Slashdot Mirror

EFF's "Deeplinks" blog has published nearly two dozen "2016 in Review" posts over the last nine days, one of which applauds 2016 as "a great year for adoption of HTTPS encryption for secure connections to websites." An anonymous reader writes: In 2016 most pages viewed on the web were encrypted. And over 21 million web sites obtained security certificates -- often for the first time -- through Let's Encrypt. But "a sizeable part of the growth in HTTPS came from very large hosting providers that decided to make HTTPS a default for sites that they host, including OVH, Wordpress.com, Shopify, Tumblr, Squarespace, and many others," EFF writes. Other factors included the support of Transport Layer Security (TLS) 1.3 by Firefox, Chrome, and Opera.
Other "2016 in Review" posts from EFF include Protecting Net Neutrality and the Open Internet and DRM vs. Civil Liberties. Click through for a complete list of all EFF "2016 in Review" posts.
Chipping Away at National Security Letters: 2016 in Review
Everybody Wants To Rule The World (Wide Web): 2016 in Review
Fighting for Fair Use and Safer Harbors: 2016 in Review
Secure Messaging Takes Some Steps Forward, Some Steps Back: 2016 In Review
Most Young Gig Economy Companies Way Behind On Protecting User Data: 2016 In Review
Dark Skies for International Copyright: 2016 in Review
Congress Gives FOIA a Modest but Important Update For Its 50th Birthday: 2016 in Review
Our Fight to Rein In the CFAA: 2016 in Review
The Patent Troll Abides: 2016 in Review
DRM vs. Civil Liberties: 2016 in Review
The Fight to Rein in NSA Surveillance: 2016 in Review
The Year in Government Hacking: 2016 in Review
What Happened to Unlocking the Box? 2016 in Review
Top 5 Threats to Transparency: 2016 in Review
Technical Developments in Cryptography: 2016 in Review
This Year in U.S. Copyright Policy: 2016 in Review
Open Access Rewards Passionate Curiosity: 2016 in Review
Censorship on Social Media: 2016 in Review
Defending Student Data from Classrooms to the Cloud: 2016 in Review
Protecting Net Neutrality and the Open Internet: 2016 in Review
U.S. Trade Representative Gets Piracy Website Listing Notoriously Wrong
HTTPS Deployment Growing by Leaps and Bounds: 2016 in Review
Defending the Digital Future: 2016 in Review

EFF's "Deeplinks" blog has published nearly two dozen "2016 in Review" posts over the last nine days, one of which applauds 2016 as "a great year for adoption of HTTPS encryption for secure connections to websites." An anonymous reader writes: In 2016 most pages viewed on the web were encrypted. And over 21 million web sites obtained security certificates -- often for the first time -- through Let's Encrypt. But "a sizeable part of the growth in HTTPS came from very large hosting providers that decided to make HTTPS a default for sites that they host, including OVH, Wordpress.com, Shopify, Tumblr, Squarespace, and many others," EFF writes. Other factors included the support of Transport Layer Security (TLS) 1.3 by Firefox, Chrome, and Opera.
Other "2016 in Review" posts from EFF include Protecting Net Neutrality and the Open Internet and DRM vs. Civil Liberties. Click through for a complete list of all EFF "2016 in Review" posts.
Chipping Away at National Security Letters: 2016 in Review
Everybody Wants To Rule The World (Wide Web): 2016 in Review
Fighting for Fair Use and Safer Harbors: 2016 in Review
Secure Messaging Takes Some Steps Forward, Some Steps Back: 2016 In Review
Most Young Gig Economy Companies Way Behind On Protecting User Data: 2016 In Review
Dark Skies for International Copyright: 2016 in Review
Congress Gives FOIA a Modest but Important Update For Its 50th Birthday: 2016 in Review
Our Fight to Rein In the CFAA: 2016 in Review
The Patent Troll Abides: 2016 in Review
DRM vs. Civil Liberties: 2016 in Review
The Fight to Rein in NSA Surveillance: 2016 in Review
The Year in Government Hacking: 2016 in Review
What Happened to Unlocking the Box? 2016 in Review
Top 5 Threats to Transparency: 2016 in Review
Technical Developments in Cryptography: 2016 in Review
This Year in U.S. Copyright Policy: 2016 in Review
Open Access Rewards Passionate Curiosity: 2016 in Review
Censorship on Social Media: 2016 in Review
Defending Student Data from Classrooms to the Cloud: 2016 in Review
Protecting Net Neutrality and the Open Internet: 2016 in Review
U.S. Trade Representative Gets Piracy Website Listing Notoriously Wrong
HTTPS Deployment Growing by Leaps and Bounds: 2016 in Review
Defending the Digital Future: 2016 in Review

EFF's "Deeplinks" blog has published nearly two dozen "2016 in Review" posts over the last nine days, one of which applauds 2016 as "a great year for adoption of HTTPS encryption for secure connections to websites." An anonymous reader writes: In 2016 most pages viewed on the web were encrypted. And over 21 million web sites obtained security certificates -- often for the first time -- through Let's Encrypt. But "a sizeable part of the growth in HTTPS came from very large hosting providers that decided to make HTTPS a default for sites that they host, including OVH, Wordpress.com, Shopify, Tumblr, Squarespace, and many others," EFF writes. Other factors included the support of Transport Layer Security (TLS) 1.3 by Firefox, Chrome, and Opera.
Other "2016 in Review" posts from EFF include Protecting Net Neutrality and the Open Internet and DRM vs. Civil Liberties. Click through for a complete list of all EFF "2016 in Review" posts.
Chipping Away at National Security Letters: 2016 in Review
Everybody Wants To Rule The World (Wide Web): 2016 in Review
Fighting for Fair Use and Safer Harbors: 2016 in Review
Secure Messaging Takes Some Steps Forward, Some Steps Back: 2016 In Review
Most Young Gig Economy Companies Way Behind On Protecting User Data: 2016 In Review
Dark Skies for International Copyright: 2016 in Review
Congress Gives FOIA a Modest but Important Update For Its 50th Birthday: 2016 in Review
Our Fight to Rein In the CFAA: 2016 in Review
The Patent Troll Abides: 2016 in Review
DRM vs. Civil Liberties: 2016 in Review
The Fight to Rein in NSA Surveillance: 2016 in Review
The Year in Government Hacking: 2016 in Review
What Happened to Unlocking the Box? 2016 in Review
Top 5 Threats to Transparency: 2016 in Review
Technical Developments in Cryptography: 2016 in Review
This Year in U.S. Copyright Policy: 2016 in Review
Open Access Rewards Passionate Curiosity: 2016 in Review
Censorship on Social Media: 2016 in Review
Defending Student Data from Classrooms to the Cloud: 2016 in Review
Protecting Net Neutrality and the Open Internet: 2016 in Review
U.S. Trade Representative Gets Piracy Website Listing Notoriously Wrong
HTTPS Deployment Growing by Leaps and Bounds: 2016 in Review
Defending the Digital Future: 2016 in Review

EFF's "Deeplinks" blog has published nearly two dozen "2016 in Review" posts over the last nine days, one of which applauds 2016 as "a great year for adoption of HTTPS encryption for secure connections to websites." An anonymous reader writes: In 2016 most pages viewed on the web were encrypted. And over 21 million web sites obtained security certificates -- often for the first time -- through Let's Encrypt. But "a sizeable part of the growth in HTTPS came from very large hosting providers that decided to make HTTPS a default for sites that they host, including OVH, Wordpress.com, Shopify, Tumblr, Squarespace, and many others," EFF writes. Other factors included the support of Transport Layer Security (TLS) 1.3 by Firefox, Chrome, and Opera.
Other "2016 in Review" posts from EFF include Protecting Net Neutrality and the Open Internet and DRM vs. Civil Liberties. Click through for a complete list of all EFF "2016 in Review" posts.
Chipping Away at National Security Letters: 2016 in Review
Everybody Wants To Rule The World (Wide Web): 2016 in Review
Fighting for Fair Use and Safer Harbors: 2016 in Review
Secure Messaging Takes Some Steps Forward, Some Steps Back: 2016 In Review
Most Young Gig Economy Companies Way Behind On Protecting User Data: 2016 In Review
Dark Skies for International Copyright: 2016 in Review
Congress Gives FOIA a Modest but Important Update For Its 50th Birthday: 2016 in Review
Our Fight to Rein In the CFAA: 2016 in Review
The Patent Troll Abides: 2016 in Review
DRM vs. Civil Liberties: 2016 in Review
The Fight to Rein in NSA Surveillance: 2016 in Review
The Year in Government Hacking: 2016 in Review
What Happened to Unlocking the Box? 2016 in Review
Top 5 Threats to Transparency: 2016 in Review
Technical Developments in Cryptography: 2016 in Review
This Year in U.S. Copyright Policy: 2016 in Review
Open Access Rewards Passionate Curiosity: 2016 in Review
Censorship on Social Media: 2016 in Review
Defending Student Data from Classrooms to the Cloud: 2016 in Review
Protecting Net Neutrality and the Open Internet: 2016 in Review
U.S. Trade Representative Gets Piracy Website Listing Notoriously Wrong
HTTPS Deployment Growing by Leaps and Bounds: 2016 in Review
Defending the Digital Future: 2016 in Review

EFF's "Deeplinks" blog has published nearly two dozen "2016 in Review" posts over the last nine days, one of which applauds 2016 as "a great year for adoption of HTTPS encryption for secure connections to websites." An anonymous reader writes: In 2016 most pages viewed on the web were encrypted. And over 21 million web sites obtained security certificates -- often for the first time -- through Let's Encrypt. But "a sizeable part of the growth in HTTPS came from very large hosting providers that decided to make HTTPS a default for sites that they host, including OVH, Wordpress.com, Shopify, Tumblr, Squarespace, and many others," EFF writes. Other factors included the support of Transport Layer Security (TLS) 1.3 by Firefox, Chrome, and Opera.
Other "2016 in Review" posts from EFF include Protecting Net Neutrality and the Open Internet and DRM vs. Civil Liberties. Click through for a complete list of all EFF "2016 in Review" posts.
Chipping Away at National Security Letters: 2016 in Review
Everybody Wants To Rule The World (Wide Web): 2016 in Review
Fighting for Fair Use and Safer Harbors: 2016 in Review
Secure Messaging Takes Some Steps Forward, Some Steps Back: 2016 In Review
Most Young Gig Economy Companies Way Behind On Protecting User Data: 2016 In Review
Dark Skies for International Copyright: 2016 in Review
Congress Gives FOIA a Modest but Important Update For Its 50th Birthday: 2016 in Review
Our Fight to Rein In the CFAA: 2016 in Review
The Patent Troll Abides: 2016 in Review
DRM vs. Civil Liberties: 2016 in Review
The Fight to Rein in NSA Surveillance: 2016 in Review
The Year in Government Hacking: 2016 in Review
What Happened to Unlocking the Box? 2016 in Review
Top 5 Threats to Transparency: 2016 in Review
Technical Developments in Cryptography: 2016 in Review
This Year in U.S. Copyright Policy: 2016 in Review
Open Access Rewards Passionate Curiosity: 2016 in Review
Censorship on Social Media: 2016 in Review
Defending Student Data from Classrooms to the Cloud: 2016 in Review
Protecting Net Neutrality and the Open Internet: 2016 in Review
U.S. Trade Representative Gets Piracy Website Listing Notoriously Wrong
HTTPS Deployment Growing by Leaps and Bounds: 2016 in Review
Defending the Digital Future: 2016 in Review

EFF's "Deeplinks" blog has published nearly two dozen "2016 in Review" posts over the last nine days, one of which applauds 2016 as "a great year for adoption of HTTPS encryption for secure connections to websites." An anonymous reader writes: In 2016 most pages viewed on the web were encrypted. And over 21 million web sites obtained security certificates -- often for the first time -- through Let's Encrypt. But "a sizeable part of the growth in HTTPS came from very large hosting providers that decided to make HTTPS a default for sites that they host, including OVH, Wordpress.com, Shopify, Tumblr, Squarespace, and many others," EFF writes. Other factors included the support of Transport Layer Security (TLS) 1.3 by Firefox, Chrome, and Opera.
Other "2016 in Review" posts from EFF include Protecting Net Neutrality and the Open Internet and DRM vs. Civil Liberties. Click through for a complete list of all EFF "2016 in Review" posts.
Chipping Away at National Security Letters: 2016 in Review
Everybody Wants To Rule The World (Wide Web): 2016 in Review
Fighting for Fair Use and Safer Harbors: 2016 in Review
Secure Messaging Takes Some Steps Forward, Some Steps Back: 2016 In Review
Most Young Gig Economy Companies Way Behind On Protecting User Data: 2016 In Review
Dark Skies for International Copyright: 2016 in Review
Congress Gives FOIA a Modest but Important Update For Its 50th Birthday: 2016 in Review
Our Fight to Rein In the CFAA: 2016 in Review
The Patent Troll Abides: 2016 in Review
DRM vs. Civil Liberties: 2016 in Review
The Fight to Rein in NSA Surveillance: 2016 in Review
The Year in Government Hacking: 2016 in Review
What Happened to Unlocking the Box? 2016 in Review
Top 5 Threats to Transparency: 2016 in Review
Technical Developments in Cryptography: 2016 in Review
This Year in U.S. Copyright Policy: 2016 in Review
Open Access Rewards Passionate Curiosity: 2016 in Review
Censorship on Social Media: 2016 in Review
Defending Student Data from Classrooms to the Cloud: 2016 in Review
Protecting Net Neutrality and the Open Internet: 2016 in Review
U.S. Trade Representative Gets Piracy Website Listing Notoriously Wrong
HTTPS Deployment Growing by Leaps and Bounds: 2016 in Review
Defending the Digital Future: 2016 in Review

"The federal government has not justified its excessive secrecy about the massive telephone surveillance program known as Hemisphere, a court ruled in an EFF Freedom of Information Act lawsuit on Thursday." schwit1 quotes the EFF announcement: As a result, the federal government must submit roughly 260 pages of previously withheld or heavily redacted records to the court so that it can review them and decide whether to make more information about Hemisphere public. Hemisphere is a partnership between AT&T and federal, state, and local law enforcement agencies that allows police almost real-time access to telephone call detail records. The program is both extremely controversial -- AT&T requires police to hide its use from the public -- and appears to violate our First and Fourth Amendment rights.
Government lawyers had argued the disputed documents were restricted to use at the federal level, but the court remained unconvinced, especially "after EFF demonstrated that many of them appeared to have been given to state and local law enforcement."

"The federal government has not justified its excessive secrecy about the massive telephone surveillance program known as Hemisphere, a court ruled in an EFF Freedom of Information Act lawsuit on Thursday." schwit1 quotes the EFF announcement: As a result, the federal government must submit roughly 260 pages of previously withheld or heavily redacted records to the court so that it can review them and decide whether to make more information about Hemisphere public. Hemisphere is a partnership between AT&T and federal, state, and local law enforcement agencies that allows police almost real-time access to telephone call detail records. The program is both extremely controversial -- AT&T requires police to hide its use from the public -- and appears to violate our First and Fourth Amendment rights.
Government lawyers had argued the disputed documents were restricted to use at the federal level, but the court remained unconvinced, especially "after EFF demonstrated that many of them appeared to have been given to state and local law enforcement."

Electronic Frontier Foundation has dispatched a team of technologists and lawyers to a protest site in Standing Rock, North Dakota, to investigate "several reports of potentially unlawful surveillance." An anonymous reader writes: The EFF has "collected anecdotal evidence from water protectors about suspicious cell phone behavior, including uncharacteristically fast battery drainage, applications freezing, and phones crashing completely," according to a recent report. "Some water protectors also saw suspicious login attempts to their Google accounts from IP addresses originating from North Dakota's Information & Technology Department. On social media, many reported Facebook posts and messenger threads disappearing, as well as Facebook Live uploads failing to upload or, once uploaded, disappearing completely."

The EFF reports "it's been very difficult to pinpoint the true cause or causes," but they've targeted over 20 law enforcement agencies with public records requests, noting that "Of the 15 local and state agencies that have responded, 13 deny having any record at all of cell site simulator use, and two agencies -- Morton County and the North Dakota State Highway Patrol (the two agencies most visible on the ground) -- claim that they can't release records in the interest of "public safety"...
"Law enforcement agencies should not be allowed to sidestep public inquiry into the surveillance technologies they're using," EFF writes, "especially when citizens' constitutional rights are at stake... It is past time for the Department of Justice to investigate the scope of law enforcement's digital surveillance at Standing Rock and its consequences for civil liberties and freedoms in the digital world."

An anonymous reader quotes a report from Electronic Frontier Foundation: No one should have to fear losing their internet connection because of unfounded accusations. But some rights holders want to use copyright law to force your Internet service provider (ISP) to cut off your access whenever they say so, and in a case the Washington Post called "the copyright case that should worry all Internet providers," they're hoping the courts will help them. We first wrote about this case -- BMG v. Cox Communications -- when it was filed back in 2014, and last month, EFF, Public Knowledge (PK), and the Center for Democracy and Technology (CDT) urged the Court of Appeals for the Fourth Circuit to overturn a ruling that ISP Cox Communications was liable for copyright infringement. EFF, PK and CDT advised the court to consider the importance of Internet access in daily life in determining when copyright law requires an ISP to cut off someone's Internet subscription. The case turns in part on a provision in copyright law that gives internet intermediaries a safe harbor -- legal protection against some copyright infringement lawsuits -- provided they follow certain procedures. Online platforms like Facebook and YouTube, along with other internet intermediaries, have to "reasonably implement" a policy for terminating "subscribers and account holders" that are "repeat infringers" in "appropriate circumstances." But given the importance of Internet access, the circumstances where it's appropriate to cut off a home Internet subscription entirely are few and far between. The law as written is flexible enough that providers can design and implement policies that make sense for the nature of their service and their subscribers' circumstances. A repeat infringer policy for the company that provides your link to the Internet as a whole should take into account the essential nature of internet access and the severe harm caused by disconnection. But music publisher BMG wants to use this provision to force ISPs to become tougher enforcers of copyright law. According to BMG, ISPs should be required both to forward rights holders' threatening demand letters to their subscribers and terminate a subscriber's Internet access whenever rights holders allege that person has repeatedly violated copyright law. A subscriber is a "repeat infringer" and subject to termination, they argue, whenever they say so. Cox's appeal of the ruling raises two very important issues: (1) Who should be considered a "repeat infringer" who should be cut off from the Internet, and (2) whether ISPs must either cede to rights holders' demands or monitor their subscribers' internet habits to avoid liability. Slashdot reader waspleg adds: Two landmark Supreme Court cases, Metro-Goldwyn-Mayer Studios Inc. v. Grokster, Ltd., and Sony Corp. of America v. Universal Studios made clear that if a service is capable of significant lawful uses, and the provider doesn't actively encourage users to commit copyright infringement, the provider shouldn't be held responsible when someone nonetheless uses the service unlawfully.

An anonymous reader quotes a report from Electronic Frontier Foundation: No one should have to fear losing their internet connection because of unfounded accusations. But some rights holders want to use copyright law to force your Internet service provider (ISP) to cut off your access whenever they say so, and in a case the Washington Post called "the copyright case that should worry all Internet providers," they're hoping the courts will help them. We first wrote about this case -- BMG v. Cox Communications -- when it was filed back in 2014, and last month, EFF, Public Knowledge (PK), and the Center for Democracy and Technology (CDT) urged the Court of Appeals for the Fourth Circuit to overturn a ruling that ISP Cox Communications was liable for copyright infringement. EFF, PK and CDT advised the court to consider the importance of Internet access in daily life in determining when copyright law requires an ISP to cut off someone's Internet subscription. The case turns in part on a provision in copyright law that gives internet intermediaries a safe harbor -- legal protection against some copyright infringement lawsuits -- provided they follow certain procedures. Online platforms like Facebook and YouTube, along with other internet intermediaries, have to "reasonably implement" a policy for terminating "subscribers and account holders" that are "repeat infringers" in "appropriate circumstances." But given the importance of Internet access, the circumstances where it's appropriate to cut off a home Internet subscription entirely are few and far between. The law as written is flexible enough that providers can design and implement policies that make sense for the nature of their service and their subscribers' circumstances. A repeat infringer policy for the company that provides your link to the Internet as a whole should take into account the essential nature of internet access and the severe harm caused by disconnection. But music publisher BMG wants to use this provision to force ISPs to become tougher enforcers of copyright law. According to BMG, ISPs should be required both to forward rights holders' threatening demand letters to their subscribers and terminate a subscriber's Internet access whenever rights holders allege that person has repeatedly violated copyright law. A subscriber is a "repeat infringer" and subject to termination, they argue, whenever they say so. Cox's appeal of the ruling raises two very important issues: (1) Who should be considered a "repeat infringer" who should be cut off from the Internet, and (2) whether ISPs must either cede to rights holders' demands or monitor their subscribers' internet habits to avoid liability. Slashdot reader waspleg adds: Two landmark Supreme Court cases, Metro-Goldwyn-Mayer Studios Inc. v. Grokster, Ltd., and Sony Corp. of America v. Universal Studios made clear that if a service is capable of significant lawful uses, and the provider doesn't actively encourage users to commit copyright infringement, the provider shouldn't be held responsible when someone nonetheless uses the service unlawfully.

The controversial Trans-Pacific Partnership can't go into effect without U.S. approval, Japan's Prime Minister Shinzo Abe has acknowledged. Yet despite president-elect Trump's promise to withdraw from the agreement -- Friday Japan's parliament voted to approve it. An anonymous reader quotes the Business Times. Was last Friday's vote simply a Quixotic tribute to a dying cause or -- as some are asking -- does Mr. Abe know something that others don't? They note that he is the only foreign leader to have met with the anointed heir to the U.S. presidency since the election result was announced. What went on in New York's Trump Tower during that "informal" meeting is unknown but some speculate that there may have been some equally informal -- but nonetheless significant -- dealmaking between the two men on the TPP. This seems quite possible, analysts say, because the TPP is of great importance to Japan and to Mr. Abe's grand design for Japan to remain a pivotal Asia-Pacific power.
The EFF has decried "the intense push to ram Internet issues into international law through the TPP," and complained Friday that Japan's newly-passed law "includes the extension of Japan's copyright term from 50 to 70 years after the death of the author, which makes today a very sad day for Japan's public domain."

And in addition, "There remains a risk that other TPP countries such as Singapore -- and even countries that weren't part of the original deal, such as Taiwan -- will soon also bring their domestic legislation into conformity with the requirements of this dead agreement."

"This weekend you have the chance to add to Aaron Swartz's legacy by boosting tools for whistleblowers," the EFF writes. An anonymous reader quotes their report. The 2016 Aaron Swartz International Hackathon -- held in honor of the late Internet and political activist -- will take place during the day Saturday and Sunday at the Internet Archive in San Francisco. The hackathon will focus on whistleblower submission system SecureDrop, which was created by Swartz and Kevin Poulsen to connect media organizations and anonymous sources and is managed by the Freedom of the Press Foundation. This weekend's events -- timed to what would have been his 30th birthday on Nov. 8 -- will also feature a series of speakers on Saturday night, including SecureDrop's Conor Schaefer, Fight for the Future Co-founder Tiffiniy Cheng, and EFF Executive Director Cindy Cohn, as well as a special statement from Chelsea Manning.

An anonymous reader writes: EFF's list of costume ideas for digital rights activists include a Stingray costume, dressing up like a Privacy Badger (or a patent troll), and using facepaint to simulate the eerie digitization algorithms that are currently capturing images of your face for government databases. "Just this week we learned that facial recognition is far more prevalent among local and federal law enforcement than we thought, with at least 26 states using this biometric technology... To draw attention to this emerging threat to privacy, you can use your face painting skills to recreate the digitization algorithms on your own mug based on public records we and others have obtained from law enforcement agencies."
Sixteen states already grant the FBI access to their DMV databases, reports EFF, noting that it's "almost completely unregulated," with one study reporting that 50% of American faces are already in a government database.

An anonymous reader writes: EFF's list of costume ideas for digital rights activists include a Stingray costume, dressing up like a Privacy Badger (or a patent troll), and using facepaint to simulate the eerie digitization algorithms that are currently capturing images of your face for government databases. "Just this week we learned that facial recognition is far more prevalent among local and federal law enforcement than we thought, with at least 26 states using this biometric technology... To draw attention to this emerging threat to privacy, you can use your face painting skills to recreate the digitization algorithms on your own mug based on public records we and others have obtained from law enforcement agencies."
Sixteen states already grant the FBI access to their DMV databases, reports EFF, noting that it's "almost completely unregulated," with one study reporting that 50% of American faces are already in a government database.

An anonymous Slashdot reader writes: Look at this contradiction in the government's story about their secret scans on hundreds of millions of Yahoo emails. "Intelligence officials told Reuters that all Yahoo had to do was modify existing systems for stopping child pornography from being sent through its email or filtering spam messages." But three former Yahoo employee have now said that actually the court-ordered search "was done by a module attached to the Linux kernel -- in other words, it was deeply buried near the core of the email server operating system, far below where mail sorting was handled... They said that made it hard to detect and also made it hard to figure out what the program was doing."
Slashdot reader Trailrunner7 writes: Now, experts at the EFF and Sen. Ron Wyden say that the order served on Yahoo should be made public according to the text of a law passed last year. The USA Freedom Act is meant to declassify certain kinds of government orders, and the EFF says the Yahoo order fits neatly into the terms of the law. "If the reports about the Yahoo order are accurate -- including requiring the company to custom build new software to accomplish the scanning -- it's hard to imagine a better candidate for declassification and disclosure under Section 402," Aaron Mackey of the EFF said.

Kashmir Hill has a fascinating story today on what can go wrong when you solely rely on IP address in a crime investigation -- also highlighting how often police resort to IP addresses. In the story she follows a crime investigation that led police to raid a couple's house at 6am in the morning, because their IP address had been associated with the publication of child porn on notorious 4chan porn. The problem was, Hill writes: the couple -- David Robinson and Jan Bultmann -- weren't the ones who had uploaded the child porn. All they did was voluntarily use one of their old laptops as a Tor exit relay, a software used by activists, dissidents, privacy enthusiasts as well as criminals, so that people who want to stay anonymous when surfing the web could do so. Hill writes: Robinson and Bultmann had [...] specifically operated the riskiest node in the chain: the exit relay which provides the IP address ultimately associated with a user's activity. In this case, someone used Tor to make the porn post, and his or her traffic had been routed through the computer in Robinson and Bultmann's house. The couple wasn't pleased to have helped someone post child porn to the internet, but that's the thing about privacy-protective tools: They're going to be used for good and bad purposes, and to support one, you might have to support the other.Robinson added that he was a little let down because police didn't bother to look at the public list which details the IP addresses associated with Tor exit relays. Hill adds: The police asked Robinson to unlock one MacBook Air, and then seemed satisfied these weren't the criminals they were looking for and left. But months later, the case remains open with Robinson and Bultmann's names on police documents linking them to child pornography. "I haven't run an exit relay since. The police told me they'd be back if it happened again," Robinson said; he's still running a Tor node, just not the end point anymore. "I have to take the threat seriously because I don't want my wife or I to wake up with guns in our faces."Technologist Seth Schoen, and EFF Executive Director Cindy Cohn in a white paper aimed at courts and cops. "For many reasons, connecting an individual to a crime linked to an IP address, without any additional investigation, is irresponsible and threatens the civil liberties of innocent people."

"Unpatent is a crowdfunding platform that eliminates bad patents," reads their web site. "We do that by crowdsourcing the prior art -- that is all the evidence that makes clear that a patent was not novel -- and filing reexamination requests to the patent office." An anonymous Slashdot reader reports: "Everyone in the world can back the crowdfunding campaign against the patent," explains their site, which includes a special section with "Featured stupid patents". The first $16,000 raised covers the lawyers and fees at the U.S. Patent and Trademark Office, and "The rest is distributed to those who find valid prior art...any evidence that a patent is not novel. We review all the prior art pieces and reward those that may invalidate a claim... Then, we file an ex partes reexamination to the USPTO."

Their team includes Lee Cheng, the legal officer at Newegg, "worldwide renowned as the patent trolls' nightmare," as well as Lus Cuende, who created his own Linux distro when he was 15 and is now CTO of Stampery, a company using the Bitcoin blockchain to notarize data.
They're currently targeting the infamous US8738435 covering "personalized content relating to offered products and services," which in February the EFF featured as their "stupid patent of the month." Its page on Unpatent.co argues that "Taking something so obvious such as personalizing content and offers...and writing the word online everywhere shouldn't grant you a monopoly over it." Unpatent's slogan? "We invalidate patents that shouldn't exist."

An anonymous Slashdot reader quotes BetaNews about new legal documents filed Friday: Microsoft is fighting the US Justice Department in an attempt to quash a law that prevents companies informing customers that the government is requesting their data. The technology giant has the backing of other tech companies as well as media outlets. Amazon, Apple, Google, Fox News, Electronic Frontier Foundation and Mozilla are among those offering their support to Microsoft. The lawsuit says that blocking companies from keeping their customers informed is unconstitutional, and it comes at a time when tech companies in particular are keen to be as open and transparent as possible about government requests for data....

As EFF Senior Staff Attorney Lee Tien puts it: "Whether the government has a warrant to rifle through our mail, safety deposit boxes, or emails stored in the cloud, it must notify people about the searches. When electronic searches are done in secret, we lose our right to challenge the legality of law enforcement invasions of privacy. The Fourth Amendment doesn't allow that, and it's time for the government to step up and respect the Constitution."
Mozilla argues transparency "is critical to our vision of an open, trusted, secure web that places users in control of their experience online," in a blog post announcing that they'd joined a brief filed by Apple, Twilio, and Lithium Technologies.

And a statement from an EFF staff attorney argues that notifying the targets of searches "provides a free society with a crucial means of government accountability."

An anonymous reader quotes a report from Electronic Frontier Foundation: U.S. border control agents want to gather Facebook and Twitter identities from visitors from around the world. But this flawed plan would violate travelers' privacy, and would have a wide-ranging impact on freedom of expression -- all while doing little or nothing to protect Americans from terrorism. A proposal has been issued by U.S. Customs and Border Protection to collect social media handles from visitors to the United States from visa waiver countries. The Electronic Frontier Foundation opposes the proposal and has commented on it individually and as part of a larger coalition. "CBP specifically seeks 'information associated with your online presence -- Provider/Platform -- Social media identifier' in order to provider DHS 'greater clarity and visibility to possible nefarious activity and connections' for 'vetting purposes,'" reports EFF. "In our comments, we argue that would-be terrorists are unlikely to disclose social media identifiers that reveal publicly available posts expressing support for terrorism." They say this plan "would unfairly violate the privacy of innocent travelers," would cause "innocent travelers" to "engage in self-censorship, cutting back on their online activity out of fear of being wrongly judged by the U.S. government," and would lead to a "slippery slope, where CBP would require U.S. citizens and residents returning home to disclose their social media handles, or subject both foreign visitors and U.S. persons to invasive device searches at ports of entry with the intent of easily accessing any and all cloud data."

An anonymous reader quotes a report from Electronic Frontier Foundation: U.S. border control agents want to gather Facebook and Twitter identities from visitors from around the world. But this flawed plan would violate travelers' privacy, and would have a wide-ranging impact on freedom of expression -- all while doing little or nothing to protect Americans from terrorism. A proposal has been issued by U.S. Customs and Border Protection to collect social media handles from visitors to the United States from visa waiver countries. The Electronic Frontier Foundation opposes the proposal and has commented on it individually and as part of a larger coalition. "CBP specifically seeks 'information associated with your online presence -- Provider/Platform -- Social media identifier' in order to provider DHS 'greater clarity and visibility to possible nefarious activity and connections' for 'vetting purposes,'" reports EFF. "In our comments, we argue that would-be terrorists are unlikely to disclose social media identifiers that reveal publicly available posts expressing support for terrorism." They say this plan "would unfairly violate the privacy of innocent travelers," would cause "innocent travelers" to "engage in self-censorship, cutting back on their online activity out of fear of being wrongly judged by the U.S. government," and would lead to a "slippery slope, where CBP would require U.S. citizens and residents returning home to disclose their social media handles, or subject both foreign visitors and U.S. persons to invasive device searches at ports of entry with the intent of easily accessing any and all cloud data."

An anonymous reader quotes a report from Techdirt: Interesting move by Cory Doctorow and the EFF in sending some letters to the FTC making a strong case that DRM requires some "truth in labeling" details in order to make sure people know what they're buying. The argument is pretty straightforward (PDF): "The legal force behind DRM makes the issue of advance notice especially pressing. It's bad enough when a product is designed to prevent its owner from engaging in lawful, legitimate, desirable conduct -- but when the owner is legally prohibited from reconfiguring the product to enable that conduct, it's vital that they be informed of this restriction before they make a purchase, so that they might make an informed decision. Though many companies sell products with DRM encumbrances, few provide notice of these encumbrances. Of those that do, fewer still enumerate the restrictions in plain, prominent language. Of the few who do so, none mention the ability of the manufacturer to change the rules of the game after the fact, by updating the DRM through non-negotiable updates that remove functionality that was present at the time of purchase." In a separate letter (PDF) from EFF, along with a number of other consumer interest groups, but also content creators like Baen Books, Humble Bundle and McSweeney's, they suggest some ways that a labeling notice might work.

Here's the highlight reel from the DARPA-sponsored "Cyber Grand Challenge" competition. Slashdot reader alphadogg writes: Cyber-reasoning platform Mayhem pulled down the $2 million first prize in a competition...that pitted entrants against each other in the classic hacking game Capture the Flag, never before played by programs running on supercomputers. A team from Carnegie Mellon University spin-out All Secure entered Mayhem in the competition against six other programs played in front of thousands in the ballroom of the Paris hotel in Las Vegas. Most of the spectators were in town for the DEF CON hacker conference starting Friday at the same site.
The Electronic Frontier Foundation wrote "We think that this initiative by DARPA is very cool, very innovative, and could have been a little dangerous." Sharing their blog post about automated security research, the EFF's staff technologist Peter Eckersley writes: EFF is asking, does research like that need a safety protocol?

An anonymous reader quotes a report from EFF: Journalists and political activists critical of Kazakhstan's authoritarian government, along with their family members, lawyers, and associates, have been targets of an online phishing and malware campaign believed to be carried out on behalf of the government of Kazakhstan, according to a new report by the Electronic Frontier Foundation (EFF). Malware was sent to Irina Petrushova and Alexander Petrushov, publishers of the independent newspaper Respublika, which was forced by the government of Kazakhstan to stop printing after years of exposing corruption but has continued to operate online. Also targeted are family members and attorneys of Mukhtar Ablyazov, co-founder and leader of opposition party Democratic Choice of Kazakhstan, as well as other prominent dissidents. The campaign -- which EFF has called "Operation Manul," after endangered wild cats found in the grasslands of Kazakhstan -- involved sending victims spearphishing emails that tried to trick them into opening documents which would covertly install surveillance software capable of recording keystrokes, recording through the webcam, and more. Some of the software used in the campaign is commercially available to anyone and sells for as little as $40 online.

An anonymous reader quotes a report from EFF: Journalists and political activists critical of Kazakhstan's authoritarian government, along with their family members, lawyers, and associates, have been targets of an online phishing and malware campaign believed to be carried out on behalf of the government of Kazakhstan, according to a new report by the Electronic Frontier Foundation (EFF). Malware was sent to Irina Petrushova and Alexander Petrushov, publishers of the independent newspaper Respublika, which was forced by the government of Kazakhstan to stop printing after years of exposing corruption but has continued to operate online. Also targeted are family members and attorneys of Mukhtar Ablyazov, co-founder and leader of opposition party Democratic Choice of Kazakhstan, as well as other prominent dissidents. The campaign -- which EFF has called "Operation Manul," after endangered wild cats found in the grasslands of Kazakhstan -- involved sending victims spearphishing emails that tried to trick them into opening documents which would covertly install surveillance software capable of recording keystrokes, recording through the webcam, and more. Some of the software used in the campaign is commercially available to anyone and sells for as little as $40 online.

Violating a company rule is not -- and should not be -- a computer crime, that was the ruling of the Oregon Supreme Court in State v. Nascimento file. The Oregon's highest court ruled that while a convenience store clerk was guilty of stealing lottery tickets through the store's computer system, she did not violate the state's anti-hacking law while doing so. ArsTechnica shares more details: The Electronic Frontier Foundation, which appeared on Caryn Nascimento's behalf during the case as an amicus curae (friend of the court), announced the narrow victory on Tuesday. According to the Supreme Court's decision, the case dates back to 2007, when Nascimento began working at Tiger Mart, a small convenience store in Madras, Oregon, about 120 miles southeast of Portland. In late 2008 and early 2009, a company vice president began investigating what appeared to be cash shortages at that store, sometimes about $1,000 per day. After reviewing video recordings that correlated with Nascimento's work schedule, this executive began to suspect that she was buying lottery tickets but not paying for them. Eventually, Nascimento was charged not only with aggravated first-degree theft but also of violating the state's computer crime law, which includes language that "any person who knowingly and without authorization uses, accesses or attempts to access any computer, computer system, computer network, or any computer software, program, documentation or data contained in such computer, computer system or computer network, commits computer crime." She was convicted on both charges at trial. On appeal before the Oregon Supreme Court, Nascimento's lawyers argued that while their client may have violated a company policy to not print lottery tickets that she did not receive payment for, she was, in fact, authorized to access the lottery printing computer.

Violating a company rule is not -- and should not be -- a computer crime, that was the ruling of the Oregon Supreme Court in State v. Nascimento file. The Oregon's highest court ruled that while a convenience store clerk was guilty of stealing lottery tickets through the store's computer system, she did not violate the state's anti-hacking law while doing so. ArsTechnica shares more details: The Electronic Frontier Foundation, which appeared on Caryn Nascimento's behalf during the case as an amicus curae (friend of the court), announced the narrow victory on Tuesday. According to the Supreme Court's decision, the case dates back to 2007, when Nascimento began working at Tiger Mart, a small convenience store in Madras, Oregon, about 120 miles southeast of Portland. In late 2008 and early 2009, a company vice president began investigating what appeared to be cash shortages at that store, sometimes about $1,000 per day. After reviewing video recordings that correlated with Nascimento's work schedule, this executive began to suspect that she was buying lottery tickets but not paying for them. Eventually, Nascimento was charged not only with aggravated first-degree theft but also of violating the state's computer crime law, which includes language that "any person who knowingly and without authorization uses, accesses or attempts to access any computer, computer system, computer network, or any computer software, program, documentation or data contained in such computer, computer system or computer network, commits computer crime." She was convicted on both charges at trial. On appeal before the Oregon Supreme Court, Nascimento's lawyers argued that while their client may have violated a company policy to not print lottery tickets that she did not receive payment for, she was, in fact, authorized to access the lottery printing computer.

itwbennett writes: Microsoft's recent victory in court, when it was ruled that the physical location of the company's servers in Ireland were out of reach of the U.S. government, was described on Slashdot as being "perceived as a major victory for privacy." But J. Trevor Hughes, president and CEO of the International Association of Privacy Professionals (IAPP) has a different view of the implications of the ruling that speaks to John Perry Barlow's vision of an independent cyberspace: "By recognizing the jurisdictional boundaries of Ireland, it is possible that the Second Circuit Court created an incentive for other jurisdictions to require data to be held within their national boundaries. We have seen similar laws emerge in Russia -- they fall under a policy trend towards 'data localization' that has many cloud service and global organizations deeply concerned. Which leads to a tough question: what happens if every country tries to assert jurisdictional control over the web? Might we end up with a fractured web, a 'splinternet,' of lessening utility?"

An anonymous Slashdot reader writes: "The TPP is simply bad for tech users and innovators," writes the Electronic Frontier Foundation, arguing the proposed trade agreement for the Pacific Rim "exports the most onerous parts of U.S. copyright law and prevents the U.S. from improving them in the future, while failing to include the balancing provisions that work for users and innovators, such as fair use." At a press conference, the EFF delivered 210,000 signatures gathered in conjunction with other activist groups "to call on Democratic Party Leader Nancy Pelosi to stop the Trans-Pacific Partnership from going to a vote during the 'lame duck' session of Congress following the November election."

More signatures are still being collected online, to be delivered on July 21. In a statement, the EFF adds that the TPP also "does nothing to safeguard the free and open Internet, by including phony provisions on net neutrality and encryption, trade secrets provisions that carry no exceptions for journalism or whistleblowing, and a simplistic ban on data localization...to buy off big tech."

An anonymous Slashdot reader writes: "The TPP is simply bad for tech users and innovators," writes the Electronic Frontier Foundation, arguing the proposed trade agreement for the Pacific Rim "exports the most onerous parts of U.S. copyright law and prevents the U.S. from improving them in the future, while failing to include the balancing provisions that work for users and innovators, such as fair use." At a press conference, the EFF delivered 210,000 signatures gathered in conjunction with other activist groups "to call on Democratic Party Leader Nancy Pelosi to stop the Trans-Pacific Partnership from going to a vote during the 'lame duck' session of Congress following the November election."

More signatures are still being collected online, to be delivered on July 21. In a statement, the EFF adds that the TPP also "does nothing to safeguard the free and open Internet, by including phony provisions on net neutrality and encryption, trade secrets provisions that carry no exceptions for journalism or whistleblowing, and a simplistic ban on data localization...to buy off big tech."

An anonymous reader writes from a report via Motherboard: An appeals court ruled Wednesday that sharing passwords can be a violation of the Computer Fraud and Abuse Act, a catch-all "hacking" law that has been widely used to prosecute behavior that bears no resemblance to hacking. Motherboard reports: "In this particular instance, the conviction of David Nosal, a former employee of Korn/Ferry International research firm, was upheld by the Ninth Circuit Court of Appeals, who said that Nosal's use of a former coworker's password to access one of the firm's databases was an 'unauthorized' use of a computer system under the CFAA. In the majority opinion, Judge Margaret McKeown wrote that 'Nosal and various amici spin hypotheticals about the dire consequences of criminalizing password sharing. But these warnings miss the mark in this case. This appeal is not about password sharing.' She then went on to describe a thoroughly run-of-the-mill password sharing scenario -- her argument focuses on the idea that Nosal wasn't authorized by the company to access the database anymore, so he got a password from a friend -- that happens millions of times daily in the United States, leaving little doubt about the thrust of the case. The argument McKeown made is that the employee who shared the password with Nosal 'had no authority from Korn/Ferry to provide her password to former employees.' At issue is language in the CFAA that makes it illegal to access a computer system 'without authorization.' McKeown said that 'without authorization' is 'an unambiguous, non-technical term that, given its plain and ordinary meaning, means accessing a protected computer without permission.' The question that legal scholars, groups such as the Electronic Frontier Foundation, and dissenting judge Stephen Reinhardt ask is an important one: Authorization from who?"

An anonymous reader writes: The EFF reports that a federal court in Virginia today ruled that a criminal defendant has no "reasonable expectation of privacy" in his personal computer (PDF), located inside his home. The court says the federal government does not need a warrant to hack into an individual's computer. EFF reports: "The implications for the decision, if upheld, are staggering: law enforcement would be free to remotely search and seize information from your computer, without a warrant, without probable cause, or without any suspicion at all. To say the least, the decision is bad news for privacy. But it's also incorrect as a matter of law, and we expect there is little chance it would hold up on appeal. (It also was not the central component of the judge's decision, which also diminishes the likelihood that it will become reliable precedent.) But the decision underscores a broader trend in these cases: courts across the country, faced with unfamiliar technology and unsympathetic defendants, are issuing decisions that threaten everyone's rights.

An anonymous reader writes: The EFF reports that a federal court in Virginia today ruled that a criminal defendant has no "reasonable expectation of privacy" in his personal computer (PDF), located inside his home. The court says the federal government does not need a warrant to hack into an individual's computer. EFF reports: "The implications for the decision, if upheld, are staggering: law enforcement would be free to remotely search and seize information from your computer, without a warrant, without probable cause, or without any suspicion at all. To say the least, the decision is bad news for privacy. But it's also incorrect as a matter of law, and we expect there is little chance it would hold up on appeal. (It also was not the central component of the judge's decision, which also diminishes the likelihood that it will become reliable precedent.) But the decision underscores a broader trend in these cases: courts across the country, faced with unfamiliar technology and unsympathetic defendants, are issuing decisions that threaten everyone's rights.

Remember when Capitol Records sued Vimeo over copyright-violating videos? They just lost in court again, when an Appeals court overruled three lower court decisions. Slashdot reader NewYorkCountryLawyer shares the specifics of the Appeals court's findings: [T]he Copyright Office was dead wrong in concluding that pre-1972 sound recordings aren't covered by the DMCA... the judge was wrong to think that Vimeo employees' merely viewing infringing videos was sufficient evidence of "red flag knowledge"... a few sporadic instances of employees being cavalier about copyright law did not amount to a "policy of willful blindness" on the part of the company. "The decision once again affirms that the DMCA extends immunity to a service provider for the infringement of their customers if the service provider removes material at the request of the right holder," writes Ars Technica.

An anonymous reader writes from a report via EFF: The federal Government Accountability Office published a report on the FBI's face recognition capabilities that says the FBI has access to hundreds of millions of photos. According to the GAO report, the FBI's Facial Analysis, Comparison, and Evaluation (FACE) Services unit not only has access to the FBI's Next Generation Identification (NGI) face recognition database of nearly 30 million civil and criminal mug shot photos, but it also has access to the State Department's Visa and Passport databases, the Defense Department's biometric database, and the drivers license databases of at least 16 states. This totals 411.9 million images, most of which are Americans and foreigners who have committed no crimes. In May, it was reported that the FBI is keeping information contained in the NGI database private and unavailable. It argues in a proposal that the database should be exempt from the Privacy Act.

An anonymous reader writes from a report via EFF: The federal Government Accountability Office published a report on the FBI's face recognition capabilities that says the FBI has access to hundreds of millions of photos. According to the GAO report, the FBI's Facial Analysis, Comparison, and Evaluation (FACE) Services unit not only has access to the FBI's Next Generation Identification (NGI) face recognition database of nearly 30 million civil and criminal mug shot photos, but it also has access to the State Department's Visa and Passport databases, the Defense Department's biometric database, and the drivers license databases of at least 16 states. This totals 411.9 million images, most of which are Americans and foreigners who have committed no crimes. In May, it was reported that the FBI is keeping information contained in the NGI database private and unavailable. It argues in a proposal that the database should be exempt from the Privacy Act.

An anonymous reader writes: Google has announced in a blog post Friday their support for the controversial Trans-Pacific Trade Partnership (TPP). Recode reports: "The trade agreement includes key provisions about the global passage of digital data, intellectual property and copyright -- measures that have drawn criticism from both the political right and left, including several outspoken tech groups. Google's endorsement isn't exactly full-throated, but its stake clearly demonstrates another key area of support with the Obama administration, to which Google is close." Google's SVP and general counsel Kent Walker wrote: "The TPP is not perfect, and the trade negotiation process would certainly benefit from greater transparency. We will continue to advocate for process reforms, including the opportunity for all stakeholders to have a meaningful opportunity for input into trade negotiations." The company has already shown support of the TPP behind the Internet Association, which endorsed the trade agreement in March. Google joins a list of other tech titans, like Apple and Microsoft, who have shown their support as well. The Electronic Frontier Foundation calls the TPP a "secretive, multinational trade agreement" that will restrict IP laws and enforce digital policies that "benefit big corporations at the expense of the public." The TPP is still awaiting congressional approval after being signed in February.

An anonymous reader writes: Hundreds of internal NSA documents have been declassified and released to VICE in response to their FOIA lawsuit. They're now sharing them all online, calling it "an extraordinary behind-the-scenes look at the efforts by the NSA, the White House, and US Senator Dianne Feinstein to discredit Snowden [that] call into question aspects of the U.S. government's long-running narrative about Snowden's time at the NSA." The documents officially confirm that Snowden had also worked with the CIA, and show a vigorous internal discussion about how to respond to Snowden's leaks that apparently led the NSA to erroneously assert that Snowden hadn't voiced his objections about the surveillance of U.S. citizens within the NSA before going public.

Living in Russia now, Snowden himself refused to comment on the new releases, with his attorney saying Snowden "believes the NSA is still playing games with selective releases, and [he] therefore chooses not to participate in this effort. He doesn't trust that the intelligence community will operate in good faith."
The EFF is also marking the three-year anniversary of Snowden's leaks, saying they led directly to the first legislation curtailing the NSA's power in over 30 years and changed the way the world perceives government surveillance. Snowden was inspired in part by a desire to keep the internet free, saying in 2014 that "I remember what the Internet was like before it was being watched, and there's never been anything in the history of man that's like it."

An anonymous reader writes: Hundreds of internal NSA documents have been declassified and released to VICE in response to their FOIA lawsuit. They're now sharing them all online, calling it "an extraordinary behind-the-scenes look at the efforts by the NSA, the White House, and US Senator Dianne Feinstein to discredit Snowden [that] call into question aspects of the U.S. government's long-running narrative about Snowden's time at the NSA." The documents officially confirm that Snowden had also worked with the CIA, and show a vigorous internal discussion about how to respond to Snowden's leaks that apparently led the NSA to erroneously assert that Snowden hadn't voiced his objections about the surveillance of U.S. citizens within the NSA before going public.

Living in Russia now, Snowden himself refused to comment on the new releases, with his attorney saying Snowden "believes the NSA is still playing games with selective releases, and [he] therefore chooses not to participate in this effort. He doesn't trust that the intelligence community will operate in good faith."
The EFF is also marking the three-year anniversary of Snowden's leaks, saying they led directly to the first legislation curtailing the NSA's power in over 30 years and changed the way the world perceives government surveillance. Snowden was inspired in part by a desire to keep the internet free, saying in 2014 that "I remember what the Internet was like before it was being watched, and there's never been anything in the history of man that's like it."

An anonymous reader writes: Hundreds of internal NSA documents have been declassified and released to VICE in response to their FOIA lawsuit. They're now sharing them all online, calling it "an extraordinary behind-the-scenes look at the efforts by the NSA, the White House, and US Senator Dianne Feinstein to discredit Snowden [that] call into question aspects of the U.S. government's long-running narrative about Snowden's time at the NSA." The documents officially confirm that Snowden had also worked with the CIA, and show a vigorous internal discussion about how to respond to Snowden's leaks that apparently led the NSA to erroneously assert that Snowden hadn't voiced his objections about the surveillance of U.S. citizens within the NSA before going public.

Living in Russia now, Snowden himself refused to comment on the new releases, with his attorney saying Snowden "believes the NSA is still playing games with selective releases, and [he] therefore chooses not to participate in this effort. He doesn't trust that the intelligence community will operate in good faith."
The EFF is also marking the three-year anniversary of Snowden's leaks, saying they led directly to the first legislation curtailing the NSA's power in over 30 years and changed the way the world perceives government surveillance. Snowden was inspired in part by a desire to keep the internet free, saying in 2014 that "I remember what the Internet was like before it was being watched, and there's never been anything in the history of man that's like it."

An anonymous reader writes: According to an Electronic Frontier Foundation (EFF) investigation, the FBI is working to create software with government researchers that will allow law enforcement to sort and identify people based off their tattoos. The advanced tattoo recognition technology aims to determine "affiliation to gangs, sub-cultures, religious or ritualistic beliefs, or political ideology" and decipher tattoos that "contain intelligence, messages, meaning and motivation." Such research first originated at the National Institute for Standards and Technology (NIST) in 2014, and used a database of prisoner's tattoos. The technology developed by NIST would "map connections between people with similarly themed tattoos or make inferences about people from their tattoos," the EFF reports. What some may view as even more unnerving is that the EFF investigation claims the researchers disregarded basic ethical government research standards, especially those relating specifically to prisoners. The obtained documents reveal NIST researchers sought permission from supervisors only after they had conducted their initial research. The EFF argues that a database that sorts citizens based on their tattoos may or may not reflect their religious or political beliefs, social affiliations, or interests.

An anonymous reader writes: The Computer Fraud and Abuse Act is "vague, draconian, and notoriously out of touch with how we use computers today," warns the EFF. But instead of reforming it, two U.S. Senators "are on a mission to make things worse..." The senators' proposed Botnet Prevention Act of 2016 "could make criminals of paid researchers who test access in order to identify, disclose, and fix vulnerabilities," according to the EFF. And the bill would also make it a felony to damage "critical infrastructure," which may include software companies and ISPs (since they're apparently using the Department of Homeland Security's definition).

The harsher penalties would ultimately give prosecutors much more leverage for plea deals. But worst of all, the proposed bill even "empowers government officials to obtain court orders to force companies to hack computer users for a wide range of activity completely unrelated to botnets. What's worse is that the bill allows the government to do this without any requirement of notice to non-suspect or innocent customers or companies, including botnet victims... These changes would only increase -- not alleviate -- the CFAA's harshness, overbreadth, and confusion."
The CFAA was originally written in 1986, and was partly inspired by the 1983 movie "WarGames".

mi quotes a report from The Intercept: A provision snuck into the still-secret text of the Senate's annual intelligence authorization would give the FBI the ability to demand individuals' email data and possibly web-surfing history from their service providers using those beloved 'National Security Letters' -- without a warrant and in complete secrecy. [The spy bill passed the Senate Intelligence Committee on Tuesday, with the provision in it. The lone no vote came from Sen. Ron Wyden, D-Ore., who wrote in a statement that one of the bill's provisions "would allow any FBI field office to demand email records without a court order, a major expansion of federal surveillance powers." If passed, the change would expand the reach of the FBI's already highly controversial national security letters. The FBI is currently allowed to get certain types of information with NSLs -- most commonly, information about the name, address, and call data associated with a phone number or details about a bank account. The FBI's power to issue NSLs is actually derived from the Electronic Communications Privacy Act -- a 1986 law that Congress is currently working to update to incorporate more protections for electronic communications -- not fewer. The House unanimously passed the Email Privacy Act in late April, while the Senate is due to vote on its version this week. "NSLs have a sordid history. They've been abused in a number of ways, including targeting of journalists and use to collect an essentially unbounded amount of information," Andrew Crocker, staff attorney for the Electronic Frontier Foundation, wrote. One thing that makes them particularly easy to abuse is that recipients of NSLs are subject to a gag order that forbids them from revealing the letters' existence to anyone, much less the public.]

An anonymous reader quotes a report from Wired: [Computer scientists have created a way of letting law enforcement tap any camera that isn't password protected so they can determine where to send help or how to respond to a crime.] The system, which is just a proof of concept, alarms privacy advocates who worry that prudent surveillance could easily lead to government overreach, or worse, unauthorized use. It relies upon two tools developed independently at Purdue. The Visual Analytics Law Enforcement Toolkit superimposes the rate and location of crimes and the location of police surveillance cameras. CAM2 reveals the location and orientation of public network cameras, like the one outside your apartment. You could do the same thing with a search engine like Shodan, but CAM2 makes the job far easier, which is the scary part. Aggregating all these individual feeds makes it potentially much more invasive. [Purdue limits access to registered users, and the terms of service for CAM2 state "you agree not to use the platform to determine the identity of any specific individuals contained in any video or video stream." A reasonable step to ensure privacy, but difficult to enforce (though the team promises the system will have strict security if it ever goes online). Beyond the specter of universal government surveillance lies the risk of someone hacking the system.] EFF discovered that anyone could access more than 100 "secure" automated license plate readers last year.

The EFF debated delegates on WIPO's Standing Committee on Copyright this week, joking the whole week could be summarized as "proposals for a broadcasting treaty continue to edge forward, while rich countries remain at loggerheads with users and poorer countries about copyright exceptions for education and libraries."

An anonymous reader writes: The EFF continued to push for more rights for libraries, for example to preserve "orphaned" works and to lend works across national borders. But they also report that at an EFF-sponsored side-meeting, one independent recording artist made an interesting suggestion about Mycelia, an open and distributed "verified" database of music metadata that's blockchain-enabled. "Although it remains mostly a vision for now, the widespread adoption of Mycelia-enabled services could, in theory, provide better transparency to artists about how and where their works are being used, as well as enabling many new innovative uses of music, both free and paid." (One audience member even asked whether it could resurrect Napster's model of peer-to-peer music-sharing with a mechanism for artist micropayments.)
Meanwhile, the EFF characterized the music industry's stance as "Blaming online content platforms for the low returns that artists receive, and moves to target them with additional responsibilities or obligations." But they added, "As frustrating as the long-winded discussions at WIPO often are, our ability to participate in them is a key advantage that this multilateral forum has over the secretive, closed-door negotiations over copyright that take place in trade negotiations such as the Trans-Pacific Partnership."

The EFF debated delegates on WIPO's Standing Committee on Copyright this week, joking the whole week could be summarized as "proposals for a broadcasting treaty continue to edge forward, while rich countries remain at loggerheads with users and poorer countries about copyright exceptions for education and libraries."

An anonymous reader writes: The EFF continued to push for more rights for libraries, for example to preserve "orphaned" works and to lend works across national borders. But they also report that at an EFF-sponsored side-meeting, one independent recording artist made an interesting suggestion about Mycelia, an open and distributed "verified" database of music metadata that's blockchain-enabled. "Although it remains mostly a vision for now, the widespread adoption of Mycelia-enabled services could, in theory, provide better transparency to artists about how and where their works are being used, as well as enabling many new innovative uses of music, both free and paid." (One audience member even asked whether it could resurrect Napster's model of peer-to-peer music-sharing with a mechanism for artist micropayments.)
Meanwhile, the EFF characterized the music industry's stance as "Blaming online content platforms for the low returns that artists receive, and moves to target them with additional responsibilities or obligations." But they added, "As frustrating as the long-winded discussions at WIPO often are, our ability to participate in them is a key advantage that this multilateral forum has over the secretive, closed-door negotiations over copyright that take place in trade negotiations such as the Trans-Pacific Partnership."

Peter Eckersley, the staff technologist for the Electronic Frontier Foundation, writes: EFF has just launched Certbot, which is the next iteration of the Let's Encrypt client. It's a powerful tool for obtaining TLS/SSL certificates from Let's Encrypt, and (if you wish) automatically installing them to enable and tune HTTPS on your website. It's extensible, and supports a rapidly-growing range of server software.
As of last week more than three million certificates had been issued, according to EFF.org, and despite a new name and host, Certbot "will still get certificates from Let's Encrypt and automatically configure HTTPS on your webserver.... We expect OS packages to begin using the Certbot name in the next few weeks as well."

Peter Eckersley, the staff technologist for the Electronic Frontier Foundation, writes: EFF has just launched Certbot, which is the next iteration of the Let's Encrypt client. It's a powerful tool for obtaining TLS/SSL certificates from Let's Encrypt, and (if you wish) automatically installing them to enable and tune HTTPS on your website. It's extensible, and supports a rapidly-growing range of server software.
As of last week more than three million certificates had been issued, according to EFF.org, and despite a new name and host, Certbot "will still get certificates from Let's Encrypt and automatically configure HTTPS on your webserver.... We expect OS packages to begin using the Certbot name in the next few weeks as well."

"A new system called 'video visitation' is replacing in-person jail visits with glitchy, expensive Skype-like video calls," reports Tech.Mic. "It's inhumane, dystopian and actually increases in-prison violence -- but god, it makes money."

Slashdot reader gurps_npc writes: In-person costs a lot to administer, while you can charge people to 'visit' via video conferencing. (Charge as in overcharge -- just like they charge up to $14 a minute for normal, audio only telephone calls). This is new, and the few studies that have been done show that doing this increases violence in the prison -- and it's believed to also increase recidivism. But the companies making a ton on it like that -- repeat customers and all. Of course, the service is horrible, often being full of static and dropped calls -- and the company doesn't help you fix the problem.
Meanwhile, the EFF reports that last year Facebook disabled 53 U.S prisoner and 74 U.K. prisoner accounts at the request of the government, and is urging people to report takedown requests for inmate social media to OnlineCensorship.org.

Long-time Slashdot reader robot5x writes: I'm a fan of online privacy and, where possible, don't automatically permit cookies and tend to set Ghostery to block all trackers in my browser. This rarely causes a problem -- I have lots of subscriptions to various sites which require me to login and have only rarely encountered minor issues. Recently I had a present of a Slate Plus membership. I really like their content and was keen on supporting it financially. Activating it from the email they sent required me to first register as a user. I clicked on the icon, and nothing happened. Ghostery picked up 7 trackers which I had blocked.

Assuming that one of these was the cause, I activated each in turn and reloaded. None of them made any difference, except a single tracker from JanRain. Accepting this tracker let everything work perfectly. Reading more about JanRain though -- and particularly its interaction with Adobe analytics (which it also tries to load) -- I discovered that they wanted to "create a holistic view of your business by collecting, analyzing and reporting all customer interactions. To derive the most actionable insights, you must link your customers' actions with who they are and what their interests are. Janrain bridges the gap by connecting demographic and psychographic data, collected through traditional and social login, with Adobe's behavioral data, so you understand the whole customer journey".

I do not want them to do any of this, and don't think I should have to. Interactions with Slate's 'support' were excruciating and -- while they at least didn't ask me to restart my computer -- they actually ended up saying that allowing these trackers is tied to their login process and I have to either accept or get a refund.
Robot 5x asks: Is it unacceptable to have to accept being tracked as a paying customer for new sites? "Or am I just being a big baby?"