance technologies featured in the scene include a body-worn camera, automated license plate readers, a drone, a mobile biometric device, and pan-tilt-zoom cameras. The project draws from years of research gathered by EFF in its Street-Level Surveillance project, which shines a light on how police use, and abuse, technology to spy on communities.

An anonymous reader quotes a report from the Electronic Frontier Foundation: The Electronic Frontier Foundation (EFF) launched a virtual reality (VR) experience on its website today that teaches people how to spot and understand the surveillance technologies police are increasingly using to spy on communities. Spot the Surveillance, which works best with a VR headset but will also work on standard browsers, places users in a 360-degree street scene in San Francisco. In the scene, a young resident is in an encounter with police. Users are challenged to identify surveillance tools by looking around the scene. The experience takes approximately 10 minutes to complete. The surveillance technologies featured in the scene include a body-worn camera, automated license plate readers, a drone, a mobile biometric device, and pan-tilt-zoom cameras. The project draws from years of research gathered by EFF in its Street-Level Surveillance project, which shines a light on how police use, and abuse, technology to spy on communities.

mspohr shares a report from Ars Technica: In September 2018, Shipping & Transit LLC (formerly known as ArrivalStar) filed for Chapter 7 bankruptcy -- voluntary liquidation -- but no one seems to have noticed until the Electronic Frontier Foundation pointed it out on October 31. The company claimed that it held the patent on vehicle tracking and related alerts. But about 15 months ago, judges began to rule against Shipping & Transit for the first time. That seems to have put a damper on its entire business model.

Now, according to Shipping & Transit LLC's federal bankruptcy filings, its global patent holdings (34 in the United States and 29 elsewhere) are worth a whopping $2. Meanwhile, it owes more than $423,000 to numerous creditors, including banks, law firms, and something called the "West African Investment Trust," based in Geneva, Switzerland.

An anonymous reader quotes a report from Motherboard: Printer maker Epson is under fire this month from activist groups after a software update prevented customers from using cheaper, third party ink cartridges. It's just the latest salvo in a decades-long effort by printer manufacturers to block consumer choice, often by disguising printer downgrades as essential product improvements. For several decades now printer manufacturers have lured consumers into an arguably-terrible deal: shell out a modest sum for a mediocre printer, then pay an arm and a leg for replacement printer cartridges that cost relatively-little to actually produce.

The Electronic Frontier Foundation now says that Epson has been engaged in the same behavior. The group says it recently learned that in late 2016 or early 2017, Epson issued a "poison pill" software update that effectively downgraded user printers to block third party cartridges, but disguised the software update as a meaningful improvement. The EFF has subsequently sent a letter to Texas Attorney General Ken Paxton, arguing that Epson's lack of transparency can easily be seen as "misleading and deceptive" under Texas consumer protection laws. "When restricted to Epson's own cartridges, customers must pay Epson's higher prices, while losing the added convenience of third party alternatives, such as refillable cartridges and continuous ink supply systems," the complaint notes. "This artificial restriction of third party ink options also suppresses a competitive ink market and has reportedly caused some manufacturers of refillable cartridges and continuous ink supply systems to exit the market."

An anonymous reader quotes a report from Motherboard: Printer maker Epson is under fire this month from activist groups after a software update prevented customers from using cheaper, third party ink cartridges. It's just the latest salvo in a decades-long effort by printer manufacturers to block consumer choice, often by disguising printer downgrades as essential product improvements. For several decades now printer manufacturers have lured consumers into an arguably-terrible deal: shell out a modest sum for a mediocre printer, then pay an arm and a leg for replacement printer cartridges that cost relatively-little to actually produce.

The Electronic Frontier Foundation now says that Epson has been engaged in the same behavior. The group says it recently learned that in late 2016 or early 2017, Epson issued a "poison pill" software update that effectively downgraded user printers to block third party cartridges, but disguised the software update as a meaningful improvement. The EFF has subsequently sent a letter to Texas Attorney General Ken Paxton, arguing that Epson's lack of transparency can easily be seen as "misleading and deceptive" under Texas consumer protection laws. "When restricted to Epson's own cartridges, customers must pay Epson's higher prices, while losing the added convenience of third party alternatives, such as refillable cartridges and continuous ink supply systems," the complaint notes. "This artificial restriction of third party ink options also suppresses a competitive ink market and has reportedly caused some manufacturers of refillable cartridges and continuous ink supply systems to exit the market."

An anonymous reader shares a report: Neustar, the registry operator of the .US domain and NTIA have reversed course, allowing the inclusion of previously restricted "seven dirty words" from future .US domain name registrations. The decision came after EFF and the Cyberlaw Clinic at Harvard Law School intervened in the cancelation of a domain name containing a restricted word. The domain name -- fucknazis.us -- registered by Mr. Rubin was suspended by Neustar calling it a violation of an NTIA "seven dirty words" policy -- "a phrase with particular First Amendment significance," said EFF. Further reading: EFF: Yes, You Can Name A Website "Fucknazis.us".

An anonymous reader quotes a report from Motherboard: While the European Union voted this week to pass its widely-criticized new Copyright Directive, activists and members of European Parliament say there's still a chance of keeping the EU from fully implementing the worst parts of the troubling proposal. The most controversial aspects of the plan remain twofold: Article 11, which would require EU News outlets to pay a "link tax" just to share anything more than "insubstantial" snippets of published content, and Article 13, which would require that EU member countries implement the kind of automated copyright filters that have been a chaotic mess here in the States. Other problematic measures were passed as well, including Article 12a, which prohibits sports fans from posting their own photos or videos of sporting events online, while stating that only event "organizers" have the right to do so.

That said, all hope is not lost. While some variant of Article 11 and Article 13 is likely be approved next spring, public pressure could force inclusion of additional safeguards for end users, Member of the European Parliament Julia Reda told me in an email. "While the overall bill was adopted with a comfortable majority, the outcome was more narrow for the two controversial articles (366:297 and 393:279)," Reda said. "Since the final vote will be close to the next European elections, that leaves open a small chance that massive public protest against these provisions may still convince MEPs to kill the entire bill." If passed, individual EU countries will be able to interpret the Directive as they see fit, though Reda believes they will likely steer toward stricter interpretation. "The real hope for repeal in my opinion is in the courts," author and activist Cory Doctorow said. "There's simply no way this passes EU Constitutional muster -- it's generalized filtering and mass surveillance by another name. The fact that they claim to be looking for 'infringement' doesn't change that."

Longtime Slashdot reader Lauren Weinstein adds: [...] These articles now enter a period of negotiation with EU member states, and then are subject to final votes next year, probably in the spring. So now's the time for the rest of the world to show Europe some special "tough love" -- to help them understand what their Internet island universe will look like if these terrible articles are ever actually implemented.
UPDATE: The Electronic Frontier Foundation issued a report slamming the proposal, offering a number of ways people can fight back.

Last month, Gmail's big redesign became default for everyone, changing up the aesthetic appearance of the email service and introducing several new features. One of the key features, Confidential Mode, lets you add an "expiration date" and passcode to emails either in the web interface or via SMS, but not everyone is so trusting of its ability to keep your private data secure. "Recipients of these confidential emails won't be able to copy, paste, download, print or forward the message, and attachments will be disabled," notes Engadget.

The Electronic Frontier Foundation (EFF) doesn't think this new mode is secure at all. It's not encrypted end-to-end, so Google could read your messages in transit, and the expiring messages do not disappear from your Sent mail, which means they are retrievable. What's more is that if you use an SMS passcode, you might need to give Google your recipient's phone number. Because of these reasons, Slashdot reader shanen doesn't believe the new feature goes far enough to secure your data. They write: [M]y initial reaction is that I now need a new feature for Gmail. I want an option to reject incoming email from any person who wants to use confidential mode to communicate with me. Whatever conspiracy you are trying to hide, I'm not interested. So can anyone convince me you have a legitimate need for confidential mode? The main features I still want are completely different. Easiest one to describe would be future delivery of email, preferably combined with a tickler system.

According to a report from the Sacramento Bee, officials in Sacramento County have been accessing license plate reader data to track welfare recipients suspected of fraud. The practice dates back to 2016. Gizmodo reports: Sacramento County Department of Human Assistance Director Ann Edwards confirmed to the paper that welfare fraud investigators working under the DHA have used the data for two years on a "case-by-case" basis. Edwards said the DHA pays about $5,000 annually for access to the database. Abbreviated LPR, license plate readers are essentially cameras that upload photographs to a searchable database of images of license plates. If a driver passed by an LPR four times throughout a city, an officer with access would know where and at what time of day. Anyone with access to that data could use it track where someone drove and when, provided they were scanned by the LPR.

It's not immediately clear how travel patterns might reveal welfare fraud. As noted by the Electronic Frontier Foundation, welfare fraud is statistically speaking, extremely rare. In 2012, the DHA found only 500 cases of fraud among Sacramento's 193,000 recipients. Following an inquiry from the EFF, the DHA has instituted a privacy policy (one that didn't exist before their initial inquiry) requiring investigators to justify each request for LPR data. The Sacramento Bee reports the DHA accessed the data over a thousand times in two years.

An anonymous reader quotes a report from the Electronic Frontier Foundation: The latest country to consider a website blocking proposal is Japan, and EFF has responded to the call for comment by sharing all the reasons that cutting off websites is a terrible solution for copyright violations. In response to infringement of copyrighted material, specifically citing a concern for manga, the government of Japan began work on a proposal that would make certain websites inaccessible in Japan. In response to Japan's proposal, EFF explained that website blocking is not effective at the stated goal of protecting artists and their work. First, it can be easily circumvented. Second, it ends up capturing a lot of lawful expression. Blocking an entire website does not distinguish between legal and illegal content, punishing both equally. According to numerous studies, the best answer to the problem of online infringement is providing easy, lawful alternatives. Doing this also has the benefit of not penalizing legitimate expression the way blocking does. According to The Japan Times, the "emergency measure" would "encourage [ISPs] to restrict access to such 'malicious' websites 'on a voluntary basis' in order to protect the nation's famed manga and anime industries from free-riders."

Presto Vivace shares a report from The Week with the caption, "And they wonder why some of us prefer to shop online." From the report: Surveillance systems at more than 46 malls in California are capturing license plate information that is fed to Immigration and Customs Enforcement, the Electronic Frontier Foundation reported Tuesday. One company, Irvine Company Retail Properties, operates malls all over the state using a security network called Vigilant Solutions. Vigilant shares data with hundreds of law enforcement agencies, insurance companies, and debt collectors -- including ICE, which signed a contract with the security company earlier this year, reports The Verge. "[Irvine Company] is putting not only immigrants at risk, but invading the privacy of its customers by allowing a third-party to hold onto their data indefinitely," EFF wrote in its report, urging the chain of malls to stop providing information to ICE.

schwit1 quotes a report from the Electronic Frontier Foundation: We are asking a court to declare the Allow States and Victims to Fight Online Sex Trafficking Act of 2017 ("FOSTA") unconstitutional and prevent it from being enforced. The law was written so poorly that it actually criminalizes a substantial amount of protected speech and, according to experts, actually hinders efforts to prosecute sex traffickers and aid victims. In our lawsuit, two human rights organizations, an individual advocate for sex workers, a certified non-sexual massage therapist, and the Internet Archive, are challenging the law as an unconstitutional violation of the First and Fifth Amendments. Although the law was passed by Congress for the worthy purpose of fighting sex trafficking, its broad language makes criminal of those who advocate for and provide resources to adult, consensual sex workers and actually hinders efforts to prosecute sex traffickers and aid victims. The EFF goes on to cite some examples of how FOSTA has already censored the internet. Most notably, two days after FOSTA was passed in the Senate, "Craigslist eliminated its Personals section, including non-sexual subcategories such as 'Missed Connections' and 'Strictly Platonic,'" reports the EFF. Reddit even removed some of its subreddits out of fear of future lawsuits.

Mark Wilson writes: When it comes to messaging tools, people have started to show greater interest in whether encryption is used for security, and the same for websites -- but not so much with email. Thanks to the work of the Electronic Frontier Foundation, however, email security is being placed at the top of the agenda. The privacy group today announces STARTTLS Everywhere, its new initiative to improve the security of the email ecosystem. STARTTLS is an addition to SMTP, and while it does not add end-to-end encryption, it does provide hop-to-hop encryption, which is very much a step in the right direction. In a blog post, EFF elaborates SMARTTLS for the uninitiated, and outlines how it worked around some of the tech's underlying challenges: There are two primary security models for email transmission: end-to-end, and hop-to-hop. Solutions like PGP and S/MIME were developed as end-to-end solutions for encrypted email, which ensure that only the intended recipient can decrypt and read a particular message. Unlike PGP and S/MIME, STARTTLS provides hop-to-hop encryption (TLS for email), not end-to-end. Without requiring configuration on the end-user's part, a mailserver with STARTTLS support can protect email from passive network eavesdroppers. For instance, network observers gobbling up worldwide information from Internet backbone access points (like the NSA or other governments) won't be able to see the contents of messages, and will need more targeted, low-volume methods. In addition, if you are using PGP or S/MIME to encrypt your emails, STARTTLS prevents metadata leakage (like the "Subject" line, which is often not encrypted by either standard) and can negotiate forward secrecy for your emails.

A large group of Internet pioneers have sent an open letter to the European Union urging it to scrap a proposal to introduce automated upload filters, arguing that it could damage the internet as we know it. The Register: The European Parliament's Legal Affairs (Juri) Committee will vote on the proposal contained in Article 13 of the Copyright in the Digital Single Market Directive next week. The proposal would see all companies that "store and provide to the public access to large amounts of works" obliged to "prevent the availability... of works... identified by rightholders." Despite the inclusion of language that says such measures need to be "appropriate and proportionate," it has caused many to worry that the law will lead to a requirement for all platforms to introduce automated content filtering, and shift liability for any copyrighted material that appears online from the user that posts it to the platform itself.

"By inverting this liability model and essentially making platforms directly responsible for ensuring the legality of content in the first instance, the business models and investments of platforms large and small will be impacted," warns the letter [PDF] signed by "Father of the Internet" Vint Cerf, world world web inventor Tim Berners-Lee, as well a host of other internet luminaries including Wikipedia's Jimmy Wales, security expert Bruce Schneier and net neutrality namer Tim Wu.

A group of European security researchers have released a warning about a set of vulnerabilities affecting users of PGP and S/MIME. From a report: EFF has been in communication with the research team, and can confirm that these vulnerabilities pose an immediate risk to those using these tools for email communication, including the potential exposure of the contents of past messages. The full details will be published in a paper on Tuesday at 07:00 AM UTC (3:00 AM Eastern, midnight Pacific).

In order to reduce the short-term risk, we and the researchers have agreed to warn the wider PGP user community in advance of its full publication. Our advice, which mirrors that of the researchers, is to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email. Until the flaws described in the paper are more widely understood and fixed, users should arrange for the use of alternative end-to-end secure channels, such as Signal, and temporarily stop sending and especially reading PGP-encrypted email. Further reading: People Are Freaking Out That PGP Is 'Broken' -- But You Shouldn't Be Using It Anyway (Motherboard).

On Thursday, a federal appeals court ruled that U.S. border agents need some sort of reason to believe a traveler has committed a crime before searching their cellphone. Slashdot reader Wrath0fb0b shares an analysis via Reason, written by Fourth Amendment scholar Orin Kerr: Traditionally, searches at the border don't require any suspicion on the theory that the government has a strong sovereign interest in regulating what enters and exits the country. But there is caselaw indicating that some border searches are so invasive that they do require some kind of suspicion. In the new case, Kolsuz (PDF), the Fourth Circuit agrees with the Ninth Circuit that at least some suspicion is required for a forensic search of a cell phone seized at the border. This is important for three reasons. First, the Fourth Circuit requires suspicion for forensic searches of cell phones seized at the border. Second, it clarifies significantly the forensic/manual distinction, which has always been pretty uncertain to me. Third, it leaves open that some suspicion may be required for manual searches, too.

But wait, that's not all. In fact, I don't think it's the most important part of the opinion. The most important part of the opinion comes in a different section, where the Fourth Circuit adds what seems to be a new and important limit on the border search exception: a case-by-case nexus requirement to the government interests that justify the border search exception. Maybe I'm misreading this passage, but it strikes me as doing something quite new and significant. It scrutinizes the border search that occurred to see if the government's cause for searching in this particular case satisfied "a 'nexus' requirement" of showing sufficient connection between the search and "the rationale for the border search exception," requiring a link between the "predicate for the search and the rationale for the border exception." In other words, the Fourth Circuit appears to be requiring the government to identify the border-search-related interest justifying that particular search in order to rely on the border search exception. "The analysis is interesting throughout, and it would be a fairly large limitation on digital searches conducted at the border, both in requiring some articulable suspicion for digital searches and in the requirement to justify the relationship between the search and the border inspection," writes Wrath0fb0b.

lod123 shares a report from Threatpost: As Georgia Governor Nathan Deal considers whether to sign a controversial piece of legislation that would allow companies to 'hack back' with offensive initiatives in the face of a cyberattack, companies from across the tech spectrum are lining up to protest the measure. Also, a hacktivist group has targeted Georgia Southern University, two restaurants and a church to protest the bill. Opponents have twin beefs when it comes to Senate Bill 315: Some are questioning whether legitimizing offensive attacks will open the door to a new kind of corporate warfare; and others are concerned that the law will have a chilling effect on cyber-research by criminalizing white-hat activity like vulnerability research and pen-testing.

Google and Microsoft are in the former camp, and have asked Deal to veto the bill, which was passed by the Georgia General Assembly in March and which is nearing its deadline for signing into law. The two giants take issue with a provision in the bill that allows "active defense measures that are designed to prevent or detect unauthorized computer access." In a letter to the governor, the two argued that S.B. 315 "will make Georgia a laboratory for offensive cybersecurity practices that may have unintended consequences and that have not been authorized in other jurisdictions," and that "provisions such as this could easily lead to abuse and be deployed for anti-competitive, not protective purposes." They added: "On its face, this provision broadly authorizes the hacking of other networks and systems under the undefined guise of cybersecurity... [B]efore Georgia endorses the 'hack back' authority in 'defense' or even anticipation of a potential attack with no statutory criteria, it should have a much more thorough understanding of the ramifications of such a policy." Tripwire also filed a letter with the governor's office: "[A]ccording to the wording of S.B. 315, well-intentioned ('white-hat') researchers could be subject to civil or criminal prosecution when following industry best practices in investigating a website for protection from a potential cyber-attack. It is our firm belief that an explicit exception is required to exclude prosecution when the party in question is acting in good-faith to protect a business or their customers from attack. Without this exclusion, S.B. 315 will discourage good actors from reporting vulnerabilities and ultimately increase the likelihood that adversaries will find and exploit the underlying weaknesses."

An anonymous reader quotes a report from the Electronic Frontier Foundation: Facebook took a step toward greater accountability this week, expanding the text of its community standards and announcing the rollout of a new system of appeals. Digital rights advocates have been pushing the company to be more transparent for nearly a decade, and many welcomed the announcements as a positive move for the social media giant. The changes are certainly a step in the right direction. Over the past year, following a series of controversial decisions about user expression, the company has begun to offer more transparency around its content policies and moderation practices, such as the "Hard Questions" series of blog posts offering insight into how the company makes decisions about different types of speech.

The expanded community standards released on Tuesday offer a much greater level of detail of what's verboten and why. Broken down into six overarching categories -- violence and criminal behavior, safety, objectionable content, integrity and authenticity, respecting intellectual property, and content-related requests -- each section comes with a "policy rationale" and bulleted lists of "do not post" items. Facebook's other announcement -- that of expanded appeals -- has received less media attention, but for many users, it's a vital development. In the platform's early days, content moderation decisions were final and could not be appealed. Then, in 2011, Facebook instituted a process through which users whose accounts had been suspended could apply to regain access. That process remained in place until this week.

The new version of Firefox 11.0 for iOS turns on tracking protection by default, lets you reorder your tabs, and adds a handful of iPad-specific features. The latest version is currently available via Apple's App Store. VentureBeat details the new features: Tracking protection means Firefox blocks website elements (ads, analytics trackers, and social share buttons) that could track you while you're surfing the web. It's almost like a built-in ad blocker, though it's really closer to browser add-ons like Ghostery and Privacy Badger because ads that don't track you are allowed through. The feature's blocking list, which is based on the tracking protection rules laid out by the anti-tracking startup Disconnect, is published under the General Public License and available on GitHub. The feature is great for privacy, but it also improves performance. Content loads faster for many websites, which translates into less data usage and better battery life. If tracking protection doesn't work well on a given site, just turn it off there and Firefox for iOS should remember your preference.

Tracking protection aside, iOS users can now reorder their tabs. Organizing your tabs is very straightforward: Long-press the specific tab and drag it either left or right. iPad users have gained two new features, as well. You can now share URLs by just dragging and dropping links to and from Firefox with any other iOS app. If you're in side-by-side view, just drag the link or tab into the other app. Otherwise, bring up the doc or app switcher, drag the link into the other app until it pulses, release the link, and the other app will open the link. Lastly, iPad users have gained a few more keyboard shorts, including the standard navigation keys from the desktop. There's also cursor navigation through the bookmarks and history results, an escape key in the URL bar, and easier tab tray navigation (try using the keyboard shortcut Command + Option + Tab to get to and from the tabs view).

The Electronic Frontier Foundation's Peter Eckersley writes: Yesterday, The New York Times reported that there is widespread unrest amongst Google's employees about the company's work on a U.S. military project called "Project Maven." Google has claimed that its work on Maven is for "non-offensive uses only," but it seems that the company is building computer vision systems to flag objects and people seen by military drones for human review. This may in some cases lead to subsequent targeting by missile strikes. EFF has been mulling the ethical implications of such contracts, and we have some advice for Google and other tech companies that are considering building military AI systems.
The EFF lists several "starting points" any company, or any worker, considering whether to work with the military on a project with potentially dangerous or risk AI applications should be asking:

1. Is it possible to create strong and binding international institutions or agreements that define acceptable military uses and limitations in the use of AI? While this is not an easy task, the current lack of such structures is troubling. There are serious and potentially destabilizing impacts from deploying AI in any military setting not clearly governed by settled rules of war. The use of AI in potential target identification processes is one clear category of uses that must be governed by law.
2.Is there a robust process for studying and mitigating the safety and geopolitical stability problems that could result from the deployment of military AI? Does this process apply before work commences, along the development pathway and after deployment? Could it incorporate the sufficient expertise to address subtle and complex technical problems? And would those leading the process have sufficient independence and authority to ensure that it can check companies' and military agencies' decisions?
3.Are the contracting agencies willing to commit to not using AI for autonomous offensive weapons? Or to ensuring that any defensive autonomous systems are carefully engineered to avoid risks of accidental harm or conflict escalation? Are present testing and formal verification methods adequate for that task?
4.Can there be transparent, accountable oversight from an independently constituted ethics board or similar entity with both the power to veto aspects of the program and the power to bring public transparency to issues where necessary or appropriate? For example, while Alphabet's AI-focused subsidiary DeepMind has committed to independent ethics review, we are not aware of similar commitments from Google itself. Given this letter, we are concerned that the internal transparency, review, and discussion of Project Maven inside Google was inadequate. Any project review process must be transparent, informed, and independent. While it remains difficult to ensure that that is the case, without such independent oversight, a project runs real risk of harm.

An anonymous reader writes: The EFF is announcing "a celebration of the life and leadership of the recently departed founder of EFF, John Perry Barlow," to be held next Saturday at the Internet Archive in San Francisco from 2:00 to 6:00. The event will also be streamed live on the Internet Archive's YouTube channel.

Confirmed speakers include Edward Snowden, Cory Doctorow, EFF co-founders John Gilmore and Mitch Kapor, and Shari Steele, the executive director of the Tor Project (and a former EFF executive director).

An anonymous reader quotes a report from Ars Technica: In the wake of this week's passage of the Allow States and Victims to Fight Online Sex Trafficking Act (FOSTA) bill in both houses of Congress on Wednesday, Craigslist has removed its "Personals" section entirely, and Reddit has removed some related subreddits, likely out of fear of future lawsuits. FOSTA, which awaits the signature of President Donald Trump before becoming law, removes some portions of Section 230 of the Communications Decency Act. The landmark 1996 law shields website operators that host third-party content (such as commenters, for example) from civil liability. The new bill is aimed squarely at Backpage, a notorious website that continues to allow prostitution advertisements and has been under federal scrutiny for years. In a bizarre turn of events, the Department of Justice also warned the House in February 2018 that the bill "raises a serious constitutional concern," as it would apply retroactively -- a seeming violation of the Constitution's ex post facto clause. Congress passed it anyway. The Electronic Frontier Foundation wrote in a blog post: "It's easy to see the impact that this ramp-up in liability will have on online speech: facing the risk of ruinous litigation, online platforms will have little choice but to become much more restrictive in what sorts of discussion -- and what sorts of users -- they allow, censoring innocent people in the process."

A new copyright proposal in the EU would require code-sharing platforms like GitHub and SourceForge to monitor all content that users upload for potential copyright infringement. "The proposal is aimed at music and videos on streaming platforms, based on a theory of a 'value gap' between the profits those platforms make from uploaded works and what copyright holders of some uploaded works receive," reports The GitHub Blog. "However, the way it's written captures many other types of content, including code."

Upload filters, also known as "censorship machines," are some of the most controversial elements of the copyright proposal, raising a number of concerns including: -Privacy: Upload filters are a form of surveillance, effectively a "general monitoring obligation" prohibited by EU law
-Free speech: Requiring platforms to monitor content contradicts intermediary liability protections in EU law and creates incentives to remove content
-Ineffectiveness: Content detection tools are flawed (generate false positives, don't fit all kinds of content) and overly burdensome, especially for small and medium-sized businesses that might not be able to afford them or the resulting litigation Upload filters are especially concerning for software developers given that: -Software developers create copyrightable works -- their code -- and those who choose an open source license want to allow that code to be shared
-False positives (and negatives) are especially likely for software code because code often has many contributors and layers, often with different licensing for different components
-Requiring code-hosting platforms to scan and automatically remove content could drastically impact software developers when their dependencies are removed due to false positives The EU Parliament continues to introduce new proposals for Article 13 but these issues remain. MEP Julia Reda explains further in a recent proposal from Parliament.

An anonymous reader quotes a report from Medium: Lawmakers behind a new anti-privacy bill are trying to sneak it through Congress by attaching it to the must-pass government spending bill. The CLOUD Act would hand police in the U.S., and other countries, extreme new powers to obtain and monitor data directly from tech companies instead of requiring a warrant and judicial review. Congressional leadership will decide whether the CLOUD Act gets attached to the omnibus government spending bill sometime this week, potentially as early as tomorrow... If passed, this bill would give law enforcement the power to go directly to tech companies, no matter where they or their servers are, to obtain our data. They wouldn't need a warrant or court oversight, and we'll be left with no protections to ensure law enforcement isn't violating our rights. A recent report from the Electronic Frontier Foundation explains how the CLOUD Act circumvents the Fourth Amendment. "This new backdoor for cross-border data mirrors another backdoor under Section 702 of the FISA Amendments Act, an invasive NSA surveillance authority for foreign intelligence gathering," reports the EFF. "That law, recently reauthorized and expanded by Congress for another six years, gives U.S. intelligence agencies, including the NSA, FBI, and CIA, the ability to search, read, and share our private electronic messages without first obtaining a warrant. The new backdoor in the CLOUD Act operates much in the same way. U.S. police could obtain Americans' data, and use it against them, without complying with the Fourth Amendment."

According to newly released documents by the Electronic Frontier Foundation, federal agents would pay Geek Squad employees to flag illegal materials on devices sent in by customers for repairs. "The relationship goes back at least ten years, according to documents released as a result of the lawsuit [filed last year]," reports ZDNet. "The agency's Louisville division aim was to maintain a 'close liaison' with Geek Squad management to 'glean case initiations and to support the division's Computer Intrusion and Cyber Crime programs.'" From the report: According to the EFF's analysis of the documents, FBI agents would "show up, review the images or video and determine whether they believe they are illegal content" and seize the device so an additional analysis could be carried out at a local FBI field office. That's when, in some cases, agents would try to obtain a search warrant to justify the access. The EFF's lawsuit was filed in response to a report that a Geek Squad employee was used as an informant by the FBI in the prosecution of child pornography case. The documents show that the FBI would regularly use Geek Squad employees as confidential human sources -- the agency's term for informants -- by taking calls from employees when they found something suspect.

An anonymous reader quotes the EFF: Playboy Entertainment has given up on its lawsuit against Happy Mutants, LLC, the company behind Boing Boing. Earlier this month, a federal court dismissed Playboy's claims but gave Playboy permission to try again with a new complaint, if it could dig up some new facts. The deadline for filing that new complaint passed this week, and today Playboy released a statement suggesting that it is standing down...

It's hard to understand why Playboy brought this case in the first place, turning its legal firepower on a small news and commentary website that hadn't uploaded or hosted any infringing content. We're also a little perplexed as to why Playboy seems so unhappy that the Boing Boing post is still up when the links they complain about have been dead for almost two years.

An anonymous reader quotes a report from the Electronic Frontier Foundation: Rejecting years of settled precedent, a federal court in New York has ruled [PDF] that you could infringe copyright simply by embedding a tweet in a web page. Even worse, the logic of the ruling applies to all in-line linking, not just embedding tweets. If adopted by other courts, this legally and technically misguided decision would threaten millions of ordinary Internet users with infringement liability.

This case began when Justin Goldman accused online publications, including Breitbart, Time, Yahoo, Vox Media, and the Boston Globe, of copyright infringement for publishing articles that linked to a photo of NFL star Tom Brady. Goldman took the photo, someone else tweeted it, and the news organizations embedded a link to the tweet in their coverage (the photo was newsworthy because it showed Brady in the Hamptons while the Celtics were trying to recruit Kevin Durant). Goldman said those stories infringe his copyright. "[W]hen defendants caused the embedded Tweets to appear on their websites, their actions violated plaintiff's exclusive display right; the fact that the image was hosted on a server owned and operated by an unrelated third party (Twitter) does not shield them from this result," Judge Katherine Forrest said.

An anonymous reader quotes a report from the Electronic Frontier Foundation: Rejecting years of settled precedent, a federal court in New York has ruled [PDF] that you could infringe copyright simply by embedding a tweet in a web page. Even worse, the logic of the ruling applies to all in-line linking, not just embedding tweets. If adopted by other courts, this legally and technically misguided decision would threaten millions of ordinary Internet users with infringement liability.

This case began when Justin Goldman accused online publications, including Breitbart, Time, Yahoo, Vox Media, and the Boston Globe, of copyright infringement for publishing articles that linked to a photo of NFL star Tom Brady. Goldman took the photo, someone else tweeted it, and the news organizations embedded a link to the tweet in their coverage (the photo was newsworthy because it showed Brady in the Hamptons while the Celtics were trying to recruit Kevin Durant). Goldman said those stories infringe his copyright. "[W]hen defendants caused the embedded Tweets to appear on their websites, their actions violated plaintiff's exclusive display right; the fact that the image was hosted on a server owned and operated by an unrelated third party (Twitter) does not shield them from this result," Judge Katherine Forrest said.

The Electronic Frontier Foundation reports that its founder, John Perry Barlow, has passed away quietly in his sleep this morning. He was 70 years old. From the report: It is no exaggeration to say that major parts of the Internet we all know and love today exist and thrive because of Barlow's vision and leadership. He always saw the Internet as a fundamental place of freedom, where voices long silenced can find an audience and people can connect with others regardless of physical distance. Barlow was sometimes held up as a straw man for a kind of naive techno-utopianism that believed that the Internet could solve all of humanity's problems without causing any more. As someone who spent the past 27 years working with him at EFF, I can say that nothing could be further from the truth.

Barlow knew that new technology could create and empower evil as much as it could create and empower good. He made a conscious decision to focus on the latter: "I knew it's also true that a good way to invent the future is to predict it. So I predicted Utopia, hoping to give Liberty a running start before the laws of Moore and Metcalfe delivered up what Ed Snowden now correctly calls 'turn-key totalitarianism.'" Barlow's lasting legacy is that he devoted his life to making the Internet into "a world that all may enter without privilege or prejudice accorded by race, economic power, military force, or station of birth... a world where anyone, anywhere may express his or her beliefs, no matter how singular, without fear of being coerced into silence or conformity."

An anonymous reader quotes the EFF: The Electronic Frontier Foundation (EFF) and mobile security company Lookout have uncovered a new malware espionage campaign infecting thousands of people in more than 20 countries. Hundreds of gigabytes of data has been stolen, primarily through mobile devices compromised by fake secure messaging clients. The trojanized apps, including Signal and WhatsApp, function like the legitimate apps and send and receive messages normally. However, the fake apps also allow the attackers to take photos, retrieve location information, capture audio, and more.

The threat, called Dark Caracal by EFF and Lookout researchers, may be a nation-state actor and appears to employ shared infrastructure which has been linked to other nation-state actors. In a new report, EFF and Lookout trace Dark Caracal to a building belonging to the Lebanese General Security Directorate in Beirut. "People in the U.S., Canada, Germany, Lebanon, and France have been hit by Dark Caracal. Targets include military personnel, activists, journalists, and lawyers, and the types of stolen data range from call records and audio recordings to documents and photos," said EFF Director of Cybersecurity Eva Galperin. "This is a very large, global campaign, focused on mobile devices. Mobile is the future of spying, because phones are full of so much data about a person's day-to-day life."
Dark Caracal apparently gets installed through carefully-targeted spearphishing attacks, accoridng to the EFF. "Several types of phishing emails directed people -- including military personnel, activists, journalists, and lawyers -- to go to a fake app store-like page, where fake Android apps waited. There is even evidence that, in some cases, Dark Caracal used physical access to people's phones to install the fake apps."

An anonymous reader quotes the EFF: The Electronic Frontier Foundation (EFF) and mobile security company Lookout have uncovered a new malware espionage campaign infecting thousands of people in more than 20 countries. Hundreds of gigabytes of data has been stolen, primarily through mobile devices compromised by fake secure messaging clients. The trojanized apps, including Signal and WhatsApp, function like the legitimate apps and send and receive messages normally. However, the fake apps also allow the attackers to take photos, retrieve location information, capture audio, and more.

The threat, called Dark Caracal by EFF and Lookout researchers, may be a nation-state actor and appears to employ shared infrastructure which has been linked to other nation-state actors. In a new report, EFF and Lookout trace Dark Caracal to a building belonging to the Lebanese General Security Directorate in Beirut. "People in the U.S., Canada, Germany, Lebanon, and France have been hit by Dark Caracal. Targets include military personnel, activists, journalists, and lawyers, and the types of stolen data range from call records and audio recordings to documents and photos," said EFF Director of Cybersecurity Eva Galperin. "This is a very large, global campaign, focused on mobile devices. Mobile is the future of spying, because phones are full of so much data about a person's day-to-day life."
Dark Caracal apparently gets installed through carefully-targeted spearphishing attacks, accoridng to the EFF. "Several types of phishing emails directed people -- including military personnel, activists, journalists, and lawyers -- to go to a fake app store-like page, where fake Android apps waited. There is even evidence that, in some cases, Dark Caracal used physical access to people's phones to install the fake apps."