Truthful security disclosures should always be legal. Period.

After a week of blockbuster security revelations from Defcon it's important to take a step back and address the ongoing battle by companies to seize a veto over who can reveal defects in their products. Read the rest

Bad infrastructure means pacemakers can be compromised before they leave the factory

It's been ten years since the first warnings about the security defects in pacemakers, which made them vulnerable to lethal attacks over their wireless links, and since then the news has only gotten worse: one researcher found a way to make wireless pacemaker viruses that spread from patient to patient in cardiac care centers, and the medical device makers responded to all this risk by doubling down on secrecy and the use of proprietary code. Read the rest

Google DRM for Email can be disabled by ticking a few boxes in Firefox

Last week, I linked to a critique of Google's new "confidential mode" for Gmail and Google Docs, which purports to allow you to send people documents without letting them print, copy or forward them. Read the rest

DRM, the World Cup, and what happens when a red team plays a green team

Before the W3C green-lit its DRM for web-video, we at EFF made a plea to allow bypassing the DRM to add accessibility features like shifting colors to accommodate color-blind people; the leadership dismissed the idea as a mere nice-to-have that companies could be relied on to fix themselves. Read the rest

How do we fix IoT security without blocking interoperability and creating monopolies?

Jonathan Zittrain (previously) writes, "There’s reason to worry about security for the ever-growing Internet of Things, and it’ll be tempting to encourage vendors to solely control their devices that much more, limiting interoperability or user tinkering. There are alternatives - models for maintaining firmware patches for orphaned devices, and a 'Faraday mode' so that iffy devices can still at least partially function even if they’re not able to remain safely online. Procrastination around security has played a key role in its success. But 'later' shouldn’t mean 'never' for the IoT." Read the rest

My science fiction story about EFF's proposed jailbreaking exemption

Every three years, the US Copyright Office lets the public beg for limited exemptions to Section 1201 of the Digital Millennium Copyright Act, which bans bypassing DRM, even in your own property, even for strictly legal reasons. Read the rest

Mur Lafferty wrote a science fiction story about the DMCA to help EFF's fair use for vidders campaign

Every three years, the US Copyright Office asks America about the problems with Section 1201 of the DMCA, which bans breaking DRM even for legal reasons, and America gets to answer with requests for exemptions to this rule. Read the rest

John Scalzi wrote a science fiction story about the DMCA to help EFF's Right to Repair campaign

Every three years, the US Copyright Office asks America about the problems with Section 1201 of the DMCA, which bans breaking DRM even for legal reasons, and America gets to answer with requests for exemptions to this rule. Read the rest

Three artificial pancreases: a special trio of Catalog of Missing Devices entries

EFF has just published an update to its Catalog of Missing Devices (a catalog of things that don’t exist thanks to the chilling effects of Section 1201 of the DMCA): a trio of ads for future artificial pancreas firmwares that illustrate the way that control over devices can magnify or correct power imbalances.

Read the rest

Mashup Maker: Another entry for the Catalog of Missing Devices

EFF supporter Benjamin McLean was kind enough to send along his "Mashup Maker" as a new entry to EFF Catalog of Missing Devices, a tour through some of the legitimate, useful and missing gadgets, tools and services that don't exist but should. They're technologies whose chance to exist was snuffed out by Section 1201 of the Digital Millennium Copyright Act of 1998, which makes tampering with "Digital Rights Management" into a legal no-go zone, scaring off toolsmiths, entrepreneurs, and tinkerers. Read the rest

EFF and iFixit are hosting a Reddit AMA on jailbreaking TOMORROW at 11AM Pacific

Join me, EFF attorney Kit Walsh and iFixit's Kyle Wiens -- along with special guests! -- in a Reddit Ask Me Anything session tomorrow (Thursday) from 11AM-3PM Pacific; we'll be talking about the upcoming Copyright Office hearings on creating exceptions to the DMCA to make room for independent repair and security research. We'll be live here at 11AM tomorrow! Pass it on. Read the rest

More DRM-bustin' stuff for the Catalog of Missing Devices, courtesy of EFF supporters

When EFF launched its Catalog of Missing Devices, we invited EFF supporters to come up with their own ideas for gadgets that should exist, but don't, because the Digital Millennium Copyright Act bans breaking DRM, even for the most legitimate of purposes. Read the rest

A detailed, cross-disciplinary syllabus for a "Cybersecurity Law and Policy" graduate course

University of Texas law professor Bobby Chesney has developed a detailed syllabus for a course in "Cybersecurity Foundations: Law, Policy, and Institutions" that is aimed at grad students from law, business, engineering, and computer science. Read the rest

Dropbox has some genuinely great security reporting guidelines, but reserves the right to jail you if you disagree

Dropbox has published a set of guidelines for how companies can "encourage, support, and celebrate independent open security research" -- and they're actually pretty great, a set of reasonable commitments to take bug reports seriously and interact respectfully with researchers. Read the rest

A proposal to stop 3D printers from making guns is a perfect parable of everything wrong with information security

Many people worry that 3D printers will usher in an epidemic of untraceable "ghost guns," particularly guns that might evade some notional future gun control regime that emerges out of the current movement to put sensible, minimal curbs on guns, particularly anti-personnel guns. Read the rest

Vendor lock-in, DRM, and crappy EULAs are turning America's independent farmers into tenant farmers

"Precision agriculture" is to farmers as Facebook is to publishers: farmers who want to compete can't afford to boycott the precision ag platforms fielded by the likes of John Deere, but once they're locked into the platforms' walled gardens, they are prisoners, and the platforms start to squeeze them for a bigger and bigger share of their profits. Read the rest

Lobbyists release push-poll in an effort to tank Right to Repair bills and control independent security research

The Security Innovation Center is a lobbying group backed by CompTIA, CTIA, TechNet and the Consumer Technology Association for the express purpose of fighting laws that would legalize repairing your own property, or choosing to have it repaired by third parties. Read the rest

More posts