aggregator

The Secret Behind Amazon's Domination in Cloud Computing

Slashdot - Your Rights Online - Pt, 2021-06-04 20:03
Amazon's massive cloud-computing unit is aggressively recruiting U.S. government officials as it pushes to make itself essential to branches such as the military and the intelligence community, POLITICO reported Friday. From the report: Since 2018, Amazon Web Services has hired at least 66 former government officials with acquisition, procurement or technology adoption experience, most hired directly away from government posts and more than half of them from the Defense Department. That's a small portion of AWS' tens of thousands of employees, but a particularly key group to its federal business. Other AWS hires have come from departments including Homeland Security, Justice, Treasury and Veterans Affairs. That's on top of more than 600 hires of government officials across all of Amazon during the same time -- itself a mark of the company's expanding footprint in the D.C. region. Amazon employs more than 1 million people overall, after adding 500,000 new jobs last year alone. The hiring spree highlights how tech companies are becoming more entrenched in the operations of the government itself -- and indispensable to Cabinet agencies and national security operations -- even as politicians shout about the danger of letting them get too powerful.

Read more of this story at Slashdot.

Dell Hit With Fraud Case Over Alienware Area-51m Upgrade Claims

Slashdot - Your Rights Online - Pt, 2021-06-04 18:01
A California man has filed for a class action lawsuit against PC manufacturer Dell, claiming that the company "intentionally misled and deceived" buyers of its Alienware Area 51-m R1 gaming laptop, which was advertised to be more upgradeable than other gaming notebooks. From a report: The plaintiff, Robert Felter, who is based in San Francisco, alleges that Dell misleads customers to believe that the laptop would be upgradeable, possibly into future generations of components. The case, Felter v. Dell Technologies, Inc. (3:21-cv-04187) has been filed with the United States District Court in the Northern District of California. The Alienware Area 51-m was announced at CES 2019 and launched soon after. (The complaint claims the announcement was made in the summer of 2019, which is incorrect.). Among the Area 51-m's biggest touted innovations were a user-replaceable CPU and GPU. At media briefings, Alienware representatives told the press that the CPU could be upgraded as long as it used Intel's Z390 chipset. The laptop used Intel's 9th Gen Core desktop processors, up to the Intel Core i9-9900K. Dell developed separate proprietary Dell Graphics Form Factor (DGFF) modules for the Nvidia graphics. The lawsuit, however, claims that consumers were told that "core components" (meaning the CPU and GPU) could be replaced beyond the current generation of hardware. "Dell's advertisement to the public didn't place any restrictions on the upgradeability of the laptop," lawyer David W. Kani said in an email to Tom's Hardware. "They also never disclosed that those with the highest spec CPU and/or GPU that their device would not be upgradeable."

Read more of this story at Slashdot.

TikTok Gives Itself Permission To Collect Biometric Data On US Users, Including 'Faceprints and Voiceprints'

Slashdot - Your Rights Online - Pt, 2021-06-04 15:00
An anonymous reader quotes a report from TechCrunch: A change to TikTok's U.S. privacy policy on Wednesday introduced a new section that says the social video app "may collect biometric identifiers and biometric information" from its users' content. This includes things like "faceprints and voiceprints," the policy explained. Reached for comment, TikTok could not confirm what product developments necessitated the addition of biometric data to its list of disclosures about the information it automatically collects from users, but said it would ask for consent in the case such data collection practices began. The biometric data collection details were introduced in the newly added section, "Image and Audio Information," found under the heading of "Information we collect automatically" in the policy. This is the part of TikTok's Privacy Policy that lists the types of data the app gathers from users, which was already fairly extensive. The first part of the new section explains that TikTok may collect information about the images and audio that are in users' content, "such as identifying the objects and scenery that appear, the existence and location within an image of face and body features and attributes, the nature of the audio, and the text of the words spoken in your User Content." The policy also notes this part of the data collection is for enabling "special video effects, for content moderation, for demographic classification, for content and ad recommendations, and for other non-personally-identifying operations," it says. The more concerning part of the new section references a plan to collect biometric data. It states: "We may collect biometric identifiers and biometric information as defined under US laws, such as faceprints and voiceprints, from your User Content. Where required by law, we will seek any required permissions from you prior to any such collection." "The statement itself is vague, as it doesn't specify whether it's considering federal law, states laws, or both," adds TechCrunch. "It also doesn't explain, as the other part did, why TikTok needs this data. It doesn't define the terms 'faceprints' or 'voiceprints.' Nor does it explain how it would go about seeking the 'required permissions' from users, or if it would look to either state or federal laws to guide that process of gaining consent."

Read more of this story at Slashdot.

Using Fake Reviews To Find Dangerous Extensions

Slashdot - Your Rights Online - Pt, 2021-06-04 00:40
Brian Krebs: Fake, positive reviews have infiltrated nearly every corner of life online these days, confusing consumers while offering an unwelcome advantage to fraudsters and sub-par products everywhere. Happily, identifying and tracking these fake reviewer accounts is often the easiest way to spot scams. Here's the story of how bogus reviews on a counterfeit Microsoft Authenticator browser extension exposed dozens of other extensions that siphoned personal and financial data. After hearing from a reader about a phony Microsoft Authenticator extension that appeared on the Google Chrome Store, KrebsOnSecurity began looking at the profile of the account that created it. There were a total of five reviews on the extension before it was removed: Three Google users gave it one star, warning people to stay far away from it; but two of the reviewers awarded it between three and four stars. "It's great!," the Google account Theresa Duncan enthused, improbably. "I've only had very occasional issues with it." "Very convenient and handing," assessed Anna Jones, incomprehensibly.

Read more of this story at Slashdot.

Apple Bolsters AirTags Privacy Measures, To Offer Android Detector App Later This Year

Slashdot - Your Rights Online - Cz, 2021-06-03 20:49
Apple said it's adjusting its approach to its AirTags sensors, changing the time they play an alert when separated from their owner, and also creating new ways to warn people an unexpected AirTag or Find My network-enabled device is nearby. From a report: The tech giant said Thursday it's begun sending out updates to its AirTags, changing the window of time they'll make noises when potentially being used to track another person. Initially, the Apple device would play in three days. Now it'll begin to play at a random time inside a window that lasts between 8 and 24 hours. To further reassure people about its AirTags, Apple said it's developing an app for Android devices that will help people "detect" an AirTag or Find My network-enabled device that may also be unsuspectedly "traveling" with them. Apple iPhones already have a similar alert system built into their devices. The Android app will be released later this year.

Read more of this story at Slashdot.

Supreme Court Narrows Scope of CFAA Computer Hacking Law

Slashdot - Your Rights Online - Cz, 2021-06-03 18:05
The United States Supreme Court has ruled today in a 6-3 vote to overturn a hacking-related conviction for a Georgia police officer, and by doing so, it also narrowed down the scope of the US' primary hacking law, the Computer Fraud and Abuse Act. From a report: The ruling, No. 19-783, comes in the Van Buren v. United States case of Nathan Van Buren, a former police sergeant in Cumming, Georgia, who was sentenced to 18 months in prison in May 2018 for taking a bribe of $5,000 to look up a license plate for a woman one of his informants met at a local strip club. Prosecutors charged Van Buren under the CFAA and argued that even if the police officer had been authorized to access the police database as part of his work duties, he "exceeded authorized access" when he performed a search against department internal policies. In subsequent appeals, Van Buren argued that the "exceeds authorized access" language in the CFAA was too broad and requested that the US Supreme Court rule on the matter, in a case the court decided to pick up and heard arguments last year.

Read more of this story at Slashdot.

Amazon's Ring Will Ask Police To Publicly Request User Videos

Slashdot - Your Rights Online - Cz, 2021-06-03 17:27
Amazon.com's Ring, long criticized for a cozy relationship with law enforcement, will start requiring the police to publicly request home security footage captured by the company's doorbells and cameras. From a report: Beginning next week, police departments that want Ring users to help with investigations will be required to make the requests in the company's Neighbors app. Previously, police officers emailed users in a dedicated portal. Ring, the leading maker of internet-connected doorbells, has put cameras on the front of millions of homes, selling residents peace of mind via smartphone. But for civil liberties groups, the cameras -- and their use by law enforcement agencies -- pose threats to Americans' privacy and civil rights. Ring has shown no signs of abandoning its relationship with the police, but in recent years has grown more transparent, publicly identifying law enforcement partners and, as of next week, letting all Neighbors users see what information is being requested.

Read more of this story at Slashdot.

Google is Making it Harder for Android Apps To Track You Once You've Opted Out

Slashdot - Your Rights Online - Cz, 2021-06-03 16:00
It's going to get harder for Android apps to track users who've opted out of receiving personalized ads, the Financial Times reports, after Google announced changes to how it'll handle the unique device identifiers that allow marketers to track them between apps. From a report: Starting later this year, Google is cutting off access to these "Advertising IDs" after a user opts out, and will show developers a "string of zeros" in its place. The news was announced in an email to Play Store developers, and Google has also updated its support page for Advertising IDs with the announcement. Google told developers the changes will "provide users with more control over their data, and help bolster security and privacy," the Financial Times reports. The change comes a few short months after Apple overhauled how advertising IDs work on iOS in an apparent attempt to compete with the new policy.

Read more of this story at Slashdot.

PayPal Shuts Down Long-Time Tor Supporter With No Recourse

Slashdot - Your Rights Online - Cz, 2021-06-03 00:50
An anonymous reader quotes a report from the Electronic Frontier Foundation: Larry Brandt, a long-time supporter of internet freedom, used his nearly 20-year-old PayPal account to put his money where his mouth is. His primary use of the payment system was to fund servers to run Tor nodes, routing internet traffic in order to safeguard privacy and avoid country-level censorship. Now Brandt's PayPal account has been shut down, leaving many questions unanswered and showing how financial censorship can hurt the cause of internet freedom around the world. Brandt first discovered his PayPal account was restricted in March of 2021. Brandt reported to EFF: "I tried to make a payment to the hosting company for my server lease in Finland. My account wouldn't work. I went to my PayPal info page which displayed a large vertical banner announcing my permanent ban. They didn't attempt to inform me via email or phone -- just the banner." Brandt was unable to get the issue resolved directly through PayPal, and so he then reached out to EFF. [...] We found no evidence of wrongdoing that would warrant shutting down his account, and we communicated our concerns to PayPal. Given that the overwhelming majority of transactions on Brandt's account were payments for servers running Tor nodes, EFF is deeply concerned that Brandt's account was targeted for shut down specifically as a result of his activities supporting Tor. We reached out to PayPal for clarification, to urge them to reinstate Brandt's account, and to educate them about Tor and its value in promoting freedom and privacy globally. PayPal denied that the shutdown was related to the concerns about Tor, claiming only that "the situation has been determined appropriately" and refusing to offer a specific explanation. After several weeks, PayPal has still refused to reinstate Brandt's account. [...] EFF is calling on PayPal to do better by its customers, and that starts by embracing the Santa Clara principles [which attempt to guide companies in centering human rights in their decisions to ban users or take down content]. Specifically, we are calling on them to: publish a transparency report, provide meaningful notice to users, and adopt a meaningful appeal process. The Tor Project said in an email: "This is the first time we have heard about financial persecution for defending internet freedom in the Tor community. We're very concerned about PayPal's lack of transparency, and we urge them to reinstate this user's account. Running relays for the Tor network is a daily activity for thousands of volunteers and relay associations around the world. Without them, there is no Tor -- and without Tor, millions of users would not have access to the uncensored internet." Brandt says he's not backing down and is still committed to supporting the Tor network to pay for servers around the world using alternative means. "Tor is of critical importance for anyone requiring anonymity of location or person," says Brandt. "I'm talking about millions of people in China, Iran, Syria, Belarus, etc. that wish to communicate outside their country but have prohibitions against such activities. We need more incentives to add to the Tor project, not fewer."

Read more of this story at Slashdot.

Alibaba's Huge Browser Business Is Harvesting The 'Private' Web Activity Of Millions Of Android And iPhone Users

Slashdot - Your Rights Online - Śr, 2021-06-02 20:05
Security researcher Gabi Cirlig's findings, verified for Forbes by two other independent researchers, reveal that on both Android and iOS versions of UC Browser, every website a user visits, regardless of whether they're in incognito mode or not, is sent to servers owned by UCWeb. From a report: Cirlig said IP addresses -- which could be used to get a user's rough location down to the town or neighborhood of the user -- were also being sent to Alibaba-controlled servers. Those servers were registered in China and carried the .cn Chinese domain name extension, but were hosted in the U.S. An ID number is also assigned to each user, meaning their activity across different websites could effectively be monitored by the Chinese company, though it's not currently clear just what Alibaba and its subsidiary are doing with the data. "This could easily fingerprint users and tie them back to their real personas," Cirlig wrote in a blog post handed to Forbes ahead of publication on Tuesday. Cirlig was able to uncover the problem by reverse engineering some encrypted data he spotted being sent back to Beijing. Once the key had been cracked, he was able to see that every time he visited a website, it was being encrypted and transmitted back to the Alibaba company. On Apple's iOS, he didn't even need to reverse engineer the encryption because there effectively was none on the device (though it was encrypted when in transit). "This kind of tracking is done on purpose without any regard for user privacy," Cirlig told Forbes. When compared to Google's own Chrome browser, for instance, it does not transfer user web browsing habits when in incognito. Cirlig said he'd looked at other major browsers and found none did the same as UC Browser.

Read more of this story at Slashdot.

Law Enforcement Use of Face Recognition Systems Threatens Civil Liberties, Disproportionately Affects People of Color: EFF Report

Electronic Frontier Foundation - Cz, 2018-02-15 17:45

San Francisco, California—Face recognition—fast becoming law enforcement’s surveillance tool of choice—is being implemented with little oversight or privacy protections, leading to faulty systems that will disproportionately impact people of color and may implicate innocent people for crimes they didn’t commit, says an Electronic Frontier Foundation (EFF) report released today.

Face recognition is rapidly creeping into modern life, and face recognition systems will one day be capable of capturing the faces of people, often without their knowledge, walking down the street, entering stores, standing in line at the airport, attending sporting events, driving their cars, and utilizing public spaces. Researchers at the Georgetown Law School estimated that one in every two American adults—117 million people—are already in law enforcement face recognition systems.

This kind of surveillance will have a chilling effect on Americans’ willingness to exercise their rights to speak out and be politically engaged, the report says. Law enforcement has already used face recognition at political protests, and may soon use face recognition with body-worn cameras, to identify people in the dark, and to project what someone might look like from a police sketch or even a small sample of DNA.

Face recognition employs computer algorithms to pick out details about a person’s face from a photo or video to form a template. As the report explains, police use face recognition to identify unknown suspects by comparing their photos to images stored in databases and to scan public spaces to try to find specific pre-identified targets.

But no face recognition system is 100 percent accurate, and false positives—when a person’s face is incorrectly matched to a template image—are common. Research shows that face recognition misidentifies African Americans and ethnic minorities, young people, and women at higher rates than whites, older people, and men, respectively. And because of well-documented racially biased police practices, all criminal databases—including mugshot databases—include a disproportionate number of African-Americans, Latinos, and immigrants.

For both reasons, inaccuracies in face recognition systems will disproportionately affect people of color.

“The FBI, which has access to at least 400 million images and is the central source for facial recognition identification for federal, state, and local law enforcement agencies, has failed to address the problem of false positives and inaccurate results,” said EFF Senior Staff Attorney Jennifer Lynch, author of the report. “It has conducted few tests to ensure accuracy and has done nothing to ensure its external partners—federal and state agencies—are not using face recognition in ways that allow innocent people to be identified as criminal suspects.”

Lawmakers, regulators, and policy makers should take steps now to limit face recognition collection and subject it to independent oversight, the report says. Legislation is needed to place meaningful checks on government use of face recognition, including rules limiting retention and sharing, requiring notification when face prints are collected, ensuring robust security procedures to prevent data breaches, and establishing legal processes governing when law enforcement may collect face images from the public without their knowledge, the report concludes.

“People should not have to worry that they may be falsely accused of a crime because an algorithm mistakenly matched their photo to a suspect. They shouldn’t have to worry that their data will end up in the hands of identity thieves because face recognition databases were breached. They shouldn’t have to fear that their every move will be tracked if face recognition is linked to the networks of surveillance cameras that blanket many cities,” said Lynch. “Without meaningful legal protections, this is where we may be headed.”

For the report:

Online version: https://www.eff.org/wp/law-enforcement-use-face-recognition

PDF version: https://www.eff.org/files/2018/02/15/face-off-report-1b.pdf

One pager on facial recognition: https://www.eff.org/document/facial-recognition-one-pager

Contact: Jennifer Lynch

Catalog of Missing Devices Illustrates Gadgets that Could and Should Exist

Electronic Frontier Foundation - Pt, 2018-02-02 01:43

San Francisco - The Electronic Frontier Foundation (EFF) has launched its “Catalog of Missing Devices”—a project that illustrates the gadgets that could and should exist, if not for bad copyright laws that prevent innovators from creating the cool new tools that could enrich our lives.

“The law that is supposed to restrict copying has instead been misused to crack down on competition, strangling a future’s worth of gadgets in their cradles,” said EFF Special Advisor Cory Doctorow. “But it’s hard to notice what isn’t there. We’re aiming to fix that with this Catalog of Missing Devices. It’s a collection of tools, services, and products that could have been, and should have been, but never were.”

The damage comes from Section 1201 of the Digital Millennium Copyright Act (DMCA 1201), which covers digital rights management software (DRM). DRM was designed to block software counterfeiting and other illegal copying, and Section 1201 bans DRM circumvention. However, businesses quickly learned that by employing DRM they could thwart honest competitors from creating inter-operative tools.

Right now, that means you could be breaking the law just by doing something as simple as repairing your car on your own, without the vehicle-maker’s pricey tool. Other examples include rightsholders forcing you to buy additional copies of movies you want to watch on your phone—instead of allowing you to rip the DVD you already own and are entitled to watch—or manufacturers blocking your printer from using anything but their official ink cartridges.

But that’s just the beginning of what consumers are missing. The Catalog of Missing Devices imagines things like music software that tailors your listening to what you are reading on your audiobook, or a gadget that lets parents reprogram talking toys to replace canned, meaningless messaging.

“Computers aren’t just on our desktops or in our pockets—they are everywhere, and so is the software that runs them,” said EFF Legal Director Corynne McSherry. “We need to fix the laws that choke off competition and innovation with no corresponding benefit.”

The Catalog of Missing Devices is part of EFF’s Apollo 1201 project, dedicated to eradicating all DRM from the world. A key step is eliminating laws like DMCA 1201, as well as the international versions of this legislation that the U.S. has convinced its trading partners to adopt.

For the Catalog of Missing Devices:
https://www.eff.org/missing-devices

Contact: Cory DoctorowCorynne McSherry

EFF and ACLU Ask Court to Allow Legal Challenge to Proceed Against Warrantless Searches of Travelers’ Smartphones, Laptops

Electronic Frontier Foundation - Pt, 2018-01-26 23:38

Boston, Massachusetts—The Electronic Frontier Foundation (EFF) and the American Civil Liberties Union (ACLU) urged a federal judge today to reject the Department of Homeland Security’s attempt to dismiss an important lawsuit challenging DHS’s policy of searching and confiscating, without suspicion or warrant, travelers’ electronic devices at U.S. borders.

EFF and ACLU represent 11 travelers—10 U.S. citizens and one lawful permanent resident—whose smartphones and laptops were searched without warrants at the U.S. border in a groundbreaking lawsuit filed in September. The case, Alasaad v. Nielsen, asks the court to rule that the government must have a warrant based on probable cause before conducting searches of electronic devices, which contain highly detailed personal information about people’s lives. The case also argues that the government must have probable cause to confiscate a traveler’s device.

The plaintiffs in the case include a military veteran, journalists, students, an artist, a NASA engineer, and a business owner. The government seeks dismissal, saying the plaintiffs don’t have the right to bring the lawsuit and the Fourth Amendment doesn’t apply to border searches. Both claims are wrong, the EFF and ACLU explain in a brief filed today in federal court in Boston.

First, the plaintiffs have “standing” to seek a court order to end unconstitutional border device searches because they face a substantial risk of having their devices searched again. This means they are the right parties to bring this case and should be able to proceed to the merits. Four plaintiffs already have had their devices searched multiple times.

Immigration and Customs Enforcement (ICE) policy allows border agents to search and confiscate anyone’s smartphone for any reason or for no reason at all. Customs and Border Protection (CBP) policy allows border device searches without a warrant or probable cause, and usually without even reasonable suspicion. Last year, CBP conducted more than 30,000 border device searches, more than triple the number just two years earlier.

“Our clients are travelers from all walks of life. The government policies that invaded their privacy in the past are enforced every day at airports and border crossings around the country,” said EFF Staff Attorney Sophia Cope. “Because the plaintiffs face being searched in the future, they have the right to proceed with said Cope.

Second, the plaintiffs argue that the Fourth Amendment requires border officers to get a warrant before searching a traveler’s electronic device. This follows from the Supreme Court’s 2014 decision in Riley v. California requiring that police officers get a warrant before searching an arrestee’s cell phone. The court explained that cell phones contain the “privacies of life”—a uniquely large and varied amount of highly sensitive information, including emails, photos, and medical records. This is equally true for international travelers, the vast majority of whom are not suspected of any crime. Warrantless border device searches also violate the First Amendment, because they chill freedom of speech and association by allowing the government to view people’s contacts, communications, and reading material.

“Searches of electronic devices at the border are increasing rapidly, causing greater numbers of people to have their constitutional rights violated,” said ACLU attorney Esha Bhandari. “Device searches can give border officers unfettered access to vast amounts of private information about our lives, and they are unconstitutional absent a warrant.”

Below is a full list of the plaintiffs along with links to their individual stories, which are also collected here:

  • Ghassan and Nadia Alasaad are a married couple who live in Massachusetts, where he is a limousine driver and she is a nursing student.
  • Suhaib Allababidi, who lives in Texas, owns and operates a business that sells security technology, including to federal government clients.
  • Sidd Bikkannavar is an optical engineer for NASA’s Jet Propulsion Laboratory in California.
  • Diane Maye is a college professor and former captain in the U. S. Air Force living in Florida.
  • Zainab Merchant, from Florida, is a writer and a graduate student in international security and journalism at Harvard.

For the brief:
https://www.eff.org/document/alasaad-v-nielsen-opposition-motion-dismiss

For more EFF information on this case:
https://www.eff.org/cases/alasaad-v-duke 

For more ACLU information on this case:
https://www.aclu.org/news/aclu-eff-sue-over-warrantless-phone-and-laptop-searches-us-border

For more on privacy at the border:
https://www.eff.org/wp/digital-privacy-us-border-2017

Contact: Sophia CopeAdam SchwartzJosh Bell

EFF Asks Ninth Circuit Appeals Court To Strengthen Privacy Protections Of Smart Phones At The Border

Electronic Frontier Foundation - So, 2018-01-20 01:20

San Diego, California—The Electronic Frontier Foundation (EFF) urged the U.S. Ninth Circuit Court of Appeals to further limit the government’s ability to conduct highly intrusive searches of electronic devices at the border by requiring federal agents to obtain a warrant if they want to access the contents of travelers’ phones.

“The Ninth Circuit four years ago issued an important ruling requiring officials to show they have reasonable suspicion of criminal activity to forensically search digital devices. While that was an improvement over the government’s prior practice of conducting suspicionless searches, the court didn’t go far enough,” said EFF Staff Attorney Sophia Cope. “We are now asking the Ninth Circuit to bar warrantless device searches at the border.”

“Our electronic devices contain texts, emails, photos, contact lists, work documents, and other communications that reveal intimate details of our private lives. Our privacy interests in this material is tremendous. Requiring a warrant is a critical step in making sure our Fourth Amendment protections survive into the digital age,” said Cope.

The Ninth Circuit is being asked to throw out evidence obtained through a warrantless forensic search of the defendant’s cell phone at the U.S.-Mexico border in southern California. The case, U.S. v. Cano, is a drug prosecution and the first before the Ninth Circuit since the U.S. Supreme Court ruled that because devices hold “the privacies of life,” police need a warrant to search the phones of people who are arrested.

In an amicus brief filed today in U.S. v. Cano, EFF urged the court to recognize that people traveling through our international borders deserve the same privacy protections that the Supreme Court has extended to arrestees. The Ninth Circuit’s rulings apply to states in the west and southwest, several of whom share borders with Mexico and Canada,

Warrantless border searches of luggage have been allowed under an exception to the Fourth Amendment for routine immigration and customs enforcement. But since digital devices provide so much more highly personal, private information than what is traditionally carried in a suitcase, agents should be required to show a judge that they have probable cause to believe that the device contains evidence of a violation of the immigration or customs laws, EFF said in the brief.

Digital device searches at the border have more than tripled since the inauguration of President Trump. This increase, along with the increasing number of people who carry these devices while traveling, has highlighted the need for stronger privacy rights while crossing the U.S. border. Last year, EFF and ACLU filed a lawsuit in Boston against the federal government on behalf of 11 travelers whose smartphones and other electronic devices were searched without a warrant at the U.S. border.

“Digital devices differ wildly from luggage and other physical items a person carries across the border,” said EFF Senior Staff Attorney Adam Schwartz. “Now is the time to apply the full force of constitutional privacy protections to digital devices.”

For the brief:
https://www.eff.org/document/eff-amicus-brief-us-v-cano

For more on privacy at the border:
https://www.eff.org/wp/digital-privacy-us-border-2017

Contact: Sophia CopeAdam Schwartz

EFF to Court: Linking Is Not Copyright Infringement

Electronic Frontier Foundation - Cz, 2018-01-18 19:58

Los Angeles, California—Playboy Entertainment's lawsuit accusing acclaimed website Boing Boing of copyright infringement—for doing nothing more than reporting on a historical collection of Playboy centerfolds—is groundless and should be thrown out, the Electronic Frontier Foundation (EFF) told a federal court today.

As EFF and co-counsel Durie Tangri LLP explain in a request to dismiss the lawsuit filed on behalf of Boing Boing owner Happy Mutants LLC, Playboy’s copyright claim seeks to punish Boing Boing for commenting on and linking to an archive of Playboy “playmate” centerfold images that a third party posted. The blog contained links to an imgur.com page and YouTube video—neither of which were created by Boing Boing. But courts have long recognized that simply linking to content on the web isn’t unlawful.

“Boing Boing didn’t upload, publish, host, or store any images that Playboy owns, didn’t control the images, and didn’t contribute to the infringement of any Playboy copyrights,” said EFF Legal Director Corynne McSherry. “It’s frankly mystifying that an entertainment company that has often fought to defend free speech rights  is trying to punish Boing Boing for doing what has made it a leading online source of news and commentary: unique and groundbreaking reporting on art, science, and popular culture.”

“Boing Boing’s reporting and commenting on the Playboy photos is protected by copyright’s fair use doctrine,” said EFF Senior Staff Attorney Daniel Nazer. “We’re asking the court to dismiss this deeply flawed lawsuit. Journalists, scientists, researchers, and everyday people on the web have the right to link to material, even copyrighted material, without having to worry about getting sued.”

For the brief:
https://www.eff.org/document/playboy-v-happy-mutants-eff-mtd

For more on fair use:
https://www.eff.org/issues/intellectual-property

Contact: Corynne McSherryDaniel Nazer

EFF and Lookout Uncover New Malware Espionage Campaign Infecting Thousands Around the World

Electronic Frontier Foundation - Cz, 2018-01-18 18:15

San Francisco – The Electronic Frontier Foundation (EFF) and mobile security company Lookout have uncovered a new malware espionage campaign infecting thousands of people in more than 20 countries. Hundreds of gigabytes of data has been stolen, primarily through mobile devices compromised by fake secure messaging clients.

The trojanized apps, including Signal and WhatsApp, function like the legitimate apps and send and receive messages normally. However, the fake apps also allow the attackers to take photos, retrieve location information, capture audio, and more.

The threat, called Dark Caracal by EFF and Lookout researchers, may be a nation-state actor and appears to employ shared infrastructure which has been linked to other nation-state actors. In a new report, EFF and Lookout trace Dark Caracal to a building belonging to the Lebanese General Security Directorate in Beirut.

“People in the U.S., Canada, Germany, Lebanon, and France have been hit by Dark Caracal. Targets include military personnel, activists, journalists, and lawyers, and the types of stolen data range from call records and audio recordings to documents and photos,” said EFF Director of Cybersecurity Eva Galperin. “This is a very large, global campaign, focused on mobile devices. Mobile is the future of spying, because phones are full of so much data about a person’s day-to-day life.”

“Dark Caracal is part of a trend we’ve seen mounting over the past year whereby traditional APT actors are moving toward using mobile as a primary target platform,” said Mike Murray, Vice President of Security Intelligence at Lookout. “The Android threat we identified, as used by Dark Caracal, is one of the first globally active mobile APTs we have spoken publicly about.”

Dark Caracal has been operating since at least 2012. However, one reason it has been hard to track is the diversity of seemingly unrelated espionage campaigns originating from the same domain names. The researchers believe that Dark Caracal is only one of a number of different global attackers using this infrastructure. Over the years, Dark Caracal’s work has been repeatedly misattributed to other cybercrime groups. In fact, EFF’s Operation Manul report from 2016 misidentified espionage from these servers as coming from the Indian security company Appin.

“One of the interesting things about this ongoing attack is that it doesn’t require a sophisticated or expensive exploit. Instead, all Dark Caracal needed was application permissions that users themselves granted when they downloaded the apps, not realizing that they contained malware,” said EFF Staff Technologist Cooper Quintin. “This research shows it’s not difficult to create a strategy allowing people and governments to spy on targets around the world.”

For the full report:
https://www.lookout.com/info/ds-dark-caracal-ty

For more on Dark Caracal:
https://blog.lookout.com/dark-caracal-mobile-APT

For more on how to avoid downloading malware:
https://ssd.eff.org/en/module/how-avoid-phishing-attacks

Contact: Eva GalperinCooper Quintin

EFF Asks Copyright Office to Improve Exemptions to the Digital Millennium Copyright Act

Electronic Frontier Foundation - Wt, 2017-12-19 00:57

Washington, D.C.—The Electronic Frontier Foundation (EFF) asked the Librarian of Congress today to limit the legal barriers people face when they want to repair and modify software-enabled products, so that they—not manufacturers— control the appliances, computers, toys, vehicles, and other products they own.

In comments filed in Washington D.C. today, EFF continued its years-long fight to enable owners and creators to repair, modify, and enhance products, or use snippets of films or songs, free of onerous threats that doing so somehow infringes companies' copyrights. Software-enabled devices and Internet-connected products and appliances are ubiquitous in modern life, and people aren't infringing anyone's copyright when, for example, they choose to permanently disable the embedded, on-all-the-time camera or microphone in their kids' toys, or send their car to their favorite mechanic, rather than high-priced dealerships, to be repaired.

“It’s absurd that a law intended to protect copyrighted works is misused instead to prevent people from taking apart or modifying the things they own, inhibit scientists and researches from investigating safety features or security enhancements, and block artists and educators from using snippets of film in noncommercial ways," said EFF Legal Director Corynne McSherry. "The exemption process is one highly flawed way of alleviating that burden."

“We rely on the devices in our lives to learn and communicate, to keep us safe and get things done,” said EFF Staff Attorney Kit Walsh. “These devices should work for us and embody our preferences, not the commercial desires of their manufacturers. We, the users of these devices, should be able to decide how they affect our  lives and how we can improve and adapt them. That’s how we ensure that technology enhances our freedoms rather than undermining them.”

This year EFF petitioned the Librarian to exempt from Section 1201 of the Digital Millennium Copyright Act (DMCA) all modifications and repairs of software-enabled devices that don’t infringe copyrights. It’s also seeking exemptions that will allow people to tinker with smart speakers and digital home assistants such as Amazon Echo and Google Home. EFF is also seeking one clear, easier-to-use exemption for video excerpts that would allow educators, libraries, documentary filmmakers, remix artists, and others to use video snippets without fear of legal repercussions by copyright owners. The Librarian implements the exemption recommendations of the Copyright Office.

“Our approach is simple: we are seeking to expand the types of activities that should be exempt from Section 1201 of the DMCA to encompass repairs, modifications, enhancements, and innovations that don’t infringe copyright,” said EFF Senior Staff Attorney Mitch Stoltz. “We shouldn’t have to seek exemptions for things copyright law already allows. Instead, there should be a general rule that allows people to circumvent digital locks to do any non-infringing activity.”

For EFF’s comments:
https://www.eff.org/document/eff-1201-exemption-comments-2017-computer-program-repairs
https://www.eff.org/document/eff-1201-exemption-comments-2017-jailbreaking-0
https://www.eff.org/document/eff-1201-exemption-comments-2017-video-0
https://www.eff.org/document/huang-1201-exemption-comments-2017
https://www.eff.org/document/green-1201-exemption-comments-2017

For more on the Section 1201 exemption process:
https://www.eff.org/cases/2018-dmca-rulemaking

For more on the unintended consequences of Section 1201 of the DMCA:
https://www.eff.org/issues/dmca
https://www.eff.org/issues/dmca-rulemaking

 

Contact: Corynne McSherryKit WalshMitch Stoltz

EFF Demands Information About Secretive Government Tattoo Recognition Technology

Electronic Frontier Foundation - Cz, 2017-11-30 20:05

Washington, D.C. - The Electronic Frontier Foundation (EFF) filed suit against the Department of Justice, the Department of Commerce, and the Department of Homeland Security today, demanding records about the agencies’ work on the federal Tattoo Recognition Technology program.

This secretive program involves a coalition of government, academia, and private industry working to develop a series of algorithms that would rapidly detect tattoos, identify people via their tattoos, and match people with others who have similar body art—as well as flagging tattoos believed to be connected to religious and ethnic symbols. This type of surveillance raises profound religious, speech, and privacy concerns. Moreover, the limited information that EFF has been able to obtain about the program has already revealed a range of potentially unethical behavior, including conducting research on prisoners without approval, adequate oversight, or safeguards.

EFF filed a series of Freedom of Information Act (FOIA) requests for more information about the Tattoo Recognition Technology program, which is a National Institute of Standards and Technology (NIST) project sponsored by the FBI, beginning in January of 2016. Although the agencies released some records, they withheld others, and heavily redacted some of the documents they released. As a result, EFF is going to court today against DHS, DOJ, and NIST's parent agency, the Commerce Department, to make sure this important information is released to the public.

“These new automated tattoo recognition tools raise serious constitutional concerns,” said EFF Stanton Fellow Camille Fischer. “Tattoos have served as an expression of the self for thousands of years, and can represent our innermost thoughts, closely held beliefs, and significant moments. If law enforcement is creating a detailed database of tattoos, we have to make sure that everyone’s rights to freedom of expression are protected.”

One big danger of this surveillance is that it can create First Amendment freedom of association concerns when people are matched with others who have similar tattoos—sometimes incorrectly. For example, someone who wears a Star of David tattoo could be confused with a member of a Chicago street gang whose members also wear six-pointed-star tattoos. Recently, an immigrant was fast-tracked for deportation because immigration officials claimed he had a gang tattoo. The immigrant argued that the tattoo signified his place of birth.

“Federal researchers say they want to ‘crack the code’ of tattoos and speech, creating a powerful program that will encourage police to make assumptions about tattoo-wearers,” said EFF Staff Attorney Aaron Mackey. “But the reality is that body art is much more complex than that. The government must disclose more about this program so we can ensure that it doesn’t violate our rights.”

For the full lawsuit:
https://www.eff.org/document/tattoo-complaint

For more on tattoo recognition technology:
https://www.eff.org/deeplinks/2016/06/tattoo-recognition-research-threatens-free-speech-and-privacy
https://www.eff.org/deeplinks/2016/05/5-ways-law-enforcement-will-use-tattoo-recognition-technology

Contact: Camille FischerAaron MackeyDave Maass