http://www.secuobs.com Observatoire de la securite Internet fr webmaster@secuobs.com 2012-07-02 18:24:28 - Deeplinks : Today, EFF joins an broad, international coalition of civil society groups calling on elected officials to sign the new Declaration of Internet Freedom and uphold basic rights in the digital world The Declaration is simple it offers five core principles that should guide any policy relating to the Internet stand up for online free expression, openness, access, innovation and privacy Sign it here For too long in the US, Congress has attempted to legislate the Internet in favor of big corporations and heavy-handed law enforcement at the expense of its users basic Constitutional rights Netizens strong desire to keep the Internet open and free has been brushed aside as naïve and inconsequential, in favor of lobbyists and special interest groups Well, no longer That all changed on January 18th when users around the country joined together in protest of the Stop Online Piracy Act SOPA the misguided copyright legislation that would have allowed for censorship of broad swaths of the Internet, while stifling innovation and threatening Internet security SOPA, though its passage was once characterized as inevitable by the deep-pocketed content industry, was stopped in its tracks when millions of ordinary citizens told their representatives in one voice Don t mess with the Internet Why were Internet users so empowered for the first time For one reason, Internet freedom now affects virtually all of the American public young and old given the web s importance to everyone s daily life It s also nonpartisan elected officials from both sides of the aisle worked together to stop SOPA Members of Congress in both parties now need to compete for the bragging rights as Internet defenders instead of taking every opportunity to erode ordinary users rights Put simply, Internet freedom is now an election issue and candidates for elected office must treat it as such But while the power Internet users possess to shape public policy has never been greater, unfortunately, digital civil liberties have never been under more threat from Congress SOPA was just the first of many pieces of legislation that Congress has debated this year with potential consequences for the Internet and digital civil liberties A month ago, the House of Representatives passed CISPA, a bill intended to address cybersecurity concerns, but which carves out a giant exception to all existing privacy laws, allowing companies to hand over your communications to the government voluntarily without a warrant The Senate is currently debating their version and needs your input The FBI also wants Congress to pass an expansion of CALEA also known as the Internet wiretapping law that would force Internet companies to install backdoors into all their services so that the government can get real time access to Facebook private messages, email conversations and Skype calls The FISA Amendments Act which gutted privacy protections of Americans emailing overseas in the wake of the NSA warrantless wiretapping program is also up for renewal this year Congress has so far refused to reform the bill, despite evidence it has allowed dragnet surveillance of American citizens communications without a warrant Rep Lamar Smith, the author of SOPA, has proposed a data retention bill, requiring every ISP to keep data on individual Internet users not suspected of any crime and allow law enforcement access to it Other members of Congress have called for charges against WikiLeaks that threaten online press freedom And don t forget, according to the MPAA s chief lobbyist Chris Dodd, SOPA 20 may be around the corner Meanwhile, positive Internet legislation has been all but ignored Patent reform is desperately needed to stop crippling lawsuits that are stifling software innovation The Electronic Communications Privacy Act the primary law which governs email was written before the world wide web even existed, and Congress has yet to update it to give warrant protections that has always been given to physical letters Similarly, a bill requiring a warrant for cell phone and GPS tracking has been stuck in committee for years, despite the Supreme Court recently ruling that attaching a GPS device to a car with no court oversight is unconstitutional The Global Online Freedom Act also has yet to see a floor vote, and positive cybersecurity or copyright legislation is nowhere to be seen Many international lawmakers have similarly attempted to legislate away Internet freedoms, and EFF will explain in more detail in the coming days, the pledge can also be used to positively affect the Internet globally But right now, we are asking for your help in getting Congress to respect digital civil liberties and work for the Internet rather than against it Sign the Declaration of Internet Freedom so we all can build a movement for a censorship-free, open, and innovative Internet You can also join the conversation on Reddit and propose your own changes But most importantly, at the next 2012 election campaign stop in your hometown, hand it to candidates running for office and ask them to sign it Tell your member of Congress Pledge to uphold the Declaration of Internet Freedom In the digital age, their election may depend on it Related Issues Free SpeechInnovationIntellectual PropertyInternet Blacklist LegislationPrivacy Share this Share on Twitter Share on Facebook Share on Google Share on Identica Share on Diaspora Join EFF http://www.secuobs.com/revue/news/384992.shtmlhttp://www.secuobs.com/revue/news/384992.shtml Secuobs.com : 2012-07-02 05:11:02 - Deeplinks - In the latest twist in a bizarre lawsuit targeting The Oatmeal creator Matthew Inman and his BearLove Good, Cancer Bad fundraising campaign in support of the American Cancer Society and the National Wildlife Federation, attorney Charles Carreon has run to court to try to stop the distribution of the fund Today, with the help of EFF and co-counsel Venkat Balasubramani, Inman fought back with an opposition to Carreon's demand for a temporary restraining order Inman started his campaign last month as part of his response to a legal threat letter he received from the website FunnyJunk In 2011, Inman published a blogpost condemning FunnyJunk for posting hundreds of his comics without crediting or linking back to The Oatmeal A year later, Carreon the attorney for FunnyJunk served Inman with a letter claiming the post was defamatory and demanding The Oatmeal pay 20,000 and agree to never speak the words Funny Junk again Inman crafted a humorous and creative response, publicly annotating the cease and desist letter with a scathing critique of its facts and logic He could have stopped there, but he also tried to make some good come of the situation Instead of paying the baseless demand, Inman decided instead to ask people to give money to Operation BearLove Good, Cancer Bad As he explained Instead of mailing the owner of FunnyJunk the money, I'm going to send the above drawing of his mother I'm going to try and raise 20,000 and instead send it to the National Wildlife Federation and the American Cancer Society I m hoping that philanthropy trumps douchebaggery and greed The Internets stood up and cheered, the campaign on Indiegogo met its initial goal of 20,000 in 64 minutes, and over 100,000 in the first day Incensed, Carreon demanded that Indiegogo put a stop to the campaign, but the crowdsourcing website refused to halt the fundraiser So Carreon filed suit - against Inman, Indiegogo, the two charities and later, for good measure, the California Attorney General Nevertheless, the campaign continued, raising over 200,000 for NWF and ACS So what is standing in the way of getting that money to the good folks who protect bears and fight cancer Carreon, and his outrageous demand for a temporary restraining order, filed yesterday Why outrageous Let us count the ways Carreon's claim runs contrary to the Constitution As Carreon is well aware, freedom of speech is a cornerstone of our legal system Carreon wants the court to shut down Inman's speech a comic response to the letter Sorry, Charlie, the First Amendment protects Inman's right to challenge your legal threat Carreon is wrong on the law Carreon based his claim on the notion that Inman, a full-time webcomic artist based in Seattle, violated false advertising law because he was allegedly required to register with the California Attorney General as a professional fundraiser No, Inman is not a commercial fundraiser and not required to register, and he certainly did not falsely advertise to anyone that he was registered Ten bucks may help bears and fight cancer, but it doesn't give Carreon control of the funds The night before Carreon filed suit, he donated 10 to Operation BearLove Good, Cancer Bad, claiming this gave him standing to stop the distributiuon of the money, and keep Inman from taking the photo of cash The law does not permit this A TRO would only cause undue delay Carreon claims he needs to take control and put the money in a charitable trust for the charities Yet all his gamesmanship would do is delay the money for the charities - much of which has already been sent There simply is no basis for the court to get involved There are many other reasons, explained in detail in our opposition Indiegogo has also opposed the restraining order, expaining why the suit should never have been brought against them in the first place Related Issues Free SpeechBloggers' Rights Share this Share on Twitter Share on Facebook Share on Google Share on Identica Share on Diaspora Join EFF http://www.secuobs.com/revue/news/384863.shtmlhttp://www.secuobs.com/revue/news/384863.shtml Secuobs.com : 2012-06-30 02:25:51 - Deeplinks - Since last year, a few members of Congress led by Senator Ron Wyden have been trying to get the Obama administration to answer a simple question how many Americans phone calls or emails have been and are being collected and read without a warrant under the authority of the FISA Amendments Act of 2008 FAA Unfortunately, no one else in the government seems to want that question answered The question arose soon after Congress passed the FAA, which among other things sought to create immunity for telecoms that helped the NSA conduct warrantless wiretapping and gutted privacy protections for Americans communicating overseas A New York Times investigation described how, under the FAA, a significant and systemic practice of overcollection of communications resulted in the NSA s intercepting millions of purely domestic emails and phone calls between Americans In addition, documents obtained via a Freedom of Information Act request by the ACLU, although heavily redacted, revealed that violations of the FAA and the Constitution continued to occur on a regular basis through at least March 2010 the last month anyone has public data for The FISA Amendments Act is currently up for renewal, and Sen Wyden, along with Sen Mark Udall, wants the NSA answer questions about these violations before Congress extends the law for five more years We have concluded that section 702 of the Act currently contains a loophole that could be used to circumvent traditional warrant protections and search for the communications of a potentially large number of American citizens, the Senators alleged Yet not only have changes not been made to the law to address this vital concern, but the administration refuses to give the Senators any information on whether they're correct Back in July 2011, the Office of the Director of National Intelligence told them it is not reasonably possible to identify the number of people located in the United States whose communications may have been reviewed under the FAA Well, what about just a rough estimate Last week, the Inspector General of the Intelligence Community officially responded for himself and the NSA Inspector General such an estimate was beyond the capacity of his the NSA IG s office and dedicating sufficient additional resources would likely impede the NSA s mission Then, almost unbelievably, the NSA IG excused itself further from oversight by saying that an IG review of the sort suggested would itself violate the privacy of US persons That s right The government says that it would violate Americans privacy for the NSA s inspector general to estimate how many Americans privacy have been violated by the NSA The loophole that Wyden is likely talking about appears to be so-called back door searches As Wyden explains it, since communications are sucked up without an individual warrant under the FAA, there must be clear rules prohibiting the government from searching through these communications in an effort to find the phone calls or emails of a particular American, unless the government has obtained a warrant or emergency authorization permitting surveillance of that American The Senate Select Committee on Intelligence SSCI rejected an amendment stating that as well SSCI chairman Dianne Feinstein insisted no such loophole existed, but still refused to support the amendment that would have cleared up any ambiguity In response, Sen Ron Wyden commendably put a hold on the FAA s reauthorization in the Senate a procedural maneuver that will at least temporarily keep the bill from going forward without debate citing the potential massive privacy violations that the government will not explain to the American public Unfortunately, the House has so far refused to compel such information as well Two weeks ago, the House Judiciary Committee passed the re-authorization of the FISA Amendments Act 23-11, yet voted down all amendments that would have forced the government to be more transparent about the communications it had collected Rep Jackson-Lee s amendment similar to Sen Wyden s request for an estimate on how many times Americans emails have been read without a warrant was rejected, despite testimony from ACLU s Jameel Jaffer laying out all the evidence that dragnet surveillance of American's communcations was rampant The Judiciary committee also rejected an amendment requiring the release of redacted FISA rulings which are all classified and a shorter re-authorization period Yesterday, the House Permanent Select Committee on Intelligence HPSCI did the same thing, unanimously voting to extend the law for five years as well again, with no known changes and in secret These bills both still need to be voted on by the full House and Senate before going to the President s desk, and without amendments adding robust oversight, transparency, and privacy protections, they should be voted down Please call your member of Congress and tell them you strenously oppose the reauthorization of the FISA Amendments Act Related Issues NSA Spying Share this Share on Twitter Share on Facebook Share on Google Share on Identica Share on Diaspora Join EFF http://www.secuobs.com/revue/news/384709.shtmlhttp://www.secuobs.com/revue/news/384709.shtml Secuobs.com : 2012-06-29 20:33:08 - Deeplinks - Senator Rockefeller dismisses cybersecurity claims as red herring At a hearing yesterday, the Senate Commerce Committee took up the issue of online tracking, the browser-based Do Not Track flag, and, in an unlikely turn of events, cybersecurity The hearing included testimony from Ohio State University Law School s Prof Peter Swire, Mozilla s Alex Fowler, the Association of National Advertisers Bob Liodice, and TechFreedom s Berin Szoka While there were a number of heated moments in the hearing, the most surprising was the advertising industry s claim that respecting consumer choice will harm cybersecurity This new argument from the advertising industry only raises more concerns for the civil liberties implications of online tracking and was, as Rockefeller aptly noted, little more than a red herring Quick Recap What s Do Not Track and What s at Stake Do Not Track is a signal that users can set in their browsers to tell websites they don t want their online web browsing tracked by companies with whom they have no relationship Momentum for Do Not Track has been building over several years, inspired in part by high-profile privacy scandals as well as a comprehensive expose series by the Wall Street Journal showing that the nation's 50 top websites on average installed 64 pieces of tracking technology onto the computers of visitors, usually with no warning Do Not Track has been endorsed by the FTC and is the cornerstone of legislation proposed by Senator Rockefeller The Digital Advertising Alliance DAA , an advertising industry consortium, has adopted principles for online data collection that fall far short of Do Not Track According to Prof Swire s written testimony, the exceptions in the 2011 DAA principles are so open-ended that I have not been able to discern any limits on collection under them For example, he notes that the market research exemption includes research about consumers, which would seem to include keeping track of every click made by a consumer Senate hearing industry argues tracking necessary for cybersecurity The issue of cybersecurity arose when the advertising industry s Bob Liodice struggled under questioning from Senator Rockefeller Abandoning the meme that the advertising industry was adequately self-regulating to assuage the privacy concerns of users, Liodice switched tactics and began to argue that widespread data collection about our everyday Internet browsing habits was necessary for cybersecurity When asked whether this included issues such as online sexual predators and identity theft, Liodice agreed Frankly, we re puzzled by the purported connection between online behavioral tracking for advertising industry purposes and online sexual predators or ID theft But Liodice s argument raises a larger point As a society, we re currently grappling with the role we want our online service providers to play in policing our Internet activity Whether it s efforts to turn registrars into copyright police, asking ISPs to collect data on Internet users not accused of any crime, or letting companies share sensitive data with the government without a warrant, the digital age has raised a plethora of questions about the role of intermediaries working with the government In yesterday s Senate hearing, we heard the advertising industry admit that their near-ubiquitous online tracking program is being used for issues that are the purview of law enforcement That raises a host of questions all on its own, but one thing is certain with these statements we have even more reason to stand up for a surveillance-free Internet Senator Rockefeller was skeptical about the advertising industry s claims that they needed to engage in pervasive online tracking for cybersecurity purposes In response to Liodice s pronouncement, he stated I just want to declare the whole cybersecurity matter a total red herring We certainly agree that strong cybersecurity does not necessitate surveillance of our online browsing habits by unaccountable third parties And it s also important to note that the DNT compromise proposal that EFF, Stanford, and Mozilla submitted to the W3C creates a special exception for security and click-fraud At the end of they day, strong cybersecurity is not antithetical to online privacy In an open letter to Congress, prominent academics, experienced engineers, and cybersecurity professionals stated this unequivocally We take security very seriously, but we fervently believe that strong computer and network security does not require Internet users to sacrifice their privacy and civil liberties If you re worried about Congress s attempts to undermine our online privacy through misguided cybersecurity programs, please send them an email through our action center asking them to safeguard our online privacy in the cybersecurity debates Also check out the EFFLive Twitter account for more coverage of yesterday s hearing and our Do Not Track page to read more about online tracking If you haven t done so already, here s a quick guide to turning on Do Not Track Related Issues PrivacyDo Not TrackOnline Behavioral Tracking Share this Share on Twitter Share on Facebook Share on Google Share on Identica Share on Diaspora Join EFF http://www.secuobs.com/revue/news/384649.shtmlhttp://www.secuobs.com/revue/news/384649.shtml Secuobs.com : 2012-06-29 03:47:29 - Deeplinks - Crossposted from Techpresident We are living in an era where transparency be it from government, corporations, or individuals has come to be expected As such, social media platforms have come under scrutiny in recent years for their policies around content moderation, but perhaps none have received as much criticism as Facebook The platform, which boasts 900 million users worldwide, has been the object of ire by LGBT rights advocates, Palestinian activists and others for its seemingly arbitrary methods of content moderation The platform s policies are fairly clear, but the manner by which its staff chooses to either keep or delete content from the site has long seemed murky until now Recently, Facebook posted an elaborate flow chart dubbed its Reporting Guide, demonstrating what happens when content is reported by a user For example, if a Facebook user reports another user s content as spam, the content is referred or escalated to Facebook s Abusive Content Team, whereas harassment is referred to the Hate and Harassment Team There are also protocols for referring certain content to law enforcement, and for warning a user or deleting his or her account Facebook should be commended for lending transparency to a process that has long come under criticism for its seeming arbitrariness Such transparency is imperative to help users understand when their behavior is genuinely in violation of the site s policies for example, several activists have reported receiving warnings after adding too many new friends too quickly, a result of a sensitive spam-recognition algorithm Awareness of that fact could help users modify their behavior so as to avoid account suspension Nevertheless, the fact remains that the concept of community reporting on which Facebook heavily relies is inherently problematic, particularly for high-profile and activist users of a site Whereas an average user of Facebook might be able to get away with breaking the rules, a high-profile user is not only more likely to be reported by sheer virtue of his high profile but may in fact be the target of an intentional campaign to get him banned from the site Such campaigns have been well-documented in one instance, a Facebook group was set up for the sole purpose of inciting its members to report Arab atheist groups for violating the site s policies, a strategy that proved successful in taking at least one such group down Similar campaigns have been noted in other contexts The problem is also apparent when viewed through the context of Facebook s real name rule Chinese journalist Michael Anti, whose real name is Jing Zhao, found himself banned from the platform in 2011 after being reported for violating the policy Although Anti has used his English name for more than ten years, including as a writer for the New York Times, he was nonetheless barred from doing so on Facebook At the time, however, there were a documented 500 individuals with accounts under the name of Santa Claus Though these contradictions still exist, it s clear that Facebook is working to improve both its policies and processes After all, it was only a short time ago that users violating the site s terms of service were met with account deletion and a terse message stating that the decision was final Now, users receive warnings, guidance on behavior modification, and an opportunity to appeal all significant improvements Facebook also recently joined the Global Network Initiative as an observer This should, hopefully, guide the company toward more transparency and accountability As Facebook grows, monopolizing more and more of the social media landscape, its methods of content moderation will become increasingly difficult to scale The company runs the risk of alienating users from its community, and may want to consider loosening up on some of its policies lest enforcement become untenable Related Issues Free SpeechNo Downtime for Free SpeechSocial NetworksTransparency Share this Share on Twitter Share on Facebook Share on Google Share on Identica Share on Diaspora Join EFF http://www.secuobs.com/revue/news/384511.shtmlhttp://www.secuobs.com/revue/news/384511.shtml Secuobs.com : 2012-06-29 03:04:10 - Deeplinks - Several governments are pushing for proposals that seek to draw borders around the global Internet With big decisions at stake, it s critical that Internet users understand the threats and have a meaningful say in the final outcome At a panel held in Washington, DC June 26 to highlight global threats to Internet governance, much of the discussion revolved around multistakeholder processes, or the involvement of all stakeholders in Internet policy making discussions on equal footing Hosted by the National Endowment for Democracy and the Center for International Media Assistance, the forum brought together Emma Llansó of the Center for Democracy and Technology Rebecca MacKinnon of the New America Foundation Emin Milli of the University of London and EFF s own Katitza Rodriguez As several panelists pointed out, there s still a long way to go before millions of Internet users can truly achieve representation in intergovernmental forums It is at these largely inaccessible conventions that standards affecting the future of the Internet come into play and are ultimately determined While some intergovernmental bodies, like the Organization for Economic Cooperation and Development OECD , have officially embraced the concept of including a range of stakeholders in the decision-making process, other treaty-writing organizations fail to incorporate the views of anyone outside the exclusive circles of government officials or the powerful corporate players that hold influence at high levels One such meeting on the horizon has generated widespread concern among Internet freedom advocates A United Nations agency known as the International Telecommunication Union ITU is now in the process of hosting regional meetings to prepare for a December forum, the World Conference on International Telecommunications WCIT , where governments will revise the ITU s underlying treaty establishing global telecommunication standards Civil society organizations are worried that at this event, representatives from world governments will endorse flawed proposals that, if approved, would grant the ITU a stronger role over Internet governance The final decisions will be made when the ITU s 193 member states cast their votes EFF is concerned that the definitions of the ITRs could be amended to include Internet services or cyber-security as part of international telecommunication EFF joined civil society groups in taking the ITU to task last month for a lack of transparency surrounding its conference preparations Internet governance is about who gets to participate in the decision-making about Internet policy and technology, and how that participation happens, noted Llansó, of CDT, during the panel discussion It remains clear that the ITU and other intergovernmental efforts lack the transparency and inclusiveness that is characteristic of the multi-stakeholder model EFF s Katitza Rodriguez pointed out that the current multistakeholder system of Internet governance, even at its best, is not ideal Human rights must form the baseline for any multi-stakeholder Internet policy-making, current processes do not guarantee human rights will be respected and maximized, Rodriguez said Multi-stakeholder processes are still a work in progress, she noted In a broader Internet governance context, still a large part of the world s population feels excluded from international Internet policy making venues The problem worsens when bad Internet policies are imposed upon the world by a handful of powerful governments MacKinnon echoed this idea, noting it s important to be inclusive If the multistakeholder model will survive continued challenges, the people who dominate Internet governance processes need to do more work diversifying, she said You have to bring the people who are the most vulnerable and the most affected Just getting a broad group of stakeholders to the table is only half the battle the greater challenge lies in ensuring that there are opportunities for meaningful contribution and that a variety of priorities are taken into account and integrated into the final framework Moderator Susan Morgan noted that the upcoming WCIT, the ITU s treaty-writing event, surely isn t the last international forum where civil society will have to react to attempts to manipulate global Internet governance In the broader context, we mustn t forget that this is about individuals, she noted, referring to the Internet users whose experience could be impacted if new international standards are approved The real challenge from here on out, she added, lies in figuring out how to get more people engaged Related Issues International Share this Share on Twitter Share on Facebook Share on Google Share on Identica Share on Diaspora Join EFF http://www.secuobs.com/revue/news/384506.shtmlhttp://www.secuobs.com/revue/news/384506.shtml Secuobs.com : 2012-06-29 00:04:15 - Deeplinks - Photo Tag Suggest, Tag My Face, Klik, FaceLook, Age Meter, FaceLock, and Visidon AppLock the list grows by the day These recent online and mobile applications apply face recognition technology to photos of individuals to identify or categorize them or to verify their identities While often fun and convenient for users, these applications also raise privacy concerns for the individuals whose data is collected and used in the process Face recognition in online applications is particularly problematic as personal data in these applications is sometimes used out of context by employers and law enforcement Therefore, European privacy officials opinion recommending various privacy practices for these applications could not have come at a better time Last summer, the Article 29 Working Party an advisory body formed under the EU Data Protection Directive initiated an investigation into this issue in response to Facebook s European launch of its face recognition technology Given the many new face recognition applications subsequently launched, the opinion wisely does not focus on Facebook and instead provides general recommendations on how the EU Data Protection Directive applies to automatic face recognition in online and mobile applications The Directive requires EU countries to adopt privacy protections for the automatic processing of personal data, which according to the opinion includes both photos from which individuals can be identified and the measurements of their facial features As face recognition technology automatically processes photos and measurements to identify or categorize individuals, it is subject to the Directive A provider using automatic face recognition in its online service or mobile application must therefore notify the individuals that they will be identified with this technology and seek their permission The opinion clarifies that informed consent cannot be obtained simply by providing opt-out settings, although those settings are still important to ensure that individuals can easily retract their consent Terms and conditions that discuss the face recognition process are also insufficient except if the main purpose of the application is face recognition But a face recognition app may still need to get specific permission from the individuals in the photos if it uses photos or facial measurements from another application, such as a general-purpose social network Notably, a person cannot consent to face recognition by simply uploading a photo to an application because the person may not anticipate that the photo will be used for this purpose and the photo could contain personal data of other individuals But the opinion also recognizes that strictly requiring informed consent would downright prohibit many novel uses of the technology For example, a social network provider may not know whether an individual in a photo has consented to the automatic recognition until it identifies her In that situation, the provider may initially process the photo to determine whether the individual has consented, but must delete all the resulting data if it turns out that there was no consent from that individual The provider may also have to encrypt its data if that is necessary for its security While clarifying how the Directive applies to the novel uses of face recognition in online and mobile applications, the opinion seeks to provide some flexibility to avoid banning certain applications As it does not focus on any particular application, it may potentially also provide guidance for future innovation in this area Stay tuned as EFF continues covering this issue Share this Share on Twitter Share on Facebook Share on Google Share on Identica Share on Diaspora Join EFF http://www.secuobs.com/revue/news/384487.shtmlhttp://www.secuobs.com/revue/news/384487.shtml Secuobs.com : 2012-06-28 19:38:31 - Deeplinks - Hackers On Planet Earth HOPE , one of the most creative and diverse hacker events in the world HOPE Number Nine will be taking place on July 13, 14, and 15, 2012 at the Hotel Pennsylvania in New York City Several EFF staffers from the legal, tech, and activism teams will be giving presentations Here is a round-up of talks you should make sure not to miss Destroying Evidence Before It's Evidence Hanni Fakhoury, Staff Attorney Friday 5 00pm Sassaman Room Covering your tracks out of fear of getting caught with your hands in the digital cookie jar can sometimes get you in more trouble than whatever crime the feds think you may have committed in the first place This presentation identifies three specific scenarios where the act of trying to cover your digital footprints - oftentimes in innocuous and legal ways - can get you into trouble the nebulous crime of anticipatory obstruction of justice, which can cover something as mundane as deleting an email before you re even suspected of committing let alone charged with a crime the ever-expanding Computer Fraud and Abuse Act, which has been stretched to cover things that are neither fraudulent nor abusive and the potential problems with encryption The presentation will conclude with some ways you can protect yourself that can help minimize claims that you obstructed justice Nymwars Fighting for Anonymity and Pseudonymity on the Internet Eva Galperin, International Freedom of Expression Coordinator Friday 7 00pm Sassaman Room The last year has seen an Internet-wide debate over real names, pseudonyms, and anonymity online, especially on social networks and in the comment sections of blogs and newspapers Facebook has required users to use their real names from the very beginning and newspapers have increasingly embraced the same requirement for commenting on their websites Proponents of real name policies cite increased civility and quality of content But pseudonymity and anonymity have a long history in public discourse, and they are essential for privacy and speaking truth to power This talk will examine the debate over anonymity and pseudonymity online, with a focus on Facebook and the Arab Spring, and Google Plus and Nymwars Protecting Your Data from the Cops Marcia Hofmann, Senior Staff Attorney Saturday 11 00am Dennis Room What should you do if the police show up at your door to seize your computer If they ask for passwords or passphrases, do you have to turn them over Can they search your phone if they arrest you during a protest What about when you re crossing the border Your computer, phone, and other digital devices hold vast amounts of sensitive data that s worth protecting from prying eyes - including the government s The Constitution protects you from unreasonable government searches and seizures, but how does this work in the real world This talk with help you understand your rights when officers try to search the data stored on your digital devices, or keep it for further examination somewhere else The constitutional protections that you have in these situations, and what their limits are will be discussed, along with technical measures you can take to protect the data on your devices Privacy Tricks for Activist Web Developers Micah Lee, Web Developer Saturday 3 00pm Nutt Room Do you care about the privacy of your website s visitors, but also depend on social media to get your message out Do you want to protect your visitors anonymity in case you or a third party service you use gets subpoenaed Do you want to be able to get meaningful and pretty analytics without third parties tracking your visitors Can some kid in a coffee shop really hijack your users accounts that easily Chances are Google, Facebook, and Twitter know as much about your website s visitors as you do, IP addresses and user agents are sprinkled about your server s filesystem, Google Analytics is watching everyone s every move, and some kid in a coffee shop is already pwning your users But it doesn t have to be this way This technical talk will cover tricks that web developers and sysadmins can use to minimize the privacy problems that plague the modern web Pwn the Drones A Survey of UAV Hacks and Exploits Trevor Timm and Parker Higgins, Activsts Saturday 4 00pm Dennis Room Drones are no longer a scary possible future of surveillance and remote force - they re here Internationally, drones are being deployed for military action and observation At home, police departments, border patrols, and others are acquiring UAVs and developing programs to fly them there s even talk about adding less lethal arms to these domestic drones Think Tasers and rubber bullets shot from the sky But a series of alarming events over the past few years have demonstrated that many of these unmanned vehicles are dangerously vulnerable to exploits, leading to intercepted data, flight failures, and even remote takeovers In this talk, Parker and Trevor will explain the privacy and security implications of some of the most sensational drone exploits and the weaknesses that enabled them They ll also go over the work of communities and individuals that have been hacking drones from scratch, and what their efforts mean for our future understanding and regulation of drones Cell Site Location Data and Nontrespassory Surveillance after US v Jones Hanni Fakhoury, Staff Attorney Sunday 3 00pm Dennis Room With the rise of smartphones, the government s use of cell site location data to pinpoint our exact location has grown more widespread and precise over time For years, courts permitted the government to get this location data without a search warrant And judges that fought against the government s attempts at getting this data were met with an unfortunate reality of Fourth Amendment jurisprudence we don t have any privacy in data we turn over to third parties, like cell phone providers The US Supreme Court s recent decision in US v Jones however, presented a sea change in the law of warrantless surveillance, calling into question the future viability of the third party doctrine This talk will review the law of location data, go in depth into how Jones calls this law into question, and conclude with the steps we need to take in the future in order to safeguard our privacy Share this Share on Twitter Share on Facebook Share on Google Share on Identica Share on Diaspora Join EFF http://www.secuobs.com/revue/news/384440.shtmlhttp://www.secuobs.com/revue/news/384440.shtml Secuobs.com : 2012-06-28 19:38:31 - Deeplinks - Protect Coders' Rights D EFF CONtestants have until Wednesday, July 4, 2012 at 11 59 59 PM PDT to claim one of the top prizes in our third annual DEF CON fundraising contest Included with this year's l33t loot for the top three a stay at the Rio Hotel and Casino, DEF CON 20 Human Badges, Ninja Party badges, and passes to theSummit In addition, every D EFF CONtestant who encourages their peers to raise at total of 500 or more will automatically receive a limited edition EFF DEF CON 20 Script Kitty t-shirt So far, D EFF CONtestants have raised more than 5,000 to promote Coders' Rights and support freedom for all Why should you care about funding digital civil liberties protection Donations to EFF make a difference Every membership helps us advocate for online freedom and shed light on unjust policies in the US, in the European Union, and all over the world Right now nearly 20,000 EFF donors are sustaining significant work ranging from our patent reform campaign to fighting warrantless surveillance to the defense of online comic artist Matthew Inman of The Oatmeal You ensure that EFF is there when we all need it And the swag is pretty sweet, too It's your last chance to get the exclusive DC20 Script Kitty t-shirt online because after the contest, they're coming down How can you help the cause Start by visiting any one of the D EFF CONtest team pages and clicking the Donate Now button WiredScience Wind The Holy Handgrenades Teamslack Team Yogert Team Tardigrade Team Rocket Team JAIT Team Frabulous Team Cetus Seeds of Epiphany Right to Encrypted Content Liberation Movement Pixel Open Doors NotSurveil lanrofl Joshua Spain InfoSec Daily Podcast ISDPodcast https Lockbincom foolishBoys EMBX DefBluzCatz dc404 Calyx Institute C3KC Boston Linux UNIX group at MIT Bitghost Security Awesomesauce Alpheus125 Thanks, everyone Find more detalis about the contest at https wwwefforg DEFCON or email us at contest efforg There are just days left Related Issues Coders' Rights Project Share this Share on Twitter Share on Facebook Share on Google Share on Identica Share on Diaspora Join EFF http://www.secuobs.com/revue/news/384439.shtmlhttp://www.secuobs.com/revue/news/384439.shtml Secuobs.com : 2012-06-27 22:40:56 - Deeplinks - Follow Thursday's Senate Hearing on Do Not Track Through the EFFLive Twitter Account Do Not Track DNT will be in the news yet again this week In the wake of Microsoft's decision to ship Internet Explorer 10 with Do Not Track on DNT-1 by default and following face-to-face negotiations last week in Bellevue, Washington, the Senate Commerce Committee will take up Do Not Track at a hearing on Thursday at 10 am EST Do Not Track sends a simple signal that tells websites that a user doesn t want to be tracked and served ads based on the data gathered from tracking In a previous post, we've shown how users can turn the signal on in their browser settings Currently, the W3C's Tracking Protection Working Group of which EFF is an invited expert is working on how to define standards for companies to respect the Do Not Track signal The DAA wants Do Not Track to mean Pretend Not To Track Since Do Not Track is not yet a finalized standard, the current standard in place is a list of principles created by the Digital Advertising Alliance, the latest self-regulatory organization for online behavioral advertising Unfortunately, the principles are very weak at protecting users who turn on Do Not Track If you connect to a first party website like ESPNcom, affiliated companies like Disneycom ESPN's parent company is The Walt Disney Company , and completely unrelated data brokers, are still able to obtain large amounts of data about you and your viewing habits Such low standards would not offer protection against non-consensual collection of people's reading habits or against companies like Google that have been caught circumventing the privacy settings of users In fact, the DAA principles would be more accurately titled Do Not Target, or Pretend Not To Track, than Do Not Track EFF is adamant about creating a Do Not Track standard that favors user choice and protects user privacy This is even more important when users are clear that they dislike online behavioral advertising A wide variety of studies confirm this fact, with the most recent being a Pew study that found 68pourcents of users were not okay with having their online behavior tracked and analyzed This week's hearing will look at the self-regulatory regime and follow up on advertisers' pledge to the FTC about not collecting users' personal information when using Do Not Track It will also look at the current state of self-regulation, how it's working, and how advertisers can do a better job at protecting user privacy while also providing them with online advertising The hearing will take place at 10 am EST and we'll be live tweeting it on our EFFLive account See you there Related Issues PrivacyDo Not TrackOnline Behavioral Tracking Share this Share on Twitter Share on Facebook Share on Google Share on Identica Share on Diaspora Join EFF http://www.secuobs.com/revue/news/384232.shtmlhttp://www.secuobs.com/revue/news/384232.shtml Secuobs.com : 2012-06-27 21:55:14 - Deeplinks - For quite some time, EFF has campaigned for changes to the export controls that prevent important communications technologies from reaching activists and dissidents These export controls enacted by the Departments of Treasury and Commerce and detailed here often hurt the very individuals they re meant to help, by restricting access for citizens while doing little to stop authoritarian regimes from getting ahold of products via third parties or on the black market Unfortunately, the government has often been unclear in respect to what exactly is restricted for export, leading companies to exert the utmost caution, which can lead to overreaching restrictions Just last week, for example, reports emerged of Apple refusing to sell products to speakers of Farsi, citing company policy no doubt an overbroad interpretation of regulations On the other hand, Google recently made available to Syrians several of its products Earth, Chrome, and Picasa three tools that had been unavailable for download in the country for years When asked, Google clarified for us that their ability to do so was based on a general license issued last August Google should be commended for their proactive efforts to ensure communications tools reach the Syrian people Given that Google did not require a special license to export those products, we believe that many other companies are in a position to reassess their policies and, if their products could be deemed incident to the exchange of personal communications online, take the necessary steps to authorize them for export To that end, we have joined with other organizations including the National Iranian-American Council, the Syrian American Council, and the Tor Project in urging companies to take several proactive measures 1 End the unnecessary blocking of services for the public of sanctioned countries 2 Apply for export licenses where incidental transactions create potential liability concerns 3 Disclose which services are restricted based on location or language, and the reasons for doing so 4 Engage with civil society to identify policies and regulations that create impediments to supporting users under political duress The letter, included below, is addressed to several companies, though it should be noted that the list is not exhaustive We hope that raising the profile of this issue with companies will ultimately result in more individuals gaining access to the tools they need Mr Warren Adelman, Chief Executive Officer, Go Daddy Operating Company, LLC Mr Joseph Alhadeff, Vice President for Global Public Policy, Oracle Corporation Mr Bob Boorstin, Director of Corporate and Policy Communication, Google Inc Mr Tim Cook, Chief Executive Officer, Apple Inc Mr Dave DeWalt, President and Chief Executive Officer, McAfee Inc Ms Carol DiBattiste, Executive Vice President, General Counsel, Geeknet, Inc Mr Jace Johnson, Vice President Government Affairs Public Policy, Adobe Systems Mr Lanham Napier, President Chief Executive Officer, Rackspace, US Inc Ms Ebele Okobi Director Business Human Rights Program, Yahoo Inc Mr JR Smith, Chief Executive Officer, AVG Technologies Ms Louisa Terrell, Director of Public Policy, Facebook, Inc CC Ms Susan Morgan, Executive Director, Global Network Initiative Dear Sir or Madam, While American and European companies provide unmatched platforms for free expression and citizen journalism, misapplications of export regulations have created a chilling effect on the free flow of information to those living under repressive regimes We are writing to urge you to take necessary steps to ensure important Internet communication services provided by your companies are not unnecessarily blocked for individuals in sanctioned countries In places such as Iran, Cuba, Sudan and Syria, online media has emerged as a sanctuary to debate ideas, report human rights violations, and support women s rights Increasingly, these communities have faced the denial of essential services by your companies, stifling opportunities to affect social and political change, as activists struggle to restore the means they rely on to communicate freely and support their operations As technology and business leaders, your companies bear the unique obligation to establish forward-thinking industry standards on responsible business policies, procedures and practices While we understand there are fears about running afoul of the complex legal structure of sanctions regimes, civil society s voice is stifled when access to the Internet is blocked without cause We are confident that providing services to the public of embargoed countries can be accomplished without peripherally exposing good-faith actors to new liabilities or undue legal hurdles Where constructive steps have been taken to expand product availability, such as Google Chrome in Syria, this progress has been met with wide public support, positive media attention and government encouragement While sanctions regulations limit direct economic transactions with embargoed entities, recent changes to Office of Foreign Assets Control OFAC programs, such the revisions made on March 8, 2010, provide exemptions for the export of services and software incident to the exchange of personal communications over the Internet On several occasions since, including the interpretive guidance and favorable licensing policy issued March 20, 2012, President Obama, Secretary Clinton and Congress have reiterated their political and material support for securing the Internet as a mechanism to promote human rights abroad In spite of these legal allowances, the publics of sanctioned countries continue to be denied access to the basic tools and platforms necessary for communicating safely and securely online While civil society and governments foster the development of technology to protect Internet users, this continued restriction of access facilitates authoritarian governments in the repression of their citizens fundamental freedoms When users are unable to access content hosting, instant messaging, development tools, antivirus products, Java, Flash or document readers, they are either hindered in their ability to communicate on the Internet in the same way as their peers, or they turn to untrustworthy sources Blanket restrictions imposed on advertising content and languages severely restricts the ability of external parties to sustain their operations and connect to isolated, at-risk populations Denied these resources, users are forced to browse and participate on a limited and unsafe Internet, exposed to regime surveillance, censorship and hacking In the face of such pressing need, we call on you to 1 End the unnecessary blocking of services for the public of sanctioned countries 2 Apply for export licenses where incidental transactions create potential liability concerns 3 Disclose which services are restricted based on location or language, and the reasons for doing so 4 Engage with civil society to identify policies and regulations that create impediments to supporting users under political duress As civil society organizations and individuals concerned with technology access, media freedoms, human rights, and international development, we ask you to end unnecessary and counterproductive restrictions to sanctioned countries, to ensure that at-risk populations have equal access to a free and secure Internet conducive to facilitating social, political and economic growth Signed, Electronic Frontier Foundation Access National Iranian American Council International Campaign for Human Rights in Iran United4Iran Center for Rights Fight for the Future Syrian American Council The Tor Project Witness Open Internet Tools Project Related Issues Free SpeechInternational Share this Share on Twitter Share on Facebook Share on Google Share on Identica Share on Diaspora Join EFF http://www.secuobs.com/revue/news/384226.shtmlhttp://www.secuobs.com/revue/news/384226.shtml Secuobs.com : 2012-06-27 02:15:09 - Deeplinks - Sudan may not have pulled a Mubarak and shut off the Internet, but that hasn't stopped the government's attempts to silence vocal citizens online Four days after we first reported his arrest, Usamah Mohammed Ali better known as simsimt remains in detention, his whereabouts unknown, while Maha El-Sanosi was released over the weekend only to be arrested again today Last year, following the protests in Tunisia and Egypt that ousted Presidents Ben Ali and Mubarak, respectively, Sudan's ruling National Congress Party NCP stated that it had created a cyber jihad unit to crush online dissent Activists familiar with the unit believe that the government is now targeting bloggers and activists with the ability to reach an international audience, in an effort to ward off media attention Although telecommunications have not been cut, some Sudanese Internet users have reported decreased upload speeds EFF condemns the Sudanese government's attempts to stifle dissent and demands the immediate release of Usamah Mohammed Ali and Maha El-Sanosi We will continue to provide updates on the situation in Sudan Related Issues Free SpeechBloggers Under FireInternational Share this Share on Twitter Share on Facebook Share on Google Share on Identica Share on Diaspora Join EFF http://www.secuobs.com/revue/news/383955.shtmlhttp://www.secuobs.com/revue/news/383955.shtml Secuobs.com : 2012-06-26 22:01:13 - Deeplinks - The patent system is broken We ve been talking about it for years, and we just rolled out a new site defendinnovationorg to do something about it, where we hope you ll join us in coming up with solutions that make sense for innovation Now we've got some new developments that further prove just how flawed the modern software patent system is First, today we saw a new report confirming what we already knew patent trolls are costing the economy serious money to the tune of 29 billion in 2011 alone and they disproportionately harm small businesses The paper, by James Bessen and Michael Meurer who also wrote the important book, Patent Failure , combs through the data and concludes The rapid growth and high cost of NPE non-practicing entities, or trolls litigation documented here should set off an alarm warning policy makers that the patent system still significant reform to make it a truly effective system for promoting innovation The paper drew some dire conclusions about the cost of troll suits, such as Trolls bring suits involving software patents 62 percent of the time when those suits involve patents that have been litigated more than once, they concern software 94 percent of the time When trolls sue, small companies pay more in direct litigation costs than their larger counterparts Defendants' costs are more than just for lawyers and litigation, they include diversion of management or engineering resources, delays in new product introductions and improvements, loss or delay of revenue, and credit constraints The threat of troll litigation causes companies to reduce their R D budgets in order to afford high legal costs Perhaps most troubling, the paper points out that trolls may skew the research agenda of small firms away from disruptive technologies and toward mainstream technology and associated patents that can be asserted against big incumbents Even worse, small firms are encouraged to divert investment from genuine invention toward simply obtaining broad and vague patents that might one day lead to a credible, if weak, lawsuit Last week also saw an important ruling from Judge Richard Posner in a case between Apple and Motorola The case started as a run-of-the-mill patent mess between the two parties, but Judge Posner used the opportunity to express some of his displeasure with the patent system the influential judge had already publicly spoken out against the patent system and called it chaos during the hearings After more than a year of litigation, Judge Posner threw the parties out of court, essentially faulting them for not being able to show how each was damaged by the other s alleged patent infringement This case highlights some of the worst problems we ve seen in litigation concerning software patents The first is a patent owner s attempts to extract millions of dollars in damages or shut down entire products for infringing only one patent that covers a mere fraction of the defendant s product check out proposal 6 at defendinnovationorg In admonishing Apple, Judge Posner rightly pointed out that not only is this practice absurd, but it can harm consumers who rely on the products at issue The second important issue involves a party's ability to enforce its patents that cover industry standards Here, Motorola asserted that Apple infringed a patent that covered communications between cell phones and cell towers no, we're not kidding, and yes, that would cover almost every cell phone Because this is what's called a standard essential patent, Motorola agreed to license it on fair, reasonable, and nondiscriminatory terms FRAND to anyone who needs to use it In other words, Motorola cannot use its patent to stop other cell phone companies from selling phones that actually make calls so long as those companies are willing to pay for a reasonable license Frankly, it would be better if this technology were free to all, but, given the current state of affairs, we're at least glad to see Judge Posner reaffirm this important principle The Bessen and Meurer paper and Judge Posner's ruling provide further evidence of what we already know the patent system needs serious help Software patents and the cottage industry of litigation and licensing surrounding them have created an environment that threatens businesses, consumers, and, worst of all, innovation We're glad to see more sanity in the debate as people talk about what the real problems are and what we can do to fix them whether it be implementing the proposals at defendinnovationorg or even abolishing software patents altogether We hope you'll join the conversation at defendinnovationorg and tell us what you think, too Related Issues PatentsFiles Posner_Apple_v_Motorolapdf Share this Share on Twitter Share on Facebook Share on Google Share on Identica Share on Diaspora Join EFF http://www.secuobs.com/revue/news/383912.shtmlhttp://www.secuobs.com/revue/news/383912.shtml Secuobs.com : 2012-06-26 18:31:39 - Deeplinks - Abraham Sofaer Joins EFF in Fight for Return of Property Alexandria, VA - The Electronic Frontier Foundation EFF , assisted by retired federal judge and former State Department legal adviser Abraham D Sofaer, will ask a federal judge Friday to order the return of data to Kyle Goodwin, a Megaupload user who lost all access to his files when the cloud storage service was shut down by the US government Megauploadcom and related sites were seized in January as part of a copyright infringement investigation But in addition to the alleged illegal activity by some Megaupload users, many innocent customers used the service to store legal material The government has failed to help Goodwin and other lawful Megaupload users get access to their data, despite months of legal wrangling In Friday's hearing, EFF and Sofaer will ask the court to establish a procedure by which innocent users will be able to reclaim their property, as is routinely required in the seizure of non-digital items WHAT Motion hearing in USA v Dotcom WHEN Friday, June 29 10 am WHERE Albert V Bryan US Courthouse 401 Courthouse Square Alexandria, VA 22314 Judge Liam O'Grady Courtroom 700 Contacts Rebecca Jeschke Media Relations Director Electronic Frontier Foundation press efforg Share this Share on Twitter Share on Facebook Share on Google Share on Identica Share on Diaspora Join EFF http://www.secuobs.com/revue/news/383869.shtmlhttp://www.secuobs.com/revue/news/383869.shtml Secuobs.com : 2012-06-26 01:52:44 - Deeplinks - Several years ago, a professor at Holland's Radboud University Nijmegen, Dr Bart Jacobs, landed in legal trouble He'd attempted to publish an article exposing security flaws in the widely used MIFARE Classic wireless smart card chip, which is employed by transit systems around the world Using an ordinary laptop, he was able to clone paying customers' cards to access transit systems for free The point of his research was to demonstrate that the cards were vulnerable to attack The chip's owner, NXP Semiconductors, argued that it would have been irresponsible to make this information public But a Dutch court ultimately ruled that clamping down on his research would have violated the scientist's rights to freedom of expression Scenarios like this remain highly relevant in the ongoing debate around coders rights that is unfolding in the European Parliament On June 20, the Parliamentary Civil Liberties, Justice and Home Affairs Committee LIBE continued to debate a draft Directive on Attacks Against Information Systems As legislators mull over this computer crime legislation, questions about how security researchers should be treated under the law are key Instead of being regarded like product researchers who gauge automobile safety using crash test dummies, to borrow an analogy from Germany s Chaos Computer Club, technologists who are adept at discovering computer security flaws risk being defined as criminals under certain provisions of this draft Directive As we noted in an earlier post, a central issue is whether or not a security researcher must obtain explicit permission from information system operators when conducting his or her research Article 3 of the Draft Directive makes it a crime to intentionally access information systems without prior authorization, where the actor infringes a security measure The wholesale banning of access without explicit permission, without building in a clear and thoughtful exception for legitimate research, is highly problematic Unless it is improved during the legislative process, the Directive on Attacks Against Information Systems could have a chilling effect on Europe s robust security research community, which frequently produces groundbreaking work In one example, security researcher Karsten Nohl demonstrated how easy it was to eavesdrop on GSM-based mobile phones in 2010 And this past February, to name another example, Ruhr University researchers published a report titled Don t Trust Satellite Phones, announcing that they had succeeded in cracking the satellite encryption that protects the phone signals of hundreds of thousands of subscribers With some equipment totaling about 2,000, they warned, practically anyone with the right expertise could spy on calls across the entire European continent EFF believes that it s better to have flaws like this detected and addressed, rather than create a climate where honest and legitimate researchers are deterred from investigating such problems out of fears that they'll face lawsuits or prison time Legislative language that could curtail well-meaning researchers ability to access to information systems must be crafted with surgical precision So far, the European Parliament isn t there yet Security researchers are a crucial part of any effective security strategy, and their skills should be recognized as a benefit to the public that can be used to enhance security for everyone As they hash out this Directive, members of the European Parliament should keep in mind that there is potential for improved security across the board when skillful coders are allowed to engage in technological discovery Related Issues International Share this Share on Twitter Share on Facebook Share on Google Share on Identica Share on Diaspora Join EFF http://www.secuobs.com/revue/news/383704.shtmlhttp://www.secuobs.com/revue/news/383704.shtml Secuobs.com : 2012-06-26 00:19:32 - Deeplinks - On Thursday, the fifth and final European Union Parliamentary committee voted to reject the Anti-Counterfeiting Trade Agreement ACTA This signifies a major blow to ACTA, but its standing in the EU still comes down to the European Parliament vote scheduled during the first week of July After this final vote decides the agreement s adoption in Europe, however, the future of ACTA for the rest of the signatory countries unfortunately remains cloudy Anti-Counterfeiting Trade Agreement is a plurilateral agreement designed to broaden and extend existing intellectual property IP enforcement laws to the Internet While it was only negotiated between a few countries, it has global consequences First of all, it will create new rules for the Internet, and second, its standards could be applied to other countries through the US s annual Special 301 process Negotiated in secret, ACTA bypassed checks and balances of existing international IP norm-setting bodies, without any meaningful input from national parliaments, policymakers, or their citizens Worse still, the agreement creates a new global institution, an ACTA Committee , to oversee its implementation and interpretation that will be made up of unelected members with no legal obligation to be transparent in their proceedings Both in substance and in process, ACTA embodies an outdated top-down, arbitrary approach to government that is out of step with modern notions of participatory democracy Thursday s decision came from the most powerful of the five European Parliament committees, the International Trade Committee INTA It followed four other committee votes recommending the rejection of ACTA These Committees, consisting of Members of European Parliament MEPs elected to these seats, are heavily influential on parliamentary positions on proposed legislations and resolutions The current Rapporteur for ACTA, David Martin, who led the investigation on the impact and soundness of this agreement for the entire European Parliament, also found that ACTA needed to be rejected on the grounds that the agreement could undermine civil liberties and compel Internet service providers to act as Internet police While these recommendations for rejection substantially lessen the prospect of ACTA s approval, the final step in the ratification process still lies in the hands of the MEPs They are scheduled for a full parliamentary vote on July 3 or 4 to decide whether to adopt or reject the agreement There were rumors preceding the INTA s Thursday vote that it would be held in secret, at the behest of the European Commission If the European Parliament s final vote is held in secret, as ACTA proponents desire, the MEPs may be able to adopt this grossly unpopular agreement without facing any direct political consequences If ACTA were to fail in Europe, what would that mean for the rest of the eight signatory countries Would ACTA still trudge along toward implementation in those countries Unfortunately, the reality is that we truly don t know When asked about this issue last month at a State Department meeting with consumer rights groups, US government representatives did not give a definitive answer They claimed vaguely that they are still looking into it and that counterfeiting is a global issue that would not necessarily have to involve the EU Sean Flynn from American University is optimistic, however The rejection of ACTA in the EU will likely end the prospects of the agreement going to effect anywhere The robust activity in the EU Parliament is in stark contrast to the US where the administration is not even seeking the Congressional vote the Constitution requires to ratify the agreement This could be true if the US government still considered ACTA a trade agreement, which is an important classification that requires Congressional approval before it is legally binding in the US However, the US Trade Representative continues to call it a sole executive agreement , which means that the President can conclude this agreement without Congress ever reviewing or approving the agreement In order to designate ACTA as a sole executive agreement , the State Department had to follow certain procedural steps that consider the agreement's foreign policy implications and ensure that it was carried out within constitutional and other legal limitations EFF sent a Freedom of Information Act FOIA request to see whether the State Department had documented these Constitutionally-required steps and agency responded that they had no such documents This is just as it sounds the State Department is bound by the Constitution to follow certain steps if it wants to bypass Congress and designate ACTA as a sole executive agreement but so far, it hasn t fulfilled the legal requirements Simply put, it is an unconstitutional power grab by an unaccountable Executive Branch agency For now, it s up to members of the Senate Finance Committee to protect the fundamental separation of powers embodied in the US Constitution, and for the public to continue to be alert to this dangerous IP agreement that has skirted, and continues to skirt, democratic processes for international rulemaking It will be a huge victory for digital rights and the Internet at large if the European Parliament rejects this toxic international IP agreement However, the EU s rejection of ACTA does not necessarily mean it has been defeated for all other nations that have already signed on to the agreement While this may sound discouraging, there is still hope We cannot ignore how fundamentally undemocratic the process has been in drafting ACTA, especially given that its constitutionality in the US is highly dubious So even if the fight against ACTA continues after next week s vote, there is still opportunity to challenge its global implementation For more updates on the European Parliment's vote on ACTA next week, visit La Quadrature Du Net Foundation for a Free Information Infrastructure FFII Related Issues Intellectual PropertyInternationalAnti-Counterfeiting Trade AgreementEFF Europe Share this Share on Twitter Share on Facebook Share on Google Share on Identica Share on Diaspora Join EFF http://www.secuobs.com/revue/news/383690.shtmlhttp://www.secuobs.com/revue/news/383690.shtml Secuobs.com : 2012-06-25 21:11:30 - Deeplinks - If you buy something, you can do with it and do away with it as you want Right The digital age is challenging this most basic of expectations in a few ways, and EFF and its allies are on the lookout The Supreme Court will soon review a court decision that, if upheld, could put handcuffs on our ability to sell digital goods, or even physical goods with copyrighted logos or artwork, simply because the goods were manufactured outside the US This case is important, but its also just a small piece of a larger assault on ownership rights Over the past decade, courts and copyright owners have quietly been creating a world in which digital goods are never truly owned, but only licensed And those licenses inevitably contain a plethora of legal restrictions on your ability to fully use the goods you buy EFF has signed on to the Citizens' Petition for Ownership Rights, urging the US government and the courts to protect our basic assumption that if you buy it, you own it, and can dispose of it as you please You, too, can sign The petition was prompted by Kirtsaeng v John Wiley Sons, which is on its way to the Supreme Court As we explained earlier this year, Kirtsaeng is a challenge to the first sale doctrine of copyright law First sale says that once a given copy of a copyrighted work has been sold or given away, the copyright owner has no more legal control over that copy That means the copyright owner can't ban resale, set a minimum resale price, or prohibit tinkering and modification First sale is what makes used bookstores, libraries and video rentals possible In Kirtsaeng, the US Court of Appeals for the Second Circuit said that first sale doesn't apply to copies made outside the United States, even if they were sold or given away legally and then imported into the US Effectively, copies manufactured abroad whether books, software, or physical goods with copyrighted labels or logos on them could never be fully owned in the US You could buy these goods, but you could never sell them or give them away without permission Strange result, right First sale is part of our intuitive understanding of what it means to buy and own something If you've paid good money for a book, or a DVD, or whatever, or received it as a gift, it's fundamentally weird to be told that you can't lend it, or resell it as used, or give it away This decision gives copyright owners the ability to shut off markets for used copies, just by moving physical manufacturing abroad It would also give manufacturers an incentive to move jobs out of the US to create these legally handcuffed, non-resellable goods The defendant and EFF asked the Supreme Court to review the case, and the Court agreed Now, we are asking the Obama administration to weigh in and protect the common-sense understanding of what it means to own something Kirtsaeng is not the only threat to owners' rights, though Sellers of digital goods like software, e-books, movies, and music often try to opt out of the first sale doctrine using contracts - the shrink-wrap, clickwrap, and other forms of fine print agreements that we're inevitably presented with and seldom read whenever we buy digital goods Often, those agreements say something like this digital widget is licensed to you, not sold The implication is that because the copyright owner hasn't sold you a copy, you can't lend it, or resell it, or give it away Worse yet, you can't tinker with or modify it Never mind that you paid for a permanent copy and the seller doesn't really expect that you'll ever give it back - the fine print claims to transform a sale into something else Unfortunately, several courts have ruled that this trick works In Vernor v Autodesk, Inc, the Ninth Circuit appeals court ruled that software licenses that significantly restrict the user s ability to transfer the software and impose notable use restrictions turn what looks and feels like a purchase into something less Let's tell the courts and Congress that if it looks like a sale and feels like a sale, it's a sale Let's sign the Citizens' Petition for Ownership Rights, to tell the Obama administration and the Attorney General to stand up for first sale at the Supreme Court And beyond that, digital goods providers should not be able to opt out of first sale using magic words in the fine print of user agreements Watch this space for more info on ownership rights and how you can help defend them Share this Share on Twitter Share on Facebook Share on Google Share on Identica Share on Diaspora Join EFF http://www.secuobs.com/revue/news/383657.shtmlhttp://www.secuobs.com/revue/news/383657.shtml Secuobs.com : 2012-06-25 20:23:52 - Deeplinks - For well over a year, independent online newspaper Occupied Chicago Tribune OCT has been reporting and commenting on the Occupy movement One glance at the site makes it very clear that OCT is not affiliated with the original Chicago Tribune indeed, OCT is often critical of the paper and its coverage This hasn t stopped the Tribune from claiming OCT infringes its trademarks, and launching proceedings that could cause OCT to lose its domain name We re confident a US court would recognize that the allegations are baseless, but the dispute will not take place in a formal court of law Instead, the Tribune is using a rapid response process set up under the Uniform Domain Name Dispute Resolution Policy UDRP , an international arbitration agreement to which all domain name registrars and their customers must agree The UDRP is supposed to offer an alternative to litigation in local courts to settle trademark or cybersquatting complaints, yet UDRP arbitrators don t have to respect local laws such as fair use and the First Amendment and proceedings tend to skew in favor of the large trademark holders that are known repeat players Moreover, the rapid-fire decision making has been abused by parties seeking to silence expressive content and speech Once the complaint is sent to Occupy Chicago Tribune, they are given twenty days to read it, analyze the merits, and respond From there, responses are filed, a panel is appointed, and a decision is rendered within 60 days Combined, these aspects create variables that are intended to speed up the process and allow for fact-specific determinations, but can often create excessive burdens on First Amendment protected activities Despite these problems, there is some good news several arbitrators have concluded that US law should apply to the analysis when both parties are located in the US OCT filed their response last week refuting the claims and await the appointment of panelists Let s hope that happens here and that OCT s legitimate free speech of Occupied Chicago Tribune is not curtailed Share this Share on Twitter Share on Facebook Share on Google Share on Identica Share on Diaspora Join EFF http://www.secuobs.com/revue/news/383646.shtmlhttp://www.secuobs.com/revue/news/383646.shtml Secuobs.com : 2012-06-25 20:23:52 - Deeplinks - As we ve acknowledged before, our lives are increasingly contained on our digital devices, which makes travel and the decisions we make about what to carry with us increasingly complicated A recent case in which two young travelers to Israel were requested not simply to provide their laptops for arbitrary searches, but to log in to their e-mail accounts and allow Israeli officials to search through their e-mail for specific strings and correspondence highlights the increasing obstacles to privacy that travelers face, as well as the increasingly global nature of security theatre In that particular case, the two young women both of Palestinian origin complied with officials requests but were nonetheless detained overnight before being deported In another, similar case, a US citizen who refused access to her email was told she was probably hiding something and was refused entry to the country Israeli security Shin Bet told a reporter that the actions taken by the agents during questioning were within the organization's authority according to Israeli law Not unlike travelers to the US, travelers to Israel face serious privacy challenges at the border The government generally has broad authority to search through your personal possessions, including your laptop, for any reason at all When you cross the border to Israel, the Israeli government retains the authority to question you and examine your belongings, which it interprets as also allowing it to go through your electronic devices and computer files More recently, authorities have also been known to demand user passwords to online accounts As we state in our guide to US border searches For doctors, lawyers, and many business professionals, these border searches can compromise the privacy of sensitive professional information, including trade secrets, attorney-client and doctor-patient communications, research and business strategies, some of which a traveler has legal and contractual obligations to protect For the rest of us, searches that can reach our personal correspondence, health information, and financial records are reasonably viewed as an affront to privacy and dignity and inconsistent with the values of a free society EFF recently asked Jonathan Klinger, an Israeli attorney, for his thoughts on the law and government practices that apply to searches at the Israeli border, and here is his analysis The Situation at the Israeli Border At the Israeli border, there are some limited legal protections against the search itself Based on a collection of experiences, however, it seems that mentioning these protections to border officials can be considered antagonism, and can limit your ability to enter Israel Those concerned about the security and privacy of the information on their devices at the border should therefore use technological measures in an effort to protect their data They can also choose not to take private data across the border with them at all, and then use technical measures to retrieve it from abroad There is, however, little to prevent a scenario in which one s email is searched, as refusal to allow the search may result in deportation With that in mind, concerned travelers should think ahead and review their online accounts before traveling Why Can My Devices Be Searched at the Border Article 7 of Israel's Basic Statute of Human Dignity and Freedom1 states that every person is entitled to his privacy, and that his property may not be searched, apart from where it is required under legal authority This generally means that the government has to show probable cause that a crime has been committed and get a warrant before it can search a location or item in which you have a reasonable expectation of privacy moreover, a recent Supreme Court ruling stated that there is no such thing called consensual search,2 and where there is no probable cause, the state cannot rely on a person's consent in order to search in his possessions But searches at places where people enter or leave Israel are subject to different statutes The two applicable statutes are the Aviation Act Security in Civil Aviation , 19773and the General Security Service Act, 20024 the two acts altogether provide two different state authorities the right to search on a person's body and in his property However, they do not refer to computer searches at all The Aviation Act allows security personnel, police officers, soldiers and members of the civil defense forces to search at border crossings if the search is required, in the officer's opinion, to keep the public's safety or if he suspects that the person unlawfully carries weapons or explosives, or that the vehicle, the plane or the goods has weapons or explosives Similarly, the General Security Service Act states that in order to prevent unlawful activities, secure persons or any other activity that the government authorized with the approval of the Knesset committee for the Shin Bet5 to perform, any employee of the Shin Bet the service may search a person's body, property, baggage or other goods and collect information, as long as the person is present Only in extreme cases, where there is an object that needs to be seized for a vital role in the Shin Bet's activity, can the Shin Bet also search without a person's presence However, nothing in these acts authorizes computer searches Recently, the Israeli Justice office proposed a new anti-terror bill,6 which is yet to pass through the legislative process This Anti-Terror bill does request to correct the current General Security Service act to specifically state that computers may be searched How the Government Searches Devices at the Border There are three government agencies primarily responsible for inspecting travelers and items entering Israel the General Security Service Shin Bet , The Customs Authority and the Immigration authority The law gives the Shin Bet and other officials a great deal of discretion to inspect items coming into the country There is no official policy published in respect to border search of electronic devices and accounts And when recently requested to comment, the Shin Bet stated that its acts are according to law Recently, the Israeli Foreign Ministry admitted that it used Facebook in order to create a blacklist of activists who were then along with a number of uninvolved and mistakenly identified individuals banned entry to the country amidst the Flytilla events If you are active on one or more social networks and express opinions about Israel, you carry a greater risk of being profiled and selected for search Keep in mind that the Shin Bet can keep your computer or copies of your data for the time required for the seizure There is no specific consideration regarding forensic practices and the ways that your computer files may be copied during the seizure This is unlike the Israeli Criminal Procedure Order Arrest and Search , 1969,7 which deals specifically with the forensic procedures of copying computer materials and requires two witnesses for any file duplication The Israeli Customs Authority, under Article 184,8 allows any customs official to search every person for contraband or drugs given probable cause Moreover, the customs official may also request urine, blood or saliva samples and request persons to undress However, nothing in the law allows them to search through computer materials In short, border agents have a lot of latitude to search electronic devices at the border or take them elsewhere for further inspection for a short period of time, whether or not they suspect a traveler has done anything wrong We do not have the exact numbers or methods of how such searches are handled, and the Shin Bet is exempt from the Israeli Freedom of Information Act9 However, the frequency of technology-oriented searches at the border may increase in the future Researchers and vendors are creating tools to make forensic analysis faster and more effective, and, over time, forensic analysis will require less skill and training Law enforcement agencies may be tempted to use these tools more often and in more circumstances as their use becomes easier Travelers should consider taking the same precautions outlined in EFF s guide to carrying digital devices across the United States border 1 http wwwnevocoil law_html law01 184_001htm 2 RCA 10141 09 Abraham Ben-Haim v State, http elyon1courtgovil files 09 410 101 n10 09101410n10htm 3 http wwwnevocoil Law_html law01 162_037htm 4 http wwwnevocoil Law_html law01 p220k4_001htm 5 The Shin Bet is Israel s internal security service 6 http wwwjusticegovil NR rdonlyres 77CD3245-3A1D-4F8E-AA54-5D8C25344888 29272 611pdf 7 http wwwnevocoil Law_html law01 055_128htm 8 http wwwnevocoil law_html law01 265_001htm Seif200 9 http wwwnevocoil law_html law01 144M1_001htm Related Issues InternationalPrivacyTravel Screening Share this Share on Twitter Share on Facebook Share on Google Share on Identica Share on Diaspora Join EFF http://www.secuobs.com/revue/news/383645.shtmlhttp://www.secuobs.com/revue/news/383645.shtml Secuobs.com : 2012-06-23 03:15:57 - Deeplinks - The decision faced by dictators to shut off the Internet and risk economic loss or keep their citizens online and risk an Internet-assisted revolt has been referred to by some as the dictator's dilemma In the case of Sudan, where anti-austerity protests have been raging for five days and calls to overthrow the regime have been reported, the dictator's decision is made a bit easier by the fact that only about one in ten citizens has access to the Internet1 Thus far, there is only speculation as to whether or not the Sudanese government has shut down--or might shut down--communications networks As reported by Global Voices, Sudanese activists and journalists in the country have heard rumors of an impending shutdown In preparation, Twitter users in the country have been sharing the numbers for Speak to Tweet, the service that was created during the Egyptian uprising in January 2011 that allowed individuals on the ground to call a number and leave a message which was then tweeted to the public Also bolstering the rumors is the fact that authorities have arrested several journalists and activists over the past few days Among those that have been detained are Maha El-Sanosi, a blogger with Global Voices who has since been released and a citizen journalist named Usamah who has been active on Twitter for years under the name Simsimt Usamah was arrested shortly after an appearance on the television program Al Jazeera Stream and his whereabouts remain unknown In addition to rumors of an Internet shutdown, there is also speculation that authorities are using technology to track activists and journalists In 2011, authorities reportedly set up a Facebook page calling for protest, then used it to entrap and detain activists There have also been reports over the past year of authorities demanding--or torturing for--the Facebook and email passwords of detainees As the protests continue, citizen journalists are using social media to disseminate photos, videos and news from the ground EFF will be keeping a close eye on developments in the meantime, we urge activists and journalists to take security precautions when using digital communications tools Our Surveillance Self-Defense International report provides tips on how to use technology defensively to protect oneself from government surveillance 1 According to the most recent data from the International Telecommunications Union, Sudan's Internet penetration rate was 108pourcents in 2010 Related Issues Free SpeechBloggers Under FireInternationalSocial Networks Share this Share on Twitter Share on Facebook Share on Google Share on Identica Share on Diaspora Join EFF http://www.secuobs.com/revue/news/383323.shtmlhttp://www.secuobs.com/revue/news/383323.shtml Secuobs.com : 2012-06-22 23:36:06 - Deeplinks - In recent weeks, the corner of the blogosphere that concerns itself with Internet-related policy has come alive with posts, comments and op-eds addressing the theory that a little-known United Nations telecom agency, the International Telecommunication Union ITU , is gearing up for an Internet power grab Concerns about this possibility spurred a US Congressional hearing last month, and across the Atlantic, a June 19 workshop hosted at the European Parliament in Brussels provided a forum to sort out Challenges to the Internet Governance Regime as they relate to the ITU The UN agency, which is made up of 193 member states and specializes in information and communication technologies, is in the midst of preparing for a December conference where it will re-negotiate an important treaty establishing the International Telecommunication Regulations ITRs These regulations lay the ground rules for how big telecoms interact with one another in an international context, setting up systems for things like revenue-sharing, and have historically only dealt with telephony and never reached into the realm of Internet architecture At Tuesday s workshop, representatives from the European Commission, civil society organizations, Google, and other organizations were on hand to share their insights about the how this treaty revision may affect Internet governance William Drake, an International Fellow of the University of Zurich and expert on Internet policy, challenged the framework that has been debated so far It isn t in fact the case that the UN will send in black helicopters to take over the Internet, he assured participants Waving a slim green booklet totaling fewer than 30 pages, he declared, This is what all the fuss is about It was the latest compilation of the ITRs, the telecom rules that ITU member states last agreed upon in 1988 long before mobile devices with Internet connectivity revolutionized the telecommunications industry While Drake said he thought some discussions around the revisions could be discounted because they seemed driven by various political agendas, he was nevertheless very clear that he viewed certain proposals as highly problematic since they would indeed result in a restrictive effect on the Internet if approved Drake s analysis of the situation was that it has less to do with a hostile takeover and more to do with the financial upheaval that has impacted the telecommunications industry in the last couple decades The Internet has turned the traditional business model of major phone companies on its head Big telecoms are seeking to recover their losses, he argued, and they re trying to redraw the lines around who and what would be regulated by the ITRs It reflects an effort by telecom companies in many parts of the world to leverage a multinational institution to recover market shares that they had lost in the face of liberalization, Drake suggested And in that context many other issues are being added to the pot cybersecurity, censorship and so forth As preparations for the conference move forward, many countries have tossed in their pet projects to see what will stick, in his view Some ideas, such as proposed cybersecurity provisions put forward by Russia, could reinforce state surveillance power, Drake said Taken as a whole, he added, the proposed regulatory revisions would essentially subject everybody involved in providing Internet services to the ITRs Andrea Glorioso, an Italian Policy Officer with the European Commission, touched on the geopolitical context out of which these proposals have emerged, acknowledging that some proposals are being advanced by nations that are unhappy with the status quo We do believe that the Internet has become so essential on the global stage that we need to be thinking seriously about the geopolitical balance that this entails, he said And what I m trying to say here is that even though we are broadly fine with the current setup of global Internet governance, we also believe that we need to engage in a dialogue with those parts of the world that are not fine with the current setup At the end of the day, when we go to a discussion where numbers are counted, we need to count the numbers What we are trying to achieve here is dialogue Meanwhile, comments from members of civil society organizations also shed some light on how European stakeholders are framing the debate Joe McNamee, EU Advocacy Coordinator of European Digital Rights EDRi , aired criticism both of the ITU and the US Government, which has positioned itself as an opponent to any ITU efforts to subject the Internet to new regulatory controls The ITU, McNamee said, is fundamentally unsuitable for the regulation of the Internet It s slow-moving, it s closed, and its high corporate membership fees can only be seen as a way of selling influence in the organization It s so closed that it s not even possible for citizens to gain access to their documents without paying for them, he added, giving a nod to civil society organizations public demand several weeks ago for greater ITU transparency The US has positioned itself against expanded ITU powers over the Internet, but McNamee also doled out a harsh critique of the US s own Internet-related policy proposals, invoking the now-defunct Stop Online Piracy Act SOPA which was hotly debated by Congress earlier this year McNamee seemed convinced that the bureaucratic ITU would do its best to subject Internet-related entities to the ITRs as a kind of power grab Paraphrasing a wise person, he said, old bureaucracies don t die, they file themselves in a different folder Their next folder is the Internet, unfortunately The debate surrounding the ITU and its upcoming renegotiation of the ITRs continues on While Drake and McNamee clearly believe a problem for Internet freedom is looms on the horizon with the negotiation of the ITRs, Milton Mueller of the Internet Governance Project noted in this blog that as long as the ITU boundaries are kept within international telecommunication services, the worst consequences could be avoided EFF agrees If we don t maintain this distinction, we face the prospect of bringing an intergovernmental organization into Internet governance ITU's mandate should be kept as it is International telecommunications service The ITRs' definitions should not be amended to include Internet services or cyber-security as part of international telecommunications It s also important to ensure that any changes made to the way telecom companies interconnect don t empower monopolistic companies to extract fees or act as gatekeepers to Internet services These issues will culminate at the treaty-writing forum in December, when the ITU s World Conference on International Telecommunications WCIT-12 is held in Dubai The ITRs were last updated in 1988, so any problematic provisions that make their way into the treaty renegotiation this winter will stay with us for a very long time, and could shape things for decades to come The highly bureaucratic ITU is subject to political influence, and the agenda of an industry that is worried about preserving its bottom line In this context, it is negotiating proposals without transparency and behind closed doors Therefore, civil society organizations must remain alert, and push back against any measures that could have a restrictive effect on the Internet EFF will continue monitoring this issue, particularly as it pertains to cybersecurity Related Issues Net NeutralityInternationalPrivacy http://www.secuobs.com/revue/news/383296.shtmlhttp://www.secuobs.com/revue/news/383296.shtml Secuobs.com : 2012-06-22 03:04:26 - Deeplinks - Yesterday, a House Committee grabbed national attention by voting to approve a recommendation that Attorney General Eric Holder be held in contempt of Congress The vote stemmed from the Department of Justice s repeated refusals to release documents concerning the handling of an investigation known as Fast and Furious a botched DOJ law enforcement operation aimed at slowing the flow of illegal weapons from the United States to drug cartels in Mexico In an effort to head off a contempt vote, President Obama asserted executive privilege on Wednesday in an attempt to legitimize the DOJ s refusal to disclose the requested documents Multiple reports noted that this was the first time the President had asserted the privilege since taking office If only that were true of the entire executive branch Unfortunately, the DOJ asserts the privilege in EFF s FOIA cases all the time So Congress, we know what you re going through, we feel your pain, and we ve got a way you can fix the problem If Congress really wants to send a message to the DOJ, it should forget about a contempt vote and focus on a long-term solution cabining the Executive s ability to assert the privilege in the first place In general, evidentiary privileges protect the compelled disclosure of information in formal government proceedings Some of the more familiar privileges are the attorney-client privilege, the privilege against self-incrimination, and the doctor-patient privilege The executive branch, too, has its own set of privileges, which come in a few different varieties, all with differing legal foundations and scope For example, the presidential communications privilege sometimes referred to, confusingly, as the executive privilege is constitutionally grounded and, when invoked, protects any document or communication between, or generated for, the President and his closest advisors Another type of privilege available to the Executive, the state secrets privilege, is not constitutionally grounded but, instead, has its roots in the common law The state secrets privilege can only be used to withhold information concerning foreign relations and military affairs The privilege asserted by the President on Wednesday is the deliberative process privilege pdf , a privilege that, properly applied, is at once applicable to a narrower and more specific type of record than the presidential communications privilege, yet is available to a larger swath of the executive branch The deliberative process privilege another privilege with common law origins only protects internal, executive branch communications created in the course of government policy formation The rationale behind the privilege is that, if executive officials are not allowed to keep some internal deliberations secret, officials will be inhibited from freely expressing ideas and opinions and, as a result of this inhibition, the process of policy formulation will be less robust and resulting government policies will suffer In the abstract, the privilege makes sense However, in practice and in EFF s FOIA cases in particular the DOJ s assertion of the privilege rarely aligns with the underlying rationale For example, in our FOIA lawsuit over a secret surveillance law opinion written by the DOJ's Office of Legal Counsel, the DOJ asserted the deliberative process privilege along with other FOIA exemptions to withhold the binding opinion in its entirety The DOJ invoked the privilege despite the fact that the memo was a final version as opposed to a draft , despite the fact that the opinion had been distributed outside DOJ to other government agencies and to members of Congress and their staffs and despite the fact that the memo shapes and interprets the substantive privacy rights of citizens under federal law In effect, the DOJ relied on the privilege, at least in part, to hide a body of secret surveillance law from EFF and the American public In another case involving the deliberative process privilege, EFF sued to obtain records related to the High Level Contact Group a joint EU and US working group tasked with negotiating a set of common principles on the transnational sharing of citizens personal information for law enforcement purposes EFF sought all DOJ records that reflected the negotiating positions of the EU and the US positions which were necessarily disclosed outside the DOJ to officials of foreign governments, no less simply by virtue of the nature of bilateral negotiations Again, the DOJ claimed the deliberative process privilege protected much of the requested information According to the DOJ s interpretation of the privilege, while disclosure of the information to foreign government officials was no problem at all, disclosure to EFF and the American public would cause grave harm to the agency s deliberative process These types of assertions of the privilege turn its legitimate rationale on its head, only serving to obstruct the public s ability to know what its government is up to At its essence, nearly every FOIA case EFF litigates is identical to the battle playing out right now between Congress and the Executive Congress has requested documents to shed light on government practices and to keep the executive branch accountable to the public Instead of being forthcoming and transparent, the Executive has instead chosen to rely on a tenuous interpretation of the deliberative process privilege to stymie the process and obstruct the public s ability to hold executive officials truly accountable But, at least in the FOIA context, Congress can fix the problem Instead of wasting time with a symbolic and, ultimately, pyrrhic contempt vote, Congress should act to change the deliberative process privilege through statute Unlike the presidential communications privilege, the deliberative process privilege is not constitutionally based, so a law cabining the Executive s invocation of the privilege is less likely to create constitutional separation-of-powers problems So, for example, Congress could amend FOIA to require a Court whenever the deliberative process privilege is invoked to withhold information to balance the public interest in disclosure of the information against the magnitude of the potential harm to the executive agency s deliberations This type of balancing is already used in other FOIA exemptions and would go a long way towards preventing some of the more egregious invocations of the privilege A balancing test would also provide an agency enough space to rely on the privilege when it is being legitimately invoked, yet would prevent agencies, in case after case, from simply repeating the same generic and speculative assertions of harm to agency deliberations So Congress, if you re serious about sending a message to the Attorney General and the DOJ, forget about the contempt vote Instead, hit them where it counts their FOIA exemptions Related Issues TransparencyFOIAFiles Holder Letter to Obamapdf http://www.secuobs.com/revue/news/383076.shtmlhttp://www.secuobs.com/revue/news/383076.shtml Secuobs.com : 2012-06-21 23:19:37 - Deeplinks - by Molly Sauter Two days ago, EFF launched Defend Innovation, outlining seven proposals to address the egregious abuses of software patents Since we launched, we ve already received an amazing response the initial traffic overwhelmed our servers and now we re watching as more and more people sign the petition and leave comments This campaign isn t just about our proposals it s also about creating a space for the tech community, inventors, academics, and others to express their concerns and suggestions for dealing with the patent system The comments we collect will be the basis for a whitepaper we ll use to educate lawmakers and the public about the problems with the software patent system and how we can address them Here is a sample of what we've seen so far Many people are worried about patent trolls, or corporate entities that buy up patents with no intention of ever using them for anything other than collecting rents and settlements We've written about the problems patent trolls pose to innovation before Steven Baker, a patent owner in Austin, TX, comments The real evils start when patents can be bought and sold by companies who have no interest in using the technology - have no intention of ever making a product - and exist only to game the legal system for profit This kind of behavior is abusive and does absolutely nothing to encourage innovation or to boost the nations bottom-line Other people voice their support for our second proposal, which calls for patent trolls to pay the fees and costs of those people they wrongfully sue for infringement Nathan Hourt, a software developer at Rensselaer Polytechnic Institute, suggests that such measures should go even further Patent trolls ought not get away with breaking up a target's workflow, intimidating them, wasting their time, and potentially damaging their public image for nothing but some paltry legal fees that didn't stop them from suing in the first place When the plaintiff's claims in a patent suit are found to be invalid, the plaintiff should be required to pay to the defendant at least triple the damages they were seeking This would serve to offset the harm done to the defendant, as well as even further reducing the risk of patent trolling Another benefit is that it would encourage plaintiffs to think twice about whether the damages they seek in a patent suit are reasonable Jesse Carlaftes, a senior systems engineer in Tuscon, points out one of the major issues with the software patent process - that those approving the patents often do not have the specialized knowledge needed to make an accurate judgment about the validity of the patent Software patents generally cover ideas, and not implementations as currently defined in patent law Patent Approvers are not well versed enough in Comp Science to determine novelty of an idea Too many common ideas are patented with the simple modifier 'in software internet phone etc' Christopher Perry, a computer programmer in Okemos, Minnesota, draws attention in his comment to the challenges the current software patent regime present for small businesses The current patent system makes it nearly impossible for small businesses to take off In order to mitigate risk, each developer realistically needs a team of patent lawyers in support to let the developer know that the idea that just popped into their head is covered by a patent already The patent waters are unnavigable for an individual and small business and has created a system where established businesses can crush new competition, not through the act of competing, but by legally prohibiting the competing endeavor to event start This kind of feedback is incredibly valuable to EFF on our fact-finding mission to find out how the tech community feels about software patents and what Congress and others need to do to address these problems Please join the conversation Visit defendinnovationorg, review the proposals and comments, and add your voice to the growing movement that is seeking real solutions to the problems arising from software patents Related Issues PatentsPatent Trolls http://www.secuobs.com/revue/news/383054.shtmlhttp://www.secuobs.com/revue/news/383054.shtml Secuobs.com : 2012-06-21 20:08:28 - Deeplinks - No iPad for you The sentiment may have evoked the fictional Soup Nazi, but the salesperson was completely serious After hearing 19-year-old Sahar Sabet speaking Persian with her uncle, an Apple store employee refused to sell Sabet an iPad, stating according to Sabet I just can't sell this to you Our countries have bad relations While the Apple employee was wrong here, in other, not too different circumstances, that employee may have been right Restrictions placed upon US persons1 by the Department of Treasury s Office of Foreign Assets Control OFAC state In general, a person may not export from the US any goods, technology or services, if that person knows or has reason to know such items are intended specifically for supply, transshipment or reexportation to Iran Further, such exportation is prohibited if the exporter knows or has reason to know the US items are intended specifically for use in the production of, for commingling with, or for incorporation into goods, technology or services to be directly or indirectly supplied, transshipped or reexported exclusively or predominately to Iran or the Government of Iran While Sabet told a reporter that she had mentioned nothing about traveling back to Iran, companies--fearing the high penalties2 placed upon violators of the OFAC regulations--often restrict sales or services on the fear that an Iranian citizen could take the product s to Iran For example, Google reportedly blocks Persian-language advertisements because of the prohibition on financial transactions targeting Iranians Given that there are only small pockets of Persian speakers outside of Iran, it would be difficult for Google to argue they're not targeting Iranians with ads in Persian therefore, blocking the advertisements entirely ensures that they're in compliance with the regulations In this case, however, Apple was in the wrong A statement Wednesday by Department of State spokesperson Victoria Nuland in response to the incident clarified that T here is no US policy or law that prohibits Apple or any other company from selling products in the United States to anybody who s intending to use the product in the United States, including somebody of Iranian descent or an Iranian citizen or any of that stuff If you do want to take high-technology goods to Iran, you need a license But that is a separate issue A statement was also issued on the US virtual embassy to Iran s Facebook page Given that exports to Iran are strictly controlled, where does the US government draw the line Not at the border, as one might expect A rule of the Department of Commerce both Commerce and Treasury are involved in export controls , dubbed the deemed export rule, states that the Department s Bureau of Industry and Security BIS has jurisdiction for the export or release of controlled technology and software to a foreign national in the United States A BIS policy document on Iran clarifies, however, that the deemed export rule does not apply to persons who are permanent residents in the United States or are protected individuals under the Immigration or Naturalization Act3 So what does this mean for Iranians and other individuals from sanctioned countries Basically, an Iranian student temporarily residing in the US with intent to go back to Iran may legitimately denied purchase of an Apple product under export regulations, but a US Permanent Resident or someone with Iranian dual citizenship cannot be Furthermore, a company or individual that wishes to export to Iran must apply for a license through the Department of Treasury s OFAC4 Additionally, it is unlawful for anyone traveling to Iran to bring controlled items such as laptops or satellite cell phones into Iran even temporarily without authorization from OFAC As we ve previously written, there are notable exceptions to these rules In 2010, OFAC issued a general license for companies to export communications software and services to users in Iran, Sudan, or Cuba certain services and software incident to the exchange of personal communications over the Internet, such as instant messaging, chat and email, social networking, sharing of photos and movies, web browsing, and blogging, provided that such services are publicly available at no cost to the user Similar amendments have been made for citizens for Syria While we hope this may have cleared some things up for those following the Apple story, the fact remains that the sanctions rules and other export controls remain unclear to many companies and individuals, even as the Internet and new technologies mean that goods and services cross borders more than ever before To that end, we are continuing to work on this issue as it pertains to communications technology and services While there have been some improvements, the US sanctions and export regimes still deny too many critical tools to activists working to secure freedom in repressive countries As for Apple--which, as of 2 55pm on Wednesday, was still refusing comment on the story--we hope that the company will issue an apology immediately, help Sabet get her iPad if she still wants one, and further clarify their own policies to both the public and to their employees to insure an incident like this doesn t happen again 1 US persons, in this context, includes companies, non-profit groups, government agencies, etc 2 Criminal penalties for violations of the Iranian Transactions Regulations may result in a fine up to 1,000,000, and natural persons may be imprisoned for up to 20 years 3 Protected individuals can be United States nationals, temporary residents, recent lawful permanent residents, refugees and asylees 4 Guidance on such an application is available here Related Issues International http://www.secuobs.com/revue/news/382978.shtmlhttp://www.secuobs.com/revue/news/382978.shtml Secuobs.com : 2012-06-21 17:40:13 - Deeplinks - Baseless Suit Claims Online Trademark Infringement and Cyber-Vandalism The Electronic Frontier Foundation EFF is joining with attorney Venkat Balasubramani of the law firm Focal PLLC to represent The Oatmeal creator Matthew Inman in a bizarre lawsuit targeting the online comic strip s fundraising campaign in support of the American Cancer Society and the National Wildlife Federation I have a right to express my opinion, whether Mr Carreon likes it or not, said Inman While the lawsuit may be silly, the harm it can do is very real Inman started his campaign last week as part of a protest over legal threats he received from the website FunnyJunk In 2011, Inman published a blogpost noting that FunnyJunk had posted many of his comics without crediting or linking back to The Oatmeal A year later, FunnyJunk claimed the post was defamatory and demanded 20,000 in damages Inman crafted a unique response, which included some comic art Instead of paying the baseless demand, Inman asked for donations for the American Cancer Society and the National Wildlife Federation The campaign raised more than 200,000 so far An attorney for FunnyJunk, Charles Carreon, has now responded with a lawsuit filed on his own behalf Carreon s suit names Inman, the two charities, and the online fundraising platform IndieGoGo, claiming trademark infringement and incitement to cyber-vandalism This lawsuit is a blatant attempt to abuse the legal process to punish a critic, said EFF Intellectual Property Director Corynne McSherry We're very glad to help Mr Inman fight back http://www.secuobs.com/revue/news/382938.shtmlhttp://www.secuobs.com/revue/news/382938.shtml Secuobs.com : 2012-06-21 02:06:04 - Deeplinks - Coders have never been more important to the security of the Internet By identifying and disclosing vulnerabilities, coders are able to improve security for every user who depends on information systems for their daily life and work Yet this week, European Parliament will debate a new draft of a vague and sweeping computer crime legislation that threatens to create legal woes for researchers who expose security flaws On Thursday, the European Parliament will discuss the latest agreement between European Parliament and Council of an ongoing draft directive threatening coders rights Earlier this year, EFF told the European Parliament that their initial draft Directive on Attacks Against Information Systems jeopardized coders' rights to conduct essential security research The current draft, while better, still doesn't address this problem As currently written, the latest version of the Draft Directive threatens coders ability to access information systems for security testing without explicit permission If the European Parliament moves to enact this provision, researchers who study others systems in the course of good faith for legitimate research may become criminals Article 3 of the Draft Directive criminalizes intentional access to information systems without prior authorization where the actor infringes a security measure At the heart of the problem is the directive s reliance on the concept of accessing information systems without right, which is defined as access, interference, interception, or any other conduct referred to in this Directive, not authorized by the owner, other right holder of the system or part of it, or not permitted under national legislation The vague notion of unauthorized access has proved to be troublesome within the United States Computer Fraud and Abuse Act For example, creative prosecutors and litigants have argued in past cases that merely accessing a computer in violation of terms of use makes access unauthorized, and therefore a crime That broad interpretation of the law would criminalize a great deal of innocuous activity As the Ninth Circuit Court of Appeals recently pointed out, By giving that much power to prosecutors, we're inviting discriminatory and arbitrary enforcement The Directive s caveat about punishing only activities that infringe a security measure is an improvement over previous draft language, and will hopefully ensure that merely violating terms of use can t amount to unauthorized access But the vagueness of the term security measure creates new problems Does a user infringe a security measure when she stumbles across files in a hidden but unprotected directory on a website Or when she changes her IP address to avoid an IP block, even if for valid, legitimate reasons Another major problem with the draft directive is Article 7, which criminalizes the production, sale, procurement, import, or distribution of tools used to access systems for committing other offenses This new article rightly tries to link punishment to malicious intent behind using the tool, rather than simply criminalizing the use, production, sale, or distribution of such tools per se By doing so, this article tries to avoid the criminalization of dual-use tools that can be used for bad purposes, but also for desirable security efforts to prevent and deter attacks However, Article 7 remains problematic because it relies upon the murky definition of access without right and uses Article 3 as a reference for defining criminal intent, which, as we explained above, is vague Another improvement is that the directive seeks to limit criminal punishment to cases that are not minor However, the directive fails to explain what minor means in the text itself, leaving the option open for member states to define the term as they see fit According to the directive s present wording, maximum penalties for offenses including distributing tool software are at least 2 years of imprisonment, 3 years when using botnets and 5 years when committed in the context of organized crime, causing serious damage, or committed against a critical infrastructure Security researchers are a crucial part of any effective security strategy Unfortunately, this directive creates a very real possibility that they may face serious criminal punishments for their work, which creates a strong disincentive for them to do it While the directive s legally non-binding recitals suggest a number of safeguards, including human rights, security testing, it is troubling that those protections are not included in the articles themselves The European Union should implement a target-hardening strategy to provide strong incentives and support for security researchers to identify and disclose vulnerabilities and motivate providers to quickly issue patches and updates Please tune in this Thursday at 11 00 am Brussels time for a live stream of the directive debate in the European Parliament Related Issues Coders' Rights ProjectInternationalEFF Europe http://www.secuobs.com/revue/news/382789.shtmlhttp://www.secuobs.com/revue/news/382789.shtml Secuobs.com : 2012-06-21 00:51:27 - Deeplinks - If you thought passing the bar was hard, try winning one of the coveted EFF Cyberlaw Pub Quiz victory steins Last night, the best legal minds in San Francisco scrambled to answer 7 rigorous rounds of cyberlaw trivia one of Fenwick West's teams pictured left EFF's attorneys, technologists and activists worked tirelessly for weeks to construct quiz questions, delving deep into the rich canon of privacy, free speech, and intellectual property law, and then uncovering the supremely trivial facts For many of the contestants, winning means more than just a fancy cup It proves that you have lived and breathed the most important cases for digital rights of our time The competition was fierce, and every team acquitted themselves well in the face of tough questions Please join us in congratulating this year's winners 1st place WikiGeeks Durie Tangri Ridder, Costa, and Johnstone LLP Cathy Gellis, Keker Van Nest, et al 2nd place Child Law Blog Stanford Center for Internet and Society 3rd place Keeping Up With the Joneses UC Berkeley Samuelson Clinic for Public Interest Law and Technology Honorary Mention EFF the Children for being the highest ranked 4th place team of EFF interns in five years of trivia nights pictured right, sporting EFF's new t-shirt EFF s Cyberlaw Pub Trivia Night is an important opportunity for us to thank our friends in the legal community who help protect online freedom in the courts Among the many firms that dedicate their time, talent and resources to the cause, we would especially like to thank Ridder, Costa, and Johnstone LLP for sponsoring this year s Trivia Night Test Your Internet Law Expertise You too can play along at home If you read the EFF blog regularly or recently aced EFF s Know Your Rights Quiz, you may be feeling pretty confident about your knowledge of Internet law But could you answer seven rounds of questions like these The winning team pictured right probably answered every question below without breaking a sweat Courtesy of EFF s 5th Annual Cyberlaw Pub Trivia Night 1 In In re Grand Jury Subpoena Duces Tecum Dated March 25, 2011, 670 F3d 1335 11th Cir 2012 , the court relied upon which Amendment in protecting a man from being forced to decrypt his computer 2 Justice Alito in US v Jones imagined how one might have conducted surveillance comparable to GPS tracking in 1791 Which was not part of his hypothetical a a tiny constable b incredible fortitude and patience c a hand-written writ d a gigantic coach 3 A Markman hearing is pretrial hearing in which a judge examines evidence on the meanings of words used in a patent claim Markman held a patent for an Inventory Control and Reporting System for what kind of store 4 In the 2012 Oracle v Google lawsuit, Google was found to have copied one program, known as rangeCheck - It consisted of how many lines of code 5 On January 25, 2012, at least 15,000 people demonstrated in the streets of Kraków against what international trade agreement Answers highlight to read 1 5th Amendment, 2 c , a hand-written writ, 3 Dry cleaning, 4 9 lines, 5 ACTA, the Anti-Counterfeiting Trade Agreement http://www.secuobs.com/revue/news/382786.shtmlhttp://www.secuobs.com/revue/news/382786.shtml Secuobs.com : 2012-06-20 07:35:35 - Deeplinks - People tend to think that digital copies of our biological features, stored in a government-run database, are problems of a dystopian future But governments around the world are already using such technologies Several countries are collecting massive amounts of biometric data for their national identity and passport schemes a development that raises significant civil liberties and privacy concerns Biometric identifiers are inherently sensitive data As European privacy watchdogs have said, biometrics changes irrevocably the relationship between body and identity, because they make the characteristics of the human body machine-readable and subject to further use This is why such identification schemes become particularly dangerous when used with unreliable biometric technologies that can misidentify individuals Regulators in several jurisdictions continue to romanticize the security and accuracy of face, fingerprint, and iris automatic recognition biometric technologies But the existence of a significant amount of falsified biometric identification documents raises questions as to whether these technologies are too unreliable to prevent fraud, thus providing individuals and governments with a false sense of security Automatic Face Recognition in Border Control Biometric data of individuals faces has been used since 2007 at various European border checks Eleven airports in the United Kingdom now have e-passport gates that scan EU travelers faces and compare them to measurements of their facial features ie biometrics , stored on a chip in their biometric passports Although error rates of state-of-the-art facial recognition technologies have been reduced over the past 20 years, these technologies still cannot identify individuals with complete accuracy In an incident in 2011, the Manchester e-passport gates let through a couple that had mixed up their passports The UK Border Agency subsequently disabled the Manchester gates and launched an investigation Similar e-passport gates have been introduced in Australia and New Zealand During the early stages of testing in Australia, the technology showed a six to eight percent error rate Moreover, this technology also misidentified two men who exchanged passports Nevertheless, the government refused to disclose the final error rates, citing security concerns Digital Fingerprint Recognition US law requires visitors to submit biometrics to a central database in the form of a digital fingerprint when seeking a visa or when entering the country EU law further requires all passports for 26 countries in the Schengen area the borderless zone within European countries to contain digital fingerprint data on a chip The United Kingdom a non-Schengen country contemplated introducing fingerprints voluntarily as part of a biometric passport 20, but ultimately decided against it The UK government was preparing to launch a biometric national identity card, for which it gathered fingerprints from 15,000 volunteers for the project But the new government didn't believe ID cards would work and physically destroyed the pilot identity databases However, in 2010, the UK National Policing Improvement Agency also conducted a pilot test to provide police officers with digital fingerprint scanners that could remotely match individuals fingerprints against a central database The outcome of this project is unknown and, when questioned, the agency refused to disclose the error rates that resulted from its tests In the Netherlands, the database storage of digital fingerprinting for travel documents was temporarily halted following questions over the reliability of the biometric technology The Mayor of the City of Roermond reported that 21 percent of fingerprints collected in the city could not be used to identify any individuals In April 2011, the Dutch Minister of Interior, in a letter to the Dutch House of Representatives, asserted that the number of false rejections cases in which there is a no-hit for a lawful holder of a travel document is too high to warrant using fingerprints for verification and identification Currently, fingerprints are still being collected onto Radio Frequency Identification RFID chips in ID documents A German court recently asked the EU Court of Justice for a preliminary ruling on the legality of biometric passports with RFID chips, which are readable from a distance The German court questioned whether the EU regulation that requires biometric passports in Europe is compatible with Charter of Fundamental Rights of the European Union and the European Convention of Human Rights In France, a report last year disclosed the questionable security of biometric passports It showed that 10 percent of biometric passports were fraudulently obtained for illegal immigrants or people looking for a new identity Following the issues with respect to biometric passports in the various EU countries, Members of the European Parliament have queried the European Commission about the reliability of these biometric passports Iris Scan Identification In preparation for the UK s national ID card scheme, the UK government noted that there was little research indicating the reliability of iris scan identification The government initially relied upon unpublished and unverified results from an airport trial There were concerns that hard contact lenses, watery eyes and long eyelashes could prevent accurate scanning The government then asked the National Physical Laboratory NPL to test the technology The NPL chief research scientist stated in the news that technologies like iris scanning are accurate enough for the ID cards application but only provided they are implemented properly and one has appropriate fall-back processes to deal with exceptional cases But a study has shown that it is difficult to enroll disabled individuals into an iris database The success of enrollment also significantly varies depending on race and age, suggesting further errors if the technology were implemented Additional testing of iris scanners has been initiated by the US Department of Homeland Security In summary, governments have failed to support their claim that such technologies actually improve security These governments do not appear to have hard data supporting their claims that the technology is reliable enough to prevent fraud Of course, the reliability of the technology is only one aspect of the different problems around governments collection of biometrics, including privacy, security, discrimination, and other civil liberties EFF will continue monitoring this issue Stay tuned Related Issues BiometricsMandatory National IDs and Biometric DatabasesPrivacyPolicy Analysis http://www.secuobs.com/revue/news/382587.shtmlhttp://www.secuobs.com/revue/news/382587.shtml Secuobs.com : 2012-06-20 03:01:25 - Deeplinks - Today, EFF launched a new campaign against software patents https defendinnovationorg In this campaign, we outline seven proposals that we think will address some of the greatest abuses of the current software patent system, including making sure that folks who independently arrived at an invention can t be held liable for infringing on a software patent But our campaign isn't just about our proposals we also want to hear, and amplify, the views of the technical community Many engineers, researchers, and entrepreneurs have suggested that reform is not enough and that software should not be patentable, period We want to record these views, which is why our Defend Innovation campaign is designed to solicit comments from all of the stakeholders We'll incorporate what we learn into a formal publication that we can take to Congress that reflects the views of innovators, academics, lawyers, CEOs, VCs, and everyone else who is concerned about the software patent system People who have been following the software patent space know just how flawed the current system is and how, instead of promoting new inventions, software patents are being turned against everyday inventors It s got creators up in arms and rightly so and we ve been working for years to bring attention to this growing crisis A lot of people want to abolish software patents altogether, while others hold out hope that reforms can help address the situation Well, here s the truth of it neither reforms nor abolition of software patents will be possible unless software patents are treated differently under the law than other types of patents In 2008, we fought hard to get the courts to appreciate the difference between physical inventions and software inventions, submitting an amicus brief in the famous Bilski case Unfortunately, we lost that battle the Supreme Court wasn t ready to get rid of software patents altogether recently, however, the Supreme Court has signaled that it may be uncomfortable with particularly egregious software patents Congress, too, has failed to really help Part of the problem is that certain entrenched interests and lobbyists particularly in pharmaceuticals and biotech, for example have made fundamental change to the patent system nearly impossible So it s time to treat software differently, get those parties out of the equation, and fix the law to reflect the realities of technology and the tech community Regardless of whether you think software patents should be abolished altogether or just reformed, the first step is recognizing that a one-size-fits-all patents system doesn t make sense and that we need to treat software patents differently from other types of patents Without that, no effort whether reform or abolition can be successful This is the basis of our Defend Innovation campaign some proposals to help address the most egregious abuses of the software patent system and a fact-finding mission to hear from concerned individuals about whether or not the system is working at all Of course, there are many views about the best way to fix the software patent mess We want to hear those opinions, even especially if they are that software patents simply don t make sense at all This is a serious problem and overcoming the political obstacles is not easy That doesn t mean we can t and shouldn t work together to force Congress and the legal system to take these problems seriously Join us, won t you https defendinnovationorg Related Issues InnovationPatents http://www.secuobs.com/revue/news/382545.shtmlhttp://www.secuobs.com/revue/news/382545.shtml Secuobs.com : 2012-06-20 03:01:25 - Deeplinks - Since March of this year, EFF has reported extensively on the ongoing campaign to use social engineering to install surveillance software that spies on Syrian activists Syrian opposition activists have been targeted using several Trojans, including one disguised as a Skype encryption tool, which covertly install spying software onto the infected computer, as well as a multitude of phishing attacks which steal YouTube and Facebook login credentials As we've tracked these ongoing campaigns, patterns have emerged that links certain attacks to one another, indicating that the same actors, or groups of actors are responsible Many of the attacks have installed versions of the same remote access tool, DarkComet RAT, and reported back to the same IP address in Syrian address space The latest attack covertly installs a new remote access tool, Blackshades Remote Controller, whose capabilities include keystroke logging and remote screenshots Evidence suggests that this campaign is being carried by the same pro-Syrian-government hackers responsible for the fake YouTube attack we reported in March, which lured Syrian activists in by advertising pro-opposition videos, stole their YouTube login credentials by asking them to log in before leaving a comment, and installed surveillance malware disguised as an Adobe Flash Player update This malware is distributed via Skype It is distributed in the form of a pif file This sample was sent via the compromised Skype account of an officer of the Free Syrian Army In the conversation shown in the screenshot below, a malicious link is sent claiming to be an important new video Two hours later his friend asks the officer if his account is ok The officer replies that his account was compromised and this link sent out to various people from his address book Clicking on the link downloads a file called new_new pif For those who would like to make sure that they have the correct sample of this malware, the md5sum is 0d1bd081974a4dcdeee55f025423a72b On execution, the following files are dropped C Documents and Settings Administrator Templates VSCoverexe Shown in the screenshot below C DOCUME 1 ADMINI 1 LOCALS 1 Temp local3exe C DOCUME 1 ADMINI 1 LOCALS 1 Temp datadat Shown in the screenshot below And C Documents and Settings Administrator Local Settings Temp D3D8THKexe Shown in the screenshot below If you see these files on your computer, you have been infected with BlackShades RAT If your computer is infected, deleting the above files or using anti-virus software to remove the Trojan does not guarantee that your computer will be safe or secure This malware gives an attacker the ability to execute arbitrary code on the infected computer There is no guarantee that the attacker has not installed additional malicious software while in control of the machine Some anti-virus vendors recognize Blackshades RAT You may try updating your anti-virus software, running it, and using it to remove the Trojan if it comes up, but the safest course of action is to re-install the OS on your computer and change the passwords to any accounts you have logged into since the time of infection EFF urges Syrian activists to be especially cautious when downloading files over the Internet, even in links that are purportedly sent by friends As members of the Syrian opposition become more savvy in using encryption, satellite networks, and other tools to evade the Assad regime's extensive Internet surveillance capabilities, pro-Syrian-government malware campaigns have increased in frequency and sophistication For Syrian activists, poor security practices can have potentially disastrous consequences For a detailed technical analysis, please see this blog post from Citizen Lab Related Issues AnonymityInternationalPrivacy http://www.secuobs.com/revue/news/382544.shtmlhttp://www.secuobs.com/revue/news/382544.shtml Secuobs.com : 2012-06-19 22:39:18 - Deeplinks - Broken Patent System Needs Seven Big Fixes to Protect Inventors San Francisco - Patents are supposed to foster innovation, but modern software patents have been weaponized against inventors Today the Electronic Frontier Foundation EFF is launching Defend Innovation, a new patent reform project to promote seven fixes for America's patent system The software patent system is broken Patents are supposed to help promote new inventions and ideas, but software patents are chronically misused to limit competition, quash new tools and products, and shake down companies big and small, said EFF Staff Attorney Julie Samuels It's time for Internet users, inventors, activists, and academics to team up and fix the problem EFF has posted seven proposals for software patent reform at Defendinnovationorg, including shortening the term for software patents from 20 years to no more than five years, allowing winning parties in litigation to recover fees and costs, and ensuring that infringers who arrive at a patented idea independently aren't held liable, for example EFF is asking the public to sign on to the proposals and to make additional comments of their own Additionally, we're calling on individual inventors, lawyers, and academics to give feedback, and we're asking technology companies to continue the conversation with in-person meetings with EFF staff EFF will take the results from these comments and meetings and create a whitepaper to help educate lawmakers and others about the full reach of the problem and next steps forward to fix it The US Patent Office is overwhelmed and underfunded, and issues questionable patents every day patents that hurt innovators and consumers alike, said EFF Activism Director Rainey Reitman It's time for the technology community to work together to create a blueprint for reforming the broken software patent system Help EFF Defend Innovation https defendinnovationorg Contacts Julie Samuels Staff Attorney Electronic Frontier Foundation julie efforg Rainey Reitman Activism Director Electronic Frontier Foundation rainey efforg http://www.secuobs.com/revue/news/382503.shtmlhttp://www.secuobs.com/revue/news/382503.shtml Secuobs.com : 2012-06-19 02:48:19 - Deeplinks - Note This article was originally published by Index on Censorship This week the British government unveiled a bill that has a familiar ring to it The Communications Data Bill would require all Internet Service Providers ISPs and mobile phone network providers in Britain to collect and store information on everyone s internet and phone activity Essentially, the bill seeks to publicly require in the UK what EFF and many others have long maintained is happening in the US in secret and what we have been trying to bring to public and judicial review since 2005 Put simply, it appears that both governments want to shift from surveillance of communications and communications records based on individualized suspicion and probable cause to the mass untargeted collection of communications and communications records of ordinary, non-suspect people This shift has profound implications for the UK, the US and any country that claims to be committed to rule of law and the protection of fundamental freedoms This isn t the first time that an Executive has seized the general authority to search through the private communications and papers without individualized suspicion To the contrary, the United States was founded in large part on the rejection of general warrants papers that gave the Executive then the King unchecked power to search colonial Americans without cause The Fourth Amendment was adopted in part to stop these hated writs and to make sure that searches of the papers of Americans required a probable cause showing to a court Indeed, John Adams noted that the child Independence was born, when Boston merchants unsuccessfully sued to stop these unchecked powers, then being used by British customs inspectors seeking to stamp out smuggling The current warrantless surveillance programs on both sides of the Atlantic return us to the policies of King George III only with a digital boost In both, our daily digital papers including intimate information such as who we are communicating with, what websites we visit which of course includes what we re reading and our locations as we travel around with our cell phones are collected and subjected to some sort of datamining Then we re apparently supposed to trust that no one in government will ever misuse this information, that the massive amounts of information about us won t be subject to leak or attack, and that whatever subsequent measures are put into place to government access to it by various government agencies will be sufficient to protect our privacy and ensure due process, fairness and security On that score, at least the UK government is willing to discuss the proposal publicly and allow Parliament to vote on it But this puts the onus on the British people to tell their representatives to soundly reject it The message to the Executive should be clear general warrants were a bad idea in 1760, and they are still a bad idea today If you live in the UK, you can go here to Open Rights Group's action page to write to your MP and tell them you strongly oppose this dangerous bill Note This article was originally published by Index on Censorship Related Issues PrivacyNSA Spying http://www.secuobs.com/revue/news/382302.shtmlhttp://www.secuobs.com/revue/news/382302.shtml Secuobs.com : 2012-06-19 00:35:59 - Deeplinks - Bahrain's Minister of State for Information Affairs, Samira Rajab, has announced that the government is preparing to introduce tough new laws to combat the misuse of social media Like many Gulf states, Bahrain is doubling down on state censorship in response to a year of ongoing protests connected to the Arab Spring In case the target of this upcoming legislation was in any way unclear, Ms Rajab went on to call out human rights activists It is these activists who have labelled drowning victims as those killed by torture They have labelled sickle cell victims as being killed by security forces and they have used these media to completely distort the true picture of Bahrain This cannot be tolerated The rule of law shall prevail Ms Rajab justified the upcoming laws by pointing to sedition laws in the United States, United Kingdom, and France Meanwhile, the Bahraini government is already engaging in the kind of crackdown that the new law is supposed to enable Activist Nabeel Rajab no relation to the Minister of State for Information Affairs was detained again on June 6 after complaints that he had made statements publicly vilifying pro-government individuals on Twitter After the Prime Minister visited the small town of Muharraq, Mr Rajab tweeted that he should step down He referenced the Prime Minister s recent visit to Muharraq in his message E veryone knows you are not popular and if it weren t for the need for money, the Muharraq residents would not have welcomed you Mr Rajab s attorney notes that his second detention is extraordinary even in Bahrain, since The Bahraini Code of Criminal Procedure limits pretrial detention to exceptional cases Authorities are not supposed to detain the accused in defamation cases, and the most severe penalty has usually been a fine Mr Rajab had been previously released from jail after posting bail at the end of May That time, the activist had also been arrested for inflammatory political comments from his Twitter account The EFF joins other groups such as Human Rights Watch and the European-Bahraini Organization for Human Rights in demanding the immediate and unconditional release of Mr Rajab, as well as the dismissal of all charges against him We remain concerned we will see even more cases similar to this one once the new laws are passed http://www.secuobs.com/revue/news/382289.shtmlhttp://www.secuobs.com/revue/news/382289.shtml Secuobs.com : 2012-06-18 22:25:17 - Deeplinks - By Molly Sauter Earlier this month, an inmate in Texas was denied access to computers and an electronic messaging system because he ordered a copy of the information security handbook Hacking Exposed Does simply ordering a copy of an information security handbook render an individual a threat to the safe, secure, and orderly operation of a federal prison Almost certainly not Hacking Exposed was written by three well-respected information security professionals, two of whom work at McAfee, and is intended to educate infosec professionals about the threat landscape But the warden of the prison, and subsequently a federal district court, found that just by ordering the book, Reginald Green constituted a substantial enough threat to the orderly running of the prison to ban him from accessing the TRULINCS electronic messaging system or using computers for the rest of his incarceration Could the exploit information contained within Hacking Exposed be misused in the right environment Sure, but so could lots of other things, like the hammers in the prison workshop or the weights in the prison gym This is an unfortunate, aggressive reaction to the social concept of the hacker, without pausing to consider the facts of the case If the book had been called Offensive Information Security instead of Hacking Exposed, would it have been confiscated, or Mr Green deemed a threat We've seen many examples of security researchers and others calling themselves hackers and falling under undue and aggressive legal scrutiny because their motives and actions were misconstrued This is in part because the term hacker can, in general parlance, mean anything from a DIY enthusiast building portable chargers in Altoids tins to a hardcore cybercriminal selling stolen credit card numbers on a deep web message board Individuals either calling themselves hackers or dubbed so by the media have been repeatedly targeted for publishing information on how to jailbreak your own devices For example, Sony sued members of the hacker group fail0verflow after they revealed at CCC that they'd mathematically calculated the keys Sony uses to ensure only approved code runs on the PS3 In the same suit, Sony also sued George Hotz, better known as GeoHot, jailbreaker of the iPhone, for publishing the PS3 root key, even though he made clear he didn't do so to enable people to run pirated games People have also been targeted for offering jailbreaking services commercially For instance, prosecutors brougth criminal charges against Matthew Crippen for modding XBOX 360s to run DRM-free games, which were ultimately dismissed Whether you call them hackers, makers, tinkerers, or information security researchers, people on the hacking spectrum have been a boon to society for decades They power innovation in all sectors and operate as a valuable check on the security and stability of the technology that forms the basis for our modern society Their curiosity drives our economy and challenges entrenched corporate and governmental interests However, the word hacker has changed since its origins in creative prank culture and innovative computing at MIT, and is now popularly used, more often than not, as a pejorative one that encourages fear-based knee-jerk reactions Hackers are used as go-to villains by policy makers, who wave the nightmare scenario of rampant cybercrime and imminent cyberwar to justify legislative proposals that threaten to encroach on your digital civil liberties What is being attacked here is the ability of individuals to pursue technical knowledge Rather than evaluating the actual threat posed by Mr Green having ordered the Hacking Exposed book, the warden in this case appears to have latched onto the word hacking and overreacted Related Issues Free SpeechSecurity http://www.secuobs.com/revue/news/382247.shtmlhttp://www.secuobs.com/revue/news/382247.shtml Secuobs.com : 2012-06-18 18:25:07 - Deeplinks - Expanded International Team Brings New Breadth to Global Digital Rights Issues San Francisco - Carolina Rossini has joined the Electronic Frontier Foundation EFF as its International Intellectual Property Director, bringing more than ten years of experience in global IP law and policy to EFF's international team Carolina Rossini is a Brazilian attorney focused on Internet and IP law and policy, cooperation theory, international copyright and patent negotiations, and open licensing in emerging technologies She is a member of the IP Global Agenda Council for the World Economic Forum, a board member of the Brazilian Internet Institute, and the founder of OER-Brazil, which works with policymakers to enact open access and open educational resource polices in Brazil and beyond Rossini previously was a Fellow at the Berkman Center at Harvard University coordinating the Industrial Cooperation Project She also worked on open innovation strategies at the University of Sao Paulo, and was an IP professor at FGV Law School and part of Creative Commons Brazil Her first six years out of law school were spent working as an in-house transactional telecom and Internet policy lawyer for Terra Networks in Brazil and Spain Carolina has also worked for the Wikimedia Foundation, shaping strategies to increase community engagement and foundation presence in Brazil We're at a critical moment in international IP policy People around the world have been galvanized by IP-maximalist trade agreements that threaten basic rights of Internet users, said Rossini EFF has always been on the front lines of the fight against these back-room deals, working hard to ensure that technology empowers consumers, creators, innovators, and citizens I'm extraordinarily happy to join EFF's international team Rossini joins an expanded international team that brings new depth to EFF's work on global digital rights issues, including International Freedom of Expression Director Jillian York and Coordinator Eva Galperin, International Rights Director Katitza Rodriguez and Coordinator Rebecca Bowe, and International IP Coordinator Maira Sutton Gwen Hinze, EFF's former International IP Director, will continue to work with the team as a Fellow In our increasingly interconnected world, protecting digital rights is a global effort, said EFF Executive Director Shari Steele We're proud to welcome Carolina to EFF, and we're excited about the work we're doing to protect freedom everywhere Contact Rebecca Jeschke Media Relations Director Electronic Frontier Foundation press efforg http://www.secuobs.com/revue/news/382198.shtmlhttp://www.secuobs.com/revue/news/382198.shtml Secuobs.com : 2012-06-17 04:23:57 - Deeplinks - New Draft of Vietnamese Internet Decree is Still Bad News for Freedom of Expression The Vietnamese government s draft of a new, problematic decree to regulate domestic Internet use is expected to become law at the end of the month The 60-article document is filled with alarmingly vague language, including prohibitions on abusing the provision and use of the Internet and information on the web to oppose the Socialist Republic of Vietnam, undermining the grand unity of all people and undermining the fine customs and traditions of the nation It also requires Internet filtration of all such offensive content, requires real-name identification for all personal websites and profiles, and creates legal liability for intermediaries such as blogs and ISP, for failing to regulate third-party contributors, triggering grave concerns about the decree s impact on domestic online service providers The decree furthermore attempts to require all foreign and domestic companies that provide online services to cooperate with the government to take down prohibited content For international companies without a business presence in Vietnam, the law would encourage them to establish offices or representatives in the country in order to hold them accountable for implementation of the decree In an earlier draft of the law, foreign businesses would have been required to obtain legal status and set up servers in Vietnam In recent years, Vietnam has stepped up its incarceration of bloggers and other alternative media voices The country is also the third worst on Reporters Without Borders list of Enemies of the Internet, following only China and Iran Wave of Blogger Arrests in Oman Over a dozen bloggers, activists, and poets have been arrested in Oman over the past couple of weeks In many cases, the charges have not even been published, although it is commonly believed that they were arrested for having expression controversial views online Lawyer Bassma Mubarak al-Kayoumi has stated that the arrests are in violation of Omani Basic law, which stipulates that no one can be arrested without a reason, and that an arrested person has the right to call whomever needs to be alerted about the arrest to provide assistance The latest wave of protests and subsequent arrests largely stems from the Omani government s backpedaling on legal reforms that the Sultan had announced in the wake of last year s popular discontent On June 4, the public prosecutor of capital city Muscat published a statement denouncing the recent increase in defamatory statements and calls for sedition by some people under the guise of freedom of expression, and he expressed his intention to take all necessary legal action against those uttering, circulating, encouraging or contributing to them Most recently, police arrested at least 22 protesters at a sit-in in front of the Special Section, the capital s high-security jail, on June 11 Many of the bloggers and activists who had been arrested earlier are believed to be held in the building New HTTP Error Code Proposed to Signal Internet Censorship Tim Bray, a leading Android developer at Google, has proposed the creation of a new HTTP status code in order to indicate that a webpage is unavailable due to legal restrictions The suggested HTTP code 451 is meant to give Internet service providers the ability to serve users with more transparency The name of the error code 451 is an allusion to the novel Fahrenheit 451 by the late Ray Bradbury, in which all books are supposed to be banned and subsequently burned by state firemen Bray credits Terence Eden for pointing out the lack of error messages for censorship when he noticed his ISP served an HTTP 403 error when he tried to access The Pirate Bay, which is blocked by government mandate in the UK However, the 4xx class of status code is intended for cases in which the client seems to have erred according to World Wide Web Consortium W3C specifications Currently, the most common HTTP error messages include 404 for web pages that can t be found, 401 for pages without authorization, and 403 for pages that are supposed to be hidden from most users, such as directories In the case of ordinary client errors, the server understands the request but refuses to fulfill it In case of official censorship or website blocking, such as the known Pirate Bay restriction, the server doesn t even see the request rather, the ISP may intercept the request and reject it on legal grounds Drawing attention to Internet censorship when it takes place is an essential first step in fighting for freedom of expression Related Issues Free SpeechBloggers Under FireBloggers' RightsInternational http://www.secuobs.com/revue/news/381998.shtmlhttp://www.secuobs.com/revue/news/381998.shtml Secuobs.com : 2012-06-16 01:42:48 - Deeplinks - Privacy loomed large as a discussion topic at the 13th Annual Meeting of the Trans Atlantic Consumer Dialogue TACD , an event held in Washington, DC last week that brought together consumer advocacy organizations and regulatory agency heavyweights from both sides of the Atlantic for some in-depth policy discussions The TACD s annual meeting helps foster alliances between TACD member organizations EFF is counted among them working in the US and the EU While the overarching group tackles such broad-ranging issues as food policy and financial services, TACD s Information Society division has been especially concerned with protecting Americans and Europeans privacy rights in the digital era At an overlapping event, the Consumer Federation of America CFA hosted a privacy roundtable to bring consumer groups together with representatives from major tech companies and online advertising associations for a frank discussion about emerging issues in online privacy Both forums yielded some fascinating questions and debate Here are some of the key takeaways Will a Privacy Bill of Rights Move Forward in the US Much discussion revolved around the proposed Consumer Privacy Bill of Rights, a policy blueprint floated by the Whitehouse this past February that seeks to establish new safeguards to protect consumer data in the digital realm As a TACD resolution on consumer privacy points out, this issue doesn t affect Americans alone In the absence of legislation, the US cannot offer the EU any assurance that there will be adequate protection for the personal data stored or used by US companies, TACD noted In an age where it s commonplace for third-party data brokers to buy and sell individuals personal information without their knowledge or consent, sound policy is sorely needed While the Whitehouse proposal could go farther on calling for limiting data collection, it nonetheless contains solid recommendations on transparency, accountability and security and would represent an important step in the right direction EFF, meanwhile, has devised its own Privacy Bill of Rights recommendations for mobile users and social network users Unfortunately, questions arose during the TACD meeting about whether the proposal could indeed be expected to move forward as legislation anytime soon, particularly in an election year Commissioner Julie Brill, who serves on the FTC, endorsed the idea of converting the Whitehouse blueprint into law during one of the conference plenary sessions Such rapid advances in technology and marketing have led us to conclude we re facing potentially serious gaps in consumer privacy protection, she noted But in a closed session that followed, representatives of other US government agencies faced tough questions from advocates who voiced concerns that attempts to craft strong policy around consumer privacy would be waylaid and substituted with a multi-stakeholder process that has been launched concurrently to hash out industry best practices on consumer privacy Pressed as to whether the Whitehouse policy framework had actually been committed to draft legislative language, agency representatives acknowledged that the administration had not yet taken this step While they offered assurances that a push for legislation is still on track, they also acknowledged that the effort likely is not going to be realized this election year The upshot is that the multi-stakeholder process is on the front burner while the legislative effort simmers in the background This effort aims to facilitate collaboration with industry and other partners to pin down a code for best practices, and the FTC will be endowed with enforcement powers to hold companies accountable under the voluntary standard that is created Speaking of political campaigns Investigative news outlet ProPublica put some pressure on Yahoo, Microsoft, and President Barack Obama s reelection campaign this week with an article detailing how the companies are providing user data to political campaigns to facilitate sophisticated online voter targeting When Machines Decide A number of fascinating conversations emerged from the CFA privacy dialogue, a forum held the following day that brought together representatives from industry, government, advocacy organizations and universities One of the most intriguing and perhaps chilling was a presentation delivered by a representative from a prominent tech company who cheerfully described a world in which an Internet of Things could assist with decision-making --without any human intervention The Internet of Things may be thought of as intimately networked devices, people and computers all talking to each other, the company representative explained While at present there are roughly 2 billion things hint most are smartphones connected to the Internet, corporate researchers predict that the world will be swamped with a whopping 50 billion Internet-connected things by 2020 As envisioned, these things will be wide-ranging in nature They might include infrared sensors on doorways to tally the number of people entering a room, for example, or devices tasked with monitoring and controlling the power grid, or mitigating traffic congestion It could even be a device worn by a patient to monitor blood pressure, equipped to automatically send the data back to a medical care provider The long-term idea is to use vast amounts of collected data -- sent along largely invisible networks -- to enable these devices to recognize patterns over time and make decisions accordingly This scenario obviously raises a slew of thorny questions, but the discussion at the CFA dialogue centered on the privacy implications Some wondered how consumers could be guaranteed agency in an intensely networked world Others noted that it would be crucial to require adequate disclosure on who is obtaining the data that is being generated, and for what purposes it is being used TACD, meanwhile, has also issued a resolution on the Internet of Things, which provides a useful way to think about this future scenario The IoT will reveal much more about consumers habits, from the books they read and the medications they take to the types of transportation they use Implementation of privacy by design will be important for the enforcement of consumer and privacy rights In addition, the data protection principles data collection limitations lawful and fair collection proportionality finality accuracy transparency right of access and rectification confidentiality and security of processing should be respected and implemented in the technology TACD Recommendations on Consumer Privacy Rights TACD has also issued a much broader resolution offering a set of detailed recommendations on consumer privacy in general In it, member organizations urge the US and EU governments to do the following paraphrased and not a comprehensive list The US should seek Congressional enactment of the proposed Consumer Privacy Bill of Rights The US should ratify the Council of Europe Convention 108 This widely recognized convention supports user privacy rights, and has been adopted by 43 countries The EU should implement a strong new privacy law, and EU member countries should engage in effective enforcement Both the EU and the US should promote privacy-by-design Both the EU and the US should encourage the development of global guidelines for online advertising EU and US regulatory authorities should work together and verify that consumers privacy rights are adequately protected under the US-EU Safe Harbor Privacy Principles Related Issues InternationalInternational Privacy Standards http://www.secuobs.com/revue/news/381901.shtmlhttp://www.secuobs.com/revue/news/381901.shtml Secuobs.com : 2012-06-16 00:58:01 - Deeplinks - EFF Calls Foul on Bogus 'Negligence' Claim San Francisco - The Electronic Frontier Foundation EFF urged a federal judge today to reject a porn troll's ploy to make a Wi-Fi provider responsible for the purported copyright infringement of another user Liberty Media Holdings LMH is suing two roommates in New York, alleging the illegal downloading of a pornographic film, even though LMH argues that only one made the infringing copy Remarkably, LMH claims that the non-downloading roommate is also responsible for copyright infringement, simply because the Internet subscription is in his name and he might have known his roommate sometimes made illegal downloads This theory is absurd, said EFF Staff Attorney Mitch Stoltz Decades of copyright law make it clear to be guilty of infringement you have to do more than just provide an Internet connection you have to contribute actively to the infringement This is a ridiculous attempt at expanding copyright law so it's easier for copyright trolls to extract more money from more innocent people Copyright trolls attempt to game the legal process, using improper claims and procedures to pressure alleged copyright infringers into settling lawsuits against them even where they have legitimate defenses If LMH is successful with this latest ploy, Internet users across the country would suffer Every day, cities, cafes, libraries, schools, and individuals operate open Wi-Fi networks, sharing their connection with the public This is a valuable public service, part of federal policy to promote universal, convenient access to the Internet, and also promotes public safety But if Wi-Fi providers could be held responsible for users' behavior, public access to the Internet would be sharply reduced because of liability fears We've all been in a spot when we needed a few quick minutes online when we were lost, for example, or had to send an urgent email, said EFF Intellectual Property Director Corynne McSherry More open Wi-Fi is a public good that we should support We can't let the copyright trolls bend the law here All of us who use the Internet throughout the day could lose out Thanks to Ray Beckerman for his assistance as local counsel For the full amicus brief https wwwefforg document amicus-brief-11 Contacts Mitch Stoltz Staff Attorney Electronic Frontier Foundation mitch efforg Corynne McSherry Intellectual Property Director Electronic Frontier Foundation corynne efforg http://www.secuobs.com/revue/news/381898.shtmlhttp://www.secuobs.com/revue/news/381898.shtml Secuobs.com : 2012-06-15 19:02:58 - Deeplinks - Statute Puts Online Libraries and Other Service Providers at Risk Seattle - The Internet Archive has filed a federal challenge to a new Washington State law that intends to make online service providers criminally liable for providing access to third parties' offensive materials The Electronic Frontier Foundation EFF is representing the Internet Archive in order to block the enforcement of SB 6251, a law aimed at combatting advertisements for underage sex workers but with vague and overbroad language that is squarely in conflict with federal law Procedurally, the Internet Archive lawsuit was filed as an intervention into a similar suit, Backpagecom v McKenna, filed last week The Internet Archive, as an online library, archives the World Wide Web and other digital materials for researchers, historians, and the general public, said Brewster Kahle, Digital Librarian and founder of the Internet Archive We strongly support law enforcement efforts to combat child sex trafficking, but this new law could endanger libraries and other entities that bring access to websites and user-generated content SB 6251 was passed with the hope of criminalizing the dissemination of underage sex trafficking ads and imposing a requirement to confirm the ages of individuals in such ads prior to publication The law, however, is fraught with problems As written, the vaguely-worded statute making it a felony to directly or indirectly provide access to any material that might constitute an explicit or implicit commercial offer for sex could be read to apply not only to posters but to neutral entities that provide access to online information, including ISPs, Internet cafes, and libraries This would result in a chilling effect as such entities begin feeling pressured to censor protected online speech in order to safely stay on the right side of the unclear law Washington's new statute also squarely conflicts with established federal law Section 230 of the Communications Decency Act that was passed with the dual aims of protecting Internet intermediaries from liability for most of what their users do and establishing a clear, national Internet policy to avoid the development of a confusing patchwork of state laws If allowed to stand, SB 6251 would undermine this important Congressional policy decision that directly fosters free speech, innovation, and the dissemination of knowledge online It would also set a dangerous precedent allowing individual states to regulate the Internet as each sees fit, establishing a speech-chilling race to the bottom with service providers restricting speech according to the most invasive state law on the books Indeed, in the wake of SB 6251's passage, Tennessee passed a similar bill set to go into effect in July, and New York and New Jersey are considering their own proposed legislation Laws passed with the laudable goal of combatting such a pernicious practice as child sex trafficking can nonetheless inflict collateral damage on the First Amendment, said EFF Senior Staff Attorney Matt Zimmerman Legislatures must do more than simply identify serious social ills but also prescribe solutions that are consistent with other important values Clear legal protections for hosts and disseminators of third party content are bedrock legal principles that allow free speech to flourish online While well intentioned, laws like SB 6251 simply take the wrong, dangerous approach For the full motion to intervene https wwwefforg node 71002 For the full complaint from the Internet Archive https wwwefforg node 71003 Contact Matt Zimmerman Senior Staff Attorney Electronic Frontier Foundation mattz efforg http://www.secuobs.com/revue/news/381851.shtmlhttp://www.secuobs.com/revue/news/381851.shtml Secuobs.com : 2012-06-15 00:34:50 - Deeplinks - In recent years, online tracking companies have begun to monitor our clicks, searches and reading habits as we move around the Internet If you are concerned about pervasive online web tracking by behavioral advertisers, then you may want to enable Do Not Track on your web browser Do Not Track is unique in that it combines both technology a signal transmitted from a user as well as a policy framework for how companies that receive the signal should respond As more and more websites respect the Do Not Track signal from your browser, it becomes a more effective tool for protecting your privacy EFF is working with privacy advocates and industry representatives through the W3C Tracking Protection Working Group to define standards for how websites that receive the Do Not Track signal ought to response in order to best respect consumer's choices The following tutorial walks you through the enabling Do Not Track in the four most popular browsers Safari, Internet Explorer 9, Firefox, and Chrome Safari On the menu bar at the top of your screen, click on Preferences Select the Advanced preferences panel, shown in the screenshot below Check the box at the bottom of the menu labeled Show Develop menu in menu bar On the menu bar at the top of your screen, click on Develop, shown in the screenshot below Click on Send Do Not Track HTTP Header Congratulations You have enabled Do Not Track on your Safari browser Internet Explorer 9 On the menu bar at the top of your screen, click the Tools button, which is shaped like a gear Point to Safety, and then click Tracking Protection, shown in the screenshot below Go to the Manage Add-on dialog box, shown in the screenshot below Click Tracking Protection List, and then click the Enable button in the lower right-hand corner of the box, shown in the screenshot below Congratulations You have enabled Do Not Track on your Microsoft Internet Explorer 9 browser Firefox On the menu bar at the top of your screen, click on Preferences Select the Privacy tab, shown in the screenshot below At the top of this menu, check the box labeled Tell websites I do not want to be tracked Congratulations You have enabled Do Not Track on your Firefox browser Google Chrome To enable Do Not Track in Chrome, you will need to install the Do Not Track browser extension On the menu bar at the top of your screen, click on Window In the Window menu, click on Extensions Chrome will display a control panel which shows all of the extensions you have installed on your browser, shown in the screenshot below If you do not have any extension installed, click the Browse the gallery, shown above If you have extensions installed already, scroll to the bottom of the control panel and click the Get more extensions link These links will take you to the Chrome Web Store, shown in the screenshot below In the search box in the upper left hand corner, type Do not track Select the Do Not Track extension EFF recommends the extension written by Jonathan Meyer and click Add to Chrome In the drop down menu, shown in the screenshot below, click Add Congratulations You have installed the Do Not Track extension on your Chrome browser Related Issues PrivacyDo Not TrackOnline Behavioral Tracking http://www.secuobs.com/revue/news/381701.shtmlhttp://www.secuobs.com/revue/news/381701.shtml Secuobs.com : 2012-06-14 02:13:16 - Deeplinks - EFF has been monitoring governmental proposals for national identification schemes, with an eye toward evaluating the privacy implications of these new systems In Japan, where an existing program issues unique ID numbers to citizens at the municipal level and shares information on a national network, a bill is under consideration that would create a new ID framework Submitted by the Japanese Cabinet in February of 2012, the My Number Bill would issue new unique ID numbers to participating citizens The stated purpose is to streamline information sharing between governmental bodies administering tax, social security, and disaster mitigation programs If the law is enacted, the My Number system will begin operating in 2015 So far, there are no signs that Japan's government will follow the increasingly common trend of requiring citizens to submit biometric data, such as fingerprint or iris scans, in order to enroll Nevertheless, it s clear that data submitted by participating citizens will be subject to greater information sharing than under the prior system This planned expansion gives rise to serious questions about whether individuals personally identifiable information will be adequately protected While the existing ID framework is highly controversial due to privacy concerns, this proposal will disseminate personal data farther and wider, making it even harder for individuals to exercise control their own information Japan s current unique ID system Under the mandatory Basic Resident Register program, every Japanese citizen must provide his or her name, birthdate, gender and physical address to municipal governments With the implementation of the Resident Basic Register Network System in 2002, these four types of information began to be fed into a nationwide computer network, the Juki-net, set up to share data between government agencies The new system combined the resident registration databases of 3,200 municipal governments, and assigned every Japanese citizen an ID number 1 Under this framework, citizens may also opt to obtain ID cards, which contain integrated circuit chips When an individual moves to a new city, or changes his or her name following marriage or divorce, the informational updates are logged in the Juki-net The practice of logging such updates afforded government for the first time the ability to instantly obtain information about personal histories and to track individuals' movements over the course of multiple years, according to the analysis of Midori Osagawara, a former journalist who reported on the Juki-net for national Japanese newspaper Asahi Shimbun In the past, a government official could barely track an individuals data by looking at the paper-based Resident Basic Registry, because the registry was discretely stored in the municipal office, Osagawara noted in her thesis on Japan ID systems By removing the constraint of a stored location, the government could transcend the constraint of time, too Now, personal data on Juki-net are automatically updated with references to the past 2 The Juki-net became a major source of controversy in Japan when it was launched A newspaper opinion poll conducted just before implementation found that 86 percent of respondents were afraid of data leakage or improper use of information, while 76 percent thought implementation should be postponed Several lawsuits challenged the new system, charging that it constituted a violation of the right to privacy guaranteed by Article 13 of the Japanese Constitution Protests were mounted as well 70 municipal assemblies and 29 mayors passed resolutions demanding the government postpone Juki-net s implementation In one city, whose mayor made it possible for citizens to opt out, 839,539 citizens went to city offices to register for non-participation 3 Following a Supreme Court ruling that found Juki-net to be constitutional, the citizens who d requested to opt out were enrolled anyway In 2008, the Juki-net withstood a legal challenge when Japan s Supreme Court ruled that it was constitutional, reversing a lower court s 2006 ruling that the system violated privacy rights guaranteed by Article 13 of the Japanese Constitution Plaintiffs had argued that Juki-net illegally subjected citizens to risks of personal information leakage, and that it infringed upon rights guaranteed under Article 13 of the Japanese Constitution, which states, all of the people shall be respected as individuals Their right to life, liberty, and the pursuit of happiness shall, to the extent that it does not interfere with the public welfare, be the supreme consideration in legislation and in other governmental affairs Yet the court rejected these arguments when it found the Juki-net system did not violate Article 13 The court determined that there was a low risk that information could be leaked due to the technical system design, and highlighted the absence of a centralized database that would enable consolidated control over personal information by any single governmental agency It also found that the nature of the collected data was not highly confidential While Japan s decision to prevent the creation a centralized database places it ahead of the curve on privacy when compared with many other countries that have implemented national ID systems, it s important to remember that any digital collection of personal information opens the door to potential data breaches Meanwhile, the court s assertion that the data is not of a highly sensitive nature fails to take into consideration the fact that reliable inferences can be made about highly sensitive data by building upon multiple categories of non-sensitive data For instance, Carnegie Mellon researchers Alessandro Acquisti and Ralph Gross published an article in 2009 demonstrating how social security numbers could be easily predicted by combining various kinds of widely available data, such as individuals birthdates and places of birth Expanded information sharing The My Number Bill would essentially take the Juki-Net a step farther, by generating new unique ID numbers and allowing information sharing between the agencies that administer social security, tax, and disaster mitigation programs The newly generated unique ID numbers would be used as a key to link records of individuals' income and payments, and benefits for pensions, health care and other services The My Number Bill also seems to be envisioned as a first step toward an increasingly networked system that would integrate highly sensitive information and could be opened up to private-sector use The bill was drafted based on a policy outline that won Cabinet approval in June of 2011 The policy outline hints at plans to formulate special statutes around highly confidential personal information, such as medical records It also describes the possibility of linking unique ID numbers to medical data for research purposes, as long as patients anonymity is maintained Yet this sets a dangerous precedent researchers Arvind Naravayan and Vitaly Shmatikov, among others, have shown that attempts at de-identification are not always effective Under the bill, the lack of a centralized database is designed to prevent single governmental body from storing personal information, and an independent monitoring body will be created to ensure personal information is adequately protected Nevertheless, these measures against data leakage can never be guaranteed to be 100 percent effective According to the policy framework paper, the program would be launched in January 2015 in the spheres of social security, tax, and disaster mitigation by around 2018, the government will evaluate progress and consider expansion to other areas, such as the medical field Taking into account political controversy currently surrounding Japan s consumption tax increase, which is tangentially linked to the unique ID proposal since the program aims to streamline tax administration and processing, it s still too early to say whether the My Number Bill will win approval Reactions from the Japanese public The Japan Federation Bar Association has publicly opposed the My Number Bill, criticizing the program for failing to respect the right to control one s own personal information A number of nongovernmental organizations, such as Japan s Privacy Action and the Anti Ju-Ki Net Association, also came out against Japan s proposed unique ID system in public comments submitted to the Cabinet Secretariat in July and August of 2011 They argued that the national ID isn t really necessary to reform social security and tax programs, and that human rights and personal privacy will be jeopardized no matter what, since it s impossible to guarantee 100 percent safety when it comes to technology and the potential for human error or active exploitation Others argued that statutory protections of personal information are ineffective, and that not enough consideration has been given to the shortcomings of the Ju-ki Net Some NGOs expressed doubts that the ID system would protect citizens rights, and called for a cost-benefit analysis prior to implementing the new program The Japan Medical Association has voiced concerns about the idea of linking unique ID numbers to medical records At a press conference in March, the organization noted that highly sensitive patient information could be leaked Osagawara, the Japanese journalist and surveillance scholar, offered a sharp critique of the Juki-net, focusing on the expanding requirements for information sharing Even in a short-term observation, Juki-net s development shows how a computer network inevitably expands for data sharing, she wrote Once it is established, it increases the scope of data, engages in multiple tasks, and escapes from legal constraints and democratic transparency We have concerns that the unique ID proposal seems to be moving Japan in a worrisome direction of expanded information sharing that is more sensitive in nature As we have seen in places such as the UK, where leaks of everything from medical histories to criminal records were attributed to the very government agents entrusted with overseeing a database administered by the UK government s Department for Work and Pensions, serious challenges arise when digital records of sensitive personal information are created and incorporated into a national network 1 Graham Greenleaf, Comparitive Study on Different Approaches to New Privacy Challenges in Particular in the Light of Technological Developments, Country Studies, B5 - Japan, Directorate-General Justice, Freedom and Security, European Commission online , available at http eceuropaeu justice policies privacy studies index_enhtm 2 Midori Ogasawara, ID Troubles The National Identification Systems in Japan and the mis Construction of the Subject Master s Thesis, Queen s University, 2008 , 103 online , available at http qspacelibraryqueensuca handle 1974 1222 3 Ibid Related Issues InternationalMandatory National IDs and Biometric Databases http://www.secuobs.com/revue/news/381466.shtmlhttp://www.secuobs.com/revue/news/381466.shtml Secuobs.com : 2012-06-14 01:28:12 - Deeplinks - DHS s Office of Inspector General OIG recently released a report pdf detailing multiple problems with the drones used to patrol US borders This report, combined with the Federal Aviation Administration s lack of openness about its drone authorization program and failure to disclose the true number of entities flying drones, shows that the federal government is moving far too quickly in its plans to dramatically expand the number of domestic drones flying in the United States over the next few years The DHS OIG report, which reviewed the drone program run by Customs Border Protection CBP , noted several serious problems with the program, including lack of appropriate equipment and staff to fly the drones safely and lack of processes or procedures to prioritize requests for drone flights This is especially troubling, given the agency has been flying drones since 2004 CBP currently has nine unarmed Predator drones in its arsenal, each purchased at a cost of 18 million dollars The drones cost 3,000 per hour to fly, and, according to the OIG report, the agency spent over 55 million pdf to operate and maintain the drones between 2006 and 2011 Despite these costs, CBP never made a specific budget request to Congress for the funds, and has thus far failed to seek compensation from the other federal and state agencies it loans its drones to Instead, the agency diverted 25 million from other programs to cover these costs This lack of adequate planning and oversight is concerning, given the government s push to quickly expand the number of domestic drone flights see the timeline1 above and linked and the little we know so far about drones currently flying in the US As we ve written previously, despite our FOIA lawsuit and significant public interest, the FAA has yet to release any information on the number and types of drones public entities are currently flying in the United States On top of this, the FAA has failed to account for the discrepancies between the numbers of public entities flying drones as listed on a July 2011 Fact Sheet pdf 90 entities and the list it released to EFF this April 60 entities 2 Despite all this, there are a few bright spots in the recent drone news Congressman Austin Scott from Georgia just introduced a bill before the House that s designed to protect individual privacy against unwarranted governmental intrusion from drones The bill would require federal agents to get a warrant before using a drone to gather evidence or other information pertaining to criminal conduct or conduct in violation of a regulation Senator Rand Paul introduced a similar bill in the Senate While both bills have some drawbacks the Scott bill doesn t appear to apply to state or local law enforcement, and both bills seem to have large loopholes for border searches and terrorist-related investigations , they are good first steps toward regulating police use of drones We ve also been encouraged by local efforts in Seattle, Washington and Shelby County, Tennessee to push for policies for law enforcement use of drones, and we hope other localities will follow suit If you re concerned about the lack of transparency and adequate legal procedures for drone use in your area, we encourage you to support Congressional efforts to develop a law that would place restrictions on the use of drones for surveillance We also encourage you to help EFF find out how your local police agency is using drones by contacting your local agency and reporting back to us We will continue to monitor and report on domestic drone flights here - FAA Timeline for Domestic Drone Integration 1 Special thanks to the Center for Democracy Technology for first compiling these dates and suggesting they be made into an infographic 2 The FAA later quietly updated this list on its website pdf According to a discussion with the FAA s attorney, the FAA employee who created the Fact Sheet no longer works at the agency, so the FAA doesn t really know how he arrived at the numbers on the Sheet The attorney later clarified that some agencies on the list released to EFF have sub-layers that were counted as separate proponents for purposes of the Fact Sheet, however, the FAA was tightlipped on what these sub-layers were Related Issues PrivacyTransparencyFOIA http://www.secuobs.com/revue/news/381461.shtmlhttp://www.secuobs.com/revue/news/381461.shtml Secuobs.com : 2012-06-13 20:50:36 - Deeplinks - IMAGE Nominations are now open for EFF s 21st Annual Pioneer Awards, to be presented this Fall in San Francisco EFF established the Pioneer Awards in 1992 to recognize leaders on the electronic frontier who are extending freedom and innovation in the realm of information technology Nominations will be open until Monday, August 6th Nominate the next Pioneer Award winner today What does it take to be a Pioneer There are no specific categories, but nominees must have contributed substantially to the health, growth, accessibility, or freedom of computer-based communications Their contributions may be technical, social, legal, academic, economic or cultural This year s pioneers will join an esteemed group of past award winners that includes World Wide Web inventor Tim Berners-Lee, security expert Bruce Schneier, open source advocate Mozilla Foundation, and privacy rights activist Beth Givens Remember, nominations are due no later than midnight on Monday, August 6th And after you nominate your favorites, we hope you will join us on September 20th in San Francisco to celebrate the work of this year s winners Tickets are available now http://www.secuobs.com/revue/news/381389.shtmlhttp://www.secuobs.com/revue/news/381389.shtml Secuobs.com : 2012-06-12 23:08:11 - Deeplinks - Syrian blogger and human rights activist Razan Ghazzawi, who in December was charged with, among other things, weakening national sentiment for her work with the Syrian Center for Media and Freedom of Expression, received the Front Line Defenders' human rights defenders at risk award last week EFF extends our utmost congratulations to Ghazzawi, whose work we have defended Ghazzawi was first arrested in December, then released along with other members of her organization, only to be re-arrested in a raid on their office in February and released again shortly after She still faces charges of possessing prohibited materials with the intent to disseminate them Dlshad Othman of the Syrian Center for Media and Freedom of Expression accepted the award in Dublin on behalf of Ghazzawi, who remains in Syria A video compilation of Ghazzawi is available here Related Issues Free SpeechBloggers Under Fire http://www.secuobs.com/revue/news/381136.shtmlhttp://www.secuobs.com/revue/news/381136.shtml Secuobs.com : 2012-06-12 20:39:48 - Deeplinks - As the US and European consumer organizations met with intellectual property IP and trade agencies last week, interactions with state agency representatives over US IP policies helped to further expose some underlying flaws in state policy approaches regulating global IP enforcement It is clear that IP trade agencies biased understanding of what constitutes a stakeholder and a key interest in agreements like the Anti-Counterfeiting Trade Agreement ACTA , as well as their unfounded high valuation of what they call IP-intensive industries, are some of the problems that underlie the US global IP enforcement agenda EFF is a member of the Trans-Atlantic Consumer Dialogue TACD , a forum for US and EU consumer rights organizations to meet and develop joint policy recommendations to the US government and the European Union that advance consumer protections Since 1998, over 70 member organizations have regularly released resolutions and statements of recommendations on issues covering food, information society, intellectual property, and transnational trade From June 4 to 6, the TACD met in Washington, DC to discuss new issues and future resolutions, and to meet with the US and EU delegates to address policy recommendations that they have forwarded to state agencies The focus of Tuesday afternoon was US intellectual property policies It remains clear that the US is committed to secretly negotiating trade agreements that would extend restrictive regulation over the Internet Given that this was the first meeting since ACTA had been signed in October 2011, this was a significantly pertinent issue A keynote speech by Ambassador Miriam Sapiro, Deputy US Trade Representative USTR , set the tone for the rest of the afternoon s discussions She again and again emphasized the importance of multi-stakeholder input and the necessity to increase transparency and opportunities for public comment during meetings over trans-Atlantic trade policies Hopefully, she is referring to a process of negotiation that truly takes broad public interest into account One that is inclusive of all relevant stakeholders, such as civil society, the private sector, as well as the technical community itself If governments and companies are the only ones invited to the negotiating table to discuss Internet and IP policies, the process can hardly be called multi-stakeholder In the Q A following her speech, a member of the TACD questioned the USTR s true commitment to transparency in light of the negotiations over almost all recent bilateral and regional trade agreements such as ACTA that have excluded civil society In response, the USTR spokesperson insisted that they have been transparent, claiming that they were going to stakeholders to determine what their issues were They then claimed that negotiating in public prevents governments and stakeholders from putting all their interests on the table in a way that would compromise the agreement Given that civil society has mostly been excluded from the negotiating table, their definition of a stakeholder could strictly be referring to private industry interests At the plenary session following this keynote, the Chief Economist from the US Patent Trade Office USPTO were joined by two civil society members of TACD and an economics scholar at a panel to discuss a recent publication called the Intellectual Property and the US Economy Industries in Focus In March 2010, the USPTO established the Office of the Chief Economist, tasked with assessing the direct impacts of intellectual property policy on the US economy This report was the first substantial paper that it produced, and it purportedly examines both the important trends and economic characteristics of these highly IP- intensive industries and their meaningful contributions to the US economy The USPTO representative claimed that this report was still preliminary, heavily emphasizing that this was not a policy recommendation Even so, this report has been widely cited by copyright and IP maximalists in arguing for more restrictive copyright policies because they claim the report definitively demonstrates how essential IP-protected industries are to the US economy Knowledge Economy International KEI excellently outlines some of the gaping flaws in this report KEI asserts that the USPTO defines any IP-intensive job to cover anything that remotely benefits from copyright, patent, or a trademark Under this definition, a bagger at a grocery store, a car mechanic, or even a bank teller could be deemed a job that is protected by IP Such bloated economic figures seems to bolster the claim that IP must be protected above all interests because it is deemed such a integral part of the economy Following this panel session, TACD members met with US and European Union government representatives to discuss concerns over IP policies During discussions, the US representatives emphasized the need to protect intellectual property interests, citing to the aforementioned misleading report on IP and the economy, claiming that the USPTO s report definitively proves how IP-intensive jobs, and therefore IP-intensive industries, need prioritized policy protection They went on to say that agreements like ACTA enable better enforcement of IP, and suggested that such agreements protect and even create more jobs Moreover, they claimed that ACTA is much more transparent relative to other trade agreements and that opposition to the agreement is all based on unfounded rhetoric Finally, the US side addressed SOPA and PIPA, stating that these bills are not truly dead, and that some form of legislation must be passed to address the ongoing problem of online piracy In response, TACD members went around the table and brought up their issues with ACTA and other mechanisms enabling restrictive copyright enforcement These comments mainly addressed the exclusion of civil society participation, as well as the collateral damage its IP policies would inflict through its restrictive enforcement measures Below are some of the topics discussed When asked that would happen to ACTA if the EU Parliament were to vote to reject the agreement, the US representatives did not give a definitive answer They claimed vaguely that counterfeiting is a global issue and that it would not necessarily have to involve the EU, concluding that they are still looking into it One of the most threatening provisions of ACTA is one that enables the creation of an independent committee that would oversee implementation and enforcement of the agreement in each of the signatory countries The concern is that the members of this committee would not be democratically elected and that the trend of secrecy will continue on through this venue A consumer rights group representative asked whether they had set any of the rules and plans for this committee Interestingly, the US representatives claimed that there have been no discussions about this ACTA committee Considering the complete secrecy over the negotiations, one consumer group representative asked the US federal agencies what aspect of the agreement they were worried about being seen and what kinds of interests were they protecting in maintaining such confidentiality The answer and explanation was that if versions of the agreement had been publicly available, key interests would have created expectations about their desired provisions being adopted in ACTA and that it would be problematic for these interests if their demands had to be abandoned in the final version of the agreement for the sake of compromise and resolution Another consumer rights advocate challenged them and said that these key players, such as private industry, already did know what was carried within this agreement anyway The TACD member representative asserted that the public s ability to see the content of this agreement was vastly more important than the negotiating flexibility that would be derived from keeping it secret The annual TACD meeting is an important venue for civil society members to attend and directly communicate IP and Internet policy concerns with federal agency representatives On several occasions, TACD members demanded explanations on how confidentiality is consistent with any notion of democratic rulemaking However, US federal agency representatives continued to repeat the same dubious justifications to legitimize the exclusion of civil society from international trade and IP policies It continues to be clear that government agencies do not grasp the true meaning of transparency Moreover, without proper honest assessments of the impact and side effects of IP protections on the society and economy, the development of pragmatic IP policy will never be possible Related Issues Intellectual PropertyInternationalAnti-Counterfeiting Trade AgreementEFF Europe http://www.secuobs.com/revue/news/381109.shtmlhttp://www.secuobs.com/revue/news/381109.shtml Secuobs.com : 2012-06-12 08:03:38 - Deeplinks - Internet shutdowns, content filtering, arrests of bloggers, and online surveillance in North Africa have been headline news for the past year and a half, but internet issues in the rest of the African continent haven t received quite as much press coverage This silence is partly because there is simply less internet penetration south of the Sahara, but there may also be a paralyzing current of opinion whereby stories that highlight human rights issues or a lack of democracy in the region are either dismissed as old news or written off as paternalistic Ethiopia sometimes gets particularly little coverage in Western or international media because the political situation there is not nearly as dramatic as it is in other countries in sub-Saharan Africa The government is nominally structured as a parliamentary democracy and it has good relations with the United States and Europe Still, the ruling Ethiopian People's Revolutionary Democratic Front tightly controls the country s electoral politics and media representation Internet censorship and content filtering are well-established in Ethiopia The state owns and manages the country s sole Internet service provider, Ethiopian Telecommunication Corporation Ethio-Telcom While Ethiopian Internet penetration is only about 1pourcents, there is still a vibrant, tightly-knit community of bloggers whose websites, blogs, and Facebook pages have been blocked by the government The blocks themselves look innocuous to Ethiopian Internet users, because the browser will simply notify users that the server request has timed out This error-message block is similar to what users have experienced in China when trying to access censored websites or use restricted search terms It figures, then, that the Ethiopian and Chinese governments have conducted joint workshops on mass media institution management and Internet management Inexpensive Chinese technology has also replaced American technology for building Ethiopian Internet infrastructure EFF recently reported on a new Telecom Service Infringement Law that includes explicit content-filtering provisions that protect national security The law criminalizes online speech that may be construed as defamatory or terrorist, and holds the website or account owner liable even if the speech is posted as a comment by a third party on their website These speech-chilling stipulations are hidden deep within a licensing bill that would, on the surface, seem to simply clarify Ethio-Telecom s power to regulate Internet services such as VoIP Aggressive content regulation through secret filtering and legal restrictions is just the beginning of Ethiopia s draconian Internet policy Ethio-Telecom has recently begun deep packet inspection of all Internet traffic in the country Engineers at the Tor Project discovered this when Tor stopped working in Ethiopia weeks ago They determined that the Internet service provider had figured out how to fingerprint and subsequently block Tor requests encrypted through TLS Bridge-configuration, the ordinary way to get around Tor blocks in other countries, failed to work in Ethiopia until a workaround was subsequently developed An engineer at Tor later hypothesized, My guess is that they are only blocking Tor because whatever device probably from an outside firm they have came with a block-Tor-plugin At this time, the only other countries that actively block access to Tor are China and Iran Why does Ethiopia keep company with some of the most restrictive Internet regimes in the world if the country has so little connectivity and few users The country s Internet policy continues to develop in the broader context of an equally restrictive press freedom environment During the last general election in 2005, many journalists, election observers, and opposition party leaders were detained UNESCO hosted a World Press Freedom Day event in Addis Ababa, the national capital, about a year ago Ironically, the government forcibly replaced several independent journalists on the agenda with pro-government speakers Like the former Soviet republics of Belarus, Uzbekistan, Azerbaijan, Tajikistan, Georgia and Kazakhstan, the Ethiopian government may be ratcheting up its Internet censorship regime in response to fears sparked by the Arab Spring EFF will continue to keep a close eye on development as politically sensitive milestones, such as the Ethiopia s general election, near Related Issues Free SpeechBloggers' RightsInternationalPrivacy http://www.secuobs.com/revue/news/380956.shtmlhttp://www.secuobs.com/revue/news/380956.shtml Secuobs.com : 2012-06-12 06:35:17 - Deeplinks - Nearly halfway through 2012, Iran's escalating campaign against freedom of expression--which we wrote about back in January--continues The latest story to emerge from the country is that of Hossein Ronaghi Maleki, a blogger who has recently embarked on a hunger strike in protest of his 15-year prison sentence as well as authorities' refusal to grant him prison leave despite a severe medical condition According to Amnesty International, Ronaghi Maleki developed kidney disease while in prison, has undergone at least four operations, and now requires another to remove his left kidney Ronaghi Maleki is yet another casualty of Iran's war against freedom of expression Arrested in December 2009 at the age of 27, he was taken to Tehran's Evin Prison, where he spent 376 days in solitary confinement before being sentenced to fifteen years in prison for the crimes of spreading propaganda against the regime, membership of the Internet group Iran Proxy and insulting the Iranian supreme leader Ayatollah Ali Khamenei and the president Mahmoud Ahmadinejad Today, supporters of the young blogger are raising awareness on Twitter using the hashtag SaveMaleki, which Amnesty International has incorporated into a letter-writing campaign, encouraging supporters to write to officials demanding Ronaghi Maleki's immediate release Details on joining Amnesty's campaign are available here Hossein Ronaghi Maleki is a prisoner of conscience, his crime the peaceful exercise of expressing himself online EFF supports Amnesty International's call for Ronaghi Maleki's immediate and unconditional release Related Issues Free SpeechBloggers Under FireInternational http://www.secuobs.com/revue/news/380943.shtmlhttp://www.secuobs.com/revue/news/380943.shtml Secuobs.com : 2012-06-12 02:10:41 - Deeplinks - Since last month, when EFF released a list of the sixty-odd public agencies that have already received from the FAA approval to fly domestic drones, the issue of drone surveillance has reached front and center in many Americans mind Yet barely any information is known about what law enforcement agencies plan to do with these unmanned flying vehicles So we want your help to gather this information into one place The groups listed by the FAA included about two dozen local police agencies, but we expect this number to grow rapidly in the coming weeks and months In February Congress passed a bill mandating the FAA authorize drones to public agencies if they can prove they can fly them safely And recently, the Department of Homeland Security, which was already handing out grants to local police agencies, announced a program to facilitate and accelerate the adoption of drones by local police agencies And last month the FAA announced it had established new though undisclosed procedures to allow more law enforcement agencies quicker access to fly drones As the Huffington Post reported The 4 million Air-based Technologies Program, which will test and evaluate small, unmanned aircraft systems, is designed to be a middleman between drone manufacturers and first-responder agencies before they jump into the pool, said John Appleby, a manager in the DHS Science and Technology Directorate's division of borders and maritime security This is, or will become, a controversy all over the United States From Seattle, to Miami, Tennessee to Atlanta, and everywhere in between, local town will soon grapple over the privacy dangers drones will create As we have explained before, the capabilities of drones are almost unimaginable Drones are capable of highly advanced and almost constant surveillance, and they can amass large amounts of data They carry various types of equipment including live-feed video cameras, infrared cameras, heat sensors, and radar Some newer drones carry super high resolution gigapixel cameras that can track people and vehicles from altitudes above 20,000 feet , can monitor up to 65 enemies of the State simultaneously , and can see targets from almost 25 miles down range Predator drones can eavesdrop on electronic transmissions, and one drone unveiled at DEFCON last year can crack Wi-Fi networks and intercept text messages and cell phone conversations without the knowledge or help of either the communications provider or the customer Drones are also designed to carry weapons, and some have suggested that drones carrying weapons such as tasers and bean bag guns could be used domestically Given Congress inaction on privacy issues, and the fact that the FAA has never regulated privacy issues, we believe activism at the local level is the best way to stop drone surveillance What you can do The FAA has so far not released any information on which model of drone or how many drones each public entity flies We also don't have much information on the type of data these drones will collect So we need to find this information out We've made a simple form for the questions we want these police agencies to answer We need you to call your local police department and ask them these questions Check your local police department's website for the Public Inquiries or Community Relations contact, and call or e-mail them these questions Our list of drone certificates includes police departments that we already know have a drone authorization from the FAA This is just the first step Once we've collected the data, we will release it and tell you how you can contact your local municipal government to demand that they ban law enforcement drones or install robust privacy safeguards that will protect citizens from unwanted and unconstitutional surveillance Related Issues Privacy http://www.secuobs.com/revue/news/380921.shtmlhttp://www.secuobs.com/revue/news/380921.shtml Secuobs.com : 2012-06-12 00:37:54 - Deeplinks - With weeks left to go on our third annual fundraising contest, supporters have already raised over 4,000 in donations to help support EFF and the Coders Rights Project Our thanks to The Holy Handgrenades leading the pack at 1,41078, with last year s Grand Prize Winners InfoSec Daily Podcast ISDPodcast at 801, followed closely by the dc404 crew at 675 You re doing great EFF s annual D EFF CONtest helps fund tireless legal defense, activism, counseling, and community education for professional security researchers and tinkerers alike Through these donor-supported efforts, EFF stands behind everyone who values knowledge and the freedom to innovate You can help by donating to EFF through one of the D EFF CONtest teams listed below, or by starting your own team today Fabulous prizes await the winners including a weekend stay at the Rio Hotel and Casino, DEF CON Human Badges, Ninja Party badges, passes to theSummit party, the iSEC Partners party, and EFF swag including our exclusive DEF CON 20 Script Kitty T-Shirt Contestants unlock a Script Kitty Trophy at every 250 and one of the new shirts at 500 D EFF CONtest Script Kitty T-Shirt So if you can't go to Las Vegas this summer, get your limited edition DEF CON 20 Script Kitty T-Shirt online when you join or renew at the Gold Membership Level or higher You can even reserve a spot at theSummit party with Vegas 20 and a host of security research luminaries Start by visiting one of the D EFF CONtest team pages and clicking the Donate Now button Alpheus125 Awesomesauce Bitghost Security Boston Linux UNIX group at MIT Calyx Institute dc404 EMBX foolishBoys https Lockbincom InfoSec Daily Podcast ISDPodcast Joshua Spain lanrofl NotSurveil Open Doors Pixel Right to Encrypted Content Liberation Movement Seeds of Epiphany Team Cetus Team JAIT Team Tardigrade Team Yogert Teamslack The Holy Handgrenades Wind WiredScience Thanks, everyone Find more detalis about the contest at https wwwefforg DEFCON or email us at contest efforg Go 1337 or Go Home Related Issues Coders' Rights Project http://www.secuobs.com/revue/news/380904.shtmlhttp://www.secuobs.com/revue/news/380904.shtml Secuobs.com : 2012-06-12 00:37:54 - Deeplinks - In light of the data breach at LinkedIn last week, in which 65 million unsalted SHA-1 hashes of account passwords were leaked publicly, we thought this would be a good opportunity to remind users about best practices for managing passwords online in order to stay safe In particular, we want to emphasize that users should never re-use passwords across multiple accounts, and that using a password safe provides an easy way to manage lots of strong passwords across multiple online accounts We understand there are trade-offs between secure password management and convenience we think a good balance is achieved by using a password safe for at least the vast majority of online accounts, with the option to memorize a few strong and distinct passwords for the cloud services one needs to access most frequently and from new devices What's the consequence of the LinkedIn leak The leak doesn't directly tell attackers LinkedIn users' passwords, but it enables a trivial and fast way for attackers to confirm their guesses about passwords, and to check exactly which LinkedIn accounts use a particular password For example, an attacker can instantly get a list of any and all LinkedIn users whose password was password123 , secret , or any other term More significantly, this process can be automated to quickly check quadrillions of possible passwords every word in every language, forwards and backwards, with various digits at the end every two- or three-word English phrase every Bible verse or line from Shakespeare, or every citation to any of these and much more It's also straightforward for attackers to try every short sequence of letters, whether it's meaningful or not This is significant because attackers actually do these things whenever a password database like LinkedIn's gets leaked In fact, because of LinkedIn's failure to use a salt which would make the password-checking algorithm more specific to the site or to each individual user , attackers can simply compare the database against pre-computed versions of all of the above, and more, quickly getting an exhaustive list of exactly who has used every guessable password, in an extremely broad sense of guessable Why is it so bad to reuse passwords At first blush, you might think that changing your LinkedIn password is sufficient to stay safe However, if you re-use the same password for other online services, you are at risk for all of those services so long as a data breach occurs in any of them and your password is revealed That's because attackers love to re-try cracked passwords with known or guessed usernames on other sites In this sense, your security across all web services for which you use a given password is only as strong as the weakest link As a concrete example, if you use the same password for LinkedIn, Gmail, and Bank of America, then it is critical that you change your passwords for the latter two websites, else there is a good chance your Gmail and Bank of America accounts could be compromised This is widely believed to be one of the most common ways by which accounts on very security-conscious web sites get cracked and the accounts broken into because users have used the same password on some other site which gets penetrated in a way that reveals their password Does altering my username make me safe even if I use the same password The short answer is no Any data breach that occurs could include enough personally identifiable information that an attacker could figure out your username for different web services How do I manage different passwords for each account We know it's hard to remember a different password for every account, since many web users have dozens or even hundreds of different accounts To address this difficulty, you can use a password safe a program that runs locally on your computer and stores passwords securely These exist as standalone applications such as KeePass which is available in different flavors for Windows, OS X, Linux, Android and iOS , or OS X's Keychain, and there are also password safes in many browsers When you use a password safe, you no longer have to memorize these passwords, and so it becomes feasible to store dozens or hundreds of passwords Instead, you just remember one password to unlock the password safe What if I need to access online services from multiple devices It's very easy to transfer a password safe database between devices using a USB flash drive Or you can store your password database in the cloud Indeed, since good password safe databases are themselves encrypted eg KeePass , you can safely also upload the database to a cloud storage service, allowing you to download the encrypted database to multiple devices, which you can subsequently unlock and decrypt with your password If there are a handful of devices you use all the time, just be sure to transfer the password safe database to each of these devices This is a minor inconvenience, but the security gain of using a password safe far outwieghs this inconvenience Moreover, backing up your password safe minimally to a USB flash drive or a cloud storage service is a good idea, so that you don't lose all your passwords if a single device crashes Finally, some password safe programs can do a secure network-based sync across multiple devices, so updating the password safe on one device will allow the new passwords to propagate to other devices What about services that I need to access from new devices For example, traveling abroad and needing access to my Gmail account from an Internet cafe The safest solution in this case arguably is still to carry a USB flash drive, so long as you can keep it secure However, it may make sense to memorize a few strong passwords for high-value cloud services that you use all the time for situations like this It is important to emphasize that accessing cloud-based services from an Internet cafe is very risky, since there could be a keylogger on the computer that steals your password We recommend changing your password whenever you have to access such an Internet service from an untrusted computer In the particular case of Gmail as well as some financial institutions and some employers' networks you can also enable an extra security feature called two-step or two-factor authentication This requires you to provide an extra piece of information when you log in, based on data stored separately in a mobile phone or a smart card By adding a requirement to have a particular object on top of the requirement to know a particular password, you can get a greater level of protection against attacks like keyloggers if you have to log in from an untrustworthy computer Although this makes logging in more effort, it can make you dramatically safer How frequently should I change my password It's typically more important not to re-use passwords across accounts than it is to change them Don't let recommendations to change your passwords become a reason to re-use a password in multiple places That said, it's good practice to change passwords from time to time Very roughly, one should consider changing passwords annually, but this is not a one-size-fits-all problem If you are frequently typing in a password on an untrusted device, or if you are accessing a high-value service, changing more frequently is a good idea In particular, you always want to change your password if there is any indication that your account might be compromised How do I make sure my passwords are strong enough Password safes often include a feature to generate pseudorandom passwords for you They will end up looking like random strings of however many characters you choose Choosing longer passwords of 20-30 characters is a great idea, even for unimportant services For important ones, you may want to make your password even longer With a password safe, using a longer password needn't be more effort than a shorter one, because the password safe can automatically type the password for you, or temporarily put it in your computer's clipboard so you can paste it into a site you access When it comes to generating a password that you're going to memorize yourself for purposes like unlocking your computer's hard drive, or unlocking your password safe don't just use a pass word instead think of a pass phrase It turns out that short strings that may seem random and hard to guess like '1xRtBd3' actually are far easier for computer to crack than long strings of randomly chosen or close to it English words, for example 'captainswimminglymauvedolphin' The latter password is also far easier to memorize But it is important to note that for most kinds of passphrases, one should never use any text including a name or phrase that has ever been published verbatim anywhere So in particular, 'captainswimminglymauvedolphin' is no longer a good passphrase We touch upon the issue of passphrase strength in our white paper on border security, and there is also a famous webcomic about the subject Although passphrase strength is much more important in an offline context where an attacker has arbitrarily many attempts to guess a passphrase, we still recommend strong passphrases for online services given data breaches that effectively turn the online threat model into an offline threat model Related Issues Security http://www.secuobs.com/revue/news/380903.shtmlhttp://www.secuobs.com/revue/news/380903.shtml Secuobs.com : 2012-06-11 06:09:38 - Deeplinks - Let's start with the obvious The patent system is broken Inventors are shutting down their businesses, small developers are removing their products from the US market to avoid bogus legal threats, and industry groups are warning members that obvious technological improvements might draw lawsuits Last year, Congress passed patent reform legislation it didn t help The courts, too, have failed to pick up the slack The result A chill on innovation American inventors especially those who don t often engage with the patent system until they re facing a lawsuit want to dedicate their resources to building the next great product or service, not fighting patent wars Now, here's the less obvious We keep learning of more and more ways innovators can navigate the system and hack it to serve its original purpose We re particularly excited about the newest, the Defensive Patent License Below we explain that and some other self-help options we ve seen lately Of course, some are better than others, but it s fair to say that there s an option for everyone The Defensive Patent License Defensive patenting acquiring patents to deter future litigation is not a new idea In fact, companies have been doing that for some time Unfortunately, the practice has encouraged companies to seek patents for anything and everything, which thanks to an overburdened Patent Office has resulted in a generation of overbroad patents that, if the company folds, often end up in the hands of a patent troll The idea behind not-yet-operational Defensive Patent License DPL takes the good from defensive patenting attempts to stem litigation and removes the bad the risk that patents obtained defensively will be used downstream by a troll The license would work like this Patent holders must offer anyone who requests a nonexclusive, royalty-free license to its patents dedicated to the DPL In exchange, the licensee must also dedicate its patents to the DPL and offer the same license to anyone in the community The licenses remain in effect throughout the patent's life, even if it is later sold As part of the license, the DPL members agree to not use their patents offensively against any other member in fact, doing so will void the license it has to use the other patents in the DPL The DPL borrows heavily from the ethos surrounding the free and open source software community, honoring the important freedoms to operate and innovate openly As such, it is those communities who will most likely use, and benefit from, the DPL The DPL represents an important answer to the fundamental problems with the patent system, but it s not for everyone For example, the DPL contemplates that a company will dedicate its entire patent portfolio to the license to avoid the problem of members only contributing their junk patents and holding on to their crown jewels For various reasons, some companies may not be in a position to do that Luckily, the DPL is not the only self-help tool out there Twitter s Innovator s Patent Agreement Earlier this year, Twitter announced its Innovator s Patent Agreement IPA , an important tool for companies looking to do right by their engineers The IPA, currently up on GitHub for comments, is simple if you assign your patent to Twitter, Twitter promises it won t use that patent to sue anyone, except for defensive purposes Because the IPA doesn t give any third party a license to the patents, it does not go quite as far as the DPL Also, a party who adopts the IPA can chose to do so on a patent-by-patent basis Importantly, however, the terms of the IPA will run with the patent, no matter to whom it gets sold This means that if a patent ends up in the hands of a troll, that troll will be prohibited from using it offensively Open Source Licenses The GNU General Public License GPL , the most widely-used free software license, covers both copyright and patent rights Its terms allow developers to use covered software for free, so long as those developers dedicate, free-of-charge, any changes or improvements to the public, also under GPL terms The GPL is often cited as a crucial element in the successful rise of Linux Other open source licenses, such as BSD licenses, the Apache License, and the Mozilla Public License, for example, cover various types of open source software These licenses, each in its own way, ensure that important developments in open source software remain open They do this job well, but unfortunately are limited to the software they specifically cover Private Companies Private, for-profit companies also provide various ways to navigate the patent system For example, RPX allows companies to buy into its large patent portfolio, which it promises to never use offensively against its customers Moreover, RPX constantly grows its portfolio to cover its members particular needs Article One Partners offers a different service, providing a platform for the award of cash prizes to those who provide prior art that may be used to invalidate patents Article One s clients request research, which third parties provide The third party who provides the highest quality research wins a 5,000 reward, and may form a relationship to further work with the Article One client Peer to Patent is Article One s important non-profit analog This type of service streamlines the process of invalidating bad patents, something we ve long supported This list is just the tip of the iceberg other non-profit and for-profit organizations provide tools to help navigate a patent system gone awry, and we look forward to more joining the fray None of these solutions is perfect, but each offers inventors of different sizes different ways to focus on innovating, and not fighting wasteful patent battles The real solution is systemic if software patents are here to stay, then the time to create a system that works for them is long overdue EFF is working hard to make that happen In the meantime, we encourage innovators to adopt one of these solutions that works best for them Related Issues Patents http://www.secuobs.com/revue/news/380697.shtmlhttp://www.secuobs.com/revue/news/380697.shtml Secuobs.com : 2012-06-08 21:10:11 - Deeplinks - The US Public Policy Council of the Association of Computing Machinery ACM , representing ACM, came out against CISPA, the cybersecurity legislation recently passed by the US House ACM is the world's largest organization for computer professionals They are joining a diverse group of individuals and organizations opposing this bill, including a wide array of digital civil liberties organizations like EFF, computer scientists like Bruce Schneier and Tim Berners-Lee, and companies like the Mozilla Foundation CISPA is intended to protect America against cyberthreats, but destroys core privacy protections by providing vague definitions and unfettered access to personal communications by companies and government agencies In one such example, ACM criticized the expansive definition for cyberthreat information, which could encompass everything from port scans to destruction of entire networks We agree, and voiced identical concerns when CISPA was first released Vague definitions are accompanied by a vague standard for companies to make reasonable efforts to limit the impact on privacy Though the standard is well intended, ACM correctly identifies that the vague standard fails to invoke any framework, standards, oversight, or controls to be used for personal information They also conclude that the bill creates no meaningful support for collection minimization and shares information that could have nothing to do with cybersecurity problems that we have consistently highlighted in our commentary on CISPA These large gaps in privacy protections highlight some of the core shortfalls we have voiced about CISPA Digital civil liberties groups, companies, and computer researchers are glad ACM joined the opposition to CISPA The upcoming bills in the Senate share many similarities to CISPA and must be stopped This is the reason why we vow to take the fight to the Senate, ask you to sign our petition against the Cyberspying Bills, and tweet your Congressmen Related Issues PrivacyCyber Security Legislation CISPA, SECURE IT, Cybersecurity ActFiles USACMCISPAStatementpdf http://www.secuobs.com/revue/news/380471.shtmlhttp://www.secuobs.com/revue/news/380471.shtml Secuobs.com : 2012-06-08 03:09:41 - Deeplinks - Earlier this week, an Access2Research petition supporting open access specifically free access over the Internet to academic articles arising from taxpayer-funder research crossed its target of 25,000 signatures, two weeks ahead of schedule1 The Obama administration has promised to respond to petitions that pass that threshold, so the issue of access to research should be firmly on the White House agenda As well it should be The open access movement, which began well over a decade ago, is garnering more and more attention lately Earlier this year, we saw the resounding defeat of the misguided Research Works Act, which would have severely restricted the amount of research that could be released under open access conditions A group of researchers launched the Cost of Knowledge campaign responding to the proposal, and allowed other academics to publicly boycott the bill s primary supporter, the publishing behemoth Elsevier In response to that boycott and other pressure, Elsevier withdrew its support for the Research Works Act in February, effectively killing the bill Of course, open access has long had the support of many scholars and major universities For example, Harvard is among a large and growing group of schools that requires open access as a matter of policy And earlier this year, the Harvard Faculty Advisory Council went a step further, issuing a memo that said major periodical subscriptions cannot be sustained, and urging all faculty to submit their work to specifically open access journals That memo was a wakeup call if even Harvard was worried about the cost of academic journals, imagine the impact that cost must be having on institutions that don't have access to the same level of resources But now non-academics are paying attention, too, as the 25,000 signatures on the Access2Research petition attest That support may reflect increased attention to issues related to copyright since January's blackout protests against the Stop Online Piracy Act SOPA and the PROTECT IP Act PIPA Traditional journals insist that scholars sign over the copyright to their work, and then leverage those rights to charge institutions and taxpayers exorbitant fees for subscriptions or single articles even though these are the same institutions and and taxpayers who supported the original research By contrast, open access journals allow any users to read, download, copy, distribute, print, search, or link to the full texts of their articles, crawl them for indexing, pass them as data to software, or use them for any other lawful purpose, without financial, legal, or technical barriers other than those inseparable from gaining access to the internet itself Support for open access then, like opposition to bills like SOPA and PIPA, is a common-sense position that has traditionally been hampered by a concentrated lobby in Washington working against the diffuse public interest Online activism campaigns are helping to focus and target that diffuse interest to make real change What is more, we're moving from reacting to bad proposals toward promoting a positive copyright agenda Open access should be central piece of that platform The fight for that positive agenda is far from over, but it s exciting to see so many joining in In a post responding to the 25,000th signature, Cameron Neylon of PLoS summed it up nicely We now know how much we can achieve when we work together with a shared goal The challenge now is to harness that to a shared understanding of the direction of travel, if perhaps not the precise route But if we, with all the diversity of needs and views that this movement contains, we can find the core of goals that we all agree on, then what we now know is that we have the capacity, the depth, and the strength to achieve them Well said 1 The petition is still open for new signatures, in case you haven't signed and wish to Related Issues Intellectual Property http://www.secuobs.com/revue/news/380311.shtmlhttp://www.secuobs.com/revue/news/380311.shtml Secuobs.com : 2012-06-08 00:13:22 - Deeplinks - Worried about the Lieberman-Collins Cybersecurity Act You should be As we've explained before, it poses serious threats to online rights Here's a one-page handout you can use as a reference It's great for sharing with friends, handing to Senate staffers, publishing online, or using as talking points when explaining the issue to someone for the first time Download it here and please spread it around The Cybersecurity Act S 2105 Threatens Online Rights The Cybersecurity Act S 2105 , sponsored by Sen Lieberman and Sen Collins, compromises core American civil liberties in the name of detecting and thwarting network attacks While Internet security is of the utmost importance, safeguarding our networks need not come at the expense of our online freedoms That s why civil liberties groups, security experts, and Internet users oppose this bill The Cybersecurity Act is fundamentally flawed and dangerous for online rights 1 The bill uses dangerously vague language to define cybersecurity threat indicators information that companies can share with the government , leaving the door open to abuse intentional or accidental in which companies share protected user information with the government without a judge ever getting involved 2 Data collected under the Cybersecurity Act can be shared with law enforcement for non-cybersecurity purposes if it appears to relate to a crime either past, present, or near future This is overbroad and contrary to the spirit of our Constitution Senator Wyden, talking about a similar provision in CISPA, noted They would allow law enforcement to look for evidence of future crimes, opening the door to a dystopian world where law enforcement evaluates your Internet activity for the potential that you might commit a crime The CSA suffers the same future crime flaw 3 If companies overstep their authority, violating the privacy of Internet users for non-cybersecurity purposes or oversharing sensitive data with the government, it will be very difficult for individuals to hold these companies accountable by taking them to court The bill puts incredibly high burdens on the plaintiff in such a case to prove that a company was not monitoring for the purpose of detecting cybersecurity threats and did not have a good faith belief that they were allowed to do it whether they are right or wrong or that they knowingly and willfully violated the restrictions of the law Furthermore, the bill allows companies to bypass much of preexisting law designed to limit company disclosure of private communications bedrock privacy law like the Wiretap Act and the Electronic Communications Privacy Act 4 The Cybersecurity Act would allow sensitive private communications to flow to the NSA, a US military agency contrary to a long held value that military agencies should not be engaged in collecting data on American citizens 5 This bill has been criticized by open government groups who rightly point out that the bill creates new exemptions to FOIA making it that much harder for people to understand how much and what kind of data is being shared with the government and ensure that the government and companies do not abuse this authority There is much our country can and should do to safeguard our networks, but sacrificing the civil liberties of Internet users is neither desirable nor necessary for that goal As a constituent and an Internet user concerned about my online rights, I urge my Senator to support privacy protective amendments and oppose the Cybersecurity Act Files cybersecurity-act-handoutpdf http://www.secuobs.com/revue/news/380288.shtmlhttp://www.secuobs.com/revue/news/380288.shtml Secuobs.com : 2012-06-07 23:26:48 - Deeplinks - In an important ruling for free speech, the Court of Appeals for the Seventh Circuit today affirmed that a parody of a popular online video called What What In the Butt NSFW, unless you happen to work at EFF was a clear case of fair use and that the district court's early dismissal of the case was correct South Park aired the What What parody in a 2008 episode critiquing the popularity of absurd online videos Two years later, copyright owner Brownmark Films sued Viacom and Comedy Central, alleging copyright infringement Recognizing the episode was an obvious fair use, a federal judge promptly dismissed the case Brownmark appealed, claiming that fair use cannot be decided on a motion to dismiss, no matter how obvious Viacom fought back, and EFF filed an amicus brief in support, explaining that being able to dismiss a case early in litigation before legal costs can really add up is crucial to protect free speech and discourage frivolous litigation The appeals court agreed, calling the district court s decision well-reasoned and delightful We hold that the district court could properly decide fair use on an early motion Despite Brownmark s assertions to the contrary, the only two pieces of evidence needed to decide the question of fair use in this case are the original version of WWITB and the episode at issue The opinion joins a growing body of precedent affirming that it's proper to dismiss some copyright cases early, and that it's possible in appropriate cases to determine whether a use is noninfringing without engaging in lengthy discovery These rulings are important not only to protect speech, but also in fighting back against copyright trolls Trolls depend on the threat of legal costs to encourage people to settle cases even though they might have legitimate defenses Citing EFF s brief, Seventh Circuit acknowledged the problem I nfringement suits are often baseless shakedowns Ruinous discovery heightens the incentive to settle rather than defend these frivolous suits Exactly We re pleased to see another court strike a blow in favor of free speech and explicitly recognize the growing problem of abusive copyright claims Let s hope future courts follow suit Related Issues Free SpeechIntellectual PropertyCopyright TrollsFiles Brownmark v Comedy Appeals Court Ruling http://www.secuobs.com/revue/news/380265.shtmlhttp://www.secuobs.com/revue/news/380265.shtml Secuobs.com : 2012-06-07 21:11:37 - Deeplinks - Once again, the federal government is trying its hardest to prevent the courts from determining whether it has broken or is still breaking the law through the NSA s wiretapping program For nearly four years, the Obama Administration has followed in the Bush administration s footsteps, invoking national security and a variety of procedural hurdles to shield itself from accountability in courts In three separate lawsuits that have been churning in the federal courts, the government has used a menu of procedural dodges to block the courts from considering the key underlying question have they been breaking the law and violating the constitution by warrantlessly surveilling American citizens over and over again And now the Obama Administration wants Congress to extend the broader surveillance powers passed by Congress in 2008 Al-Haramain v Obama The latest example occurred last Friday, in a hearing before the 9th Circuit Court of Appeals in Pasadena, CA during a government appeal of the long running case al-Haramain v Obama In 2009, a federal court awarded the two plaintiffs American lawyers who represented the now defunct Islamic charity, al-Haramain 20,000 each and 25 million in legal fees, in what remains the only warrantless wiretapping case decided on the merits The plaintiffs in al-Haramain originally filed suit when the government accidentally provided them with a classified document that showed they had been subject to warrantless surveillance Despite the government convincing the court to declare the document a state secret and exclude it from evidence, Judge Walker granted judgment in favor of al-Haramain based solely on publicly available evidence Yet on appeal, as Wired s David Kravets reported, DOJ claims the court should dismiss the case outright because the government is immune from being sued for breaching the Foreign Intelligence Surveillance Act under a concept known as sovereign immunity Sovereign immunity generally prevents the federal government from being sued unless an act of Congress authorizes it Through it's a complex, technical argument, the government is essentially asserting the only way to hold anyone accountable for future illegal national security wiretapping is to sue them in their individual capacities and apparently requiring them to pay any damages out of their own pocket Given that the FISA was written in the midst of the uproar over rampant official government surveillance, this outcome would be outrageous And even assuming the government wins on its argument, would it then let the case go forward against FBI Director Robert Mueller, the one federal official named in his individual capacity No way After a question from one judge, the government admitted to the Court that it would then invoke the state secrets privilege to stop even that case and also raised the specter of other immunities that would then apply to protect the individual defendants The Justice Department essentially told the Court, heads we win, tails they lose The fact remains that the district court sided with plaintiffs holding that FISA waives sovereign immunity, has national security protective procedures that overwrite the state secret privilege here, and that plaintiffs had established a case, based purely on publicly available evidence, to satisfy their burden We hope the 9th Circuit agrees Jewel v NSA and Hepting v AT T The state secrets privilege is also the first legal maneuver the government will likely try to use to prevent EFF s own lawsuit against the government over warrantless wiretapping, Jewel v NSA In Jewel, based on evidence given to EFF by AT T whistleblower Mark Klein, Congressional admissions, and countless media investigations, EFF has argued the NSA violated federal surveillance laws and the Constitution by acquiring untold numbers of Americans emails, phone calls, and communications records After a recent procedural victory at the 9th Circuit revived the case, Jewel is back before a federal district judge in San Francisco However, in proceedings over the next few months, the government will likely try to again wall itself off from accountability by asserting that the state secrets privilege requires the case to be dismissed without a determination of whether the government s actions are legal Yet, in passing FISA, Congress expressly created a secure process by which the legality of surveillance must be determined by a court We expect the next round of the fight will be, as previous ones were, a set of arguments by the government about why, despite that carefully considered and never amended process, the case should still be dismissed immediately regardless of whether the government is actually illegally surveiling millions of Americans Separately, in March, EFF filed a petition asking the Supreme Court pdf to hear Hepting v AT T EFF s lawsuit against AT T for their role in the government s warrantless surveillance program, where the companies and the Executive branch strong-armed Congress into granting the President the right to dismiss cases against the telecom companies The government has asked for several extensions to reply to EFF s petition, but the Supreme Court will likely decide whether or not it will hear the case by this Fall Amnesty International v Clapper The ACLU is also challenging the legality of the FISA Amendments Act the 2008 law which broadly expanded the government s spying powers in a separate suit, Amnesty International v Clapper Two weeks ago, the Supreme Court agreed to hear that case after the government appealled an appeals court decision ruling in the ACLU's favor The government has argued that the case should be dismissed completely on yet another procedural argument It claims that because plaintiffs a group of lawyers, journalists and human rights activists who reasonably expect their emails are being unconstitutionally monitored don t have standing Like the government s sovereign immunity argument in al-Haramain, the government is using a catch-22 argument in Amnesty they say that plaintiffs have to prove they re being monitored under the program for the suit even to begin, but, simultaneously, the only way they can prove this is if the government intentionally admits that it is surveilling them Since the government refusing to admit or deny the surveillance, plaintiffs cannot have standing to decide whether the surveillance is legal or, more importantly, to stop it Despite the government s arguments, the Second Circuit held that plaintiffs had established standing to sue based on their reasonable belief that they are being surveilled and the chilling affect that this illegal surveillance has on their communications We hope the Supreme Court agrees President Obama and FISA Amendments Act Renewal What makes the administration s stances in these cases particularly heartbreaking is that Senator and then candidate Obama was a vocal critic of warrantless wiretapping, yet once in office has chosen to reverse himself on all counts Even before he was elected, he reneged on his promise to filibuster telecom immunity in the FISA Amendments Act in the midst of a presidential race As a candidate, he also promised to curtail the use of the state secret privilege, only to turn around and claim it in all of the wiretapping cases along with many other lawsuits alleging constitutional violations All this serves as a backdrop to the current debate about whether portions of the FISA Amendments Act should be renewed by Congress when it expires at the end of the year As we reported, a House Judiciary Committee recently held a hearing on the subject, where witnesses and members of Congress alike pointed to the fact that the law appears to allow for dragnet surveillance of Americans phone calls and emails without a warrant, something that has never been held to be constitutional by any court Unfortunately, Obama, who once insisted he would reform the law in the name of civil liberties as president even after voting for it has gone back on that promise as well Renewing the Act with no changes is now his administration s top priority, even as he continues his aggressive resistance to any judicial review It will be EFF s top priority to oppose it Related Issues NSA Spying http://www.secuobs.com/revue/news/380226.shtmlhttp://www.secuobs.com/revue/news/380226.shtml Secuobs.com : 2012-06-07 20:24:06 - Deeplinks - China Weibo Ratchets Up Censorship for Tiananmen Square Anniversary Google Helps Users Avoid Blocked Search Terms Chinese social media outlets expanded their lists of censored words in anticipation of the 23rd anniversary of the Tiananmen Square protests On June 4, the date of the anniversary, Twitter-clone Weibo went so far as to block searches of the characters for today 今天 and tomorrow 明天 Weibo also removed its candle emoticon and blocked searches for the character for candle 烛 to prevent references to the annual candlelight vigil in Hong Kong s Victoria Park After users questioned the disappearance, Weibo s parent company Sina announced that the icon was being optimized and replaced the emoticon with an Olympic torch Weibo also blocked all forms of the numbers eight, nine, six, and four, which resulted in accidental censorship of reports about the Shanghai Stock Exchange when the market index fell 6489 points In the same week, Google added a search feature warning Chinese users when their terms are likely to produce blocked results Searching a prohibited term in China will not only produce an official error message, but will also cut users connection to Google for a couple of minutes Senior vice president Alan Eustace wrote, By prompting people to revise their queries, we hope to reduce these disruptions and improve our user experience from mainland China Chinese state censors do not normally disclose which terms are censored at any given time Libya Anti-Sedition Laws Under Constitutional Review Libya s Supreme Court will review the constitutionality of Article 37, a series of laws which criminalize speech glorifying Gaddafi, insulting the revolution and Islam, or weakening the morale of Libyan citizens by questioning the country s people, slogan, or flag The National Transition Council passed these laws on May 2, prompting outrage from many Libyan legal experts and civil society organizations Violations of Article 37 carries a maximum sentence of life imprisonment Libya s new deputy culture minister Atia Lawgali has called the law a joke and a sign of weakness from the NTC Article 37 clearly flies in the face of Libya s transition towards democracy and the goals of the popular revolution When I looked at Article 37 I was pleased with the reaction there was total agreement that this law is a disaster, said Lawgali The government defends that Article 37 is necessary to re-establish the state as Libya transitions towards elections this month, and that there will be little need for such laws afterwards Malaysia Officials Backpedal on Promise of a Censorship-Free Internet Malaysia s commitment to freedom of expression on the Internet faces new challenges from government officials, past and present Former Prime Minister Tun Dr Mahathir Mohamad has publically called for new online content regulations, saying When I said there should be no censorship of the Internet, I really did not realize the power of the Internet to create problems and agitate people Information, Communications and Culture Minister Datuk Seri Dr Rais Yatim has echoed the former Prime Minister s sentiments suggesting that bloggers and website-owners should regulate themselves so that only facts are posted online, and suggested that content should be of a society-building nature and not contain libel The government has already amended the law so that Internet intermediaries are legally accountable for all seditious or libelous content that third parties may upload, so websites are already likely to discourage and delete politically or religiously sensitive material Malaysia s Internet has no national content filters at this time, though the government has tried to install them twice Vigorous protest from Malaysian Internet users on both efforts forced the government to back down Kuwait Hands Down Ten Year Sentence for Twitter Criticism In the small Gulf country of Kuwait a young man, Hamad al-Naqi, has just been handed a ten-year sentence for criticizing the kings of neighboring Saudi Arabia and Bahrain and allegedly insulting the Prophet Mohammed on Twitter According to Human Rights Watch, Kuwait s Court of First Instance sentenced Hamad al-Naqi, 26, on those charges on June 5, 2012 Article 15 of Kuwait's National Security Law sets a minimum sentence of three years for spreading statements or rumors that harm the national interests of the state while Article 111 of the Penal Code prohibits mocking religion Al-Naqi's sentencing is just one instance in a series of repressive events the country has seen this year In June, the Emir of Kuwait rejected parliamentary legislation that would have authorized the use of capital punishment or life imprisonment for anyone mocking God, the prophets and messengers, or the honor of his messengers and wives The veto can still be overriden by a two-thirds majority of members of parliament and cabinet ministers As a party to the International Covenant on Civil and Political Rights, Kuwait must protect the rights of freedom of expression EFF joins Human Rights Watch in condemning Kuwait's increasing repression of speech Tunisia Citizen Journalists Continue Hunger Strikel Tunisian citizen journalist Ramzi Bettaieb has been on a hunger strike since May 28 to defend press freedom in the country after last year s revolution Bettaieb, who writes for the activist blog Nawaat, said that soldiers confiscated his cameras when he tried to film the trial of ousted dictator Zine El Abidine Ben Ali and others who were involved in violently suppressing anti-regime protests in the towns of Thala and Kasserine The army prohibited reporters from shooting more than three minutes of video footage during the trial Nawaat, which was blocked in Tunisia until January last year, was instrumental in channeling popular opposition to the Ben Ali regime and covering the protests that culminated in his removal Bettaieb s hunger strike is partly in order to show the world that the political revolution is not yet complete He protests the new government s lack of transparency in holding these important trials through a military tribunal rather than through public court or an independent commission Bettaieb stated, I demand that all cases be withdrawn from the military court It is not independent, and is under constant pressure and threat it is in conflict with the Ministry of Interior or at least with whatever corrupt body still lingers there Five other bloggers have joined Bettaieb s hunger strike, and he also commands wide support from other regional journalists Related Issues Free SpeechBloggers Under FireInternational http://www.secuobs.com/revue/news/380216.shtmlhttp://www.secuobs.com/revue/news/380216.shtml Secuobs.com : 2012-06-06 01:06:19 - Deeplinks - EFF Charts the Privacy and Transparency Practices of the Internet's Biggest Companies For Immediate Release Thursday, May 31, 2012 San Francisco - When you use the Internet, you entrust your thoughts, experiences, locations, and more to companies like Google, Twitter, and Facebook But what happens when the government asks these companies to hand over your private information Will the company stand with you Today, the Electronic Frontier Foundation EFF releases its second annual When the Government Comes Knocking, Who Has Your Back report this time as a white paper and chart tracking some of the Internet's biggest service providers on their public commitments to their users' privacy and security Increasingly, federal law enforcement agents are demanding that Internet companies provide their users' data as part of government investigations sometimes fairly, sometimes unfairly EFF's report examines 18 companies' terms of service, privacy policies, public representations, advocacy, and courtroom track records, awarding them gold stars for best practices in categories like tell users about government data demands and fight for user privacy in courts This year, we saw a big increase in the number of companies making a public promise to their users to inform them whenever possible when the government comes knocking, said EFF Legal Director Cindy Cohn This notice gives users the chance to fight back against government overreaches and to defend themselves if investigators want to unfairly fish around in their personal information It appears that promising to notify your customers of government data demands is on the way to becoming an industry standard for responsible companies EFF first published its chart last year to recognize exemplary practices by some companies We were pleased to see that Facebook, Dropbox, and Twitter have each upgraded their practices in the past year Sonicnet, an ISP based in Santa Rosa, California, earned a gold star in every category Cloud storage sites Dropbox and SpiderOak and business networking site LinkedIn also fared well, earning recognition in three categories each Online service providers are the guardians of some of your most intimate data everything from your messages, to location information, to the identities of your family and friends, said EFF Senior Staff Attorney Marcia Hofmann We wanted to acknowledge companies that are adopting best practices and taking exceptional steps to defend their users against government overreaches in the courts and in Congress In addition to upgrading their own practices, many Internet companies have joined with civil liberties groups into a powerful coalition working to clarify outdated privacy laws so that there is no question about when the government needs a warrant to access sensitive users data This year, we saw a number of major Internet companies join the Digital Due Process coalition, which is aimed at getting Congress to make lasting improvements in the laws that protect our electronic privacy, said EFF Activism Director Rainey Reitman This should be a wakeup call to Congress to clarify outdated laws so there is no question that government agents need a court-ordered warrant before accessing sensitive location data, email content, and documents stored in the cloud For the full report When the Government Comes Knocking, Who Has Your Back https wwwefforg pages who-has-your-back Last year's report can be viewed here https wwwefforg pages when-government-comes-knocking-who-has-your-back-2011 Contacts Cindy Cohn Legal Director Electronic Frontier Foundation cindy efforg Marcia Hofmann Senior Staff Attorney Electronic Frontier Foundation marcia efforg Rainey Reitman Activism Director Electronic Frontier Foundation rainey efforg http://www.secuobs.com/revue/news/379710.shtmlhttp://www.secuobs.com/revue/news/379710.shtml Secuobs.com : 2012-06-06 01:06:19 - Deeplinks - We took a stand for Twitter users Wednesday, and in an amicus brief PDF urged a New York City judge to reconsider his decision authorizing a broad subpoena to Twitter that seriously threatens the First Amendment and privacy rights of everyone on the Internet We started writing about the case of Malcolm Harris in February, when the New York City District Attorney's Office sent a subpoena PDF to Twitter, requesting information about Harris, one of the 700 protesters arrested on the Brooklyn Bridge in October 2011 in connection with an Occupy Wall Street protest The prosecutors requested Twitter turn over reams of information it had on Harris, including the content of tweets, IP addresses from where he accessed Twitter, and any email addresses it had on file We believe the government is after Harris' location, and the fact that he was a prolific tweeter with almost 1,500 followers and 7,200 tweets -- and an outspoken Occupy Wall Street sympathizer -- would give the government a tremendous amount of insight into the Occupy movement's activities and membership The fact that the subpoena came out of a criminal investigation for disorderly conduct, a trivial crime with a maximum punishment of a 250 fine or 15 days in jail, made it seem all the more like a politically motivated witch hunt And the government confirmed that it was indeed trying to use the information from Twitter to figure out Harris' location on the day in question, but inexplicably requested three months of data from Twitter The judge's opinion PDF authorizing the subpoena was worse than we could have imagined The court ruled Harris didn't have legal standing to challenge the subpeona because the information -- including all of his tweets -- belonged to Twitter It allowed the government to get the content of communication -- tweets -- with simply a subpoena, and not a search warrant as required by the Fourth Amendment and the Stored Communications Act It gave the keys to location information, IP addresses that could be used to determine where a person is when he logs into Twitter, without a search warrant Thankfully, Twitter stepped in since the court ruled Harris couldn't, and moved to quash the subpoena PDF And now we're stepping in too, teaming up with the ACLU, the New York Civil Liberties Union NYCLU , and Public Citizen in an amicus brief in support of Harris and Twitter's challenge to the subpoena As we say in our brief, individuals have long had the legal ability to challenge government requests to third parties that implicate constitutional rights After all, the data the government wants pertains to Harris, not Twitter And while we and others applauded Twitter for standing up for its user in this instance, many tech companies holding tons of data about their users won't, leading to potential constitutional violations that have no way to be challenged in court Its crucial for users to be able to stand up for themselves, instead of hoping that other companies follow Twitter's lead We also argue that the subpoena violates the First and Fourth Amendments In order to protect free speech, the First Amendment demands that the government demonstrate an overriding and compelling need for the information and a substantial nexus between the information and a government investigation The trivial charges and weak excuse, combined with the breadth of the subpoena demonstrate the government has failed to meet this high standard With respect to the Fourth Amendment, content and location require a search warrant In the last few years, thanks to some of the work we've done and are still doing , courts have begun to recognize that the Fourth Amendment applies even when information is disclosed to a third party for a limited purpose, like when email is sent through a server in order to be delivered to its recipient, or a cell phone company keeps track of your location in order to complete your phone call And with US Supreme Court Justice Sotomayor's concurring opinion in United States v Jones -- which ruled that the Fourth Amendment applies to the installation of a GPS tracking device on a car -- commenting it was time to reconsider the idea that disclosing some information for a limited purpose to a third party eliminates any privacy rights in that information, we're hopeful the judicial tide has turned on this issue We're also hopeful the judge will reconsider his decision after hearing from us and Twitter Search warrants are an integral part of balancing law enforcement's voracious appetite with the right to privacy guaranteed in the Constitution Broad subpoenas in trumped up loitering cases shouldn't undermine this important bulwark against the overzealous government Related Issues Free SpeechPrivacyCell TrackingLocational PrivacySocial NetworksFiles Amicus Brief of EFF, ACLU, NYCLU and PK In Support of Harris http://www.secuobs.com/revue/news/379709.shtmlhttp://www.secuobs.com/revue/news/379709.shtml Secuobs.com : 2012-06-06 01:06:19 - Deeplinks - This morning, the House Judiciary Committee held an important hearing on the FISA Amendments Act FAA and the scope of the NSA s warrantless wiretapping program The FAA, which gutted privacy protections governing the interception international phone calls and e-mail to and from the United States, is set to expire at the end of the year, and Attorney General Eric Holder says it is his top priority to see it renewed President Obama had promised during his campaign to demand civil liberties protections and privacy safeguards when the FAA came up for renewal, yet his administration is now demanding Congress to renew it with no changes, despite the fact that the FAA allows for dragnet surveillance of Americans international communications A detailed explanation of the law s constitutional deficits can be read here, but as ACLU s deputy director Jameel Jaffer explained to the committee, the law is written so broadly that a phone call to someone overseas discussing general foreign affairs could be listened in on Even putting aside the massive constitutional violations perpetrated by the NSA and its warrantless wiretapping program before the FAA was passed in 2008, the NSA has still unlawfully collected millions of Americans domestic communications since 2009, according to reporting by the New York Times and documents the ACLU received via the Freedom of Information Act FOIA Rep Trey Gowdy R-SC remarked to Jaffer that no court has ruled the FAA unconstitutional But he conveniently left out the fact that the Obama Justice Department DOJ has resisted every effort to have courts hear any evidence on the matter DOJ is now arguing before the Supreme Court that the ACLU s lawsuit over the FAA should be dismissed before trial on standing grounds, despite lower courts ruling the case should move forward on the merits In addition, in EFF s own case challenging the dragnet portion of the NSA warrantless wiretapping program, the government has invoked the state secrets privilege, arguing that even if the allegations of constitutional violations are true, the case should be dismissed because it could hurt national security All this despite the fact that federal courts have ruled the NSA s warrantless wiretapping program unconstitutional in other cases EPIC Privacy executive director Marc Rotenberg, another witness at the hearing, implored the committee to install new transparency requirements so Americans can understand exactly how many people are being spied on This could be done easily and anonymously without jeopardizing any investigation, he said, and can be modeled on the transparency requirements already in place for domestic wiretaps Kenneth L Wainstein, who worked on creation of FISA during his tenure at the Justice Department during the Bush administration, countered that there is already oversight built into FISA, but there is scant proof of that in practice The administration has kept its interpretation of the FAA secret, has refused to declassify any of the FISA opinions despite previously promising to , and won t release numbers on how many Americans have been affected, as multiple Senators have demanded All of this is particularly troubling since the FISA court received over 1,700 applications for blanket wiretaps last year and none were rejected Wainstein s argument about how supposedly vital warrantless wiretapping is to national security also flies in the face of the official Inspector General report, which casted doubts on its usefulness The hearing was a step in the right direction, however, and it was encouraging to see so many members of Congress question the dangerous scope of the bill Rep Scott said, An untold amount of NSA data collection is affecting citizens in America, Rep Conyers demanded an official from the FISA courts testify on the matter, and others questioned the warrantless surveillance of American citizens Given the massive constitutional implications of renewing FISA, and the ample evidence it is being abused, Congress has a duty to follow through and dramatically reform the bill or refuse to renew it entirely If you would like to read more about the extreme importance of the debate surrounding the renewal of FAA read recent pieces by Salon s Glenn Greenwald and Cato Institute s Julian Sanchez on the subject FireDogLake's civil liberties reporter, Kevin Gosztola, also has a comprehensive summary of today's hearing Related Issues NSA Spying http://www.secuobs.com/revue/news/379708.shtmlhttp://www.secuobs.com/revue/news/379708.shtml Secuobs.com : 2012-06-06 01:06:19 - Deeplinks - China Twitter-Clone Weibo Introduces a Points System for Punishing Content Violations Chinese microblogging site Sina Weibo introduced new user conditions on Monday under which users will be deducted points for violating its content policy Users will be suspended from the website once they run out of points Rules that prohibit advocating protests or spreading rumors have always been a part of overall Chinese internet policy, but the points system is an innovation The new user contract arrives after the parent company Sina admitted that they had not fully implemented Chinese real-name registration rules by the March deadline Reporters Without Borders suggests that It remains to be seen whether or how this points system will be applied to the mass of information circulating on Sina Weibo It may well be a lost cause but the company could be more interested in looking good in the government s eyes Real-name registration is one of the ways in which Weibo users can recover lost points, which will effectively further reduce anonymous expression in China Malaysia Amended Evidence Act Makes Intermediaries Liable, Shifts Burden of Proof to Defendants The Malaysian government has recently made a series of troubling amendments to the Evidence Act 1950 Among the changes an amendment that holds intermediaries liable for seditious content posted anonymously on their networks, services, or websites and an amendment that shifts the burden of proof from the government to the defendant In Malaysia, not only can you be held liable for someone else s allegedly seditious comment on your website, or an anonymous comment posted using your open wifi connection, but it is up to you to prove that you didn t do it These amendments may lead to profound chilling effect on free expression and innovation because intermediary content providers like corporations, social networks, and bloggers will be obliged to constantly monitor the activity of third-party contributors In the United States, Section 230 of the Communications Act protects intermediary interactive computer services from certain kinds of liability for third-party content, including defamatory or seditious speech Centre for Independent Journalism executive officer Masjaliza Hamzah said the Malaysian laws may force some sites to stop the comment feature because having to vet comments themselves may become untenable, and if this happens, it has a huge impact on the interactive nature of online media favored by readers Bahrain Activist Nabeel Rajab Released from Jail Nabeel Rajab, president of Bahrain Centre for Human Rights, was released from jail after he posted bail of 300 dinars 796 Rajab has been imprisoned since May 5 on charges of cyber-incitement of illegal rallies using social networking sites and defaming Bahrain's security forces With over 146,000 Twitter followers, he is a high-profile critic of the King Hamad al-Khalifa and the Bahraini government Rajab is banned from travelling abroad as part of the conditions of his release In the past 15 months, Bahraini security forces have detained and beaten many journalists, protestors, and other critics Rajab described his arrest as a political decision in court earlier this month He told the court, I only practiced my right to free expression I did not commit a crime Meanwhile, Rajab s many supporters include Bahraini human rights activist Abdulhadi al-Khawaja, who began a hunger strike in February after also being detained for allegedly trying to depose the royal family Upon Rajab s release from jail, Khajawa voluntarily ended his hunger strike and described the event as successfully drawing attention to the issue of imprisoned Bahraini political dissidents Ethiopia Restricting VOIP, Initiating Deep Packet Inspection Last Thursday, the Ethiopian parliament ratified a new Telecom Service Infringement Law meant to impede Voice over Internet Protocol VoIP calls and faxes The rules are primarily aimed at protecting the state service provider Ethio-Telcom from competition and telecom fraud by granting the Ministry of Communications and Information Technology the right to license companies engaged in producing or distributing any information communication technology Additionally, a national security section in the new law includes anti-terrorism and anti-defamation provisions for content regulation Prominent Ethiopian blogger Endalk has referenced the latest law as a creative copy of SOPA and PIPA, both of which fellow blogger Frank Nyakairu had predicted would lead to opportunistic spin-offs in multiple African dictatorships Already, the Committee to Protect Journalists reports that about 25pourcents of exiled journalists in Africa are from Ethiopia Not only does the Telecom Service Infringement law block journalists access to important communication pathways such as VoIP, but the broad national security content regulations will give the government even greater official latitude in shutting down the country s small but active blogging community The new telecom regulations are part of an ongoing pattern of increased Internet surveillance and censorship Even though Ethiopia has internet penetration of less than 1 percent, its online political censorship regime is one of the most complex in sub-Saharan Africa, aided by Chinese capital and technology Ethiopian ISPs recently initiated covert deep-packet inspection, and also began blocking Tor Related Issues Free SpeechAnonymityBloggers' RightsInnovationInternationalSocial Networks http://www.secuobs.com/revue/news/379707.shtmlhttp://www.secuobs.com/revue/news/379707.shtml Secuobs.com : 2012-06-06 01:06:19 - Deeplinks - The Senate is moving quickly to take up the issue of cybersecurity, with a potential vote looming in early June This is a particularly dangerous situation because the Cyber Intelligence Sharing and Protection Act CISPA already passed the House, authorizing companies to spy on sensitive user content and pass that data to the government with few restrictions Under CISPA, the government can use the information is receives for vaguely-defined national security purposes or share it with intelligence agencies like the NSA There are several bills pending in the Senate The first one to come up is the Cyber Security Act Lieberman-Collins The bill is well over a hundred pages long and includes many components other than sections about sharing data with the government Here s a guide to help you understand the information sharing sections of the bill, the civil liberties concerns, and how you can speak out Will Internet companies be able to intercept and read my email Under this bill, how are cybersecurity threats defined How are cybersecurity threat indicators defined In addition to monitoring, what else can companies do What are countermeasures and how would they work How are countermeasures different from ordinary behavior already in widespread use by ISPs and companies to protect their networks Does this bill create new exemptions to the Freedom of Information Act Under the Cybersecurity Act, if a company improperly hands over my information to the government, do I have an effective remedy What is a cybersecurity exchange and how would it work Will the new cybersecurity exchange create new bureaucracies What safeguards are in place to ensure that this legislation won t be used as a method of sharing data with the National Security Agency Can cyber security threat indicators collected under this legislation be used for other, unrelated purposes Whoa Sharing what appears to relate to a crime is crazily broad, and surely will impinge on civil liberties Does the Cyber Security Act throw me a bone, with some sort of vague promise to maybe think about civil liberties in the future If the Cyber Security Act passes the Senate, will we have a chance to fight it in the House There are amendments pending on this bill Will it get better or worse for civil liberties How can I speak out against this bill Will Internet companies be able to intercept and read my email Under the bill, the provisions for monitoring are very broad Companies any private entity are granted affirmative authority to monitor information systems and information that is stored on, processed by, or transiting the information systems for cybersecurity threats A company could also monitor someone else s network if it has been granted authority to do so, for example an outside consulting firm hired to help with network security The companies in question include both online service providers like Google or Facebook, as well as Internet Service Providers ISPs like Comcast When you use a web-based service like Google, your communications pass through lots of intermediaries Under the bill, it is not only Google that can monitor your traffic, but also any intermediary Under this bill, how are cybersecurity threats defined A cybersecurity threat, under the Cyber Security Act, is defined as any action that may result in unauthorized access to, exfiltration of, manipulation of, or impairment to the integrity, confidentiality, or availability of an information system or information that is stored on, processed by, or transiting an information system But the definition of cybersecurity threat indicator in the bill is much more important, since this determines the actual information that can be shared with the government How are cybersecurity threat indicators defined Cybersecurity threat indicators are the types of data that a company can share with the government via a cybersecurity exchange, see below The bill defines a cybersecurity threat indicator as information that indicates or describes one or more of eight things 1 Malicious reconnaissance which the bill defines as including anomalous patterns of communication that reasonably appear to be transmitted for the purpose of gathering technical information related to a cybersecurity threat 2 A method of defeating a technical control 3 A technical vulnerability 4 A method of defeating an operational control 5 A method of causing a user with legitimate access to an information system of information to unwittingly enable the defeat of a technical or operational control 6 Malicious cyber command and control 7 Actual or potential harm caused by an incident, including data exfiltrated as a result of subverting a technical control if it is necessary in order to identify or describe a cybersecurity threat 8 Any other attribute of a cybersecurity threat, if disclosure of such attribute is not otherwise prohibited by law The last one any other attribute is very broad indeed This type of language is dangerously vague, giving companies lots of wiggle room to make creative arguments However, there s also one very important privacy protection to how the bill defines cybersecurity threat indicators it insists that reasonable efforts must be made to remove information that can be used to identify specific persons unrelated to the cybersecurity threat In addition to monitoring, what else can companies do The act also allows companies to deploy countermeasures to protect a given network Countermeasures include the ability to modify or filter Internet traffic Even if you are an innocent user, if companies think you are engaging in a cyberthreat, they could filter or modify your Internet traffic What are countermeasures and how would they work The term countermeasures refers to actions to modify or block data packets associated with online communications, so long as it is done with defensive intent for the purposes of protecting information systems from cybersecurity threats Under the Cyber Security Act, private entities are granted affirmative authority to operate countermeasures on their own information systems to protect the information systems and the information that is stored on, processed by or transiting the information system Companies can also operate countermeasures on third party networks, if the third party grants them lawful access How are countermeasures different from ordinary behavior already in widespread use by ISPs and companies to protect their networks The limits on the countermeasures allowed under this bill have not been established If this bill passes, it could take judicial interpretation to establish those limits -- but only if cases make it to court Companies already use firewalls to protect their networks ISPs do filtering as well, for example disallowing end users from hosting certain services, or de-prioritizing certain types of traffic But this bill makes no effort to restrict the definition of countermeasures to reasonable techniques in use today Does this bill create new exemptions to the Freedom of Information Act Yes Under the Cyber Security Act, any cybersecurity threat indicator disclosed by a non-Federal entity like a company to a cybersecurity exchange is exempt from disclosure A recent letter organized by OpentheGovernmentorg and signed by dozens of civil liberties advocacy organizations criticized both the SECURE IT Act and the Cyber Security Act, stating Unnecessarily wide-ranging exemptions to FOIA of this type have the potential to harm public safety and the national defense more than they enhance those interests the public is unable to assess whether the government is adequately combating cybersecurity threats and, therefore, unable to assess whether or how to participate in that process, and to hold officials accountable Under the Cybersecurity Act, if a company improperly hands over my information to the government, do I have an effective remedy Probably not This legislation holds a very high standard for holding companies accountable through civil action Assuming that you know about the privacy invasion in the first place, you would need to prove that the company Was not monitoring for the purpose of detecting cybersecurity threats and Did not have a good faith belief that they were allowed to do it whether they are right or wrong or Knowingly and willfully violated the restrictions of the law What is a cybersecurity exchange and how would it work The Cyber Security Act would set up cybersecurity exchanges to receive and distribute cybersecurity threat indicators There would be one Lead Federal Cybersecurity Exchange, appointed by the Department of Homeland Security, but other ones might also be created Existing federal agencies can be designated as cybersecurity exchanges, including military and intelligence agencies like the National Security Agency The Department of Homeland Security could appoint itself as the Lead Federal Cybersecurity Exchange There is considerable debate in Washington over whether the lead agency should be the civilian DHS or the military ie the NSA The bill punts on this question, but gives the edge to DHS for future bureaucratic fights Will the new cybersecurity exchange create new bureaucracies Of course The Cyber Security Act s extensive discussion of the creation of a federal exchange and potential civilian exchange involves coordination between an alphabet soup of agencies, including DHS, DOJ, ODNI, DOD and DOS They have to make a lead exchange, consider others, consult with each other, and report to Congress The Cyber Security Act attempts to diffuse this the easy way Nothing in this section may be construed to authorize additional layers of Federal bureaucracy for the receipt and disclosure of cybersecurity threat indicators At most, this will prevent people from calling the new layers of bureaucracy what they really are What safeguards are in place to ensure that this legislation won t be used as a method of sharing data with the National Security Agency There are no provisions in the Cyber Security Act that would ensure this bill could not be used to funnel information to the National Security Agency In fact, the National Security Agency could be designated as a cybersecurity exchange and receive great quantities of sensitive user information The ACLU has joined EFF in strongly criticizing a bill that allows the NSA to receive cybersecurity data, stating It is a long held American value that the military is not permitted to spy on Americans and their communications Authorizing the NSA to turn its powerful spying apparatus on Americans would pose a significant threat to Americans privacy and would represent a major departure from American values about the role of the military on US soil Can cyber security threat indicators collected under this legislation be used for other, unrelated purposes Yes The data collected under the Cyber Security Act can be shared with law enforcement if it appears to relate to a crime either past, present, or near future Senator Wyden, talking about a similar provision in CISPA, noted They would allow law enforcement to look for evidence of future crimes, opening the door to a dystopian world where law enforcement evaluates your Internet activity for the potential that you might commit a crime The CSA suffers the same future crime flaw Whoa Sharing what appears to relate to a crime is crazily broad, and surely will impinge on civil liberties Does the Cyber Security Act throw me a bone, with some sort of vague promise to maybe think about civil liberties in the future Sure Recognizing that the provision for sharing with law enforcement could impact privacy and civil liberties, the Cyber Security Act attempts to diffuse criticism by forming a committee to write policies and procedures at some future date that are supposed to minimize the impact It also provides that the Privacy and Civil Liberties Oversight Board will look over the situation Unfortunately, there currently are no members of this board, and have not been since 2007 Our civil liberties are too important to just have faith that future regulations will solve all the problems or to have oversight by a non-staffed board If the Cyber Security Act passes the Senate, will we have a chance to fight it in the House Unfortunately, the House of Representatives has already passed a cybersecurity bill CISPA CISPA includes few privacy safeguards, allowing companies to spy on Internet communications and pass sensitive user content to the government This means that if any cybersecurity bill passes the Senate even one that has privacy protections it will be conferenced with the House version of CISPA The conferencing process is a backroom negotiations in which there s a lot of compromising and House backers of CISPA could well seek to remove any privacy protections we might put in place in a Senate bill The conferencing process would almost undoubtedly be bad news for online civil liberties There are amendments pending on this bill Will it get better or worse for civil liberties That s a hard question In early May, according to the Hill blog, Senate leadership was reportedly quietly revamping cybersecurity legislation in an attempt to pick up Republican votes This could mean any number of things including the possibility that the legislation will be adjusted to remove regulatory aspects or reduce the existing privacy protections for Internet users It s also possible amendments could be presented that would add in safeguards for privacy Right now, all of the amendments whether good or bad for Internet rights are being negotiated behind closed door, away from public discussion and accountability This means Internet users are being kept largely in the dark until most of the negotiations are over We encourage individuals to use our action center to speak out tell Congress not to sacrifice civil liberties in a rush to pass cybersecurity debate Hearing from constituents is the best way to ensure privacy rights stay front and center in this debate How can I speak out against this bill We urge Internet users to contact Congress and tell them to support privacy-protective amendments and oppose the cybersecurity bills You can use our action center to send an email or call your Senator Related Issues PrivacyCyber Security Legislation http://www.secuobs.com/revue/news/379706.shtmlhttp://www.secuobs.com/revue/news/379706.shtml Secuobs.com : 2012-06-06 01:06:19 - Deeplinks - Innovation for the win A federal judge ruled today that Java's APIs are not copyrightable The federal district judge in the widely reported Oracle v Google case ruled in favor of innovation and interoperability, allowing software to use Application Programming Interfaces without paying a license fee Judge Alsup's opinion is important news for software developers and entrepreneurs To recap Oracle, the current owner of Java, sued Google for, among other things, using Java APIs in its Android OS Oracle claimed that Google infringed both its patents and copyrights The Court disagreed, and Judge Alsup ruled that Google and the public were and remain free to write their own implementations to carry out exactly the same functions of all methods in question Earlier, the jury summarily disposed of Oracle's patent claims and also found that, assuming one could get a copyright on an API, Google might have infringed the jury failed to answer whether Google s use was a legal fair use All of this left open arguably the most important question whether APIs could be copyrighted As we previously explained, the answer must be no under current law, and extending copyright to APIs would have a disastrous effect on interoperability, and, therefore, innovation We are glad to report that Judge Alsup agreed The court clearly understood that ruling otherwise would have impermissibly and dangerously allowed Oracle to tie up a utilitarian and functional set of symbols, which provides the basis for so much of the innovation and collaboration we all rely on today Simply, where there is only one way to declare a given method functionality, so that everyone using that function must write that specific line of code in the same way, that coding language cannot be subject to copyright Judge Alsup, a coder himself, got it right when he wrote that copyright law does not confer ownership over any and all ways to implement a function or specification of any and all methods used in the Java API It's a pleasure to see a judge so fundamentally understand the technology at issue indeed the first part of the opinion reads like an Introduction to Java class and, to be certain, if Oracle appeals, Judge Alsup's lesson will do a fantastic job teaching the appeals court how Java works It's that fundamental understanding that allowed Judge Alsup to explain That a system or method of operation has thousands of commands arranged in a creative taxonomy does not change its character as a method of operation Yes, it is creative Yes, it is original Yes, it resembles a taxonomy But it is nevertheless a command structure, a system or method of operation a long hierarchy of over six thousand commands to carry out pre-assigned functions For that reason, it cannot receive copyright protection patent protection perhaps but not copyright protection Judge Alsup s opinion implicitly recognizes that the copyright laws, mostly recently overhauled in the 1970s, simply were not intended to cover claims like those made by Oracle in this case Here, Oracle poured through 15 million lines of Android code searching for infringment, and found only nine lines one function that had been copied from Java, a circumstance the Court found innocuous and overblown Such functionality may be subject to patenting, which has a shorter life span and more opportunities to challenge its validity, but Oracle s attempts to shoehorn its upatented APIs into copyright law were met with the proper rejection It's not all good news for innovation in yet just another example of an intellectual property system gone awry, this lawsuit has likely already cost each side millions if not tens of millions of dollars and that s before damages Those resources, including the person-hours, can and should be dedicated to developing new technologies and business models, not improving a few law firms' bottom lines Oracle v Google is just the latest in a long line of cases that ratchet up high-stakes litigation surrounding intellectual property rights whether it be software patents or copyrights This dangerous trend creates insurmountable barriers to entry and harms innovation If this process has taught us anything, it is that this practice needs to stop This is why EFF will continue to fight for an intellectual property system that has the breathing room to allow for innovation And in the meantime, developers everywhere can breathe a sigh of relief this judge got it right Related Issues InnovationPatentsIntellectual PropertyFiles Alsup_api_rulingpdf http://www.secuobs.com/revue/news/379705.shtmlhttp://www.secuobs.com/revue/news/379705.shtml Secuobs.com : 2012-06-06 01:06:19 - Deeplinks - The campaign to use social engineering to install surveillance software that spies on Syrian activists is growing ever more complex as violence in Syria has escalated Since the beginning of the year, Syrian opposition activists have been targeted using several Trojans, including one disguised as a Skype encryption tool, which covertly install spying software onto the infected computer, as well as a multitude of phishing attacks which steal YouTube and Facebook login credentials The latest campaign contacts targeted Syrian activists over Skype and delivers a Trojan by getting the targets to download a fake PDF purporting to contain a plan to assist the city of Aleppo, where opposition protest has been growing steadily since a raid on Aleppo University dormitories resulted in the deaths of four students and a temporary shutdown of the state-run school earlier this month Like many of the attacks we have reported on, this one installs a Trojan called DarkComet RAT, a remote administration tool that allows an attacker to capture webcam activity, disable the notification setting for certain antivirus programs, record key strokes, steal passwords, and more--and sends that sensitive information to the same Syrian IP address used in attacks described by TrendMicro, Symantec, Cyber Arabs, and in several of EFF's blog posts The attack is initiated over Skype with the following message in Arabic 29 05 2012 18 03 44 Aleppo Team اخر تعديل لخطة حلب حان وقت الجهاد 29 05 2012 18 03 46 Aleppo Team أرسل الملف خطة النهاية2rar Roughly translated into English as 29 05 2012 18 03 44 Aleppo Team Last modified plan Aleppo time for Jihad 29 05 2012 18 03 46 Aleppo Team Send the file plan eventually 2rar Extraction of the rar file creates a directory called خطة حلب or Plan Aleppo, shown in the screenshot below Inside this is a file called aleppo_plan_ خطة_تحريك_حلب cercspdf The right-to-left text display makes this appear to be a PDF file, but is it an SCR, shown in the screenshot below The SCR file is malware The file that we have analyzed is aleppo_plan_ خطة_تحريك_حلب cercspdf, md5Sum bc403bef3c2372cb4c76428d42e8d188 It displays a PDF while dropping the following files, shown in the screenshot below C Documents and Settings Administrator StartMenu Programs Startup empty lnk C DOCUME 1 ADMINI 1 LOCALS 1 Temp explorerexe C DOCUME 1 ADMINI 1 LOCALS 1 Temp Aleppo planpdf C DOCUME 1 ADMINI 1 LOCALS 1 Temp Firefoxdll It runs explorerexe, which installs DarkComet RAT and also opens a PDF which describes a plan to assist Aleppo in the revolution The document includes a detailed discussion of logistics and would potentially be very interesting to Syrian dissidents and activists Some of the content may be genuine, but there are also some aspects of the PDF that might raise the suspicions of a keen-eyed reader, including the flag across the top of the document, which is the flag of the Assad regime rather than the flag of the revolution As of May 29th, this version of DarkComet is not detectable by any anti-virus software For a detailed discussion of how to find and remove DarkComet from your computer, see this blog post Syrian Internet users should be especially careful about downloading documents sent over Skype, even if the message purportedly comes from a friend Related Issues Free SpeechAnonymityInternationalPrivacySecurity http://www.secuobs.com/revue/news/379704.shtmlhttp://www.secuobs.com/revue/news/379704.shtml Secuobs.com : 2012-06-06 01:06:19 - Deeplinks - Yesterday morning, the House Subcommittee on Communications and Technology held a hearing on International Proposals to Regulate the Internet, focusing on the World Conference on International Telecommunications WCIT , an important treaty-writing event set to take place in Dubai this December The WCIT is organized by an UN agency called the International Telecommunication Union ITU , a slow-moving and bureaucratic regulatory organization established in 1865 to oversee telegraph regulations The ITU Member States adopted a legally binding set of telecommunication regulations in 1988, and now some countries are seeking to expand those regulations to cover the Internet Online anonymity, privacy and free expression are likely to be under attack under an ITU model ITU officials have publically stated that anonymity shouldn't exist in the future Moreover, countries like Russia and China, in particular, have been prominent advocates of codes of conduct that seek to protect national governmental powers over the Internet, including provisions that seek to censor the net It's worth noting though, that the threat posed by the ITU is not limited to an outright takeover by Russia or China ITU's vision of Internet policy-making is more like taking control than the transparent and bottom-up multi-stakeholder process typically associated with Internet governance The current negotiations, for example, consist of proposals being discussed under terms of secrecy, circumventing any transparent discussion And much like the parties behind the unpopular IP regulations in trade agreements like ACTA and TPP, the ITU member states are also refusing to release documents that make up the amendments and preparatory materials that they will propose We have also seen censorships and surveillance measures in the name of copyright enforcement or by authoritarian regimes, and both are a real problem To their credit, the witnesses at yesterday's hearing including former Ambassador David Gross, Senior Manager of Public Policy for the Internet Society Sally Shipman Wentworth, and father of the Internet Vint Cerf were all clear that the stakes were high, and that any process that decides the direction of the Internet must be based on a foundation of multistakeholderism Cerf, for example, was unequivocal in his testimony pdf I believe that the multi-stakeholder approach to Internet governance and technical management has been, and will continue to be, the best way to address the technical and policy issues facing the Internet globally Shipman Wentworth expressed similar doubts about the possibility that the treaty making process could produce a positive outcome pdf it is not clear to the Internet Society that the international treaty making process represents the most effective way to manage cross-border Internet communications, or that some of the proposals currently being floated are consistent or even compatible with the multistakeholder model of Internet governance that has emerged over the past 15 years With so much on the line, in terms of the power for the open Internet to spur permissionless innovation and significant advances in international freedom of expression, there can be no question that handing the keys to an organization incapable of engaging in multistakeholder discussions is a profoundly bad idea Multistakeholder processes are the way to ensure the users' input is included, and not left by the wayside And multistakeholder processes cannot be multistakeholder in name only we remind all governments that a truly multistakeholder participation model requires equal footing for every relevant stakeholder including civil society, the private sector, the technical community, and participating governments Any process that claims to be multistakeholder must respect human rights as a baseline for any policy dialogue The users must be represented in the development of Internet policy because the future of the Internet is too important to be left to companies and governments alone That's why EFF has joined European Digital Rights, CIPPIC and CDT and a coalition of civil society organizations from around the world in demanding that the organization behind WCIT release all of its preparatory materials and treaty proposals for public review We urge the ITU to ensure enough transparency that the outcomes of the WCIT and its preparatory process are in the interest of all stakeholders Related Issues InternationalInternational Privacy StandardsInternet Governance Forum http://www.secuobs.com/revue/news/379703.shtmlhttp://www.secuobs.com/revue/news/379703.shtml Secuobs.com : 2012-06-06 01:06:19 - Deeplinks - We're happy to report that the California Location Privacy Act we're sponsoring with the ACLU of Northern California passed the California Senate on a bipartisan vote of 30 to 6, and is now headed on to the California Assembly SB 1434 protects the privacy of Californians by requiring law enforcement to get a search warrant before obtaining location information from any electronic device The bill is an attempt to codify the Supreme Court's decision in United States v Jones, which ruled that the warrantless installation of a GPS device on a car was an unlawful search under the Fourth Amendment We're also glad to see little law enforcement opposition to what would be a good bill for them too As the ACLU revealed in its coordinated FOIA request concerning cell phone tracking by local law enforcement agencies, different agencies throughout the country are using different standards to get location information Requiring a search warrant creates an easy-to-remember rule for cops to follow no warrant, no location information And a search warrant protects privacy by ensuring the police can't get access to this data without convincing a judge that there is probable cause to believe the info will lead to evidence of a crime Although the wireless industry's lobbying resulted in SB 1434 losing its reporting requirements -- a crucial part of the bill that would promote transparency -- we're happy to see members of Congress stepping up where the California legislature fell short Both Representative Ed Markey D-MA PDF and Senator Al Franken D-MN PDF have demanded that the biggest wireless companies release information about the number of law enforcement requests they've received for location data, and how the companies comply with these requests Also in DC, the GPS Act -- introduced more than a year ago -- finally got a hearing before the House Judiciary Committee on May 17 Sponsored by Senator Ron Wyden D-OR and Representative Jason Chaffetz R-UT , the GPS Act would also require law enforcement to obtain a search warrant in order to obtain location tracking information The hearing featured testimony from Catherine Crump PDF of the ACLU and University of Pennsylvania computer science professor Matt Blaze PDF , who explained that the need for search warrants is becoming greater as technology has made cell phone location tracking almost as precise as GPS based surveillance All this legislative action in both California and DC makes us optimistic that Justice Alito's comments in his Jones concurrence that in circumstances involving dramatic technological change, the best solution to privacy concerns may be legislative may soon bear fruit Related Issues PrivacyCell TrackingLocational Privacy http://www.secuobs.com/revue/news/379702.shtmlhttp://www.secuobs.com/revue/news/379702.shtml Secuobs.com : 2012-06-06 01:06:19 - Deeplinks - DNA is the most intimate and revealing part of the human body, with the potential to reveal a person -- and their family's -- medical history and predisposition to disease Because it's so sensitive, we've filed an amicus brief PDF in the California Supreme Court urging it to rule that the Fourth Amendment prohibits the warrantless collection of DNA from individuals presumed innocent who are not yet convicted of a crime Over the last few years, the federal government has been building up a massive DNA database called CODIS that stores DNA samples collected by local, state, and federal law enforcement officials investigating crimes While CODIS was initially concerned only with the collection of DNA of convicted felons, the government is quickly expanding its reach to cover two more populations individuals entering the immigration system, and arrestees There are now over 10 million DNA samples in CODIS from all over the country, and 17pourcents of them are from California We recently published a white paper explaining in detail biometric collection in the immigration system And we've repeatedly warned courts across the country in numerous amicus briefs that the government's warrantless collection of DNA from arrestees -- individuals who have not yet been convicted of a crime -- is unconstitutional While federal courts have upheld the practice, last summer the California Court of Appeal ruled in People v Buza PDF that California's warrantless DNA collection, and the placing of the samples into CODIS, is unconstitutional And earlier this year, the Maryland Court of Appeal found in King v State PDF most warrantless arrestee DNA collection unconstitutional With the Buza decision now on review to the California Supreme Court, our amicus brief urges the affirmance of the lower court's decision We note that advances in technology have made DNA collection cheaper, and thus easier and more widespread And while the Fourth Amendment acknowledges that privacy rights of individuals convicted of a crime are diminished, expanding warrantless DNA collection to individuals merely arrested for a crime -- along with individuals in the immigration system who have no criminal record -- are steps on a course towards a future where everyone's DNA is collected and maintained by the government, whether they were ever suspected of anything at all We're optimistic that with the decisions in Buza and King, courts are beginning to fully grasp the ability of technology to shrink privacy -- and see that DNA collection should be narrowed, not expanded Related Issues BiometricsSearch Incident to ArrestFiles EFF Amicus Brief in Support of Buza http://www.secuobs.com/revue/news/379701.shtmlhttp://www.secuobs.com/revue/news/379701.shtml