Microsoft changes policy: won't read your Hotmail anymore to track down copyright infringement or theft without a court order


Microsoft read the email of Hotmail users without a warrant, in order to catch someone who'd leaked some Microsoft software. When they were caught out, the pointed out that they'd always reserved the right to read Hotmail users' email, and tried to reassure other Hotmail users by saying that they were beefing up the internal process by which they decided whose mail to read and when.

Now, citing the "'post-Snowden era' in which people rightly focus on the ways others use their personal information," the company has announced that it will not read its users' email anymore when investigating theft or copyright violations -- instead, it will refer this sort of thing to the police in future (they still reserve the right to read your Hotmail messages without a court order under other circumstances).

As Techdirt's Mike Masnick points out, this is a most welcome change. The message announcing the change by Brad Smith (General Counsel & Executive Vice President, Legal & Corporate Affairs) is thoughtful and forthright. It announces a future round-table on the questions raised by the company's snooping that the Electronic Frontier Foundation can participate in.

Smith asks a seemingly rhetorical question: "What is the best way to strike the balance in other circumstances that involve, on the one hand, consumer privacy interests, and on the other hand, protecting people and the security of Internet services they use?" That is indeed a fascinating question, but in the specific case of Hotmail, I feel like it has a pretty obvious answer: change your terms of service so that you promise not to read your customers' email without a court order. Then, if you think there's a situation that warrants invading your customers' privacy, get a court order. This is just basic rule-of-law stuff, and it's the kind of thing you'd hope Microsoft's General Counsel would find obvious.

The fact that the question is being raised casts more light on Microsoft's extensive "Scroogled" campaign, which (rightly) took Google to task for having a business-model that was predicated on harvesting titanic amounts of personal data. The takeaway here is that while Microsoft's business-model (at the moment) is less privacy-invading than Google's, that is not due to any inherent squeamishness about spying on people -- rather, it's just a practical upshot of its longstanding practices.

Read the rest

LAPD says every car in Los Angeles is part of an ongoing criminal investigation


The Electronic Frontier Foundation is trying to figure out what the LAPD is doing with the mountains (and mountains) of license-plate data that they're harvesting in the city's streets without a warrant or judicial oversight. As part of the process, they've asked the LAPD for a week's worth of the data they're collecting, and in their reply brief, the LAPD argues that it can't turn over any license-plate data because all the license-plates they collect are part of an "ongoing investigation," because every car in Los Angeles is part of an ongoing criminal investigation, because some day, someone driving that car may commit a crime.

As EFF's Jennifer Lynch says, "This argument is completely counter to our criminal justice system, in which we assume law enforcement will not conduct an investigation unless there are some indicia of criminal activity."

This reminds me of the NSA's argument that they're collecting "pieces of a puzzle" and Will Potter's rebuttal: "The reality is that the NSA isn't working with a mosaic or a puzzle. What the NSA is really advocating is the collection of millions of pieces from different, undefined puzzles in the hopes that sometime, someday, the government will be working on a puzzle and one of those pieces will fit." The same thing could be said of the LAPD.

Read the rest

Infographic: EFF's Freedom of Information Act files


Hugh from the Electronic Frontier Foundation sez, "Sunshine Week may be just seven days in March, but fighting for government transparency is a year-round mission for the Electronic Frontier Foundation. In fact, it's not unusual for litigation over public records to drag on for years upon years. To help make sense of it all, here's a handy infographic illustrating EFF's current Freedom of Information Act caseload." (Thanks, Hugh!)

EFF Policy Fellowship for students: 10 week summer program

If you're a student interested in Internet and technology policy, you're eligible to apply for an EFF Policy Fellowship, a ten week placement with public interest orgs in Africa, Asia, Europe, Latin America and North America. It pays $7500, and you get to work on global surveillance, censorship, and intellectual property. "Applicants must have strong research skills, the ability to produce thoughtful original policy analysis, and a talent for communicating with many different types of audiences." Cory 3

Fedbizopps: the US government's searchable database of defense-contractor opportunities


Dave from the Electronic Frontier Foundation sez, "The government often makes itself more accessible to businesses than the general public. For Sunshine Week, we compiled this guide to using FedBizOpps to keep an eye on surveillance technology contracts."

Fedbizopps is a weird, revealing window into the world of creepy surveillance, arms, and technology contractors who build and maintain the most oppressive and unethical parts of the apparatus of the US government. Everything from drone-testing of biological and chemical weapons to license plate cameras to weaponized bugs and other malware are there. The EFF post also has links to data-mining tools that help estimate just how much money the private arms dealers extract from the tax-coffers.

Read the rest

EFF, Public Knowledge and Engine tell the USPTO how to improve patent quality

The Electronic Frontier Foundation, Public Knowledge and Engine have submitted comments [PDF] to the US Patent and Trademark Office explaining how examiners could improve the quality of patents that the USPTO issues by expanding their search for "prior art" (that is, evidence that the thing under discussion has already been invented) by building searchable databases, and by seeing through the common, misleading practices of using synonyms for common words to make obvious things sound new.

As EFF points out in its post on the filing, the real answer for this is action from Congress to reform patents and end patent-trolling, but these are all useful steps for the USPTO to take in the meantime.

Read the rest

Videos of individual Trustycon talks

I linked to the seven-hour video file from Trustycon, the convention held as an alternative to RSA's annual security event, inspired by the revelation that RSA took money from the NSA to sabotage its own products.

Now Al has broken down the video into the individual talks, uploading them to Youtube. This is very handy -- thanks, Al!

TrustyCon Videos Available (Thanks, Al!)

Middle schooler wins C-SPAN prize for doc about NSA spying

Dave from the Electronic Frontier Foundation sez, "Remember when Rep. Mike Rogers likened opponents of pernicious cybersecurity legislation to 14-year-olds? It turns out that middle-school-age students are also well-prepared to debate him on the NSA's programs as well. EFF congratulates students from two middle schools who took home top prizes in the C-SPAN StudentCam 2014 competition for young filmmakers with their documentaries on the debate over mass surveillance."

Read the rest

US Embassy and Godaddy conspire to censor dissenting Mexican political site


Godaddy has censored a prominent Mexican political site that was critical of the government and a proposed law to suppress public protests. Godaddy says that it suspended 1dmx.org after a request from a "Special Agent Homeland Security Investigations, U.S. Embassy, Mexico City." A lawyer for the site believes that the someone in the Mexican government asked the US embassy to arrange for the censorship, and is suing the Mexican government to discover the identity of the official who made the request.

Leaving aside the Mexican government corruption implied by this action, Americans should be outraged about the participation of the US Embassy in the suppression of political dissent. And, as always, Godaddy customers should be on notice that Godaddy is pretty much the worst domain registrar/hosting company in the world, with a long history of meekly knuckling under to absurd, legally dubious censorship claims from random law-enforcement and government agencies, and never, ever going to bat for its customers (I prefer Hover, one of Godaddy's major competitors).

Read the rest

Trustycon: how to redesign NSA surveillance to catch more criminals and spy on a lot fewer people

The Trustycon folks have uploaded over seven hours' worth of talks from their event, an alternative to the RSA security conference founded by speakers who quit over RSA's collusion with the NSA. I've just watched Ed Felten's talk on "Redesigning NSA Programs to Protect Privacy" (starts at 6:32:33), an absolutely brilliant talk that blends a lucid discussion of statistics with practical computer science with crimefighting, all within a framework of respect for privacy, liberty and the US Bill of Rights.

Felten's talk lays out how the NSA's mass-collection program works, what its theoretical basis is for finding terrorists in all that data, and then explains how this is an incredibly inefficient and risky and expensive way of actually fighting crime. Then he goes on to propose an elegant alternative that gets better intelligence while massively reducing the degree of surveillance and the risk of disclosure.

I'm using Vid to MP3 to convert the whole seven hours' worth of talks to audio and plan on listening to them over the next couple of days.

Update: Here's that MP3 -- it's about 1GB. Thanks to the Internet Archive for hosting it!

TrustyCon - Live from San Francisco

Phoenix on Lessig and Lisztomania: "We Support Fair Use of Our Music!"

Last August, I posted about a lawsuit brought by Larry Lessig and the Electronic Frontier Foundation against Australia's Liberation Music, who hold the rights to "Lisztomania," a song by the French band Phoenix. Lessig had used brief clips from Lisztomania in a presentation on remix culture, and when the lecture was posted to Youtube, Phoenix Music sent a series of bogus copyright notices and threats to Youtube and Lessig.

Now (unsurprisingly), Liberation has settled, admitting that it was wrong. It has paid a confidential sum to EFF to cover costs and pay for future work defending the rights of people whose work is censored from Youtube by bogus copyright claims. It has also promised to fix the way it polices its copyright.

The best part is the statement released by Phoenix, who were apparently aghast to learn that their label was so reactionary when it came to remixing and fair use. It's amazing to see a band bust out statements like "One of the great beauties of the digital era is to liberate spontaneous creativity - it might be a chaotic space of free association but the contemporary experience of digital re-mediation is enormously liberating."

Click through for the whole thing, it's amazing.

Read the rest

Report from Trustycon: like RSA, but without the corruption


Seth Rosenblatt reports from Trustycon, the conference formed as a protest against, and alternative to the RSA security conference. RSA's event is the flagship event in the security industry, but the news that RSA had accepted $10M from the NSA to sabotage its own products so that spies could break into the systems of RSA customers led high profile speakers like Mikko Hypponen to cancel their appearances at the event.

Trustycon sold out, raised $20,000 for the Electronic Frontier Foundation, and, most importantly, got key members of the security industry to come to grips with the question of improving network security in an age when spy agencies are spending hundreds of millions of dollars every year to undermine it.

Read the rest

American citizen and EFF sue Ethiopian government for installing British spyware on laptop

A US citizen had government-grade spyware placed on his laptop by the Ethiopian government, who proceeded to monitor his Skype calls, instant messages, and his whole family's Internet use. Finspy, the software the Ethiopian regime used was provided by Gamma Group, a British company that makes and sells spyware exclusively to governments. They attacked the US citizen's computer while he was in the USA.

The victim of the attack -- who is being called "Mr. Kidane" in order to protect his family in Ethiopia -- is suing the Ethiopian government in a US court, and is represented by the Electronic Frontier Foundation.

Read the rest

Podcast: EFF, Trustycon, and The Day We Fight Back

Nathan sez, "This is Episode 9 of Embracing Disruption Podcast (EDP). In this episode I interview April Glaser from the EFF. We talk about internet activism, the EFF, TrustyCon, and The Day We Fight Back."

009 EFF, TrustyCon, and The Day We Fight Back

EFF's HTTPS Everywhere + Firefox = most secure mobile browser

Peter from the Electronic Frontier Foundation writes, "Over at EFF, we just released a version of our HTTPS Everywhere extension for Firefox for Android. HTTPS Everywhere upgrades your insecure web requests to HTTPS on many thousands of sites, and this means that Firefox on Android with HTTPS Everywhere is now by far the most secure browser against dragnet surveillance attacks like those performed by the NSA, GCHQ, and other intelligence agencies."

I installed it today.

Read the rest