aggregator

15 Asia-Pacific Countries Form World's Largest Trade Bloc, Exclude the US

Slashdot - Your Rights Online - N, 2020-11-15 23:41
"Fifteen Asia-Pacific economies formed the world's largest free trade bloc on Sunday," reports CNBC, "a China-backed deal that excludes the United States, which had left a rival Asia-Pacific grouping under President Donald Trump." Amid questions over Washington's engagement in Asia, the Regional Comprehensive Economic Partnership (RCEP) may cement China's position more firmly as an economic partner with Southeast Asia, Japan and Korea, putting the world's second-biggest economy in a better position to shape the region's trade rules... RCEP could help Beijing cut its dependence on overseas markets and technology, a shift accelerated by a deepening rift with Washington, said Iris Pang, ING chief economist for Greater China. RCEP groups the 10-member Association of Southeast Asian Nations (ASEAN), China, Japan, South Korea, Australia and New Zealand. It aims in coming years to progressively lower tariffs across many areas... RCEP will account for 30% of the global economy, 30% of the global population and reach 2.2 billion consumers, Vietnam said... "For the first time, China and Japan reached a bilateral tariff reduction arrangement, achieving a historic breakthrough," China's finance ministry said in a statement, without giving further details. The deal marks the first time rival East Asian powers China, Japan and South Korea have been in a single free trade agreement.

Read more of this story at Slashdot.

Cheating-Detection Software Provokes 'School-Surveillance Revolt'

Slashdot - Your Rights Online - N, 2020-11-15 22:34
New webcam-based anti-cheating monitoring is so stressful, it's made some students cry, the Washington Post reports: "Online proctoring" companies saw in coronavirus shutdowns a chance to capitalize on a major reshaping of education, selling schools a high-tech blend of webcam-watching workers and eye-tracking software designed to catch students cheating on their exams. They've taken in millions of dollars, some of it public money, from thousands of colleges in recent months. But they've also sparked a nationwide school-surveillance revolt, with students staging protests and adopting creative tactics to push campus administrators to reconsider the deals. Students argue that the testing systems have made them afraid to click too much or rest their eyes for fear they'll be branded as cheats... One system, Proctorio, uses gaze-detection, face-detection and computer-monitoring software to flag students for any "abnormal" head movement, mouse movement, eye wandering, computer window resizing, tab opening, scrolling, clicking, typing, and copies and pastes. A student can be flagged for finishing the test too quickly, or too slowly, clicking too much, or not enough. If the camera sees someone else in the background, a student can be flagged for having "multiple faces detected." If someone else takes the test on the same network — say, in a dorm building — it's potential "exam collusion." Room too noisy, Internet too spotty, camera on the fritz? Flag, flag, flag. As an unusually disrupted fall semester churns toward finals, this student rebellion has erupted into online war, with lawsuits, takedowns and viral brawls further shaking the anxiety-inducing backdrop of college exams. Some students have even tried to take the software down from the inside, digging through the code for details on how it monitors millions of high-stakes exams... Some students said the experience of having strangers and algorithms silently judge their movements was deeply unnerving, and many worried that even being accused of cheating could endanger their chances at good grades, scholarships, internships and post-graduation careers. Several students said they had hoped for freeing, friend-filled college years but were now resigned to hours of monitored video exams in their childhood bedrooms, with no clear end in sight.... [T]he systems' technical demands have made just taking the tests almost comically complicated. One student at Wilfrid Laurier University in Ontario shared the instructions for his online Introduction to Linear Algebra midterm: five pages, totaling more than 2,000 words, requiring students to use a special activity-monitoring Web browser and keep their face, hands and desk in view of their camera at all times... Students who break the rules or face technical difficulties can be investigated for academic misconduct. "The instructions," the student said, "are giving me more anxiety than the test itself." Company executives "say a semester without proctors would turn online testing into a lawless wasteland" according to the article. But one long-time teacher counters that "the most clear value conveyed to students is 'We don't trust you.'" Yet the education tech nonprofit Educause reported that 54% of higher education institutions they'd surveyed "are currently using online or remote proctoring services. "And another 23% are planning or considering using them."

Read more of this story at Slashdot.

Aaron Swartz's Memory Honored with Virtual Hackathon

Slashdot - Your Rights Online - N, 2020-11-15 20:34
Saturday saw 2020's virtual observation of the annual Aaron Swartz Day and International Hackathon, which the EFF describes as "a day dedicated to celebrating the continuing legacy of activist, programmer, and entrepreneur Aaron Swartz." Its official web site notes the wide-ranging event includes "projects and ideas that are still bearing fruit to this day, such as SecureDrop, Open Library, and the Aaron Swartz Day Police Surveillance Project." The event even included a virtual session for the Atlas of Surveillance project which involved documenting instances of law enforcement using surveillance technologies like social media monitoring, automated license plate readers, and body-worn cameras. And EFF special advisor Cory Doctorow, director of strategy Danny O'Brien, and senior activist Elliot Harmon also spoke "about Aaron's legacy and how his work lives on today," according to the EFF's announcement: Aaron Swartz was a brilliant champion of digital rights, dedicated to ensuring the Internet remained a thriving ecosystem for open knowledge. EFF was proud to call him a close friend and collaborator. His life was cut short in 2013, after he was charged under the notoriously draconian Computer Fraud and Abuse Act for systematically downloading academic journal articles from the online database JSTOR. Federal prosecutors stretch this law beyond its original purpose of stopping malicious computer break-ins, reserving the right to push for heavy penalties for any behavior they don't like that happens to involve a computer. This was the case for Aaron, who was charged with eleven counts under the CFAA. Facing decades in prison, Aaron died by suicide at the age of 26. He would have turned 34 this year, on November 8. In addition to EFF projects, the hackathon will focus on projects including SecureDrop, Open Library, and the Aaron Swartz Day Police Surveillance Project. The full lineup of speakers includes Aaron Swartz Day co-founder Lisa Rein, SecureDrop lead Mickael E., researcher Mia Celine, Lucy Parsons Lab founder Freddy Martinez, and Brewster Kahle — co-founder of Aaron Swartz Day and the Internet Archive. All of the presentations are now online.

Read more of this story at Slashdot.

Credit Card Numbers For Millions of Hotel Guests Exposed By Misconfigured Cloud Database

Slashdot - Your Rights Online - N, 2020-11-15 13:34
"A widely used hotel reservation platform has exposed 10 million files related to guests at various hotels around the world, thanks to a misconfigured Amazon Web Services S3 bucket," reports Threatpost. "The records include sensitive data, including credit-card details." Prestige Software's "Cloud Hospitality" is used by hotels to integrate their reservation systems with online booking websites like Expedia and Booking.com. The incident has affected 24.4 GB worth of data in total, according to the security team at Website Planet, which uncovered the bucket. Many of the records contain data for multiple hotel guests that were grouped together on a single reservation; thus, the number of people exposed is likely well over the 10 million, researchers said. Some of the records go back to 2013, the team determined — but the bucket was still "live" and in use when it was discovered this month. "The company was storing years of credit-card data from hotel guests and travel agents without any protection in place, putting millions of people at risk of fraud and online attacks," according to the firm, in a recent notice on the issue. "The S3 bucket contained over 180,000 records from August 2020 alone...." The records contain a raft of information, Website Planet said, including full names, email addresses, national ID numbers and phone numbers of hotel guests; card numbers, cardholder names, CVVs and expiration dates; and reservation details, such as the total cost of hotel reservations, reservation number, dates of a stay, special requests made by guests, number of people, guest names and more. The exposure affects a wide number of platforms, with data related to reservations made through Amadeus, Booking.com, Expedia, Hotels.com, Hotelbeds, Omnibees, Sabre and more.... A too-large percentage of cloud databases containing highly sensitive information are publicly available, an analysis in September found. The study from Comparitch showed that 6 percent of all Google Cloud buckets are misconfigured and left open to the public internet, for anyone to access their contents.

Read more of this story at Slashdot.

EFF Launches New Podcast: How to Fix the Internet

Slashdot - Your Rights Online - N, 2020-11-15 02:34
"EFF is launching How to Fix the Internet, a new podcast mini-series to examine potential solutions to six ills facing the modern digital landscape," announces EFF.org: Over the course of 6 episodes, we'll consider how current tech policy isn't working well for users and invite experts to join us in imagining a better future... It's easy to see all the things wrong with the modern Internet, and how the reality of most peoples' experience online doesn't align with the dreams of its early creators. How did we go astray and what should we do now? And what would our world look like if we got it right...? In each episode, we are joined by a guest to examine how the current system is failing, consider different possibilities for solutions, and imagine a better future. After all, we can't build a better world unless we can imagine it. We are launching the podcast with two episodes: The Secret Court Approving Secret Surveillance, featuring the Cato Institute's specialist in surveillance legal policy Julian Sanchez; and Why Does My Internet Suck?, featuring Gigi Sohn, one of the nation's leading advocates for open, affordable, and democratic communications networks. Future episodes will be released on Tuesdays. Other topics to be covered by the podcast mini-series: The third-party doctrine [which asserts "no reasonable expectation of privacy"]Barriers to interoperable technologyLaw enforcement's use of face recognition technology Digital first sale and the resale of intellectual property

Read more of this story at Slashdot.

Election Was Most Secure In American History, US Officials Say

Slashdot - Your Rights Online - So, 2020-11-14 04:02
"The Nov. 3rd election was the most secure in American history," state and federal election officials said in a statement Thursday. "There is no evidence that any voting system deleted or lost votes, changed votes, or was in any way compromised." Bloomberg reports: The statement acknowledged the "many unfounded claims and opportunities for misinformation about the process of our elections" and urged Americans to turn to election administrators and officials for accurate information. The statement was signed by officials from the Elections Infrastructure Government Coordinating Council, which shares information among state, local and federal officials, and the Election Infrastructure Sector Coordinating Council, which includes election infrastructure owners and operators. Among the 10 signatories were Benjamin Hovland, who chairs the U.S. Election Assistance Commission, and Bob Kolasky, the assistant director of the Cybersecurity and Infrastructure Security Agency, part of the Department of Homeland Security. Key officials at the cybersecurity agency, including its head, Christopher Krebs, are stepping down or expecting to get fired as Trump refuses to concede. Krebs, who has enjoyed bipartisan support for his role in helping run secure U.S. elections in 2018 and 2020, has told associates he expects to be dismissed, according to three people familiar with internal discussions. His departure would follow the resignation of Bryan Ware, assistant director for cybersecurity at CISA, who resigned on Thursday morning after about two years at the agency. In addition, Valerie Boyd, the assistant secretary for international affairs at the Department of Homeland Security, which oversees CISA, has also left, according to two other people. Krebs and Ware are both Trump appointees.

Read more of this story at Slashdot.

Your Computer Isn't Yours

Slashdot - Your Rights Online - Pt, 2020-11-13 19:26
Security researcher Jeffrey Paul, writes in a blog post: On modern versions of macOS, you simply can't power on your computer, launch a text editor or eBook reader, and write or read, without a log of your activity being transmitted and stored. It turns out that in the current version of the macOS, the OS sends to Apple a hash (unique identifier) of each and every program you run, when you run it. Lots of people didn't realize this, because it's silent and invisible and it fails instantly and gracefully when you're offline, but today the server got really slow and it didn't hit the fail-fast code path, and everyone's apps failed to open if they were connected to the internet. Because it does this using the internet, the server sees your IP, of course, and knows what time the request came in. An IP address allows for coarse, city-level and ISP-level geolocation, and allows for a table that has the following headings: Date, Time, Computer, ISP, City, State, Application Hash; Apple (or anyone else) can, of course, calculate these hashes for common programs: everything in the App Store, the Creative Cloud, Tor Browser, cracking or reverse engineering tools, whatever. This means that Apple knows when you're at home. When you're at work. What apps you open there, and how often. They know when you open Premiere over at a friend's house on their Wi-Fi, and they know when you open Tor Browser in a hotel on a trip to another city. "Who cares?" I hear you asking. Well, it's not just Apple. This information doesn't stay with them: These OCSP requests are transmitted unencrypted. Everyone who can see the network can see these, including your ISP and anyone who has tapped their cables. These requests go to a third-party CDN run by another company, Akamai. Since October of 2012, Apple is a partner in the US military intelligence community's PRISM spying program, which grants the US federal police and military unfettered access to this data without a warrant, any time they ask for it. In the first half of 2019 they did this over 18,000 times, and another 17,500+ times in the second half of 2019. This data amounts to a tremendous trove of data about your life and habits, and allows someone possessing all of it to identify your movement and activity patterns. For some people, this can even pose a physical danger to them. Now, it's been possible up until today to block this sort of stuff on your Mac using a program called Little Snitch (really, the only thing keeping me using macOS at this point). In the default configuration, it blanket allows all of this computer-to-Apple communication, but you can disable those default rules and go on to approve or deny each of these connections, and your computer will continue to work fine without snitching on you to Apple. The version of macOS that was released today, 11.0, also known as Big Sur, has new APIs that prevent Little Snitch from working the same way. The new APIs don't permit Little Snitch to inspect or block any OS level processes. Additionally, the new rules in macOS 11 even hobble VPNs so that Apple apps will simply bypass them.

Read more of this story at Slashdot.

Six Reasons Why Google Maps Is the Creepiest App On Your Phone

Slashdot - Your Rights Online - Pt, 2020-11-13 02:02
VICE has highlighted six reasons why Google Maps is the creepiest app on your phone. An anonymous reader shares an excerpt from the report: 1. Google Maps Wants Your Search History: Google's "Web & App Activity" settings describe how the company collects data, such as user location, to create a faster and "more personalized" experience. In plain English, this means that every single place you've looked up in the app -- whether it's a strip club, a kebab shop or your moped-riding drug dealer's location -- is saved and integrated into Google's search engine algorithm for a period of 18 months. Google knows you probably find this creepy. That's why the company uses so-called "dark patterns" -- user interfaces crafted to coax us into choosing options we might not otherwise, for example by highlighting an option with certain fonts or brighter colors. 2. Google Maps Limits Its Features If You Don't Share Your Search History: If you open your Google Maps app, you'll see a circle in the top right corner that signifies you're logged in with your Google account. That's not necessary, and you can simply log out. Of course, the log out button is slightly hidden, but can be found like this: click on the circle > Settings > scroll down > Log out of Google Maps. Unfortunately, Google Maps won't let you save frequently visited places if you're not logged into your Google account. If you choose not to log in, when you click on the search bar you get a "Tired of typing?" button, suggesting you sign in, and coaxing you towards more data collection. 3. Google Maps Can Snitch On You: Another problematic feature is the "Google Maps Timeline," which "shows an estimate of places you may have been and routes you may have taken based on your Location History." With this feature, you can look at your personal travel routes on Google Maps, including the means of transport you probably used, such as a car or a bike. The obvious downside is that your every move is known to Google, and to anyone with access to your account. And that's not just hackers -- Google may also share data with government agencies such as the police. [...] If your "Location History" is on, your phone "saves where you go with your devices, even when you aren't using a specific Google service," as is explained in more detail on this page. This feature is useful if you lose your phone, but also turns it into a bonafide tracking device. 4. Google Maps Wants to Know Your Habits: Google Maps often asks users to share a quick public rating. "How was Berlin Burger? Help others know what to expect," suggests the app after you've picked up your dinner. This feels like a casual, lighthearted question and relies on the positive feeling we get when we help others. But all this info is collected in your Google profile, making it easier for someone to figure out if you're visiting a place briefly and occasionally (like on holiday) or if you live nearby. 5. Google Maps Doesn't Like It When You're Offline: Remember GPS navigation? It might have been clunky and slow, but it's a good reminder that you don't need to be connected to the internet to be directed. In fact, other apps offer offline navigation. On Google, you can download maps, but offline navigation is only available for cars. It seems fairly unlikely the tech giant can't figure out how to direct pedestrians and cyclists without internet. 6. Google Makes It Seem Like This Is All for Your Own Good: "Providing useful, meaningful experiences is at the core of what Google does," the company says on its website, adding that knowing your location is important for this reason. They say they use this data for all kinds of useful things, like "security" and "language settings" -- and, of course, selling ads. Google also sells advertisers the possibility to evaluate how well their campaigns reached their target (that's you!) and how often people visited their physical shops "in an anonymized and aggregated manner". But only if you opt in (or you forget to opt out).

Read more of this story at Slashdot.

Commerce Department Announces Stay of TikTok Shutdown Order

Slashdot - Your Rights Online - Cz, 2020-11-12 23:20
The Commerce Department said Thursday that it won't enforce its order that would have effectively forced the Chinese-owned TikTok video-sharing app to shut down, citing a federal court ruling in Philadelphia. From a report: The department's action delays implementation of a regulation, set to take effect Thursday, that would have barred U.S. companies such as Apple from offering TikTok as a mobile app, and companies including Amazon.com and Alphabet from offering web-hosting service for TikTok -- moves that would effectively make it inoperable. In making its decision, the Commerce Department cited a preliminary injunction against the shutdown last month by U.S. District Judge Wendy Beetlestone in Philadelphia in a suit brought by three TikTok stars: comedian Douglas Marland, fashion guru Cosette Rinab and musician Alex Chambers. The Commerce Department statement said that the shutdown order won't go into effect "pending further legal developments." In the Philadelphia case, Judge Beetlestone said the government action "presents a threat to the 'robust exchange of informational materials'" and therefore likely exceeds the government's authority under the International Emergency Economic Powers Act, the law the Trump administration has relied on to take action against TikTok. Two other court cases are pending. TikTok has filed its own request for an injunction for the shutdown in a case before U.S. District Judge Carl Nichols in Washington.

Read more of this story at Slashdot.

Law Enforcement Use of Face Recognition Systems Threatens Civil Liberties, Disproportionately Affects People of Color: EFF Report

Electronic Frontier Foundation - Cz, 2018-02-15 17:45

San Francisco, California—Face recognition—fast becoming law enforcement’s surveillance tool of choice—is being implemented with little oversight or privacy protections, leading to faulty systems that will disproportionately impact people of color and may implicate innocent people for crimes they didn’t commit, says an Electronic Frontier Foundation (EFF) report released today.

Face recognition is rapidly creeping into modern life, and face recognition systems will one day be capable of capturing the faces of people, often without their knowledge, walking down the street, entering stores, standing in line at the airport, attending sporting events, driving their cars, and utilizing public spaces. Researchers at the Georgetown Law School estimated that one in every two American adults—117 million people—are already in law enforcement face recognition systems.

This kind of surveillance will have a chilling effect on Americans’ willingness to exercise their rights to speak out and be politically engaged, the report says. Law enforcement has already used face recognition at political protests, and may soon use face recognition with body-worn cameras, to identify people in the dark, and to project what someone might look like from a police sketch or even a small sample of DNA.

Face recognition employs computer algorithms to pick out details about a person’s face from a photo or video to form a template. As the report explains, police use face recognition to identify unknown suspects by comparing their photos to images stored in databases and to scan public spaces to try to find specific pre-identified targets.

But no face recognition system is 100 percent accurate, and false positives—when a person’s face is incorrectly matched to a template image—are common. Research shows that face recognition misidentifies African Americans and ethnic minorities, young people, and women at higher rates than whites, older people, and men, respectively. And because of well-documented racially biased police practices, all criminal databases—including mugshot databases—include a disproportionate number of African-Americans, Latinos, and immigrants.

For both reasons, inaccuracies in face recognition systems will disproportionately affect people of color.

“The FBI, which has access to at least 400 million images and is the central source for facial recognition identification for federal, state, and local law enforcement agencies, has failed to address the problem of false positives and inaccurate results,” said EFF Senior Staff Attorney Jennifer Lynch, author of the report. “It has conducted few tests to ensure accuracy and has done nothing to ensure its external partners—federal and state agencies—are not using face recognition in ways that allow innocent people to be identified as criminal suspects.”

Lawmakers, regulators, and policy makers should take steps now to limit face recognition collection and subject it to independent oversight, the report says. Legislation is needed to place meaningful checks on government use of face recognition, including rules limiting retention and sharing, requiring notification when face prints are collected, ensuring robust security procedures to prevent data breaches, and establishing legal processes governing when law enforcement may collect face images from the public without their knowledge, the report concludes.

“People should not have to worry that they may be falsely accused of a crime because an algorithm mistakenly matched their photo to a suspect. They shouldn’t have to worry that their data will end up in the hands of identity thieves because face recognition databases were breached. They shouldn’t have to fear that their every move will be tracked if face recognition is linked to the networks of surveillance cameras that blanket many cities,” said Lynch. “Without meaningful legal protections, this is where we may be headed.”

For the report:

Online version: https://www.eff.org/wp/law-enforcement-use-face-recognition

PDF version: https://www.eff.org/files/2018/02/15/face-off-report-1b.pdf

One pager on facial recognition: https://www.eff.org/document/facial-recognition-one-pager

Contact: Jennifer Lynch

Catalog of Missing Devices Illustrates Gadgets that Could and Should Exist

Electronic Frontier Foundation - Pt, 2018-02-02 01:43

San Francisco - The Electronic Frontier Foundation (EFF) has launched its “Catalog of Missing Devices”—a project that illustrates the gadgets that could and should exist, if not for bad copyright laws that prevent innovators from creating the cool new tools that could enrich our lives.

“The law that is supposed to restrict copying has instead been misused to crack down on competition, strangling a future’s worth of gadgets in their cradles,” said EFF Special Advisor Cory Doctorow. “But it’s hard to notice what isn’t there. We’re aiming to fix that with this Catalog of Missing Devices. It’s a collection of tools, services, and products that could have been, and should have been, but never were.”

The damage comes from Section 1201 of the Digital Millennium Copyright Act (DMCA 1201), which covers digital rights management software (DRM). DRM was designed to block software counterfeiting and other illegal copying, and Section 1201 bans DRM circumvention. However, businesses quickly learned that by employing DRM they could thwart honest competitors from creating inter-operative tools.

Right now, that means you could be breaking the law just by doing something as simple as repairing your car on your own, without the vehicle-maker’s pricey tool. Other examples include rightsholders forcing you to buy additional copies of movies you want to watch on your phone—instead of allowing you to rip the DVD you already own and are entitled to watch—or manufacturers blocking your printer from using anything but their official ink cartridges.

But that’s just the beginning of what consumers are missing. The Catalog of Missing Devices imagines things like music software that tailors your listening to what you are reading on your audiobook, or a gadget that lets parents reprogram talking toys to replace canned, meaningless messaging.

“Computers aren’t just on our desktops or in our pockets—they are everywhere, and so is the software that runs them,” said EFF Legal Director Corynne McSherry. “We need to fix the laws that choke off competition and innovation with no corresponding benefit.”

The Catalog of Missing Devices is part of EFF’s Apollo 1201 project, dedicated to eradicating all DRM from the world. A key step is eliminating laws like DMCA 1201, as well as the international versions of this legislation that the U.S. has convinced its trading partners to adopt.

For the Catalog of Missing Devices:
https://www.eff.org/missing-devices

Contact: Cory DoctorowCorynne McSherry

EFF and ACLU Ask Court to Allow Legal Challenge to Proceed Against Warrantless Searches of Travelers’ Smartphones, Laptops

Electronic Frontier Foundation - Pt, 2018-01-26 23:38

Boston, Massachusetts—The Electronic Frontier Foundation (EFF) and the American Civil Liberties Union (ACLU) urged a federal judge today to reject the Department of Homeland Security’s attempt to dismiss an important lawsuit challenging DHS’s policy of searching and confiscating, without suspicion or warrant, travelers’ electronic devices at U.S. borders.

EFF and ACLU represent 11 travelers—10 U.S. citizens and one lawful permanent resident—whose smartphones and laptops were searched without warrants at the U.S. border in a groundbreaking lawsuit filed in September. The case, Alasaad v. Nielsen, asks the court to rule that the government must have a warrant based on probable cause before conducting searches of electronic devices, which contain highly detailed personal information about people’s lives. The case also argues that the government must have probable cause to confiscate a traveler’s device.

The plaintiffs in the case include a military veteran, journalists, students, an artist, a NASA engineer, and a business owner. The government seeks dismissal, saying the plaintiffs don’t have the right to bring the lawsuit and the Fourth Amendment doesn’t apply to border searches. Both claims are wrong, the EFF and ACLU explain in a brief filed today in federal court in Boston.

First, the plaintiffs have “standing” to seek a court order to end unconstitutional border device searches because they face a substantial risk of having their devices searched again. This means they are the right parties to bring this case and should be able to proceed to the merits. Four plaintiffs already have had their devices searched multiple times.

Immigration and Customs Enforcement (ICE) policy allows border agents to search and confiscate anyone’s smartphone for any reason or for no reason at all. Customs and Border Protection (CBP) policy allows border device searches without a warrant or probable cause, and usually without even reasonable suspicion. Last year, CBP conducted more than 30,000 border device searches, more than triple the number just two years earlier.

“Our clients are travelers from all walks of life. The government policies that invaded their privacy in the past are enforced every day at airports and border crossings around the country,” said EFF Staff Attorney Sophia Cope. “Because the plaintiffs face being searched in the future, they have the right to proceed with said Cope.

Second, the plaintiffs argue that the Fourth Amendment requires border officers to get a warrant before searching a traveler’s electronic device. This follows from the Supreme Court’s 2014 decision in Riley v. California requiring that police officers get a warrant before searching an arrestee’s cell phone. The court explained that cell phones contain the “privacies of life”—a uniquely large and varied amount of highly sensitive information, including emails, photos, and medical records. This is equally true for international travelers, the vast majority of whom are not suspected of any crime. Warrantless border device searches also violate the First Amendment, because they chill freedom of speech and association by allowing the government to view people’s contacts, communications, and reading material.

“Searches of electronic devices at the border are increasing rapidly, causing greater numbers of people to have their constitutional rights violated,” said ACLU attorney Esha Bhandari. “Device searches can give border officers unfettered access to vast amounts of private information about our lives, and they are unconstitutional absent a warrant.”

Below is a full list of the plaintiffs along with links to their individual stories, which are also collected here:

  • Ghassan and Nadia Alasaad are a married couple who live in Massachusetts, where he is a limousine driver and she is a nursing student.
  • Suhaib Allababidi, who lives in Texas, owns and operates a business that sells security technology, including to federal government clients.
  • Sidd Bikkannavar is an optical engineer for NASA’s Jet Propulsion Laboratory in California.
  • Diane Maye is a college professor and former captain in the U. S. Air Force living in Florida.
  • Zainab Merchant, from Florida, is a writer and a graduate student in international security and journalism at Harvard.

For the brief:
https://www.eff.org/document/alasaad-v-nielsen-opposition-motion-dismiss

For more EFF information on this case:
https://www.eff.org/cases/alasaad-v-duke 

For more ACLU information on this case:
https://www.aclu.org/news/aclu-eff-sue-over-warrantless-phone-and-laptop-searches-us-border

For more on privacy at the border:
https://www.eff.org/wp/digital-privacy-us-border-2017

Contact: Sophia CopeAdam SchwartzJosh Bell

EFF Asks Ninth Circuit Appeals Court To Strengthen Privacy Protections Of Smart Phones At The Border

Electronic Frontier Foundation - So, 2018-01-20 01:20

San Diego, California—The Electronic Frontier Foundation (EFF) urged the U.S. Ninth Circuit Court of Appeals to further limit the government’s ability to conduct highly intrusive searches of electronic devices at the border by requiring federal agents to obtain a warrant if they want to access the contents of travelers’ phones.

“The Ninth Circuit four years ago issued an important ruling requiring officials to show they have reasonable suspicion of criminal activity to forensically search digital devices. While that was an improvement over the government’s prior practice of conducting suspicionless searches, the court didn’t go far enough,” said EFF Staff Attorney Sophia Cope. “We are now asking the Ninth Circuit to bar warrantless device searches at the border.”

“Our electronic devices contain texts, emails, photos, contact lists, work documents, and other communications that reveal intimate details of our private lives. Our privacy interests in this material is tremendous. Requiring a warrant is a critical step in making sure our Fourth Amendment protections survive into the digital age,” said Cope.

The Ninth Circuit is being asked to throw out evidence obtained through a warrantless forensic search of the defendant’s cell phone at the U.S.-Mexico border in southern California. The case, U.S. v. Cano, is a drug prosecution and the first before the Ninth Circuit since the U.S. Supreme Court ruled that because devices hold “the privacies of life,” police need a warrant to search the phones of people who are arrested.

In an amicus brief filed today in U.S. v. Cano, EFF urged the court to recognize that people traveling through our international borders deserve the same privacy protections that the Supreme Court has extended to arrestees. The Ninth Circuit’s rulings apply to states in the west and southwest, several of whom share borders with Mexico and Canada,

Warrantless border searches of luggage have been allowed under an exception to the Fourth Amendment for routine immigration and customs enforcement. But since digital devices provide so much more highly personal, private information than what is traditionally carried in a suitcase, agents should be required to show a judge that they have probable cause to believe that the device contains evidence of a violation of the immigration or customs laws, EFF said in the brief.

Digital device searches at the border have more than tripled since the inauguration of President Trump. This increase, along with the increasing number of people who carry these devices while traveling, has highlighted the need for stronger privacy rights while crossing the U.S. border. Last year, EFF and ACLU filed a lawsuit in Boston against the federal government on behalf of 11 travelers whose smartphones and other electronic devices were searched without a warrant at the U.S. border.

“Digital devices differ wildly from luggage and other physical items a person carries across the border,” said EFF Senior Staff Attorney Adam Schwartz. “Now is the time to apply the full force of constitutional privacy protections to digital devices.”

For the brief:
https://www.eff.org/document/eff-amicus-brief-us-v-cano

For more on privacy at the border:
https://www.eff.org/wp/digital-privacy-us-border-2017

Contact: Sophia CopeAdam Schwartz

EFF to Court: Linking Is Not Copyright Infringement

Electronic Frontier Foundation - Cz, 2018-01-18 19:58

Los Angeles, California—Playboy Entertainment's lawsuit accusing acclaimed website Boing Boing of copyright infringement—for doing nothing more than reporting on a historical collection of Playboy centerfolds—is groundless and should be thrown out, the Electronic Frontier Foundation (EFF) told a federal court today.

As EFF and co-counsel Durie Tangri LLP explain in a request to dismiss the lawsuit filed on behalf of Boing Boing owner Happy Mutants LLC, Playboy’s copyright claim seeks to punish Boing Boing for commenting on and linking to an archive of Playboy “playmate” centerfold images that a third party posted. The blog contained links to an imgur.com page and YouTube video—neither of which were created by Boing Boing. But courts have long recognized that simply linking to content on the web isn’t unlawful.

“Boing Boing didn’t upload, publish, host, or store any images that Playboy owns, didn’t control the images, and didn’t contribute to the infringement of any Playboy copyrights,” said EFF Legal Director Corynne McSherry. “It’s frankly mystifying that an entertainment company that has often fought to defend free speech rights  is trying to punish Boing Boing for doing what has made it a leading online source of news and commentary: unique and groundbreaking reporting on art, science, and popular culture.”

“Boing Boing’s reporting and commenting on the Playboy photos is protected by copyright’s fair use doctrine,” said EFF Senior Staff Attorney Daniel Nazer. “We’re asking the court to dismiss this deeply flawed lawsuit. Journalists, scientists, researchers, and everyday people on the web have the right to link to material, even copyrighted material, without having to worry about getting sued.”

For the brief:
https://www.eff.org/document/playboy-v-happy-mutants-eff-mtd

For more on fair use:
https://www.eff.org/issues/intellectual-property

Contact: Corynne McSherryDaniel Nazer

EFF and Lookout Uncover New Malware Espionage Campaign Infecting Thousands Around the World

Electronic Frontier Foundation - Cz, 2018-01-18 18:15

San Francisco – The Electronic Frontier Foundation (EFF) and mobile security company Lookout have uncovered a new malware espionage campaign infecting thousands of people in more than 20 countries. Hundreds of gigabytes of data has been stolen, primarily through mobile devices compromised by fake secure messaging clients.

The trojanized apps, including Signal and WhatsApp, function like the legitimate apps and send and receive messages normally. However, the fake apps also allow the attackers to take photos, retrieve location information, capture audio, and more.

The threat, called Dark Caracal by EFF and Lookout researchers, may be a nation-state actor and appears to employ shared infrastructure which has been linked to other nation-state actors. In a new report, EFF and Lookout trace Dark Caracal to a building belonging to the Lebanese General Security Directorate in Beirut.

“People in the U.S., Canada, Germany, Lebanon, and France have been hit by Dark Caracal. Targets include military personnel, activists, journalists, and lawyers, and the types of stolen data range from call records and audio recordings to documents and photos,” said EFF Director of Cybersecurity Eva Galperin. “This is a very large, global campaign, focused on mobile devices. Mobile is the future of spying, because phones are full of so much data about a person’s day-to-day life.”

“Dark Caracal is part of a trend we’ve seen mounting over the past year whereby traditional APT actors are moving toward using mobile as a primary target platform,” said Mike Murray, Vice President of Security Intelligence at Lookout. “The Android threat we identified, as used by Dark Caracal, is one of the first globally active mobile APTs we have spoken publicly about.”

Dark Caracal has been operating since at least 2012. However, one reason it has been hard to track is the diversity of seemingly unrelated espionage campaigns originating from the same domain names. The researchers believe that Dark Caracal is only one of a number of different global attackers using this infrastructure. Over the years, Dark Caracal’s work has been repeatedly misattributed to other cybercrime groups. In fact, EFF’s Operation Manul report from 2016 misidentified espionage from these servers as coming from the Indian security company Appin.

“One of the interesting things about this ongoing attack is that it doesn’t require a sophisticated or expensive exploit. Instead, all Dark Caracal needed was application permissions that users themselves granted when they downloaded the apps, not realizing that they contained malware,” said EFF Staff Technologist Cooper Quintin. “This research shows it’s not difficult to create a strategy allowing people and governments to spy on targets around the world.”

For the full report:
https://www.lookout.com/info/ds-dark-caracal-ty

For more on Dark Caracal:
https://blog.lookout.com/dark-caracal-mobile-APT

For more on how to avoid downloading malware:
https://ssd.eff.org/en/module/how-avoid-phishing-attacks

Contact: Eva GalperinCooper Quintin

EFF Asks Copyright Office to Improve Exemptions to the Digital Millennium Copyright Act

Electronic Frontier Foundation - Wt, 2017-12-19 00:57

Washington, D.C.—The Electronic Frontier Foundation (EFF) asked the Librarian of Congress today to limit the legal barriers people face when they want to repair and modify software-enabled products, so that they—not manufacturers— control the appliances, computers, toys, vehicles, and other products they own.

In comments filed in Washington D.C. today, EFF continued its years-long fight to enable owners and creators to repair, modify, and enhance products, or use snippets of films or songs, free of onerous threats that doing so somehow infringes companies' copyrights. Software-enabled devices and Internet-connected products and appliances are ubiquitous in modern life, and people aren't infringing anyone's copyright when, for example, they choose to permanently disable the embedded, on-all-the-time camera or microphone in their kids' toys, or send their car to their favorite mechanic, rather than high-priced dealerships, to be repaired.

“It’s absurd that a law intended to protect copyrighted works is misused instead to prevent people from taking apart or modifying the things they own, inhibit scientists and researches from investigating safety features or security enhancements, and block artists and educators from using snippets of film in noncommercial ways," said EFF Legal Director Corynne McSherry. "The exemption process is one highly flawed way of alleviating that burden."

“We rely on the devices in our lives to learn and communicate, to keep us safe and get things done,” said EFF Staff Attorney Kit Walsh. “These devices should work for us and embody our preferences, not the commercial desires of their manufacturers. We, the users of these devices, should be able to decide how they affect our  lives and how we can improve and adapt them. That’s how we ensure that technology enhances our freedoms rather than undermining them.”

This year EFF petitioned the Librarian to exempt from Section 1201 of the Digital Millennium Copyright Act (DMCA) all modifications and repairs of software-enabled devices that don’t infringe copyrights. It’s also seeking exemptions that will allow people to tinker with smart speakers and digital home assistants such as Amazon Echo and Google Home. EFF is also seeking one clear, easier-to-use exemption for video excerpts that would allow educators, libraries, documentary filmmakers, remix artists, and others to use video snippets without fear of legal repercussions by copyright owners. The Librarian implements the exemption recommendations of the Copyright Office.

“Our approach is simple: we are seeking to expand the types of activities that should be exempt from Section 1201 of the DMCA to encompass repairs, modifications, enhancements, and innovations that don’t infringe copyright,” said EFF Senior Staff Attorney Mitch Stoltz. “We shouldn’t have to seek exemptions for things copyright law already allows. Instead, there should be a general rule that allows people to circumvent digital locks to do any non-infringing activity.”

For EFF’s comments:
https://www.eff.org/document/eff-1201-exemption-comments-2017-computer-program-repairs
https://www.eff.org/document/eff-1201-exemption-comments-2017-jailbreaking-0
https://www.eff.org/document/eff-1201-exemption-comments-2017-video-0
https://www.eff.org/document/huang-1201-exemption-comments-2017
https://www.eff.org/document/green-1201-exemption-comments-2017

For more on the Section 1201 exemption process:
https://www.eff.org/cases/2018-dmca-rulemaking

For more on the unintended consequences of Section 1201 of the DMCA:
https://www.eff.org/issues/dmca
https://www.eff.org/issues/dmca-rulemaking

 

Contact: Corynne McSherryKit WalshMitch Stoltz

EFF Demands Information About Secretive Government Tattoo Recognition Technology

Electronic Frontier Foundation - Cz, 2017-11-30 20:05

Washington, D.C. - The Electronic Frontier Foundation (EFF) filed suit against the Department of Justice, the Department of Commerce, and the Department of Homeland Security today, demanding records about the agencies’ work on the federal Tattoo Recognition Technology program.

This secretive program involves a coalition of government, academia, and private industry working to develop a series of algorithms that would rapidly detect tattoos, identify people via their tattoos, and match people with others who have similar body art—as well as flagging tattoos believed to be connected to religious and ethnic symbols. This type of surveillance raises profound religious, speech, and privacy concerns. Moreover, the limited information that EFF has been able to obtain about the program has already revealed a range of potentially unethical behavior, including conducting research on prisoners without approval, adequate oversight, or safeguards.

EFF filed a series of Freedom of Information Act (FOIA) requests for more information about the Tattoo Recognition Technology program, which is a National Institute of Standards and Technology (NIST) project sponsored by the FBI, beginning in January of 2016. Although the agencies released some records, they withheld others, and heavily redacted some of the documents they released. As a result, EFF is going to court today against DHS, DOJ, and NIST's parent agency, the Commerce Department, to make sure this important information is released to the public.

“These new automated tattoo recognition tools raise serious constitutional concerns,” said EFF Stanton Fellow Camille Fischer. “Tattoos have served as an expression of the self for thousands of years, and can represent our innermost thoughts, closely held beliefs, and significant moments. If law enforcement is creating a detailed database of tattoos, we have to make sure that everyone’s rights to freedom of expression are protected.”

One big danger of this surveillance is that it can create First Amendment freedom of association concerns when people are matched with others who have similar tattoos—sometimes incorrectly. For example, someone who wears a Star of David tattoo could be confused with a member of a Chicago street gang whose members also wear six-pointed-star tattoos. Recently, an immigrant was fast-tracked for deportation because immigration officials claimed he had a gang tattoo. The immigrant argued that the tattoo signified his place of birth.

“Federal researchers say they want to ‘crack the code’ of tattoos and speech, creating a powerful program that will encourage police to make assumptions about tattoo-wearers,” said EFF Staff Attorney Aaron Mackey. “But the reality is that body art is much more complex than that. The government must disclose more about this program so we can ensure that it doesn’t violate our rights.”

For the full lawsuit:
https://www.eff.org/document/tattoo-complaint

For more on tattoo recognition technology:
https://www.eff.org/deeplinks/2016/06/tattoo-recognition-research-threatens-free-speech-and-privacy
https://www.eff.org/deeplinks/2016/05/5-ways-law-enforcement-will-use-tattoo-recognition-technology

Contact: Camille FischerAaron MackeyDave Maass