v3rgEz writes: The Electronic Frontier Foundation and transparency non-profit MuckRock helped file over a thousand public records requests, looking into how local police departments were trading away sensitive data on where you drive and park, picked up by their use of automated license plate recognition devices. They've just published the results of those requests, including looking at how hundreds of departments freely share that data with hundreds of other organizations -- often with no public oversight. Explore the data yourself, or, if your town isn't yet in their database, requests its information free on MuckRock and they'll file a request for it. "[Automated license plate readers (ALPR)] are a combination of high-speed cameras and optical character recognition technology that can identify license plates and turn them into machine-readable text," reports the EFF. "What makes ALPR so powerful is that drivers are required by law to install license plates on their vehicles. In essence, our license plates have become tracking beacons. After the plate data is collected, the ALPR systems upload the information to a central a database along with the time, date, and GPS coordinates. Cops can search these databases to see where drivers have traveled or to identify vehicles that visited certain locations. Police can also add license plates under suspicion to 'hot lists,' allowing for real-time alerts when a vehicle is spotted by an ALPR network."

An anonymous reader quotes a report from Motherboard: An open letter to Mark Zuckerberg signed by 86 organizations and published on Tuesday implores Facebook to provide a clear, fast mechanism that allows users to appeal instances of content takedowns and account deactivations. The letter which was spearheaded by the Electronic Frontier Foundation, Article 19, Ranking Digital Rights, and the Center for Democratic Technology (CDT) -- expanded upon the Santa Clara Principles published earlier this year, which called for all social media platforms to improve its transparency and responsiveness to flagged posts and appeals for removed content.

In April of this year, Facebook launched appeals for posts that are removed on grounds nudity, hate speech, or graphic violence. The press release claims that one of Facebook's human content reviewers will review all appeals within 24 hours, and notify users if their appeal has been approved or denied. The open letter to Mark Zuckerberg also requests that all content takedown and deactivation appeals are reviewed by a human moderator, which Facebook claims that it already does. EFF Director of International Freedom of Expression, Jillian York, believes the undercurrent of content moderation on social media is the censorship or restriction of speech towards marginalized groups.

"There are accounts, [and] there is content that is taken down frequently from social media, and we don't hear those stories as much because they're often overshadowed by the pushes for hate speech to come down," York said. "I respect the people doing that work, I think it's really important. But really, the thing about appeals is they work in every case. So if someone breaks the rules for hate speech and they appeal, they're not gonna get their account restored. But if someone who should not have had their account taken down in the first place, appeals are the right solution to that."

An anonymous reader quotes a report from TechCrunch: An unexpected declaration by whistleblower Edward Snowden filed in court [last] week adds a new twist in a long-running lawsuit against the NSA's surveillance programs. The case, filed by the EFF a decade ago, seeks to challenge the government's alleged illegal and unconstitutional surveillance of Americans, who are largely covered under the Fourth Amendment's protections against warrantless searches and seizures. It's a big step forward for the case, which had stalled largely because the government refused to confirm that a leaked document was authentic or accurate. News of the surveillance broke in 2006 when an AT&T technician Mark Klein revealed that the NSA was tapping into AT&T's network backbone. He alleged that a secret, locked room -- dubbed Room 641A -- in an AT&T facility in San Francisco where he worked was one of many around the U.S. used by the government to monitor communications -- domestic and overseas. President George W. Bush authorized the NSA to secretly wiretap Americans' communications shortly after the September 11 terrorist attacks in 2001.

Much of the EFF's complaint relied on Klein's testimony until 2013, when Snowden, a former NSA contractor, came forward with new revelations that described and detailed the vast scope of the U.S. government's surveillance capabilities, which included participation from other phone giants -- including Verizon (TechCrunch's parent company). Snowden's signed declaration, filed on October 31, confirms that one of the documents he leaked, which the EFF relied heavily on for its case, is an authentic draft document written by the then-NSA inspector general in 2009, which exposed concerns about the legality of the Bush's warrantless surveillance program -- Stellar Wind -- particularly the collection of bulk email records on Americans. "I read its contents carefully during my employment," he said in his declaration. "I have a specific and strong recollection of this document because it indicated to me that the government had been conducting illegal surveillance."

An anonymous reader quotes a report from the Electronic Frontier Foundation: The Electronic Frontier Foundation (EFF) launched a virtual reality (VR) experience on its website today that teaches people how to spot and understand the surveillance technologies police are increasingly using to spy on communities. Spot the Surveillance, which works best with a VR headset but will also work on standard browsers, places users in a 360-degree street scene in San Francisco. In the scene, a young resident is in an encounter with police. Users are challenged to identify surveillance tools by looking around the scene. The experience takes approximately 10 minutes to complete. The surveillance technologies featured in the scene include a body-worn camera, automated license plate readers, a drone, a mobile biometric device, and pan-tilt-zoom cameras. The project draws from years of research gathered by EFF in its Street-Level Surveillance project, which shines a light on how police use, and abuse, technology to spy on communities.

mspohr shares a report from Ars Technica: In September 2018, Shipping & Transit LLC (formerly known as ArrivalStar) filed for Chapter 7 bankruptcy -- voluntary liquidation -- but no one seems to have noticed until the Electronic Frontier Foundation pointed it out on October 31. The company claimed that it held the patent on vehicle tracking and related alerts. But about 15 months ago, judges began to rule against Shipping & Transit for the first time. That seems to have put a damper on its entire business model.

Now, according to Shipping & Transit LLC's federal bankruptcy filings, its global patent holdings (34 in the United States and 29 elsewhere) are worth a whopping $2. Meanwhile, it owes more than $423,000 to numerous creditors, including banks, law firms, and something called the "West African Investment Trust," based in Geneva, Switzerland.

An anonymous reader quotes a report from Motherboard: Printer maker Epson is under fire this month from activist groups after a software update prevented customers from using cheaper, third party ink cartridges. It's just the latest salvo in a decades-long effort by printer manufacturers to block consumer choice, often by disguising printer downgrades as essential product improvements. For several decades now printer manufacturers have lured consumers into an arguably-terrible deal: shell out a modest sum for a mediocre printer, then pay an arm and a leg for replacement printer cartridges that cost relatively-little to actually produce.

The Electronic Frontier Foundation now says that Epson has been engaged in the same behavior. The group says it recently learned that in late 2016 or early 2017, Epson issued a "poison pill" software update that effectively downgraded user printers to block third party cartridges, but disguised the software update as a meaningful improvement. The EFF has subsequently sent a letter to Texas Attorney General Ken Paxton, arguing that Epson's lack of transparency can easily be seen as "misleading and deceptive" under Texas consumer protection laws. "When restricted to Epson's own cartridges, customers must pay Epson's higher prices, while losing the added convenience of third party alternatives, such as refillable cartridges and continuous ink supply systems," the complaint notes. "This artificial restriction of third party ink options also suppresses a competitive ink market and has reportedly caused some manufacturers of refillable cartridges and continuous ink supply systems to exit the market."

An anonymous reader shares a report: Neustar, the registry operator of the .US domain and NTIA have reversed course, allowing the inclusion of previously restricted "seven dirty words" from future .US domain name registrations. The decision came after EFF and the Cyberlaw Clinic at Harvard Law School intervened in the cancelation of a domain name containing a restricted word. The domain name -- fucknazis.us -- registered by Mr. Rubin was suspended by Neustar calling it a violation of an NTIA "seven dirty words" policy -- "a phrase with particular First Amendment significance," said EFF. Further reading: EFF: Yes, You Can Name A Website "Fucknazis.us".

An anonymous reader quotes a report from Motherboard: While the European Union voted this week to pass its widely-criticized new Copyright Directive, activists and members of European Parliament say there's still a chance of keeping the EU from fully implementing the worst parts of the troubling proposal. The most controversial aspects of the plan remain twofold: Article 11, which would require EU News outlets to pay a "link tax" just to share anything more than "insubstantial" snippets of published content, and Article 13, which would require that EU member countries implement the kind of automated copyright filters that have been a chaotic mess here in the States. Other problematic measures were passed as well, including Article 12a, which prohibits sports fans from posting their own photos or videos of sporting events online, while stating that only event "organizers" have the right to do so.

That said, all hope is not lost. While some variant of Article 11 and Article 13 is likely be approved next spring, public pressure could force inclusion of additional safeguards for end users, Member of the European Parliament Julia Reda told me in an email. "While the overall bill was adopted with a comfortable majority, the outcome was more narrow for the two controversial articles (366:297 and 393:279)," Reda said. "Since the final vote will be close to the next European elections, that leaves open a small chance that massive public protest against these provisions may still convince MEPs to kill the entire bill." If passed, individual EU countries will be able to interpret the Directive as they see fit, though Reda believes they will likely steer toward stricter interpretation. "The real hope for repeal in my opinion is in the courts," author and activist Cory Doctorow said. "There's simply no way this passes EU Constitutional muster -- it's generalized filtering and mass surveillance by another name. The fact that they claim to be looking for 'infringement' doesn't change that."

Longtime Slashdot reader Lauren Weinstein adds: [...] These articles now enter a period of negotiation with EU member states, and then are subject to final votes next year, probably in the spring. So now's the time for the rest of the world to show Europe some special "tough love" -- to help them understand what their Internet island universe will look like if these terrible articles are ever actually implemented.
UPDATE: The Electronic Frontier Foundation issued a report slamming the proposal, offering a number of ways people can fight back.

Websites dedicated to "stream ripping" music from YouTube represent the biggest threat to the global music business, UK news outlet The Independent reported this week, citing industry figures, who added that that these shady sites are also posing business threat to "fantastic range" of legal streaming services such as Spotify and Apple Music. The report describes the nature of the issue: Sites that allow YouTube videos to be converted into an MP3 file and illegally downloaded to someone's phone or computer are attracting millions of visitors, with estimates suggesting that a third of 16-24-year-olds in the UK have ripped music from the Google-owned platform. Other platforms affected by the illegal ripping sites include DailyMotion, SoundCloud and Vimeo, however YouTube is by far the most pirated. The results of a crackdown that began in 2016 are beginning to be seen, thanks to a coordinated effort by organizations representing record companies in the US and the UK. Earlier this week, stream ripping website MP3Fiber was forced to shut down following legal pressure. However, dozens of sites offering similar services still remain active and are easily accessible through Google, whose search engine provides more than 100 million results for the term "YouTube MP3 converter." The Electronic Frontier Foundation (EFF) said that even referring to the aforementioned questionable websites as "stream ripping" sites is misstating copyright law. "There exists a vast and growing volume of online video that is licensed for free downloading and modification, or contains audio tracks that are not subject to copyright," the EFF told the US Office of the United States Trade Representative last year. "Moreover, many audio extractions qualify as non-infringing fair uses under copyright. Providing a service that is capable of extracting audio tracks for these lawful purposes is itself lawful, even if some users infringe."

Bruce Perens co-founded the Open Source Initiative with Eric Raymond -- and he's also Slashdot reader #3872. "The Electronic Frontier Foundation has filed an answering brief in defense of Bruce Perens in the merits appeal of the Open Source Security Inc./Bradley Spengler v. Bruce Perens lawsuit," reads his latest submission -- with more details at Perens.com: Last year, Open Source Security and its CEO, Bradley Spengler, brought suit against me for defamation and related torts regarding this blog post and this Slashdot discussion. After the lower court ruled against them, I asked for my defense costs and was awarded about $260K for them by the court.

The plaintiffs brought two appeals, one on the merits of the lower court's ruling and one on the fees charged to them for my defense... The Electronic Frontier Foundation took on the merits appeal, pro-bono (for free, for the public good), with the pro-bono assistance of my attorneys at O'Melveny who handled the lower court case...

You can follow the court proceedings here
"Sorry I can't comment further on the case," Perens writes in a comment on Slashdot, adding "it's well-known legal hygiene that you don't do that." But he's willing to talk about other things.

"Valerie and I are doing well. I am doing a lot of travel for the Open Source Initiative as their Standards Chair, speaking with different standards groups and governments about standards in patents and making them compatible with Open Source."

Last month, Gmail's big redesign became default for everyone, changing up the aesthetic appearance of the email service and introducing several new features. One of the key features, Confidential Mode, lets you add an "expiration date" and passcode to emails either in the web interface or via SMS, but not everyone is so trusting of its ability to keep your private data secure. "Recipients of these confidential emails won't be able to copy, paste, download, print or forward the message, and attachments will be disabled," notes Engadget.

The Electronic Frontier Foundation (EFF) doesn't think this new mode is secure at all. It's not encrypted end-to-end, so Google could read your messages in transit, and the expiring messages do not disappear from your Sent mail, which means they are retrievable. What's more is that if you use an SMS passcode, you might need to give Google your recipient's phone number. Because of these reasons, Slashdot reader shanen doesn't believe the new feature goes far enough to secure your data. They write: [M]y initial reaction is that I now need a new feature for Gmail. I want an option to reject incoming email from any person who wants to use confidential mode to communicate with me. Whatever conspiracy you are trying to hide, I'm not interested. So can anyone convince me you have a legitimate need for confidential mode? The main features I still want are completely different. Easiest one to describe would be future delivery of email, preferably combined with a tickler system.

According to a report from the Sacramento Bee, officials in Sacramento County have been accessing license plate reader data to track welfare recipients suspected of fraud. The practice dates back to 2016. Gizmodo reports: Sacramento County Department of Human Assistance Director Ann Edwards confirmed to the paper that welfare fraud investigators working under the DHA have used the data for two years on a "case-by-case" basis. Edwards said the DHA pays about $5,000 annually for access to the database. Abbreviated LPR, license plate readers are essentially cameras that upload photographs to a searchable database of images of license plates. If a driver passed by an LPR four times throughout a city, an officer with access would know where and at what time of day. Anyone with access to that data could use it track where someone drove and when, provided they were scanned by the LPR.

It's not immediately clear how travel patterns might reveal welfare fraud. As noted by the Electronic Frontier Foundation, welfare fraud is statistically speaking, extremely rare. In 2012, the DHA found only 500 cases of fraud among Sacramento's 193,000 recipients. Following an inquiry from the EFF, the DHA has instituted a privacy policy (one that didn't exist before their initial inquiry) requiring investigators to justify each request for LPR data. The Sacramento Bee reports the DHA accessed the data over a thousand times in two years.

An anonymous reader quotes a report from the Electronic Frontier Foundation: The latest country to consider a website blocking proposal is Japan, and EFF has responded to the call for comment by sharing all the reasons that cutting off websites is a terrible solution for copyright violations. In response to infringement of copyrighted material, specifically citing a concern for manga, the government of Japan began work on a proposal that would make certain websites inaccessible in Japan. In response to Japan's proposal, EFF explained that website blocking is not effective at the stated goal of protecting artists and their work. First, it can be easily circumvented. Second, it ends up capturing a lot of lawful expression. Blocking an entire website does not distinguish between legal and illegal content, punishing both equally. According to numerous studies, the best answer to the problem of online infringement is providing easy, lawful alternatives. Doing this also has the benefit of not penalizing legitimate expression the way blocking does. According to The Japan Times, the "emergency measure" would "encourage [ISPs] to restrict access to such 'malicious' websites 'on a voluntary basis' in order to protect the nation's famed manga and anime industries from free-riders."

Presto Vivace shares a report from The Week with the caption, "And they wonder why some of us prefer to shop online." From the report: Surveillance systems at more than 46 malls in California are capturing license plate information that is fed to Immigration and Customs Enforcement, the Electronic Frontier Foundation reported Tuesday. One company, Irvine Company Retail Properties, operates malls all over the state using a security network called Vigilant Solutions. Vigilant shares data with hundreds of law enforcement agencies, insurance companies, and debt collectors -- including ICE, which signed a contract with the security company earlier this year, reports The Verge. "[Irvine Company] is putting not only immigrants at risk, but invading the privacy of its customers by allowing a third-party to hold onto their data indefinitely," EFF wrote in its report, urging the chain of malls to stop providing information to ICE.

schwit1 quotes a report from the Electronic Frontier Foundation: We are asking a court to declare the Allow States and Victims to Fight Online Sex Trafficking Act of 2017 ("FOSTA") unconstitutional and prevent it from being enforced. The law was written so poorly that it actually criminalizes a substantial amount of protected speech and, according to experts, actually hinders efforts to prosecute sex traffickers and aid victims. In our lawsuit, two human rights organizations, an individual advocate for sex workers, a certified non-sexual massage therapist, and the Internet Archive, are challenging the law as an unconstitutional violation of the First and Fifth Amendments. Although the law was passed by Congress for the worthy purpose of fighting sex trafficking, its broad language makes criminal of those who advocate for and provide resources to adult, consensual sex workers and actually hinders efforts to prosecute sex traffickers and aid victims. The EFF goes on to cite some examples of how FOSTA has already censored the internet. Most notably, two days after FOSTA was passed in the Senate, "Craigslist eliminated its Personals section, including non-sexual subcategories such as 'Missed Connections' and 'Strictly Platonic,'" reports the EFF. Reddit even removed some of its subreddits out of fear of future lawsuits.

Mark Wilson writes: When it comes to messaging tools, people have started to show greater interest in whether encryption is used for security, and the same for websites -- but not so much with email. Thanks to the work of the Electronic Frontier Foundation, however, email security is being placed at the top of the agenda. The privacy group today announces STARTTLS Everywhere, its new initiative to improve the security of the email ecosystem. STARTTLS is an addition to SMTP, and while it does not add end-to-end encryption, it does provide hop-to-hop encryption, which is very much a step in the right direction. In a blog post, EFF elaborates SMARTTLS for the uninitiated, and outlines how it worked around some of the tech's underlying challenges: There are two primary security models for email transmission: end-to-end, and hop-to-hop. Solutions like PGP and S/MIME were developed as end-to-end solutions for encrypted email, which ensure that only the intended recipient can decrypt and read a particular message. Unlike PGP and S/MIME, STARTTLS provides hop-to-hop encryption (TLS for email), not end-to-end. Without requiring configuration on the end-user's part, a mailserver with STARTTLS support can protect email from passive network eavesdroppers. For instance, network observers gobbling up worldwide information from Internet backbone access points (like the NSA or other governments) won't be able to see the contents of messages, and will need more targeted, low-volume methods. In addition, if you are using PGP or S/MIME to encrypt your emails, STARTTLS prevents metadata leakage (like the "Subject" line, which is often not encrypted by either standard) and can negotiate forward secrecy for your emails.

A large group of Internet pioneers have sent an open letter to the European Union urging it to scrap a proposal to introduce automated upload filters, arguing that it could damage the internet as we know it. The Register: The European Parliament's Legal Affairs (Juri) Committee will vote on the proposal contained in Article 13 of the Copyright in the Digital Single Market Directive next week. The proposal would see all companies that "store and provide to the public access to large amounts of works" obliged to "prevent the availability... of works... identified by rightholders." Despite the inclusion of language that says such measures need to be "appropriate and proportionate," it has caused many to worry that the law will lead to a requirement for all platforms to introduce automated content filtering, and shift liability for any copyrighted material that appears online from the user that posts it to the platform itself.

"By inverting this liability model and essentially making platforms directly responsible for ensuring the legality of content in the first instance, the business models and investments of platforms large and small will be impacted," warns the letter [PDF] signed by "Father of the Internet" Vint Cerf, world world web inventor Tim Berners-Lee, as well a host of other internet luminaries including Wikipedia's Jimmy Wales, security expert Bruce Schneier and net neutrality namer Tim Wu.

"Because it apparently isn't bad enough already, Congress is looking to extend the copyright term to 144 years," writes Slashdot reader llamalad. "Please write to your representatives and consider donating to the EFF." American attorney Lawrence Lessig writes via Wired: Almost exactly 20 years ago, Congress passed the Sonny Bono Copyright Term Extension Act, which extended the term of existing copyrights by 20 years. The Act was the 11th extension in the prior 40 years, timed perfectly to assure that certain famous works, including Mickey Mouse, would not pass into the public domain. Immediately after the law came into force, a digital publisher of public domain works, Eric Eldred, filed a lawsuit challenging the act [which the Supreme Court later rejected].

Twenty years later, the fight for term extension has begun anew. Buried in an otherwise harmless act, passed by the House and now being considered in the Senate, this new bill purports to create a new digital performance right -- basically the right to control copies of recordings on any digital platform (ever hear of the internet?) -- for musical recordings made before 1972. These recordings would now have a new right, protected until 2067, which, for some, means a total term of protection of 144 years. The beneficiaries of this monopoly need do nothing to get the benefit of this gift. They don't have to make the work available. Nor do they have to register their claims in advance.

A group of European security researchers have released a warning about a set of vulnerabilities affecting users of PGP and S/MIME. From a report: EFF has been in communication with the research team, and can confirm that these vulnerabilities pose an immediate risk to those using these tools for email communication, including the potential exposure of the contents of past messages. The full details will be published in a paper on Tuesday at 07:00 AM UTC (3:00 AM Eastern, midnight Pacific).

In order to reduce the short-term risk, we and the researchers have agreed to warn the wider PGP user community in advance of its full publication. Our advice, which mirrors that of the researchers, is to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email. Until the flaws described in the paper are more widely understood and fixed, users should arrange for the use of alternative end-to-end secure channels, such as Signal, and temporarily stop sending and especially reading PGP-encrypted email. Further reading: People Are Freaking Out That PGP Is 'Broken' -- But You Shouldn't Be Using It Anyway (Motherboard).

On Thursday, a federal appeals court ruled that U.S. border agents need some sort of reason to believe a traveler has committed a crime before searching their cellphone. Slashdot reader Wrath0fb0b shares an analysis via Reason, written by Fourth Amendment scholar Orin Kerr: Traditionally, searches at the border don't require any suspicion on the theory that the government has a strong sovereign interest in regulating what enters and exits the country. But there is caselaw indicating that some border searches are so invasive that they do require some kind of suspicion. In the new case, Kolsuz (PDF), the Fourth Circuit agrees with the Ninth Circuit that at least some suspicion is required for a forensic search of a cell phone seized at the border. This is important for three reasons. First, the Fourth Circuit requires suspicion for forensic searches of cell phones seized at the border. Second, it clarifies significantly the forensic/manual distinction, which has always been pretty uncertain to me. Third, it leaves open that some suspicion may be required for manual searches, too.

But wait, that's not all. In fact, I don't think it's the most important part of the opinion. The most important part of the opinion comes in a different section, where the Fourth Circuit adds what seems to be a new and important limit on the border search exception: a case-by-case nexus requirement to the government interests that justify the border search exception. Maybe I'm misreading this passage, but it strikes me as doing something quite new and significant. It scrutinizes the border search that occurred to see if the government's cause for searching in this particular case satisfied "a 'nexus' requirement" of showing sufficient connection between the search and "the rationale for the border search exception," requiring a link between the "predicate for the search and the rationale for the border exception." In other words, the Fourth Circuit appears to be requiring the government to identify the border-search-related interest justifying that particular search in order to rely on the border search exception. "The analysis is interesting throughout, and it would be a fairly large limitation on digital searches conducted at the border, both in requiring some articulable suspicion for digital searches and in the requirement to justify the relationship between the search and the border inspection," writes Wrath0fb0b.