Slashdot Mirror

An anonymous reader quotes Open Source Observatory: The City of Barcelona is migrating its computer systems away from the Windows platform, reports the Spanish newspaper El País. The City's strategy is first to replace all user applications with open-source alternatives, until the underlying Windows operating system is the only proprietary software remaining. In a final step, the operating system will be replaced with Linux... According to Francesca Bria, the Commissioner of Technology and Digital Innovation at the City Council, the transition will be completed before the current administration's mandate ends in spring 2019. For starters, the Outlook mail client and Exchange Server will be replaced with Open-Xchange. In a similar fashion, Internet Explorer and Office will be replaced with Firefox and LibreOffice, respectively. The Linux distribution eventually used will probably be Ubuntu, since the City of Barcelona is already running 1,000 Ubuntu-based desktops as part of a pilot...

Barcelona is the first municipality to have joined the European campaign 'Public Money, Public Code'. This campaign is an initiative of the Free Software Foundation Europe (FSFE) and revolves around an open letter advocating that publicly funded software should be free. Currently, this call to public agencies is supported by more than 100 organisations and almost 15,000 individuals. With the new open-source strategy, Barcelona's City Council aims to avoid spending large amounts of money on licence-based software and to reduce its dependence on proprietary suppliers through contracts that in some cases have been closed for decades.

On the fifth anniversary of the death of Aaron Swartz, EFF activist Elliot Harmon posted a remembrance: When you look around the digital rights community, it's easy to find Aaron's fingerprints all over it. He and his organization Demand Progress worked closely with EFF to stop SOPA. Long before that, he played key roles in the development of RSS, RDF, and Creative Commons. He railed hard against the idea of government-funded scientific research being unavailable to the public, and his passion continues to motivate the open access community. Aaron inspired Lawrence Lessig to fight corruption in politics, eventually fueling Lessig's White House run... It's tempting to become pessimistic in the face of countless threats to free speech and privacy. But the story of the SOPA protests demonstrates that we can win in the face of seemingly insurmountable odds.
He shares a link to a video of Aaron's most inspiring talk, "How We Stopped SOPA," writing that "Aaron warned that SOPA wouldn't be the last time Hollywood attempted to use copyright law as an excuse to censor the Internet... 'The enemies of the freedom to connect have not disappeared... We won this fight because everyone made themselves the hero of their own story. Everyone took it as their job to save this crucial freedom. They threw themselves into it. They did whatever they could think of to do.'"

On the anniversary of Aaron's death, his brother Ben Swartz, an engineer at Twitch, wrote about his own efforts to effect change in ways that would've made Aaron proud, while Aaron's mother urged calls to Congress to continue pushing for reform to the Computer Fraud and Abuse Act.

And there were countless other remembrances on Twitter, including one fro Cory Doctorow, who tweeted a link to Lawrence Lessig's analysis of the prosecution. And Lessig himself marked the anniversary with several posts on Twitter. "None should rest," reads one, "for still, there is no peace."

An anonymous reader quotes a report from the Electronic Frontier Foundation: Good news out of the Ninth Circuit: the federal court of appeals heeded EFF's advice and rejected an attempt by Oracle to hold a company criminally liable for accessing Oracle's website in a manner it didn't like. The court ruled back in 2012 that merely violating a website's terms of use is not a crime under the federal computer crime statute, the Computer Fraud and Abuse Act. But some companies, like Oracle, turned to state computer crime statutes -- in this case, California and Nevada -- to enforce their computer use preferences. This decision shores up the good precedent from 2012 and makes clear -- if it wasn't clear already -- that violating a corporate computer use policy is not a crime.

An anonymous reader quotes a report from the Electronic Frontier Foundation: Good news out of the Ninth Circuit: the federal court of appeals heeded EFF's advice and rejected an attempt by Oracle to hold a company criminally liable for accessing Oracle's website in a manner it didn't like. The court ruled back in 2012 that merely violating a website's terms of use is not a crime under the federal computer crime statute, the Computer Fraud and Abuse Act. But some companies, like Oracle, turned to state computer crime statutes -- in this case, California and Nevada -- to enforce their computer use preferences. This decision shores up the good precedent from 2012 and makes clear -- if it wasn't clear already -- that violating a corporate computer use policy is not a crime.

An anonymous reader quotes a report from the Electronic Frontier Foundation: Good news out of the Ninth Circuit: the federal court of appeals heeded EFF's advice and rejected an attempt by Oracle to hold a company criminally liable for accessing Oracle's website in a manner it didn't like. The court ruled back in 2012 that merely violating a website's terms of use is not a crime under the federal computer crime statute, the Computer Fraud and Abuse Act. But some companies, like Oracle, turned to state computer crime statutes -- in this case, California and Nevada -- to enforce their computer use preferences. This decision shores up the good precedent from 2012 and makes clear -- if it wasn't clear already -- that violating a corporate computer use policy is not a crime.

An anonymous reader quotes a report from the Electronic Frontier Foundation: Good news out of the Ninth Circuit: the federal court of appeals heeded EFF's advice and rejected an attempt by Oracle to hold a company criminally liable for accessing Oracle's website in a manner it didn't like. The court ruled back in 2012 that merely violating a website's terms of use is not a crime under the federal computer crime statute, the Computer Fraud and Abuse Act. But some companies, like Oracle, turned to state computer crime statutes -- in this case, California and Nevada -- to enforce their computer use preferences. This decision shores up the good precedent from 2012 and makes clear -- if it wasn't clear already -- that violating a corporate computer use policy is not a crime.

"The movement to encrypt the web reached milestone after milestone in 2017," writes the EFF, adding that "the web is in the middle of a massive change from non-secure HTTP to the more secure, encrypted HTTPS protocol." In February, the scales tipped. For the first time, approximately half of Internet traffic was protected by HTTPS. Now, as 2017 comes to a close, an average of 66% of page loads on Firefox are encrypted, and Chrome shows even higher numbers. At the beginning of the year, Let's Encrypt had issued about 28 million certificates. In June, it surpassed 100 million certificates. Now, Let's Encrypt's total issuance volume has exceeded 177 million certificates...

Browsers have been pushing the movement to encrypt the web further, too. Early this year, Chrome and Firefox started showing users "Not secure" warnings when HTTP websites asked them to submit password or credit card information. In October, Chrome expanded the warning to cover all input fields, as well as all pages viewed in Incognito mode. Chrome has eventual plans to show a "Not secure" warning for all HTTP pages... The next big step in encrypting the web is ensuring that most websites default to HTTPS without ever sending people to the HTTP version of their site. The technology to do this is called HTTP Strict Transport Security (HSTS), and is being more widely adopted. Notably, the registrar for the .gov TLD announced that all new .gov domains would be set up with HSTS automatically...

The Certification Authority Authorization (CAA) standard became mandatory for all CAs to implement this year... [And] there's plenty to look forward to in 2018. In a significant improvement to the TLS ecosystem, for example, Chrome plans to require Certificate Transparency starting next April.

"The movement to encrypt the web reached milestone after milestone in 2017," writes the EFF, adding that "the web is in the middle of a massive change from non-secure HTTP to the more secure, encrypted HTTPS protocol." In February, the scales tipped. For the first time, approximately half of Internet traffic was protected by HTTPS. Now, as 2017 comes to a close, an average of 66% of page loads on Firefox are encrypted, and Chrome shows even higher numbers. At the beginning of the year, Let's Encrypt had issued about 28 million certificates. In June, it surpassed 100 million certificates. Now, Let's Encrypt's total issuance volume has exceeded 177 million certificates...

Browsers have been pushing the movement to encrypt the web further, too. Early this year, Chrome and Firefox started showing users "Not secure" warnings when HTTP websites asked them to submit password or credit card information. In October, Chrome expanded the warning to cover all input fields, as well as all pages viewed in Incognito mode. Chrome has eventual plans to show a "Not secure" warning for all HTTP pages... The next big step in encrypting the web is ensuring that most websites default to HTTPS without ever sending people to the HTTP version of their site. The technology to do this is called HTTP Strict Transport Security (HSTS), and is being more widely adopted. Notably, the registrar for the .gov TLD announced that all new .gov domains would be set up with HSTS automatically...

The Certification Authority Authorization (CAA) standard became mandatory for all CAs to implement this year... [And] there's plenty to look forward to in 2018. In a significant improvement to the TLS ecosystem, for example, Chrome plans to require Certificate Transparency starting next April.

"The movement to encrypt the web reached milestone after milestone in 2017," writes the EFF, adding that "the web is in the middle of a massive change from non-secure HTTP to the more secure, encrypted HTTPS protocol." In February, the scales tipped. For the first time, approximately half of Internet traffic was protected by HTTPS. Now, as 2017 comes to a close, an average of 66% of page loads on Firefox are encrypted, and Chrome shows even higher numbers. At the beginning of the year, Let's Encrypt had issued about 28 million certificates. In June, it surpassed 100 million certificates. Now, Let's Encrypt's total issuance volume has exceeded 177 million certificates...

Browsers have been pushing the movement to encrypt the web further, too. Early this year, Chrome and Firefox started showing users "Not secure" warnings when HTTP websites asked them to submit password or credit card information. In October, Chrome expanded the warning to cover all input fields, as well as all pages viewed in Incognito mode. Chrome has eventual plans to show a "Not secure" warning for all HTTP pages... The next big step in encrypting the web is ensuring that most websites default to HTTPS without ever sending people to the HTTP version of their site. The technology to do this is called HTTP Strict Transport Security (HSTS), and is being more widely adopted. Notably, the registrar for the .gov TLD announced that all new .gov domains would be set up with HSTS automatically...

The Certification Authority Authorization (CAA) standard became mandatory for all CAs to implement this year... [And] there's plenty to look forward to in 2018. In a significant improvement to the TLS ecosystem, for example, Chrome plans to require Certificate Transparency starting next April.

An anonymous reader quotes a report from Ars Technica: If you've read our coverage of the Electronic Frontier Foundation's "Stupid Patent of the Month" series, you know America has a patent quality problem. People apply for patents on ideas that are obvious, vague, or were invented years earlier. Too often, applications get approved and low-quality patents fall into the hands of patent trolls, creating headaches for real innovators. Why don't more low-quality patents get rejected? A recent paper published by the Brookings Institution offers fascinating insights into this question. Written by legal scholars Michael Frakes and Melissa Wasserman, the paper identifies three ways the patent process encourages approval of low-quality patents:

-The United States Patent and Trademark Office (USPTO) is funded by fees -- and the agency gets more fees if it approves an application.
-Unlimited opportunities to refile rejected applications means sometimes granting a patent is the only way to get rid of a persistent applicant.
-Patent examiners are given less time to review patent applications as they gain seniority, leading to less thorough reviews.

None of these observations is entirely new. But what sets Frakes and Wasserman's work apart is that they have convincing empirical evidence for all three theories. They have data showing that these features of the patent system systematically bias it in the direction of granting more patents. Which means that if we reformed the patent process in the ways they advocate, we'd likely wind up with fewer bogus patents floating around.

An anonymous reader quotes a report from EFF: EFF is fighting another attempt by a giant corporation to take advantage of our poorly drafted federal computer crime statute for commercial advantage -- without any regard for the impact on the rest of us. This time the culprit is LinkedIn. The social networking giant wants violations of its corporate policy against using automated scripts to access public information on its website to count as felony "hacking" under the Computer Fraud and Abuse Act, a 1986 federal law meant to criminalize breaking into private computer systems to access non-public information.

EFF, together with our friends DuckDuckGo and the Internet Archive, have urged the Ninth Circuit Court of Appeals to reject LinkedIn's request to transform the CFAA from a law meant to target "hacking" into a tool for enforcing its computer use policies. Using automated scripts to access publicly available data is not "hacking," and neither is violating a website's terms of use. LinkedIn would have the court believe that all "bots" are bad, but they're actually a common and necessary part of the Internet. "Good bots" were responsible for 23 percent of Web traffic in 2016. Using them to access publicly available information on the open Internet should not be punishable by years in federal prison. LinkedIn's position would undermine open access to information online, a hallmark of today's Internet, and threaten socially valuable bots that journalists, researchers, and Internet users around the world rely on every day -- all in the name of preserving LinkedIn's advantage over a competing service. The Ninth Circuit should make sure that doesn't happen.

An anonymous reader quotes a report from EFF: EFF is fighting another attempt by a giant corporation to take advantage of our poorly drafted federal computer crime statute for commercial advantage -- without any regard for the impact on the rest of us. This time the culprit is LinkedIn. The social networking giant wants violations of its corporate policy against using automated scripts to access public information on its website to count as felony "hacking" under the Computer Fraud and Abuse Act, a 1986 federal law meant to criminalize breaking into private computer systems to access non-public information.

EFF, together with our friends DuckDuckGo and the Internet Archive, have urged the Ninth Circuit Court of Appeals to reject LinkedIn's request to transform the CFAA from a law meant to target "hacking" into a tool for enforcing its computer use policies. Using automated scripts to access publicly available data is not "hacking," and neither is violating a website's terms of use. LinkedIn would have the court believe that all "bots" are bad, but they're actually a common and necessary part of the Internet. "Good bots" were responsible for 23 percent of Web traffic in 2016. Using them to access publicly available information on the open Internet should not be punishable by years in federal prison. LinkedIn's position would undermine open access to information online, a hallmark of today's Internet, and threaten socially valuable bots that journalists, researchers, and Internet users around the world rely on every day -- all in the name of preserving LinkedIn's advantage over a competing service. The Ninth Circuit should make sure that doesn't happen.

An anonymous reader quotes a report from EFF: EFF is fighting another attempt by a giant corporation to take advantage of our poorly drafted federal computer crime statute for commercial advantage -- without any regard for the impact on the rest of us. This time the culprit is LinkedIn. The social networking giant wants violations of its corporate policy against using automated scripts to access public information on its website to count as felony "hacking" under the Computer Fraud and Abuse Act, a 1986 federal law meant to criminalize breaking into private computer systems to access non-public information.

EFF, together with our friends DuckDuckGo and the Internet Archive, have urged the Ninth Circuit Court of Appeals to reject LinkedIn's request to transform the CFAA from a law meant to target "hacking" into a tool for enforcing its computer use policies. Using automated scripts to access publicly available data is not "hacking," and neither is violating a website's terms of use. LinkedIn would have the court believe that all "bots" are bad, but they're actually a common and necessary part of the Internet. "Good bots" were responsible for 23 percent of Web traffic in 2016. Using them to access publicly available information on the open Internet should not be punishable by years in federal prison. LinkedIn's position would undermine open access to information online, a hallmark of today's Internet, and threaten socially valuable bots that journalists, researchers, and Internet users around the world rely on every day -- all in the name of preserving LinkedIn's advantage over a competing service. The Ninth Circuit should make sure that doesn't happen.

An anonymous reader quotes a report from EFF: EFF is fighting another attempt by a giant corporation to take advantage of our poorly drafted federal computer crime statute for commercial advantage -- without any regard for the impact on the rest of us. This time the culprit is LinkedIn. The social networking giant wants violations of its corporate policy against using automated scripts to access public information on its website to count as felony "hacking" under the Computer Fraud and Abuse Act, a 1986 federal law meant to criminalize breaking into private computer systems to access non-public information.

EFF, together with our friends DuckDuckGo and the Internet Archive, have urged the Ninth Circuit Court of Appeals to reject LinkedIn's request to transform the CFAA from a law meant to target "hacking" into a tool for enforcing its computer use policies. Using automated scripts to access publicly available data is not "hacking," and neither is violating a website's terms of use. LinkedIn would have the court believe that all "bots" are bad, but they're actually a common and necessary part of the Internet. "Good bots" were responsible for 23 percent of Web traffic in 2016. Using them to access publicly available information on the open Internet should not be punishable by years in federal prison. LinkedIn's position would undermine open access to information online, a hallmark of today's Internet, and threaten socially valuable bots that journalists, researchers, and Internet users around the world rely on every day -- all in the name of preserving LinkedIn's advantage over a competing service. The Ninth Circuit should make sure that doesn't happen.

An anonymous reader writes: The EFF describes the FCC's official plan to kill net neutrality as "riddled with technical errors and factual inaccuracies," including, for example, a false distinction between "Internet access service" and "a distinct transmission service" which the EFF calls "utterly ridiculous and completely ungrounded from reality."

"Besides not understanding how Internet access works, the FCC also has a troublingly limited knowledge of how the Domain Name System (DNS) works -- even though hundreds of engineers tried to explain it to them this past summer... As the FCC would have it, an Internet user actively expects their ISP to provide DNS to them." And in addition, "Like DNS, it treats caching as if it were some specialized service rather than an implementation detail and general-purpose computing technique."

"There are at least two possible explanations for all of these misunderstandings and technical errors. One is that, as we've suggested, the FCC doesn't understand how the Internet works. The second is that it doesn't care, because its real goal is simply to cobble together some technical justification for its plan to kill net neutrality. A linchpin of that plan is to reclassify broadband as an 'information service,' (rather than a 'telecommunications service,' or common carrier) and the FCC needs to offer some basis for it. So, we fear, it's making one up, and hoping no one will notice."
"We noticed," their editorial ends, urging Americans "to tell your lawmakers: Don't let the FCC sell the Internet out."

An anonymous reader writes: The EFF describes the FCC's official plan to kill net neutrality as "riddled with technical errors and factual inaccuracies," including, for example, a false distinction between "Internet access service" and "a distinct transmission service" which the EFF calls "utterly ridiculous and completely ungrounded from reality."

"Besides not understanding how Internet access works, the FCC also has a troublingly limited knowledge of how the Domain Name System (DNS) works -- even though hundreds of engineers tried to explain it to them this past summer... As the FCC would have it, an Internet user actively expects their ISP to provide DNS to them." And in addition, "Like DNS, it treats caching as if it were some specialized service rather than an implementation detail and general-purpose computing technique."

"There are at least two possible explanations for all of these misunderstandings and technical errors. One is that, as we've suggested, the FCC doesn't understand how the Internet works. The second is that it doesn't care, because its real goal is simply to cobble together some technical justification for its plan to kill net neutrality. A linchpin of that plan is to reclassify broadband as an 'information service,' (rather than a 'telecommunications service,' or common carrier) and the FCC needs to offer some basis for it. So, we fear, it's making one up, and hoping no one will notice."
"We noticed," their editorial ends, urging Americans "to tell your lawmakers: Don't let the FCC sell the Internet out."

According to a New York Times report citing American officials, the Trump administration has decided that the National Security Agency and the FBI can lawfully keep operating their warrantless surveillance program even if Congress fails to extend the law authorizing it before an expiration date of New Year's Eve. The Verge reports: The White House believes the Patriot Act's surveillance provisions won't expire until four months into 2018. Lawyers point to a one-year certification that was granted on April 26th of last year. If that certification is taken as a legal authorization for the FISA court overall -- as White House lawyers suggest -- then Congress will have another four months to work out the details of reauthorization. There are already several proposals for Patriot Act reauthorization in the Senate, which focus the Section 702 provisions that authorize certain types of NSA surveillance. Some of the proposals would close the backdoor search loophole that allows for warrantless surveillance of U.S. citizens, although a recent House proposal would leave it in place. But with Congress largely focused on tax cuts and the looming debt ceiling fight, it's unlikely the differences could be reconciled before the end of the year.

According to a New York Times report citing American officials, the Trump administration has decided that the National Security Agency and the FBI can lawfully keep operating their warrantless surveillance program even if Congress fails to extend the law authorizing it before an expiration date of New Year's Eve. The Verge reports: The White House believes the Patriot Act's surveillance provisions won't expire until four months into 2018. Lawyers point to a one-year certification that was granted on April 26th of last year. If that certification is taken as a legal authorization for the FISA court overall -- as White House lawyers suggest -- then Congress will have another four months to work out the details of reauthorization. There are already several proposals for Patriot Act reauthorization in the Senate, which focus the Section 702 provisions that authorize certain types of NSA surveillance. Some of the proposals would close the backdoor search loophole that allows for warrantless surveillance of U.S. citizens, although a recent House proposal would leave it in place. But with Congress largely focused on tax cuts and the looming debt ceiling fight, it's unlikely the differences could be reconciled before the end of the year.

An anonymous reader quotes a report from Slate: Anyone who has ever paid a bill to or waited for customer service from Comcast knows why it is one of America's most detested companies, its recent efforts to improve its image notwithstanding. While Comcast says its customers will "enjoy strong net neutrality protections," it hasn't explicitly said it won't offer paid prioritization, which is how the company would most likely monetize its new ability to legally muck with internet traffic. In other words, Comcast might not choke or slow service to any website, but it could speed access to destinations that pay for the priority service. The company's promises should sound familiar. As Jon Brodkin pointed out in Ars Technica on Monday, back when the FCC was crafting the network neutrality rules in 2014, Comcast said it had no plans to enact paid prioritization, either. "We don't prioritize Internet traffic or have paid fast lanes, and have no plans to do so," a Comcast executive wrote in a blog post that year.

But Comcast's line has changed in an important way. In a comment to the FCC from earlier this year, the company said it is time for the FCC to adopt a "more flexible" approach to paid prioritization, and noted in a blog post at the time that the FCC should consider net neutrality principles that prevent "no anticompetitive paid prioritization." In other words, not necessarily all paid prioritization. The inclusion of "anti-competitive" could signal that the company does in fact hope to offer fast-lane service, but at the same price for all. And it might be a price that say, Fox News and the New York Times can afford, but one that smaller outlets can't. That Comcast's language is changing is one reason to distrust its promises regarding net neutrality, but its track record is an even bigger one. The company has been caught red-handed lying about its traffic discrimination in the past. In 2007, for example, when Comcast was found intermittently blocking users' ability to use BitTorrent, the company made numerous false claims about its network interference before finally admitting its bad behavior and halting the disruptions.

An anonymous reader quotes a report from Slate: Anyone who has ever paid a bill to or waited for customer service from Comcast knows why it is one of America's most detested companies, its recent efforts to improve its image notwithstanding. While Comcast says its customers will "enjoy strong net neutrality protections," it hasn't explicitly said it won't offer paid prioritization, which is how the company would most likely monetize its new ability to legally muck with internet traffic. In other words, Comcast might not choke or slow service to any website, but it could speed access to destinations that pay for the priority service. The company's promises should sound familiar. As Jon Brodkin pointed out in Ars Technica on Monday, back when the FCC was crafting the network neutrality rules in 2014, Comcast said it had no plans to enact paid prioritization, either. "We don't prioritize Internet traffic or have paid fast lanes, and have no plans to do so," a Comcast executive wrote in a blog post that year.

But Comcast's line has changed in an important way. In a comment to the FCC from earlier this year, the company said it is time for the FCC to adopt a "more flexible" approach to paid prioritization, and noted in a blog post at the time that the FCC should consider net neutrality principles that prevent "no anticompetitive paid prioritization." In other words, not necessarily all paid prioritization. The inclusion of "anti-competitive" could signal that the company does in fact hope to offer fast-lane service, but at the same price for all. And it might be a price that say, Fox News and the New York Times can afford, but one that smaller outlets can't. That Comcast's language is changing is one reason to distrust its promises regarding net neutrality, but its track record is an even bigger one. The company has been caught red-handed lying about its traffic discrimination in the past. In 2007, for example, when Comcast was found intermittently blocking users' ability to use BitTorrent, the company made numerous false claims about its network interference before finally admitting its bad behavior and halting the disruptions.

An Australian court can't make a California advocacy group take down a web page, a U.S. federal judge just ruled on Friday. Even if that web page calls a company's patents "stupid." Courthouse News reports: San Francisco-based Electronic Frontier Foundation sued Global Equity Management, or GEMSA, in April, claiming the Australian firm exploited its home country's weaker free speech protections to secure an unconstitutional injunction against EFF. Kurt Opsahl, EFF's deputy executive director and general counsel, hailed the ruling as a victory for free speech. "We knew all along the speech was protected by the First Amendment," Opsahl said in a phone interview Friday. "We were pleased to see the court agree." Opsahl said the ruling sends a strong message EFF and other speakers can weigh in on important topics, like patent reform, without fear of being muzzled by foreign court orders.

The dispute stems from an article EFF published in June 2016, featuring GEMSA in its "Stupid Patent of the Month" series. The GEMSA patent is for a "virtual cabinet" to store data. In the article, EFF staff attorney Daniel Nazer called GEMSA a "classic patent troll" that uses its patent on graphic representations of data storage to sue "just about anyone who runs a website." The article also says GEMSA "appears to have no business other than patent litigation."
The judge granted EFF a default judgment, saying the Australian court's injunction was not only unenforceable in the United States but also "repugnant" to the U. S. Constitution.

New submitter Danngggg writes: As you may recall from Slashdot last year, alleged Anonymous hacktivist Martin Gottesfeld has been imprisoned without bail since federal agents arrested him on board a Disney Cruise ship in February of 2016 to face hacking charges brought by controversial former U.S. attorney Carmen Ortiz. Though he's the only activist after Aaron Swartz to face a felony CFAA indictment from Ortiz, apparently Aaron Swartz Day organizer and Chelsea Manning archivist Lisa Rein don't want to include Gottesfeld in the festivities this year. So, he has taken to Huffington Post to argue that his story should be told this November 4th and, perhaps with a sense of irony, to publish some potentially scandalous Signal messages allegedly sent by Rein to his wife revealing what seems to be disdain for hacking in general and Anonymous in particular. Indeed, Rein seems to borrow from the movie Mean Girls in her contemptuous rejection of Mrs. Gottesfeld's appeals on behalf of her embattled husband. What does the Slashdot crowd have to say about whether Gottesfeld's story belongs at Aaron Swartz Day as well as Rein's alleged attitude towards his significant other?

"One might think that my voice would be welcomed at Aaron Swartz Day given all that the late internet/freedom of information activist and I share in common," writes Gottesfeld. "For starters, we were both indicted under the same controversial federal law, the CFAA, by the same Boston U.S. Attorney's Office and indeed under the tenure of the same notorious U.S. Attorney, Carmen Ortiz. Both of us have been persecuted for doing the moral thing; Aaron for trying to make taxpayer-funded research available to the general public and me for stopping the torture of an innocent child."

An anonymous reader quotes a report from TechCrunch: You may remember that last year, Verizon (which owns Oath, which owns TechCrunch) was punished by the FCC for injecting information into its subscribers' traffic that allowed them to be tracked without their consent. That practice appears to be alive and well despite being disallowed in a ruling last March: companies appear to be able to request your number, location, and other details from your mobile provider quite easily. The possibility was discovered by Philip Neustrom, co-founder of Shotwell Labs, who documented it in a blog post earlier this week. He found a pair of websites which, if visited from a mobile data connection, report back in no time with numerous details: full name, billing zip code, current location (as inferred from cell tower data), and more. (Others found the same thing with slightly different results depending on carrier, but the demo sites were taken down before I could try it myself.)

Last month, we covered a story about how turning off Wi-Fi and Bluetooth in iOS 11's Control Center doesn't really turn off Wi-Fi and Bluetooth. EFF has called the situation bad for user security. From the report: Instead, what actually happens in iOS 11 when you toggle your quick settings to "off" is that the phone will disconnect from Wi-Fi networks and some devices, but remain on for Apple services. Location Services is still enabled, Apple devices (like Apple Watch and Pencil) stay connected, and services such as Handoff and Instant Hotspot stay on. Apple's UI fails to even attempt to communicate these exceptions to its users. It gets even worse. When you toggle these settings in the Control Center to what is best described as "off-ish," they don't stay that way. The Wi-Fi will turn back full-on if you drive or walk to a new location. And both Wi-Fi and Bluetooth will turn back on at 5:00 AM. This is not clearly explained to users, nor left to them to choose, which makes security-aware users vulnerable as well. The only way to turn off the Wi-Fi and Bluetooth radios is to enable Airplane Mode or navigate into Settings and go to the Wi-Fi and Bluetooth sections. When a phone is designed to behave in a way other than what the UI suggests, it results in both security and privacy problems. A user has no visual or textual clues to understand the device's behavior, which can result in a loss of trust in operating system designers to faithfully communicate what's going on.

An anonymous reader quotes the EFF: In the past few years, the sale of pre-configured Kodi boxes, and the availability of a range of plugins providing access to streaming media, has seen the software's popularity balloon -- and made it the latest target of Hollywood's copyright enforcement juggernaut. We've seen this in the appearance of streaming media boxes as an enforcement priority in the U.S. Trade Representative's Special 301 Report, in proposals for new legislation targeting the sale of "illicit" media boxes, and in lawsuits that have been brought on both sides of the Atlantic to address the "problem" that media boxes running Kodi, like any Web browser, can be used to access media streams that were not authorized by the copyright holder...

The difficulty facing the titans of TV is that since neither those who sell Kodi boxes, nor those who write or host add-ons for the software, are engaging in any unauthorized copying by doing so, cases targeting these parties have to rely on other legal theories. So far several legal theories have been used; one in Europe against sellers of Kodi boxes, one in Canada against the owner of the popular Kodi add-on repository TVAddons, and two in the United States against TVAddons and a plugin developer... These lawsuits by big TV incumbents seem to have a few goals: to expand the scope of secondary copyright infringement yet again, to force major Kodi add-on distributors off of the Internet, and to smear and discourage open source, freely configurable media players by focusing on the few bad actors in that ecosystem.
The EFF details the specific lawsuits in each region, and concludes that their courts "should reject these expansions of copyright liability, and TV networks should not target neutral platforms and technologies for abusive lawsuits."

An anonymous reader quotes the EFF: In the past few years, the sale of pre-configured Kodi boxes, and the availability of a range of plugins providing access to streaming media, has seen the software's popularity balloon -- and made it the latest target of Hollywood's copyright enforcement juggernaut. We've seen this in the appearance of streaming media boxes as an enforcement priority in the U.S. Trade Representative's Special 301 Report, in proposals for new legislation targeting the sale of "illicit" media boxes, and in lawsuits that have been brought on both sides of the Atlantic to address the "problem" that media boxes running Kodi, like any Web browser, can be used to access media streams that were not authorized by the copyright holder...

The difficulty facing the titans of TV is that since neither those who sell Kodi boxes, nor those who write or host add-ons for the software, are engaging in any unauthorized copying by doing so, cases targeting these parties have to rely on other legal theories. So far several legal theories have been used; one in Europe against sellers of Kodi boxes, one in Canada against the owner of the popular Kodi add-on repository TVAddons, and two in the United States against TVAddons and a plugin developer... These lawsuits by big TV incumbents seem to have a few goals: to expand the scope of secondary copyright infringement yet again, to force major Kodi add-on distributors off of the Internet, and to smear and discourage open source, freely configurable media players by focusing on the few bad actors in that ecosystem.
The EFF details the specific lawsuits in each region, and concludes that their courts "should reject these expansions of copyright liability, and TV networks should not target neutral platforms and technologies for abusive lawsuits."

An anonymous reader quotes the EFF: In the past few years, the sale of pre-configured Kodi boxes, and the availability of a range of plugins providing access to streaming media, has seen the software's popularity balloon -- and made it the latest target of Hollywood's copyright enforcement juggernaut. We've seen this in the appearance of streaming media boxes as an enforcement priority in the U.S. Trade Representative's Special 301 Report, in proposals for new legislation targeting the sale of "illicit" media boxes, and in lawsuits that have been brought on both sides of the Atlantic to address the "problem" that media boxes running Kodi, like any Web browser, can be used to access media streams that were not authorized by the copyright holder...

The difficulty facing the titans of TV is that since neither those who sell Kodi boxes, nor those who write or host add-ons for the software, are engaging in any unauthorized copying by doing so, cases targeting these parties have to rely on other legal theories. So far several legal theories have been used; one in Europe against sellers of Kodi boxes, one in Canada against the owner of the popular Kodi add-on repository TVAddons, and two in the United States against TVAddons and a plugin developer... These lawsuits by big TV incumbents seem to have a few goals: to expand the scope of secondary copyright infringement yet again, to force major Kodi add-on distributors off of the Internet, and to smear and discourage open source, freely configurable media players by focusing on the few bad actors in that ecosystem.
The EFF details the specific lawsuits in each region, and concludes that their courts "should reject these expansions of copyright liability, and TV networks should not target neutral platforms and technologies for abusive lawsuits."

New submitter Frobnicator writes: Four years ago, the W3C began standardizing Encrypted Media Extensions, or EME. Several organizations, including the EFF, have argued against DRM within web browsers. Earlier this year, after the W3C leadership officially recommended EME despite failing to reach consensus, the EFF filed the first-ever official appeal that the decision be formally polled for consensus. That appeal has been denied, and for the first time the W3C is endorsing a standard against the consensus of its members.

In response, the EFF published their resignation from the body: "The W3C is a body that ostensibly operates on consensus. Nevertheless, as the coalition in support of a DRM compromise grew and grew -- and the large corporate members continued to reject any meaningful compromise -- the W3C leadership persisted in treating EME as topic that could be decided by one side of the debate. [...] Today, the W3C bequeaths an legally unauditable attack-surface to browsers used by billions of people. Effective today, EFF is resigning from the W3C." Jeff Jaffe, CEO of W3C said: "I know from my conversations that many people are not satisfied with the result. EME proponents wanted a faster decision with less drama. EME critics want a protective covenant. And there is reason to respect those who want a better result. But my personal reflection is that we took the appropriate time to have a respectful debate about a complex set of issues and provide a result that will improve the web for its users. My main hope, though, is that whatever point-of-view people have on the EME covenant issue, that they recognize the value of the W3C community and process in arriving at a decision for an inherently contentious issue. We are in our best light when we are facilitating the debate on important issues that face the web."

Artem Tashkinov writes: The World Wide Web Consortium (W3C), the industry body that oversees development of HTML and related Web standards, has today published the Encrypted Media Extensions (EME) specification as a Recommendation, marking its final blessing as an official Web standard. Final approval came after the W3C's members voted 58.4 percent to approve the spec, 30.8 percent to oppose, with 10.8 percent abstaining. EME provides a standard interface for DRM protection of media delivered through the browser. EME is not itself a DRM scheme; rather, it defines how Web content can work with third-party Content Decryption Modules (CDMs) that handle the proprietary decryption and rights-management portion. The principal groups favoring the development of EME have been streaming media companies such as Netflix and Microsoft, Google, and Apple, companies that both develop browsers and operate streaming media services. Following the announcement, EFF wrote a letter to W3C director, chief executive officer and team, in which it expressed its disappointment and said it was resignation from the W3C.

An anonymous reader quotes a report from Ars Technica: The country's biggest Internet service providers and advertising industry lobby groups are fighting to stop a proposed California law that would protect the privacy of broadband customers. AT&T, Comcast, Charter, Frontier, Sprint, Verizon, and some broadband lobby groups urged California state senators to vote against the proposed law in a letter Tuesday. The bill would require Internet service providers to obtain customers' permission before they use, share, or sell the customers' Web browsing and application usage histories. California lawmakers could vote on the bill Friday of this week, essentially replicating federal rules that were blocked by the Republican-controlled Congress and President Trump before they could be implemented. The text and status of the California bill, AB 375, are available here.

The letter claims that the bill would "lead to recurring pop-ops to consumers that would be desensitizing and give opportunities to hackers" and "prevent Internet providers from using information they have long relied upon to prevent cybersecurity attacks and improve their service." The Electronic Frontier Foundation picked apart these claims in a post yesterday. The proposed law won't prevent ISPs from taking security measures because the bill "explicitly says that Internet providers can use customer's personal information (including things like IP addresses and traffic records) 'to protect the rights or property of the BIAS [Broadband Internet Access Service] provider, or to protect users of the BIAS and other BIAS providers from fraudulent, abusive, or unlawful use of the service,'" EFF Senior Staff Technologist Jeremy Gillula wrote.

An anonymous reader quotes the Electronic Frontier Foundation: Whistleblower and activist Chelsea Manning, Techdirt editor and open internet advocate Mike Masnick, and IFEX executive director and global freedom of expression defender Annie Game are the distinguished winners of the 2017 Pioneer Awards, which recognize leaders who are extending freedom and innovation on the electronic frontier. This year's honorees -- a whistleblower, an editor, and an international freedom of expression activist -- all have worked tirelessly to protect the public's right to know.

The award ceremony will be held the evening of September 14 at Delancey Street's Town Hall Room in San Francisco. The keynote speaker is Emmy-nominated comedy writer Ashley Nicole Black, a correspondent on Full Frontal with Samantha Bee who uses her unique comedic style to take on government surveillance, encryption, and freedom of information.
The EFF describes Chelsea Manning as "a network security expert, whistleblower, and former U.S. Army intelligence analyst whose disclosure of classified Iraq war documents exposed human rights abuses and corruption the government kept hidden from the public." Their annoncement also notes that Annie Game has led the IFEX network of 115+ journalism and civil liberties groups around the world for over 10 years, and that Mike Masnick coined the term "The Streisand Effect" -- and is currently being sued by that man who claims he invented email.

An anonymous reader shares a report: Thai activist Jatuphat "Pai" Boonpattaraksa was sentenced this week to two and a half years in prison -- for the crime of sharing a BBC article on Facebook. The Thai-language article profiled Thailand's new king and, while thousands of users shared it, only Jutaphat was found to violate Thailand's strict lese majeste laws against insulting, defaming, or threatening the monarchy. The sentence comes after Jatuphat has already spent eight months in detention without bail. During this time, Jatuphat has fought additional charges for violating the Thai military junta's ban on political gatherings and for other activism with Dao Din, an anti-coup group. While in trial in military court, Jatuphat also accepted the Gwangzu Prize for Human Rights. When he was arrested last December, Jatuphat was the first person to be charged with lese majeste since the former King Bhumibol passed away and his son Vajiralongkorn took the throne. (He was not, however, the first to receive a sentence -- this past June saw one of the harshest rulings to date, with one man waiting over a year in jail to be sentenced to 35 years for Facebook posts critical of the royal family.) The conviction, which appears to have singled Jatuphat out among thousands of other Facebook users who shared the article, sends a strong message to other activists and netizens: overbroad laws like lese majeste can and will be used to target those who oppose military rule in Thailand.

A federal appeals court affirmed the April 2015 inter partes review (IPR) ruling -- a process that allows anyone to challenge a patent's validity at the U.S. Patent and Trademark Office -- that invalidated the so-called "podcasting patent." "That process was held by a company called Personal Audio, which had threatened numerous podcasts with lawsuits in recent years," reports Ars Technica. From the report: Back in 2013, Personal Audio began sending legal demand letters to numerous podcasters and companies, like Samsung, in an apparent attempt to cajole them into a licensing deal, lest they be slapped with a lawsuit. Some of those efforts were successful: in August 2014, Adam Carolla paid about $500,000. As Personal Audio began to gain more public attention, the Electronic Frontier Foundation, however, stepped in and said that it would challenge Personal Audio's US Patent No. 8,112,504, which describes a "system for disseminating media content representing episodes in a serialized sequence." In the end, EFF raised over $76,000, more than double its initial target.

[T]he history of Personal Audio dates to the late 1990s, when founder Jim Logan created a company seeking to create a kind of proto-iPod digital music player. But his company flopped. Years later, Logan turned to lawsuits to collect money from those investments. He sued companies over both the "episodic content" patent, as well as a separate patent, which Logan and his lawyers said covered playlists. He and his lawyers wrung verdicts or settlements from Samsung and Apple.

Daniel Nazer reports via the Electronic Frontier Foundation: On July 25, 2017, the Patent Office issued a patent to HP on reminder messages. Someone needs to remind the Patent Office to look at the real world before issuing patents. United States Patent No. 9,715,680 (the '680 patent) is titled "Reminder messages." While the patent application does suggest some minor tweaks to standard automated reminders, none of these supposed additions deserve patent protection. Although this claim uses some obscure language (like "non-transitory computer-readable storage medium" and "article data"), it describes a quite mundane process. The "article data" is simply additional information associated with an event. For example, "buy a cake" might be included with a birthday reminder. The patent also requires that this extra information be input via a "scanning operation" (e.g. scanning a QR code). The '680 patent comes from an application filed in July 2012. It is supposed to represent a non-obvious advance on technology that existed before that date. Of course, reminder messages were standard many years before the application was filed. And just a few minutes of research reveals that QR codes were already used to encode information for reminder messages. The Patent Office reviewed HP's application for years without ever considering any real-world products. Indeed, the examiner considered only patents and patent applications.

Daniel Nazer reports via the Electronic Frontier Foundation: On July 25, 2017, the Patent Office issued a patent to HP on reminder messages. Someone needs to remind the Patent Office to look at the real world before issuing patents. United States Patent No. 9,715,680 (the '680 patent) is titled "Reminder messages." While the patent application does suggest some minor tweaks to standard automated reminders, none of these supposed additions deserve patent protection. Although this claim uses some obscure language (like "non-transitory computer-readable storage medium" and "article data"), it describes a quite mundane process. The "article data" is simply additional information associated with an event. For example, "buy a cake" might be included with a birthday reminder. The patent also requires that this extra information be input via a "scanning operation" (e.g. scanning a QR code). The '680 patent comes from an application filed in July 2012. It is supposed to represent a non-obvious advance on technology that existed before that date. Of course, reminder messages were standard many years before the application was filed. And just a few minutes of research reveals that QR codes were already used to encode information for reminder messages. The Patent Office reviewed HP's application for years without ever considering any real-world products. Indeed, the examiner considered only patents and patent applications.

The EFF complains that "the very companies who spent millions of dollars lobbying in D.C. to repeal our federal broadband privacy rights are now fighting state attempts to protect consumers because they supposedly prefer a federal rule." The EFF urges Californians to phone their state senator ahead of a crucial back-to-back committee hearings on Tuesday. An anonymous reader writes: "Congress stole your online privacy. Let's seize it back," begins an email that the EFF is sending to California supporters. It warns that "Big Telecom has massive amounts of money to spend on an army of lobbyists. But if Internet users from across California unite with one voice, we can defeat their misinformation campaign... Don't let the big ISPs coopt our privacy."

The EFF's site points out that more than 83% of Americans support the privacy regulations which were repealed in March by the U.S. Congress, according to a new poll released last week. That's even more than the 77% of Americans who support keeping current net neutrality protections in place, according to the same poll. The EFF now hopes that California's newly-proposed legislation could become a model for privacy-protecting laws in other states. And back in Silicon Valley, the San Jose Mercury News writes that California "has an obligation to take a lead in establishing the basic privacy rights of consumers using the Internet. Beyond being the right thing to do for the whole country, building trust in tech products is an essential long-term business strategy for the industry that was born in this region."
The EFF has also compiled an interesting list of past instances where ISPs have already tried to exploit the personal information of their customers for profit.
Here's some of the highlights from the EFF's list:

• In 2008, Charter play tested the idea of recording everything you do on the Internet and packaging it into profiles...
• We know as of 2015 telecom carriers worked to "ingest" data from cellphones close to 300 times a day every day across 20 to 25 million mobile subscribers (we aren't told which mobile telephone companies participate in this practice, they keep that a secret). That data is used to inform retailers about customer browsing info, geolocation, and demographic data.
• We know in 2011 ISPs engaged in search hijacking where your Internet search queries were monitored in order to be rerouted in coordination with a company called Paxfire...
• We know AT&T, Sprint, and T-Mobile preinstalled "Carrier IQ" on their phones, which gave them the capability to track everything you do, from what websites you visit to what applications you use. It took a class action lawsuit for the carriers to begin backing down from this idea.
• And lastly, we know in 2014 Verizon tagged every one of their mobile customers' HTTP connections with a semi permanent super-cookie, and used those super-cookies to enable third parties such as advertisers to target individual customers. Not only that, but Verizon's super-cookie also allowed unaffiliated third parties to track you, no matter what steps you took to preserve your privacy. And worst of all, AT&T was going to follow suit to get in on the action but quickly retreated after Verizon got into legal trouble with the federal government.

The EFF complains that "the very companies who spent millions of dollars lobbying in D.C. to repeal our federal broadband privacy rights are now fighting state attempts to protect consumers because they supposedly prefer a federal rule." The EFF urges Californians to phone their state senator ahead of a crucial back-to-back committee hearings on Tuesday. An anonymous reader writes: "Congress stole your online privacy. Let's seize it back," begins an email that the EFF is sending to California supporters. It warns that "Big Telecom has massive amounts of money to spend on an army of lobbyists. But if Internet users from across California unite with one voice, we can defeat their misinformation campaign... Don't let the big ISPs coopt our privacy."

The EFF's site points out that more than 83% of Americans support the privacy regulations which were repealed in March by the U.S. Congress, according to a new poll released last week. That's even more than the 77% of Americans who support keeping current net neutrality protections in place, according to the same poll. The EFF now hopes that California's newly-proposed legislation could become a model for privacy-protecting laws in other states. And back in Silicon Valley, the San Jose Mercury News writes that California "has an obligation to take a lead in establishing the basic privacy rights of consumers using the Internet. Beyond being the right thing to do for the whole country, building trust in tech products is an essential long-term business strategy for the industry that was born in this region."
The EFF has also compiled an interesting list of past instances where ISPs have already tried to exploit the personal information of their customers for profit.
Here's some of the highlights from the EFF's list:

• In 2008, Charter play tested the idea of recording everything you do on the Internet and packaging it into profiles...
• We know as of 2015 telecom carriers worked to "ingest" data from cellphones close to 300 times a day every day across 20 to 25 million mobile subscribers (we aren't told which mobile telephone companies participate in this practice, they keep that a secret). That data is used to inform retailers about customer browsing info, geolocation, and demographic data.
• We know in 2011 ISPs engaged in search hijacking where your Internet search queries were monitored in order to be rerouted in coordination with a company called Paxfire...
• We know AT&T, Sprint, and T-Mobile preinstalled "Carrier IQ" on their phones, which gave them the capability to track everything you do, from what websites you visit to what applications you use. It took a class action lawsuit for the carriers to begin backing down from this idea.
• And lastly, we know in 2014 Verizon tagged every one of their mobile customers' HTTP connections with a semi permanent super-cookie, and used those super-cookies to enable third parties such as advertisers to target individual customers. Not only that, but Verizon's super-cookie also allowed unaffiliated third parties to track you, no matter what steps you took to preserve your privacy. And worst of all, AT&T was going to follow suit to get in on the action but quickly retreated after Verizon got into legal trouble with the federal government.

The EFF complains that "the very companies who spent millions of dollars lobbying in D.C. to repeal our federal broadband privacy rights are now fighting state attempts to protect consumers because they supposedly prefer a federal rule." The EFF urges Californians to phone their state senator ahead of a crucial back-to-back committee hearings on Tuesday. An anonymous reader writes: "Congress stole your online privacy. Let's seize it back," begins an email that the EFF is sending to California supporters. It warns that "Big Telecom has massive amounts of money to spend on an army of lobbyists. But if Internet users from across California unite with one voice, we can defeat their misinformation campaign... Don't let the big ISPs coopt our privacy."

The EFF's site points out that more than 83% of Americans support the privacy regulations which were repealed in March by the U.S. Congress, according to a new poll released last week. That's even more than the 77% of Americans who support keeping current net neutrality protections in place, according to the same poll. The EFF now hopes that California's newly-proposed legislation could become a model for privacy-protecting laws in other states. And back in Silicon Valley, the San Jose Mercury News writes that California "has an obligation to take a lead in establishing the basic privacy rights of consumers using the Internet. Beyond being the right thing to do for the whole country, building trust in tech products is an essential long-term business strategy for the industry that was born in this region."
The EFF has also compiled an interesting list of past instances where ISPs have already tried to exploit the personal information of their customers for profit.
Here's some of the highlights from the EFF's list:

• In 2008, Charter play tested the idea of recording everything you do on the Internet and packaging it into profiles...
• We know as of 2015 telecom carriers worked to "ingest" data from cellphones close to 300 times a day every day across 20 to 25 million mobile subscribers (we aren't told which mobile telephone companies participate in this practice, they keep that a secret). That data is used to inform retailers about customer browsing info, geolocation, and demographic data.
• We know in 2011 ISPs engaged in search hijacking where your Internet search queries were monitored in order to be rerouted in coordination with a company called Paxfire...
• We know AT&T, Sprint, and T-Mobile preinstalled "Carrier IQ" on their phones, which gave them the capability to track everything you do, from what websites you visit to what applications you use. It took a class action lawsuit for the carriers to begin backing down from this idea.
• And lastly, we know in 2014 Verizon tagged every one of their mobile customers' HTTP connections with a semi permanent super-cookie, and used those super-cookies to enable third parties such as advertisers to target individual customers. Not only that, but Verizon's super-cookie also allowed unaffiliated third parties to track you, no matter what steps you took to preserve your privacy. And worst of all, AT&T was going to follow suit to get in on the action but quickly retreated after Verizon got into legal trouble with the federal government.

The EFF complains that "the very companies who spent millions of dollars lobbying in D.C. to repeal our federal broadband privacy rights are now fighting state attempts to protect consumers because they supposedly prefer a federal rule." The EFF urges Californians to phone their state senator ahead of a crucial back-to-back committee hearings on Tuesday. An anonymous reader writes: "Congress stole your online privacy. Let's seize it back," begins an email that the EFF is sending to California supporters. It warns that "Big Telecom has massive amounts of money to spend on an army of lobbyists. But if Internet users from across California unite with one voice, we can defeat their misinformation campaign... Don't let the big ISPs coopt our privacy."

The EFF's site points out that more than 83% of Americans support the privacy regulations which were repealed in March by the U.S. Congress, according to a new poll released last week. That's even more than the 77% of Americans who support keeping current net neutrality protections in place, according to the same poll. The EFF now hopes that California's newly-proposed legislation could become a model for privacy-protecting laws in other states. And back in Silicon Valley, the San Jose Mercury News writes that California "has an obligation to take a lead in establishing the basic privacy rights of consumers using the Internet. Beyond being the right thing to do for the whole country, building trust in tech products is an essential long-term business strategy for the industry that was born in this region."
The EFF has also compiled an interesting list of past instances where ISPs have already tried to exploit the personal information of their customers for profit.
Here's some of the highlights from the EFF's list:

• In 2008, Charter play tested the idea of recording everything you do on the Internet and packaging it into profiles...
• We know as of 2015 telecom carriers worked to "ingest" data from cellphones close to 300 times a day every day across 20 to 25 million mobile subscribers (we aren't told which mobile telephone companies participate in this practice, they keep that a secret). That data is used to inform retailers about customer browsing info, geolocation, and demographic data.
• We know in 2011 ISPs engaged in search hijacking where your Internet search queries were monitored in order to be rerouted in coordination with a company called Paxfire...
• We know AT&T, Sprint, and T-Mobile preinstalled "Carrier IQ" on their phones, which gave them the capability to track everything you do, from what websites you visit to what applications you use. It took a class action lawsuit for the carriers to begin backing down from this idea.
• And lastly, we know in 2014 Verizon tagged every one of their mobile customers' HTTP connections with a semi permanent super-cookie, and used those super-cookies to enable third parties such as advertisers to target individual customers. Not only that, but Verizon's super-cookie also allowed unaffiliated third parties to track you, no matter what steps you took to preserve your privacy. And worst of all, AT&T was going to follow suit to get in on the action but quickly retreated after Verizon got into legal trouble with the federal government.

An anonymous reader shares a report: The Electronic Frontier Foundation has published the latest edition of its "Who has your back" privacy report. This is the seventh report from the digital rights group, and this year it criticizes both WhatsApp and Amazon for having policies that "fall short of other similar technology companies." Four big telecom companies -- AT&T, Comcast, T-Mobile, and Verizon -- performed very poorly, while at the other end of the scale Adobe, Credo, Dropbox, Lyft, Pinterest, Sonic, Uber, Wickr, and WordPress were all praised. In all, the report rates 26 technology companies in five key areas relating to privacy and government data requests: "Follows industry-wide best practices," "Tells users about government data requests," "Promises not to sell out users," "Stands up to NSL gag orders" and "Pro-user public policy: Reform 702." While the report points out that some progress has been made, generally speaking, in the technology world, AT&T, Comcast, T-Mobile, and Verizon were all awarded a single star out of a possible five. Amazon and WhatsApp both scored just two out of five, leading the Electronic Freedom Foundation to say: "We urge both Amazon and WhatsApp to improve their policies in the coming year so they match the standards of other major online services."

Reader Atticus Rex writes: A high controversial Web standard has received a seal of approval from Tim Berners-Lee, the inventor of the Web and its chief technical decision-maker. Opponents like the Free Software Foundation and Electronic Frontier Foundation say that the standard, Encrypted Media Extensions, is a step backwards for freedom, privacy, and a host of other rights on the Web.

There's still a two-week window in which members of the W3C can appeal the decision, and the Free Software Foundation is asking people to email and encourage them to do so. Update: The W3C has announced that it would publish its DRM standard with no protections and no compromises at all.

schwit1 shares an article from ZDNet: A new analysis of documents leaked by whistleblower Edward Snowden details a highly classified technique that allows the National Security Agency to "deliberately divert" U.S. internet traffic, normally safeguarded by constitutional protections, overseas in order to conduct unrestrained data collection on Americans. According to the new analysis, the NSA has clandestine means of "diverting portions of the river of internet traffic that travels on global communications cables," which allows it to bypass protections put into place by Congress to prevent domestic surveillance on Americans.

The new findings follow a 2014 paper by researchers Axel Arnbak and Sharon Goldberg, published on sister-site CBS News, which theorized that the NSA, whose job it is to produce intelligence from overseas targets, was using a "traffic shaping" technique to route US internet data overseas so that it could be incidentally collected under the authority of a largely unknown executive order... The research cites several ways the NSA is actively exploiting methods to shape and reroute internet traffic -- many of which are well-known in security and networking circles -- such as hacking into routers or using the simpler, less legally demanding option of forcing major network providers or telecoms firms into cooperating and diverting traffic to a convenient location.

The blog "McMansion Hell" is back up and running days after Zillow threatened the site's creator, Kate Wagner, into taking it down. Zillow's decision to withdraw their complaint came soon after the Electronic Frontier Foundation announced it would defend Wagner pro bono. GeekWire reports: "We have decided not to pursue any legal action against Kate Wagner and McMansion Hell," a statement from the company said Thursday. "We've had a lot of conversations about this, including with attorneys from the EFF, whose advocacy and work we respect. EFF has stated that McMansion Hell won't use photos from Zillow moving forward. It was never our intent for McMansion Hell to shut down, or for this to appear as an attack on Kate's freedom of expression. We acted out of an abundance of caution to protect our partners -- the agents and brokers who entrust us to display photos of their clients' homes."

The Zillow response came in the wake of the week's events and a strongly worded letter to Zillow general counsel Brad Owens on Thursday (PDF here). EFF staff attorney Daniel Nazer said, "Our client has no obligation to, and thus will not, comply with Zillow's demands. Zillow's legal threats are not supported and plainly seek to interfere with protected speech." EFF said McMansion Hell was relaunching and no posts would be deleted, but that "in the interests of compromise, and because Wagner no longer wishes to use Zillow's website, she will no longer source photographs from Zillow for her blog."

An anonymous reader shares a report: One excuse FCC Chairman Ajit Pai regularly offers to explain his effort to gut net neutrality protections is the claim that open Internet rules have harmed ISPs, especially small ones. During a speech earlier this year, he stressed that 22 small ISPs told him that the 2015 Open Internet Order hurt their ability to invest and deploy. In reality, though, many more ISPs feel very differently. Today, more than 40 ISPs told the FCC that they have had no problem with the Open Internet Order (PDF) and that it hasn't hurt their ability to develop and expand their networks. What is more, that they want the FCC to do its job and address the problem Congress created when it repealed the broadband privacy rules in March.

An anonymous reader shares a report: One excuse FCC Chairman Ajit Pai regularly offers to explain his effort to gut net neutrality protections is the claim that open Internet rules have harmed ISPs, especially small ones. During a speech earlier this year, he stressed that 22 small ISPs told him that the 2015 Open Internet Order hurt their ability to invest and deploy. In reality, though, many more ISPs feel very differently. Today, more than 40 ISPs told the FCC that they have had no problem with the Open Internet Order (PDF) and that it hasn't hurt their ability to develop and expand their networks. What is more, that they want the FCC to do its job and address the problem Congress created when it repealed the broadband privacy rules in March.

Reader Peter Eckersley writes: There's a lot of real progress happening in the field of machine learning and artificial intelligence, and also a lot of hype. These technologies already have serious policy implications, and may have more in the future. But what's the ratio of hype to real progress? At EFF, we decided to find out.

Today we are launching a pilot project to measure the progress of AI research. It breaks the field into a taxonomy of subproblems like game playing, reading comprehension, computer vision, and asking neural networks to write computer programs, and tracks progress on metrics across these fields. We're hoping to get feedback and contributions from the machine learning community, with the aim of using this data to improve the conversations around the social implications, transparency, safety, and security of AI.

Reader Peter Eckersley writes: There's a lot of real progress happening in the field of machine learning and artificial intelligence, and also a lot of hype. These technologies already have serious policy implications, and may have more in the future. But what's the ratio of hype to real progress? At EFF, we decided to find out.

Today we are launching a pilot project to measure the progress of AI research. It breaks the field into a taxonomy of subproblems like game playing, reading comprehension, computer vision, and asking neural networks to write computer programs, and tracks progress on metrics across these fields. We're hoping to get feedback and contributions from the machine learning community, with the aim of using this data to improve the conversations around the social implications, transparency, safety, and security of AI.

Reader Peter Eckersley writes: There's a lot of real progress happening in the field of machine learning and artificial intelligence, and also a lot of hype. These technologies already have serious policy implications, and may have more in the future. But what's the ratio of hype to real progress? At EFF, we decided to find out.

Today we are launching a pilot project to measure the progress of AI research. It breaks the field into a taxonomy of subproblems like game playing, reading comprehension, computer vision, and asking neural networks to write computer programs, and tracks progress on metrics across these fields. We're hoping to get feedback and contributions from the machine learning community, with the aim of using this data to improve the conversations around the social implications, transparency, safety, and security of AI.

Reader Peter Eckersley writes: There's a lot of real progress happening in the field of machine learning and artificial intelligence, and also a lot of hype. These technologies already have serious policy implications, and may have more in the future. But what's the ratio of hype to real progress? At EFF, we decided to find out.

Today we are launching a pilot project to measure the progress of AI research. It breaks the field into a taxonomy of subproblems like game playing, reading comprehension, computer vision, and asking neural networks to write computer programs, and tracks progress on metrics across these fields. We're hoping to get feedback and contributions from the machine learning community, with the aim of using this data to improve the conversations around the social implications, transparency, safety, and security of AI.

Reader Peter Eckersley writes: There's a lot of real progress happening in the field of machine learning and artificial intelligence, and also a lot of hype. These technologies already have serious policy implications, and may have more in the future. But what's the ratio of hype to real progress? At EFF, we decided to find out.

Today we are launching a pilot project to measure the progress of AI research. It breaks the field into a taxonomy of subproblems like game playing, reading comprehension, computer vision, and asking neural networks to write computer programs, and tracks progress on metrics across these fields. We're hoping to get feedback and contributions from the machine learning community, with the aim of using this data to improve the conversations around the social implications, transparency, safety, and security of AI.