Slashdot Mirror

An anonymous reader quotes a report from Reuters: FBI Director James Comey said on Tuesday that his agency was still assessing whether a vulnerability used to unlock an iPhone linked to one of the San Bernardino killers would go through a government review to determine if it should be disclosed to Apple or the public. "We are in the midst of trying to sort that out," Comey said. "The threshold (for disclosure) is, are we aware of the vulnerability, or did we just buy a tool and don't have sufficient knowledge of the vulnerability to implicate the process?" The White House has a procedure for reviewing technology security flaws and deciding which ones should be made public. Although officials say the process leans toward disclosure, it is not set up to handle or reveal flaws that are discovered and owned by private companies, sources have told Reuters, raising questions about the effectiveness of the so-called Vulnerabilities Equities Process.

An anonymous reader writes: TechCrunch reports the Electronic Frontier Foundation has filed a lawsuit against the Department of Justice to reveal documents that "show whether DOJ has ever forced a company like Google or Apple to provide technical surveillance assistance in the Foreign Intelligence Surveillance Court, a federal court that issues secret surveillance warrants in national security cases and has been criticized for rubber-stamping NSA overreach." The EFF has been rejected in its attempt to gain access to the documents under the Freedom of Information Act. "Even setting aside the existence of technical assistance orders, there's no question that other, significant FISC opinions remain hidden from the public," EFF senior staff attorney Mark Rumold said in a statement regarding the lawsuit. "The government's narrow interpretation of its transparency obligations under USA FREEDOM is inconsistent with the language of the statute and Congress' intent. Congress wanted to bring an end to secret surveillance law, so it required that all significant FISC opinions be declassified and released. Our lawsuit seeks to hold DOJ accountable to the law." The full lawsuit can be read here.

An anonymous reader writes: TechCrunch reports the Electronic Frontier Foundation has filed a lawsuit against the Department of Justice to reveal documents that "show whether DOJ has ever forced a company like Google or Apple to provide technical surveillance assistance in the Foreign Intelligence Surveillance Court, a federal court that issues secret surveillance warrants in national security cases and has been criticized for rubber-stamping NSA overreach." The EFF has been rejected in its attempt to gain access to the documents under the Freedom of Information Act. "Even setting aside the existence of technical assistance orders, there's no question that other, significant FISC opinions remain hidden from the public," EFF senior staff attorney Mark Rumold said in a statement regarding the lawsuit. "The government's narrow interpretation of its transparency obligations under USA FREEDOM is inconsistent with the language of the statute and Congress' intent. Congress wanted to bring an end to secret surveillance law, so it required that all significant FISC opinions be declassified and released. Our lawsuit seeks to hold DOJ accountable to the law." The full lawsuit can be read here.

Alphabet-owned Nest recently announced that it will be turning off Revolv Hub next month. An anonymous reader shares an article on EFF, a privacy rights group: Nest Labs, a home automation company acquired by Google in 2014, will disable some of its customers' home automation control devices in May. This move is causing quite a stir among people who purchased the $300 Revolv Hub devices -- customers who reasonably expected that the promised "lifetime" of updates would enable the hardware they paid for to actually work, only to discover the manufacturer can turn their device into a useless brick when it so chooses. This is far from the first time that customers' software and electronics have been downgraded by manufacturers. Updates can disable features the customer paid for that have fallen out of favor with the vendor, as when Google disabled privacy settings on Android or Sony took away the ability to run GNU/Linux on a Playstation 3. Manufacturers can even render a device unusable until the customer "agrees" to new terms of use, as Nintendo did with the Wii U. Other software and devices, including some video games, are designed so they simply stop working when they can no longer dial home to a server run by the vendor.

Alphabet-owned Nest recently announced that it will be turning off Revolv Hub next month. An anonymous reader shares an article on EFF, a privacy rights group: Nest Labs, a home automation company acquired by Google in 2014, will disable some of its customers' home automation control devices in May. This move is causing quite a stir among people who purchased the $300 Revolv Hub devices -- customers who reasonably expected that the promised "lifetime" of updates would enable the hardware they paid for to actually work, only to discover the manufacturer can turn their device into a useless brick when it so chooses. This is far from the first time that customers' software and electronics have been downgraded by manufacturers. Updates can disable features the customer paid for that have fallen out of favor with the vendor, as when Google disabled privacy settings on Android or Sony took away the ability to run GNU/Linux on a Playstation 3. Manufacturers can even render a device unusable until the customer "agrees" to new terms of use, as Nintendo did with the Wii U. Other software and devices, including some video games, are designed so they simply stop working when they can no longer dial home to a server run by the vendor.

Alphabet-owned Nest recently announced that it will be turning off Revolv Hub next month. An anonymous reader shares an article on EFF, a privacy rights group: Nest Labs, a home automation company acquired by Google in 2014, will disable some of its customers' home automation control devices in May. This move is causing quite a stir among people who purchased the $300 Revolv Hub devices -- customers who reasonably expected that the promised "lifetime" of updates would enable the hardware they paid for to actually work, only to discover the manufacturer can turn their device into a useless brick when it so chooses. This is far from the first time that customers' software and electronics have been downgraded by manufacturers. Updates can disable features the customer paid for that have fallen out of favor with the vendor, as when Google disabled privacy settings on Android or Sony took away the ability to run GNU/Linux on a Playstation 3. Manufacturers can even render a device unusable until the customer "agrees" to new terms of use, as Nintendo did with the Wii U. Other software and devices, including some video games, are designed so they simply stop working when they can no longer dial home to a server run by the vendor.

Alphabet-owned Nest recently announced that it will be turning off Revolv Hub next month. An anonymous reader shares an article on EFF, a privacy rights group: Nest Labs, a home automation company acquired by Google in 2014, will disable some of its customers' home automation control devices in May. This move is causing quite a stir among people who purchased the $300 Revolv Hub devices -- customers who reasonably expected that the promised "lifetime" of updates would enable the hardware they paid for to actually work, only to discover the manufacturer can turn their device into a useless brick when it so chooses. This is far from the first time that customers' software and electronics have been downgraded by manufacturers. Updates can disable features the customer paid for that have fallen out of favor with the vendor, as when Google disabled privacy settings on Android or Sony took away the ability to run GNU/Linux on a Playstation 3. Manufacturers can even render a device unusable until the customer "agrees" to new terms of use, as Nintendo did with the Wii U. Other software and devices, including some video games, are designed so they simply stop working when they can no longer dial home to a server run by the vendor.

bsharma writes from an article on the New York Times: WhatsApp, which is owned by Facebook, allows customers to send messages and make phone calls over the Internet. In the last year, the company has been adding encryption to those conversations, making it impossible for the Justice Department to read or eavesdrop, even with a judge's wiretap order. [As recently as this past week, officials said,] the Justice Department was discussing how to proceed in a continuing criminal investigation in which a federal judge had approved a wiretap, but investigators were stymied by WhatsApp's encryption. (WhatsApp uses Signal software developed by Open Whisper Systems.) "WhatsApp cannot provide information we do not have," the company said this month when Brazilian police arrested a Facebook executive after the company failed to turn over information about a customer who was the subject of a drug trafficking investigation. "The F.B.I. and the Justice Department are just choosing the exact circumstance to pick the fight that looks the best for them," said Peter Eckersley, the chief computer scientist at the Electronic Frontier Foundation, a nonprofit group that focuses on digital rights. "They're waiting for the case that makes the demand look reasonable."

New submitter Kurast writes with this article at Boing Boing: Code is speech: critical court rulings from the early history of the Electronic Frontier Foundation held that code was a form of expressive speech, protected by the First Amendment. The EFF has just submitted an amicus brief in support of Apple in its fight against the FBI, representing 46 "technologists, researchers and cryptographers," laying out the case that the First Amendment means that Apple can't be forced to utter speech to the government's command, and they especially can't be forced to sign and endorse that speech. In a "deep dive" post, EFF's Andrew Crocker and Jamie Williams take you through the argument, step by step. (You can follow along by reading the brief itself (PDF), too.)

Mephistophocles writes: A sneaky and underhanded change to the TPP, spotted by the EFF and summarized here by Jeremy Malcolm, means much stiffer penalties for copyright "infringement:"

Under the TPP's original terms, a country could limit the exposure of the owner of such a website to prison time, or to the seizure and possible destruction of their server, on the grounds that by definition their infringement didn't cause any lost sales to the copyright owner. (Note that they would be liable for civil damages to the copyright owner in any case.)

Although a country still has the option to limit criminal penalties to "commercial scale" infringements (which is so broadly defined that it could catch even a non-profit subtitles website), the new language compels TPP signatories to make these penalties available even where those infringements cause absolutely no impact on the copyright holder's ability to profit from the work. This is a massive extension of the provision's already expansive scope.

Perhaps most concerning, however, is the fact that this means those stiff penalties apply even when there is no harm or threat of harm to the copyright owner caused by the infringement.

Think about it. What sense is there in sending someone to jail for an infringement that causes no harm to the copyright holder, whether they complain about it or not? And why should it matter that the copyright holder complains about something that didn't affect them anyway? Surely, if the copyright holder suffers no harm, then a country ought to be able to suspend the whole gamut of criminal procedures and penalties, not only the availability of ex officio action.

This is no error -- or if it is, then the parties were only in error in agreeing to a proposal that was complete nonsense to begin with.

Reader iamthecheese writes RT reports that France's National Commission of Information and Freedoms found Facebook tracking of non-user browsers to be illegal. Facebook has three months to stop doing it. The ruling points to violations of members and non-members privacy in violation of an earlier ruling. The guidance, published last October, invalidates safe harbor provisions. If Facebook fails to comply the French authority will appoint someone to decide upon a sanction. Related: A copy of the TPP leaked last year no longer requires signing countries to have a safe harbor provision.

An anonymous reader writes: The Electronic Frontier Foundation is sounding the alarm about a deal between Texas law enforcement agencies and Vigilant Solutions — a company that provides vehicle surveillance tech. The deal will give Texas police access to a bunch of automated license plate readers (ALPRs), and access to the company's data and analytic tools. For free. How is Vigilant making money? "The government agency in turn gives Vigilant access to information about all its outstanding court fees, which the company then turns into a hot list to feed into the free ALPR systems. As police cars patrol the city, they ping on license plates associated with the fees. The officer then pulls the driver over and offers them a devil's bargain: get arrested, or pay the original fine with an extra 25% processing fee tacked on, all of which goes to Vigilant. In other words, the driver is paying Vigilant to provide the local police with the technology used to identify and then detain the driver. If the ALPR pings on a parked car, the officer can get out and leave a note to visit Vigilant's payment website." Vigilant also gets to keep the data collected on citizens while the ALPRs are in use.

According to The Next Web, the NSA would like to get rid of something that a lot of people wish they'd never had in the first place: phone records that the agency has collected over a decade and a half (more, really) of mass surveillance. However, the EFF wants to make sure that the evidence of snooping doesn't get buried along with the actual recorded data. From the article: [T]he government says that it can't be sued by bodies like the EFF. The organization is currently involved in two pending cases seeking a remedy for the past 14 years of illegal phone record collection. EFF wrote a letter (PDF) to the secret Foreign Intelligence Surveillance Act court last December which it has now made public, explaining that it is ready to discuss options that will allow destruction of the records in ways that still preserve its ability to prosecute the cases. It'll be interesting to see how this pans out: if the government doesn't agree to a discussion about how to handle these phone records, it's possible that they will remain on file for years to come. Plus, it could allow the NSA to avoid being held accountable for its illegal mass surveillance.

itwbennett writes: In a lawsuit in Northern California that was dismissed in 2014, Falun Gong practitioners alleged that Cisco Systems built a security system, dubbed "Golden Shield," for the Chinese government knowing it would be used to track and persecute members of the religious minority. That case is being appealed, and on Monday the EFF, Privacy International and free-speech group Article 19 filed a brief that supports the appeal. Many U.S. and European companies sell technology to regimes that violate human rights, and if this case goes to trial and Cisco loses, they may think twice, said EFF Staff Attorney Sophia Cope. "In a lot of instances, these companies are selling directly to the government, and they know exactly what is going to be happening," Cope said.

onedobb writes: Tests confirm that when Binge On is enabled, T-Mobile throttles all HTML5 video streams to around 1.5Mps, even when the phone is capable of downloading at higher speeds, and regardless of whether or not the video provider enrolled in Binge On. This is the case whether the video is being streamed or being downloaded—which means that T-Mobile is artificially reducing the download speeds of customers with Binge On enabled, even if they're downloading the video to watch later. It also means that videos are being throttled even if they're being watched or downloaded to another device via a tethered connection.

An anonymous reader writes with news that the EFF has given Microsoft a dubious award this month for their slider patent. According to Ars: "The Electronic Frontier Foundation's 'Stupid Patent of the Month' for December isn't owned by a sketchy shell company, but rather the Microsoft Corporation. The selection, published yesterday, is the first time the EFF has picked a design patent as the SPOTM. The blog post seeks to highlight some of the problems with those lesser-known cousins to standard 'utility' patents, especially the damages that can result. The chosen patent (PDF), numbered D554,140, would seem to be one of those things that's so simple it raises some basic philosophical questions about the patent system. That's because it's just a slider, in the bottom-right corner of a window, with a plus sign at one end and a minus sign at the other. That's it.

An anonymous reader writes with news that the EFF has given Microsoft a dubious award this month for their slider patent. According to Ars: "The Electronic Frontier Foundation's 'Stupid Patent of the Month' for December isn't owned by a sketchy shell company, but rather the Microsoft Corporation. The selection, published yesterday, is the first time the EFF has picked a design patent as the SPOTM. The blog post seeks to highlight some of the problems with those lesser-known cousins to standard 'utility' patents, especially the damages that can result. The chosen patent (PDF), numbered D554,140, would seem to be one of those things that's so simple it raises some basic philosophical questions about the patent system. That's because it's just a slider, in the bottom-right corner of a window, with a plus sign at one end and a minus sign at the other. That's it.

Peter Eckersley writes: The EFF has launched Panopticlick 2.0. In addition to measuring whether your browser exposes unique — and therefore trackable — settings and configuration to websites, the site can now test if you have correctly configured ad- and tracker-blocking software. Think you have correctly configured tracker-blocking software? Visit Panopticlick to test if you got it right.

Peter Eckersley writes: The EFF has launched Panopticlick 2.0. In addition to measuring whether your browser exposes unique — and therefore trackable — settings and configuration to websites, the site can now test if you have correctly configured ad- and tracker-blocking software. Think you have correctly configured tracker-blocking software? Visit Panopticlick to test if you got it right.

Peter Eckersley writes: The EFF has launched Panopticlick 2.0. In addition to measuring whether your browser exposes unique — and therefore trackable — settings and configuration to websites, the site can now test if you have correctly configured ad- and tracker-blocking software. Think you have correctly configured tracker-blocking software? Visit Panopticlick to test if you got it right.

Peter Eckersley writes: As of today, Let's Encrypt is in Public Beta. If you're comfortable running beta software that may have a few bugs and rough edges, you can use it to instantly obtain and install certificates for any HTTPS website or TLS service. You can find installation instructions here.

Peter Eckersley writes: As of today, Let's Encrypt is in Public Beta. If you're comfortable running beta software that may have a few bugs and rough edges, you can use it to instantly obtain and install certificates for any HTTPS website or TLS service. You can find installation instructions here.

We all know (or know about) Richard M. Stallmann, founder of and vociferous spokesman for the Free Software Foundation. But the organization is far from a one-man band, and Donald Robertson, their copyright administrator (and wearer of several other hats as well) is the person to turn to when you want to get into the murky depths of copyright and patent law. He's also somewhat of an expert on the Trans Pacific Partnership (TPP), which the FSF says, '...has a number of truly dangerous provisions that harm software freedom."

What can you do to help stop this trade agreement that has gotten the FSF (and the EFF, among others) up in arms? Don answers that question in the video (and accompanying transcript for those who would rather read than watch). And any unanswered questions will probably be taken care of in a second video interview with Mr. Robertson that we plan to run in the next day or two.

itwbennett writes: In a complaint (PDF) filed Tuesday with the Federal Trade Commission, the Electronic Frontier Foundation (EFF) claims that "despite publicly promising not to, Google mines students' browsing data and other information, and uses it for the company's own purposes." The EFF says Google's practice of recording everything students do while they're logged into their Google accounts, regardless of the device or browser they're using, puts the company in breach of Section 5 of the Federal Communications Act.

itwbennett writes: In a complaint (PDF) filed Tuesday with the Federal Trade Commission, the Electronic Frontier Foundation (EFF) claims that "despite publicly promising not to, Google mines students' browsing data and other information, and uses it for the company's own purposes." The EFF says Google's practice of recording everything students do while they're logged into their Google accounts, regardless of the device or browser they're using, puts the company in breach of Section 5 of the Federal Communications Act.

Mark Wilson writes: There are many problems with the censoring of online content, not least that it can limit free speech. But there is also the question of transparency. By the very nature of censorship, unless you have been kept in the loop you would simply not know that anything had been censored. This is something the Electronic Frontier Foundation wants to change, and today the digital rights organization launches Onlinecensorship.org to blow the lid off online censorship. The site, run by EFF and Visualizing Impact, aims to reveal the content that is censored on Facebook, Google+, Twitter, Instagram, Flickr, and YouTube — not just the 'what' but the 'why'. If you find yourself the subject of censorship, the site also explains how to lodge an appeal.

itwbennett writes: A now infamous photo [leaked by Edward Snowden] showed NSA employees around a box labeled Cisco during a so-called 'interdiction' operation, one of the spy agency's most productive programs,' writes Jeremy Kirk. 'Once that genie is out of the bottle, it's a hell of job to put it back in,' said Steve Durbin, managing director of the Information Security Forum in London. Yet that's just what Cisco is trying to do, and early next year, the company plans to open a facility in the Research Triangle Park in North Carolina where customers can test and inspect source code in a secure environment. But, considering that a Cisco router might have 30 million lines of code, proving a product hasn't been tampered with by spy agencies is like trying 'to prove the non-existence of god,' says Joe Skorupa, a networking and communications analyst with Gartner.

v3rgEz writes: EFF and MuckRock teamed up in August to reveal how state and local law enforcement agencies are using mobile biometric technology in the field by filing public records requests around the country. With the help of members of the public who nominated jurisdictions for investigation, we have now obtained thousands of pages of documents from more than 30 agencies. Here's how police around California are using iris scanners, fingerprint readers, and facial recognition to monitor civilians.

An anonymous reader writes: Mozilla today launched Firefox 42 for Windows, Mac, Linux, and Android. Notable additions to the browser include tracking protection, tab audio indicators, and background link opening on Android. The new private browsing mode goes further than just not saving your browsing history (read: porn sites) — the added tracking protection means Firefox also blocks website elements (ads, analytics trackers, and social share buttons) that could track you while you're surfing the web, and it works on all four platforms. The feature is almost like a built-in ad blocker, though it's really closer to browser add-ons like Ghostery and Privacy Badger because ads that don't track you are allowed through.

Dangerous_Minds writes: Freezenet seems to be the first website to publish a full run-down of the final draft of the Intellectual Property chapter in the Trans-Pacific Partnership. The leak was published on Wikileaks earlier. The analysis seems to confirm what the EFF has said, saying that the chapter "confirms our worst fears about the agreement, and dashes the few hopes that we held out that its most onerous provisions wouldn't survive to the end of the negotiations." The analysis focuses mainly on copyright enforcement on the Internet and the impact the chapter would have on personal devices, VPN services, and ISPs. One noteworthy find by Freezenet is the inclusion of a "TPP Commission" which would decide when different countries are supposed to meet outside of the 10-year cycle, discussing "market circumstances" of "the development of new pharmaceutical products." What other roles the TPP Commission takes on is unclear given that it is not mentioned anywhere else in the chapter.

JustAnotherOldGuy writes: Adding DRM to JPEG files is being considered by the Joint Photographic Expert Group (JPEG), which oversees the JPEG format. The JPEG met in Brussels today to discuss adding DRM to its format, so there would be images that could force your computer to stop you from uploading pictures to Pinterest or social media. The EFF attended the group's meeting to tell JPEG committee members why that would be a bad idea. Their presentation(PDF) explains why cryptographers don't believe that DRM works, points out how DRM can infringe on the user's legal rights over a copyright work (such as fair use and quotation), and warns how it places security researchers at legal risk as well as making standardization more difficult. It doesn't even help to preserve the value of copyright works, since DRM-protected works and devices are less valued by users.

JustAnotherOldGuy writes: Adding DRM to JPEG files is being considered by the Joint Photographic Expert Group (JPEG), which oversees the JPEG format. The JPEG met in Brussels today to discuss adding DRM to its format, so there would be images that could force your computer to stop you from uploading pictures to Pinterest or social media. The EFF attended the group's meeting to tell JPEG committee members why that would be a bad idea. Their presentation(PDF) explains why cryptographers don't believe that DRM works, points out how DRM can infringe on the user's legal rights over a copyright work (such as fair use and quotation), and warns how it places security researchers at legal risk as well as making standardization more difficult. It doesn't even help to preserve the value of copyright works, since DRM-protected works and devices are less valued by users.

An anonymous reader writes: Wikileaks has released the finalized Intellectual Property text of the Trans-Pacific Partnership (TPP), which international negotiators agreed upon a few days ago. Unfortunately, it contains many of the consumer-hostile provisions that so many organizations spoke out against beforehand. This includes the extension of the copyright term to life plus 70 years, and a ban on the circumvention of DRM. The EFF says, "If you dig deeper, you'll notice that all of the provisions that recognize the rights of the public are non-binding, whereas almost everything that benefits rightsholders is binding. That paragraph on the public domain, for example, used to be much stronger in the first leaked draft, with specific obligations to identify, preserve and promote access to public domain material. All of that has now been lost in favor of a feeble, feel-good platitude that imposes no concrete obligations on the TPP parties whatsoever." The EFF walks us through all the other awful provisions as well — it's quite a lengthy analysis.

Mark Wilson writes: The Obama administration has announced it will not require companies to decrypt encrypted messages for law enforcement agencies. This is being hailed as a "partial victory" by the Electronic Frontier Foundation; partial because, as reported by the Washington Post, the government "will not — for now — call for [such] legislation." This means companies will not be forced to build backdoors into their products, but there is no guarantee it won't happen further down the line. The government wants to continue talks with the technology industry to find a solution, but leaving things in limbo for the time being will create a sense of unease on both sides of the debate. The EFF has also compiled a report showing where the major tech companies stand on encryption.

Mark Wilson writes: The Obama administration has announced it will not require companies to decrypt encrypted messages for law enforcement agencies. This is being hailed as a "partial victory" by the Electronic Frontier Foundation; partial because, as reported by the Washington Post, the government "will not — for now — call for [such] legislation." This means companies will not be forced to build backdoors into their products, but there is no guarantee it won't happen further down the line. The government wants to continue talks with the technology industry to find a solution, but leaving things in limbo for the time being will create a sense of unease on both sides of the debate. The EFF has also compiled a report showing where the major tech companies stand on encryption.

The EFF reports a spot of bright news from California: Governor Jerry Brown today signed into law the California Electronic Communications Privacy Act. CalECPA, says the organization, "protects Californians by requiring a warrant for digital records, including emails and texts, as well as a user's geographical location. These protections apply not only to your devices, but to online services that store your data. Only two other states have so far offered these protections: Maine and Utah." The ACLU provides a fact sheet (PDF) about what the bill entails, which says: SB 178 will ensure that, in most cases, the police must obtain a warrant from a judge before accessing a person's private information, including data from personal electronic devices, email, digital documents, text messages, and location information. The bill also includes thoughtful exceptions to ensure that law enforcement can continue to effectively and efficiently protect public safety in emergency situations. Notice and enforcement provisions in the bill provide proper transparency and judicial oversight to ensure that the law is followed.

Mark Wilson writes: Facebook has seen heavy criticism for its real names (or 'authentic identities' as they are known to the social network) policy. Over the last year, all manner of rights groups and advocates have tried to convince Facebook to allow users to drop their real name in favor of a pseudonym if they want. Now the Electronic Frontier Foundation is part of the 74-member strong Nameless Coalition and has written to Facebook demanding a rethink on the ground of safety, privacy, and equality. This is far from being the first time Facebook has been called on to allow the use of 'fake names', and the latest letter is signed by LGBT groups, freedom advocates, privacy supporters, and feminist organizations.

ideonexus writes: Automakers have argued that the 1998 Digital Millennium Copyright Act makes it unlawful for researchers to review the code controlling their vehicles without the manufacturer's permission, making it extremely difficult to expose software cheats like the one Volkswagen used to fake emissions tests. Arguing that this obfuscation of code goes so far as to endanger lives at times, the Electronic Frontier Foundation (EFF) maintains that, "When you entrust your health, safety, or privacy to a device, the law shouldn't punish you for trying to understand how that device works and whether it is trustworthy."

ideonexus writes: Automakers have argued that the 1998 Digital Millennium Copyright Act makes it unlawful for researchers to review the code controlling their vehicles without the manufacturer's permission, making it extremely difficult to expose software cheats like the one Volkswagen used to fake emissions tests. Arguing that this obfuscation of code goes so far as to endanger lives at times, the Electronic Frontier Foundation (EFF) maintains that, "When you entrust your health, safety, or privacy to a device, the law shouldn't punish you for trying to understand how that device works and whether it is trustworthy."

An anonymous reader writes: As the Snowden revelations have shown, personal data stored in the United States of America is not protected from the US government, be it through warrantless eavesdropping or national security letters. In light of this, the general attorney for the Court of Justice of the European Union has just issued an opinion requiring the US to be removed from the list of "safe harbors", where the transfer of personal data of European citizens is permitted. If the court follows his opinion, the change will have deep impact in the operations of large transnational Internet companies, between a US government that wants to keep on spying, and European authorities that will punish them if they let it happen.

An anonymous reader writes: As the Snowden revelations have shown, personal data stored in the United States of America is not protected from the US government, be it through warrantless eavesdropping or national security letters. In light of this, the general attorney for the Court of Justice of the European Union has just issued an opinion requiring the US to be removed from the list of "safe harbors", where the transfer of personal data of European citizens is permitted. If the court follows his opinion, the change will have deep impact in the operations of large transnational Internet companies, between a US government that wants to keep on spying, and European authorities that will punish them if they let it happen.

New submitter zfc writes: Online tracking has become a pervasive invisible reality of the modern web. Most sites you load are likely to be full of ads, tracking pixels, social media share buttons, and other invisible trackers all harvesting data about your web browsing. These trackers use cookies and other methods to read unique IDs associated with your browser, the result being that they record all the sites you visit as you browse around the internet. This sort of tracking is invisible to most web users, meaning they never get the option to agree to or opt-out of it. Today the EFF has launched the 1.0 version of Privacy Badger, an extension designed to prevent these trackers from accessing unique info about you and your browsing.

An anonymous reader writes: Knowledge Ecology International (KEI) [Wednesday] morning released the May 2015 draft of the copyright provisions in the Trans Pacific Partnership (copyright, ISP annex, enforcement). The leak appears to be the same version that was covered by the EFF and other media outlets earlier this summer. Michael Geist unpacks the leaked documents, noting the treaty includes anti-circumvention rules that extend beyond the WIPO Internet treaties, new criminal rules, the extension of copyright term for countries like Canada and Japan, increased border measures, mandatory statutory damages in all countries, and expanding ISP liability rules, including the prospect of website blocking for Canada.

An anonymous reader writes: The Electronic Frontier Foundation, privacy company Disconnect, and several other organizations are publishing a new DNT standard. Partners in the coalition include: publishing site Medium, analytics service Mixpanel, AdBlock, and private search engine DuckDuckGo. Thought it's still a voluntary policy, the EFF hopes the new proposed standard will provide users better privacy online. "We are greatly pleased that so many important Web services are committed to this powerful new implementation of Do Not Track, giving their users a clear opt-out from stealthy online tracking and the exploitation of their reading history," said EFF Chief Computer Scientist Peter Eckersley. "These companies understand that clear and fair practices around analytics and advertising are essential not only for privacy but for the future of online commerce."

New submitter Neil_Brown writes: The Supreme Court of the United States has today denied Google's request to appeal against the Court of Appeals for the Federal Circuit's ruling (PDF) that the structure, sequence and organization of 37 of Oracle's APIs (application program interfaces) was capable of copyright protection. The case is not over, as Google can now seek to argue that, despite the APIs being restricted by copyright, its handling amounts to "fair use". Professor Pamela Samuelson has previously commented (PDF) on the implications if SCOTUS declined to hear the appeal. The Verge reports: "A district court ruled in Google's favor back in 2012, calling the API "a utilitarian and functional set of symbols" that couldn't be tied up by copyrights. Last May, a federal appeals court overturned that ruling by calling the Java API copyrightable. However, the court said that Google could still have lawfully used the APIs under fair use, sending the case back to a lower court to argue the issue. That's where Google will have to go next, now that the Supreme Court has declined to hear the issue over copyright itself.

angry tapir writes: Privacy advocates are sounding the alarm over a potential policy change (PDF) that would prevent some people from registering website addresses without revealing their personal information. ICANN, the regulatory body that oversees domain names, has asked for public comment on whether it should prohibit the private registration of domains which are "associated with commercial activities and which are used for online financial transactions."

HughPickens.com writes: Cindy Cohn writes at EFF that when a criminal started lacing Tylenol capsules with cyanide in 1982, Johnson & Johnson quickly sprang into action to ensure consumer safety. It increased its internal production controls, recalled the capsules, offered an exchange for tablets, and within two months started using triple-seal tamper-resistant packaging. Congress ultimately passed an anti-tampering law but the focus of the response from both the private and the public sector was on ensuring that consumers remained safe and secure, rather than on catching the perpetrator. Indeed, the person who did the tampering was never caught.

According to Cohn the story of the Tylenol murders comes to mind as Congress considers the latest cybersecurity and data breach bills. To folks who understand computer security and networks, it's plain that the key problem are our vulnerable infrastructure and weak computer security, much like the vulnerabilities in Johnson & Johnson's supply chain in the 1980s. As then, the failure to secure our networks, the services we rely upon, and our individual computers makes it easy for bad actors to step in and "poison" our information. The way forward is clear: We need better incentives for companies who store our data to keep it secure. "Yet none of the proposals now in Congress are aimed at actually increasing the safety of our data. Instead, the focus is on "information sharing," a euphemism for more surveillance of users and networks," writes Cohn. "These bills are not only wrongheaded, they seem to be a cynical ploy to use the very real problems of cybersecurity to advance a surveillance agenda, rather than to actually take steps to make people safer." Congress could step in and encourage real security for users—by creating incentives for greater security, a greater downside for companies that fail to do so and by rewarding those companies who make the effort to develop stronger security. "It's as if the answer for Americans after the Tylenol incident was not to put on tamper-evident seals, or increase the security of the supply chain, but only to require Tylenol to "share" its customer lists with the government and with the folks over at Bayer aspirin," concludes Cohn. "We wouldn't have stood for such a wrongheaded response in 1982, and we shouldn't do so now."

New submitter Steven King writes with a link to The Daily Dot's report that the U.S. Senate has rejected the controversial USA Freedom Act, thus "all but guaranteeing that key provisions of the USA Patriot Act will expire"; had it passed, the bill would have allowed continued use of some mass data-collection practices, but with the addition of stronger oversight. From the article: The Senate failed to reach agreement on passage of the USA Freedom Act, a bill to reauthorize and reform Section 215 of the USA Patriot Act, which the government has used to conduct bulk surveillance of Americans' phone records. The House of Representatives passed the bill last week by an overwhelming bipartisan majority, but Senate Democrats, who unified behind the bill, did not get enough Republican votes to assure passage. The linked piece also mentions that the EFF shifted its position on this bill, after a panel of Federal judges ruled that the Feds at the NSA had overstepped their bounds in collecting a seemingly unlimited trove of metadata relating to American citizen's phone calls.

Florida-based JPay has a specialized business model and an audience that is at least in part a (literally) captive one: the company specializes in logistics and communications services involving prisons and prisoners, ranging from payment services to logistics to electronic communications with prisoners. Now, via Cory Doctorow at Boing Boing comes a report from the EFF that the company has back-pedaled on a particularly strange aspect of the terms under which the company provided messaging services for prisoners: namely, JPay's terms of service made exhaustive copyright claims on messages sent by prisoners, claiming rights to "all content, whether it be text, images, or video" send via the service. That language has now been excised, but not in time to prevent at least one bad outcome; from the EFF's description: [Valerie] Buford has been running a social media campaign to overturn her [brother, Leon Benson's] murder conviction. However, after Buford published a videogram that her brother recorded via JPay to Facebook, prison administrators cut off her access to the JPay system, sent Benson to solitary confinement, and stripped away some of his earned "good time." To justify the discipline, prison officials said they were enforcing JPay's intellectual property rights and terms of service.

eldavojohn writes: The staggering ingenuity of the U.S. Patent system has again been showcased by the EFF's analysis of recent patents. This week's patent and follow-up patent cover the futuristic innovative idea that when you order something, you can update your order and add additional amounts to your order while it's being processed. But wait, it gets even more innovative! You may one day be able to even to notify when you would like it delivered — on your phone! I know, you're busy wiping all that brain matter off your screen as your head seems to have exploded. Well, it turns out that inventor and patent holder Scott Horstemeyer (aka Eclipse IP, LLC of Delray Beach, FL) found no shortage of targets to go after with his new patents. It appears Tiger Fitness (and every other online retailer) was sending notices to customers about shipments. Did I mention Horstemeyer is a lawyer too? But not just a regular lawyer, a "SUPER lawyer" from the same firm that patented social networking in 2007, sued Uber for using location finding technologies in 2013 and sued Overstock.com as well as a small time shoe seller for using shipping notifications in 2014. A related article at Vox makes this case: "The primary problem with the patent system is, well, the patent system. The system makes it too easy to get broad, vague patents, and the litigation process is tilted too far toward plaintiffs. But because so many big companies make so much money off of this system, few in Congress are willing to consider broader reforms."