By Cory Doctorow at 2:05 am Saturday, May 19
• Comments • Share
The Electronic Frontier Foundation and the Open Rights Group will co-host a speakeasy event -- a kind of pub night -- in east London on June 14. I'll be there, with several ORG employees, supporters and volunteers, and so will Cindy Cohn, the Electronic Frontier Foundation's legal director and veteran of many of the Internet's most important legal skirmishes (she's the one who argued the Bernstein case, legalizing civilian use of strong cryptography -- among many other accomplishments).
Speakeasy events are free, informal meetups that give you a chance to mingle with local online rights supporters and speak with the people leading the charge to protect digital civil liberties. It is also our chance to thank you, the supporters who make it possible. For this round, we are pleased to welcome EFF members as well as all friends and guests. REGISTER HERE!
When:
June 14th, 2012 6:00 PM through 8:00 PM
Location:
The Reliance (upstairs)
336 Old Street
London, EC1V 9DR
United Kingdom
Speakeasy: London with the Open Rights Group
By Cory Doctorow at 5:00 pm Wednesday, May 16
• Comments • Share
Joanna from the Electronic Frontier Foundation writes:
If you plan on being in or around San Francisco May 30, come join
EFF for a Geek Reading with Barbara Simons. An expert on electronic voting, Simons co-authored Broken Ballots: Will Your Vote Count? As Simons told us recently 'The way we run our voting system in this country is really a scandal,and it's a scandal that no one talks about.' Lots of people will be talking about it at EFF's upcoming Geek Reading, though, and you're invited to join in the discussion.
EFF Geek Readings bring Internet users, bloggers, free speech advocates, and other interested folks together to hear from prominent writers and thinkers, meet like-minded community members, and exchange ideas.
Geek Reading: The Broken E-Voting System with Barbara Simons
(Thanks, Joanna!)
By Cory Doctorow at 11:07 am Tuesday, May 15
• Comments • Share
The Electronic Frontier Foundation's Maira Sutton has a long, engrossing account of the popular protest at the Dallas session of the Trans-Pacific Partnership, a secretive treaty negotiation that includes a set of copyright rules that leave SOPA and ACTA in the dust. TPP's organizers -- especially in the USA -- have been hostile to any public participation or transparency. They even ordered a hotel to cancel the reservation made by activists who wanted to host their own parallel information session and then lied about it. Undaunted, activists, civil society groups, copyfighters, and other interested parties continue to dog TPP's heels. The Dallas meeting saw the notorious Yes Men "Corporate Power Tool" award ceremony. Even better, the hotel's bathrooms had their toilet paper replaced with TPP TP, custom-printed rolls that explained the problems with TPP.
Since the official planned event was scarcely sufficient to make a significant impact, Public Knowledge and American University’s Program on Information Justice and Intellectual Property co-hosted a side event for negotiators to learn about the threats of harsh copyright enforcement. The panel included EFF’s International IP Director, Gwen Hinze, who spoke about the unbalanced outcomes non-U.S. Internet users and innovators would face if the current version of the IP chapter were passed. While the event was well-attended, civil society were ultimately forced to bear all the costs to put on this event.
Last week, 32 legal scholars sent a letter to the office of the USTR demanding transparency in the process. Including the release of the text and demand for real participation from civil society, they demanded the immediate release of “reports on US positions and proposals on intellectual property matters that are currently given only to Industry Trade Advisory Committee members under confidentiality agreements.” This is key because there is nothing that could justify the withholding of such reports that simply outline the U.S. position on intellectual property from the public. This is especially true given the fact that the U.S. government’s proposals could impede Congress from engaging in domestic legal reform of legislation regulating IP.
The USTR sent them a preliminary response the following day. Ambassador Kirk essentially blew them off, claiming that they have taken “extraordinary efforts” to have the whole negotiation process inclusive of civil society and the public. In the letter, he compared the level of transparency to Free Trade Agreements (FTAs) meetings, which indeed have always been top secret and therefore offer a laughably low bar of comparison.
TPP: Internet Freedom Activists Protest Secret Trade Agreement Being Negotiated This Week
Running for office? Embarrassed by YouTube videos that make fun of you or show you looking like an ass?
YouTube will give you up to 14 days' worth of censorship for free -- all you need to do is pretend that the video infringes your copyright and invoke the DMCA. EFF wants to change that.
— Cory
By Cory Doctorow at 6:18 am Friday, May 4
• Comments • Share
Remember the seizure of Dajaz1.com, a hiphop blog that posted all kinds of music clips that record company promoters (and even CEOs) begged them to post? The one that was shut down for a year on a trumped-up copyright charge that was quietly dropped without explanation? Now we have an explanation.
Rebecca from the Electronic Frontier Foundation writes, "After a year-long seizure and six more months of secrecy, the court records were finally released concerning the mysterious government takedown of Dajaz1.com -- a popular blog dedicated to hip hop music and culture. The records confirm that one of the key reasons the blog remained censored for so long is that the government obtained three secret extensions of time by claiming that it was waiting for 'rights holders' and later, the Recording Industry Association of America, to evaluate a 'sampling of allegedly infringing content' obtained from the website and respond to other 'outstanding questions.'"
Update: Mel from Dajaz1.com in the comments asks me to remind you that the site is back. It deserves your attention.
Now that the full court records are out, this seizure raises critical questions about the government’s use of its new powers to shut down lawful speech in the form of domain seizures for alleged copyright infringements. It also demonstrates the basic unfairness of the processes and secrecy invoked here and possibly in hundreds of other domain name seizures across the country. For nearly a year, the government muzzled Dajaz1.com – denying the blog’s author the right to speak and the public’s right to read what was published there – and then compounded matters by claiming extreme secrecy and blocking the Dajaz1 and the public’s access to information about the case.
Equally troubling, the records confirm what was already suggested by the initial affidavit used to obtain the seizure order: that ICE, and its attorneys, are effectively acting as the hired gun of the content industry at taxpayers' expense. Instead of relying on rightsholders to determine whether a seizure was appropriate, the government should have been conducting its own thorough investigation. If it had acted in anything like good faith, it could have determined that the site wasn't a proper target even before the seizure, or at least could have discovered and rectified the mistake before a year had passed.
Unsealed Court Records Confirm that RIAA Delays Were Behind Year-Long Seizure of Hip Hop Music Blog
Aestetix sez, "For the past month, the Hackers On Planet Earth conference by 2600 Magazine has been raising money for the Electronic Frontier Foundation. The internet would be a scary place without them around, so HOPE is donating 10% of the entire ticket sales for the month of April to the EFF. It's been a fantastic month, and yet it's almost over, so if you want to be part of this awesome effort,
buy your ticket before Monday."
— Cory
By Cory Doctorow at 5:51 am Friday, Apr 27
• Comments • Share
The Electronic Frontier Foundation has launched its Coders' Rights List, a new mailing list for hackery subjects:
Sign up today to get the latest news on computer security law, upcoming events with EFF lawyers, discounts on infosec conferences like BlackHat, SOURCE, HOPE, and open source software events, and even get a jump on EFF's third annual D(EFF)CONtest coming in May! Your information is never sold, swapped, or shared.
By Cory Doctorow at 3:50 pm Wednesday, Apr 18
• Comments • Share
A coalition of US civil liberties organizations have declared this to be Stop Cyber Spying Week, with the goal of scuttling CISPA, the Internet spying bill that promotes web-censorship, bulk surveillance, and warrantless wiretapping by government and Internet companies, while turning over spying governance to the unaccountable, secretive NSA.
CISPA's supporters, notably CISPA sponsor Rep Mike Rogers (R-MI), have pooh-poohed the Internet's concerns, and say that the bill is a lock, and nothing we say can change Congress's mind (apparently, they've forgotten the lesson of SOPA). Now, the Electronic Frontier Foundation replies with specific, Internet-breaking, out-of-control surveillance scenarios CISPA would create:
One of the scariest parts of CISPA is that the bill goes above and beyond information sharing. Its definitions allow for countermeasures to be taken by private entities, and we think these provisions are ripe for abuse. Indeed, the bill defines "cybersecurity purpose" as any threat related to safeguarding or protecting a network. As long as companies act in "good faith" for a cybersecurity purpose, they have leeway to protect against “efforts to degrade, disrupt, or destroy [a] system or network.” This opens the door for ISPs and other companies to perform aggressive countermeasures like dropping or altering packets, so long as this is used as part of scheme to identify cybersecurity threats. These countermeasures could put free speech in peril, and jeopardize the ordinary functioning of the Internet. This could also mean blocking websites, or disrupting privacy-enhancing technologies such as Tor. These countermeasures could even serve as a back door to enact policies unrelated to cybersecurity, such as disrupting p2p traffic.
Yes, CISPA Could Allow Companies to Filter or Block Internet Traffic
By Cory Doctorow at 8:55 am Monday, Apr 2
• Comments • Share
Emmanuel Goldstein writes, "The coordinators of this year's Hackers On Planet Earth conference in New York have joined forces with the Electronic Frontier Foundation and have designated April as the month where 10 percent of all ticket sales will be donated to EFF. The net would be a much more dangerous place without the EFF being around to help fight the many battles currently taking place. This is a way to help them out and be part of a really cool conference at the same time."
H.O.P.E. stands for Hackers On Planet Earth, one of the most creative and diverse hacker events in the world. HOPE Number Nine will be taking place on July 13, 14, and 15, 2012 at the Hotel Pennsylvania in New York City. If you haven't been before, this is the year to attend. For every ticket purchased in the month of April, conference organizers 2600: The Hacker Quarterly are donating 10% of the proceeds to EFF--so buy your tickets today!
For three full days and nights you can explore hackerspace villages, film festivals, art installations, vintage computers, electronic workshops, savor the country's biggest supply of Club-Mate, and attend the host of provocative talks that HOPE has become well-known for offering. Join thousands of hackers to hear this year's keynote on hacking corporations by famous troublemakers and EFF clients The Yes Men, as well as these exciting talks from EFF staffers...
Buy Your HOPE 9 Tickets in April and 10% of Proceeds Go to EFF (Thanks, Emmanuel!)
By Cory Doctorow at 3:42 pm Friday, Mar 30
• Comments • Share
The Electronic Frontier Foundation's Marcia Hoffman writes about security research companies that work to discover "zero day" vulnerabilities in software and operating systems, then sell them to governments and corporations that want to use them as a vector for installing spyware. France's VUPEN is one such firm, and it claims that it only sells to NATO countries and their "partners," a list that includes Belarus, Azerbaijan, Ukraine, and Russia. As Hoffman points out, even this low standard is likely not met, since many of the governments with which VUPEN deals would happily trade with other countries with even worse human rights records -- if Russia will sell guns to Syria, why not software exploits? VUPEN refuses to disclose their discoveries to the software vendors themselves, even for money, because they want to see to it that the vulnerabilities remain unpatched and exploitable for as long as possible.
“We wouldn’t share this with Google for even $1 million,” said VUPEN founder Chaouki Bekrar. “We don’t want to give them any knowledge that can help them in fixing this exploit or other similar exploits. We want to keep this for our customers.” VUPEN, which also “pwned” Microsoft’s Internet Explorer, bragged it had an exploit for “every major browser,” as well as Microsoft Word, Adobe Reader, and the Google Android and Apple iOS operating systems.
While VUPEN might be the most vocal, it is certainly not the only company selling high-tech weaponry on the zero-day exploit market. Established U.S. companies Netragard, Endgame, Northrop Grumman, and Raytheon are also in the business, according to Greenberg. He has also detailed a price list for various zero-day exploits, with attacks for popular browsers selling for well over $100,000 each and an exploit for Apple’s iOS going for a quarter million.
But who exactly are these companies selling to? No one seems to really know, at least among people not directly involved in these clandestine exploit dealings. VUPEN claims it only sells to NATO governments and “NATO partners.” The NATO partners list includes such Internet Freedom-loving countries as Belarus, Azerbaijan, Ukraine, and Russia. But it’s a safe bet, as even VUPEN’s founder noted, that the firm’s exploits “could still fall into the wrong hands” of any regime through re-selling or slip-ups, even if VUPEN is careful. Another hacker who goes by the handle “the Grugq” says he acts as a middleman for freelance security researchers and sells their exploits to many agencies in the U.S. government. He implies the only reason he doesn’t sell to Middle Eastern countries is they don’t pay enough.
EFF calls out governments for trafficking in these vulnerabilities, rather than demanding their disclosure and repair. Any unpatched vulnerability puts every user of the affected software at risk. For a government to appropriate a vulnerability to itself and keep it secret in the name of "national security," rather than fixing it for the nation's citizens, is "security for the 1%."
“Zero-day” exploit sales should be key point in cybersecurity debate
By Cory Doctorow at 8:05 am Saturday, Mar 17
• Comments • Share
Forbes's Carol Pinchefsky profiles "4 Public Interest Groups Who Are Fighting for Your Digital Freedom" including EFF, Public Knowledge, TechFreedom and the Center for Democracy and Technology. It's a great cross-section of the different approaches that activist groups take to technology and freedom (but I would lobby for the inclusion of some of the newer groups, like AmericanCensorship.org and DemandProgress.org, who were so key to the SOPA/PIPA fight). This is part one, focusing on Public Knowledge and EFF.
Cohn said, “We continue to battle the warrantless wiretapping that was started by the Bush administration and continued by the Obama administration. The administration has been trying to avoid a court looking at what they’re doing by hiding behind the state’s secrets privilege, so we’ve had to have a lot of fights around that.”
Among other battles, the EFF is fighting copyright trolls, people who “use copyright claims to try to shake down people. The business model is not about the lawsuit, it’s about the strategy of extracting money.” For example, Camelot Distribution Group blanketed the users of a peer-to-peer downloading site with threatening letters, claiming that the users illegally downloaded the “nunsploitation” movie, Nude Nuns with Big Guns.
According to Cohn, Camelot Distribution Group told users, “You can pay us a thousand dollars and this whole thing will go away.” She said, “People feel intimidated by this, whether or not they did it, because even if they fight this and they’re exonerated, they’re going to be forever linked to Nude Nuns with Big Guns.”
Worse, the lawsuits are usually created in locations that are geographically undesirable for the defendants, which makes it hard for them to defend themselves. Cohn said, “We’ve been filing amicus briefs and getting appointed by courts across the country to defend these people and to develop some processes that is more fair than the trolls want to do it.”
4 Public Interest Groups Who Are Fighting for Your Digital Freedom (part 1)
(
Thanks, Carol!)
By Cory Doctorow at 3:26 pm Tuesday, Mar 6
• Comments • Share
The Electronic Frontier Foundation would like you to know that this Thursday, Mar 8, is "Wear Your EFF Swag to Work Day" -- the day when you discover which of your co-workers are already clued in to the need to keep the Internet free and open and ensure that civil liberties make the jump from the physical world to the digital one. Kellie from EFF sez, "All day on March 8th, we'll also be watching #EFFatWork and retweeting notable EFF gear photos."
Wear Your EFF Swag to Work Day!
By Cory Doctorow at 8:00 am Thursday, Feb 23
• Comments • Share
A heartening development in the Electronic Frontier Foundation's ongoing effort to secure the Internet's timezone database, which was threatened when an astrology software company called Astrolabe claimed a copyright in the arrangement of the world's timezones. After EFF sought sanctions against the company's lawyers, the company dropped the suit, apologized, and signed a "covenant not to sue."
In a statement, Astrolabe said, "Astrolabe's lawsuit against Mr. Olson and Mr. Eggert was based on a flawed understanding of the law. We now recognize that historical facts are no one's property and, accordingly, are withdrawing our Complaint. We deeply regret the disruption that our lawsuit caused for the volunteers who maintain the TZ database, and for Internet users."
EFF Wins Protection for Time Zone Database
By Cory Doctorow at 11:00 am Wednesday, Feb 22
• Comments • Share
With Google's privacy policy change looming, the Electronic Frontier Foundation has published a guide to turning off Google's search-history logging, thus preventing your search-history from all of Google's services, including YouTube, from being merged and tracked together. You can also erase your stored search-history while you're there.
On March 1st, Google will implement its new, unified privacy policy, which will affect data Google has collected on you prior to March 1st as well as data it collects on you in the future. Until now, your Google Web History (your Google searches and sites visited) was cordoned off from Google's other products. This protection was especially important because search data can reveal particularly sensitive information about you, including facts about your location, interests, age, sexual orientation, religion, health concerns, and more. If you want to keep Google from combining your Web History with the data they have gathered about you in their other products, such as YouTube or Google Plus, you may want to remove all items from your Web History and stop your Web History from being recorded in the future.
How to Remove Your Google Search History Before Google's New Privacy Policy Takes Effect
By Cory Doctorow at 3:41 pm Tuesday, Feb 21
• Comments • Share
Last week, the Electronic Frontier Foundation profiled FinFisher and Amesys, two of the companies that had been caught selling network spying tools to despotic regimes around the world, including Hosni Mubarak's Egypt and Muammar Qaddafi's Libya. This week, EFF continues the series with profiles of Italy's Area SpA (which sells electronic tracking software to Bashar al-Assad's regime in Syria) and Germany's Trovicor (which sells spyware to a dozen countries in the Middle East and North Africa).
In 2011, at the same time that news of Syria’s violent crackdown on democratic protests graced the pages of the world’s newspapers, an Italian company called Area SpA was busy helping the Syrian’s dictator Bashar al-Assad electronically track the dissidents his army was firing upon in the streets. Area SpA had begun installing “monitoring centers” that would give the Syrian government the ability “to intercept, scan and catalog virtually every e-mail that flows through the country” as well as “follow targets on flat-screen workstations that display communications and Web use in near-real time alongside graphics that map citizens’ networks of electronic contacts.”
Worse, as the violence in Syria escalated in mid-2011, “Area employees [were] flown into Damascus in shifts” in the government’s push to finish the project, according to a report from Bloomberg News.
Spy Tech Companies & Their Authoritarian Customers, Part II: Trovicor and Area SpA
