On the fifth anniversary of the death of Aaron Swartz, EFF activist Elliot Harmon posted a remembrance: When you look around the digital rights community, it's easy to find Aaron's fingerprints all over it. He and his organization Demand Progress worked closely with EFF to stop SOPA. Long before that, he played key roles in the development of RSS, RDF, and Creative Commons. He railed hard against the idea of government-funded scientific research being unavailable to the public, and his passion continues to motivate the open access community. Aaron inspired Lawrence Lessig to fight corruption in politics, eventually fueling Lessig's White House run... It's tempting to become pessimistic in the face of countless threats to free speech and privacy. But the story of the SOPA protests demonstrates that we can win in the face of seemingly insurmountable odds.
He shares a link to a video of Aaron's most inspiring talk, "How We Stopped SOPA," writing that "Aaron warned that SOPA wouldn't be the last time Hollywood attempted to use copyright law as an excuse to censor the Internet... 'The enemies of the freedom to connect have not disappeared... We won this fight because everyone made themselves the hero of their own story. Everyone took it as their job to save this crucial freedom. They threw themselves into it. They did whatever they could think of to do.'"

On the anniversary of Aaron's death, his brother Ben Swartz, an engineer at Twitch, wrote about his own efforts to effect change in ways that would've made Aaron proud, while Aaron's mother urged calls to Congress to continue pushing for reform to the Computer Fraud and Abuse Act.

And there were countless other remembrances on Twitter, including one fro Cory Doctorow, who tweeted a link to Lawrence Lessig's analysis of the prosecution. And Lessig himself marked the anniversary with several posts on Twitter. "None should rest," reads one, "for still, there is no peace."

An anonymous reader quotes a report from the Electronic Frontier Foundation: Good news out of the Ninth Circuit: the federal court of appeals heeded EFF's advice and rejected an attempt by Oracle to hold a company criminally liable for accessing Oracle's website in a manner it didn't like. The court ruled back in 2012 that merely violating a website's terms of use is not a crime under the federal computer crime statute, the Computer Fraud and Abuse Act. But some companies, like Oracle, turned to state computer crime statutes -- in this case, California and Nevada -- to enforce their computer use preferences. This decision shores up the good precedent from 2012 and makes clear -- if it wasn't clear already -- that violating a corporate computer use policy is not a crime.

"The movement to encrypt the web reached milestone after milestone in 2017," writes the EFF, adding that "the web is in the middle of a massive change from non-secure HTTP to the more secure, encrypted HTTPS protocol." In February, the scales tipped. For the first time, approximately half of Internet traffic was protected by HTTPS. Now, as 2017 comes to a close, an average of 66% of page loads on Firefox are encrypted, and Chrome shows even higher numbers. At the beginning of the year, Let's Encrypt had issued about 28 million certificates. In June, it surpassed 100 million certificates. Now, Let's Encrypt's total issuance volume has exceeded 177 million certificates...

Browsers have been pushing the movement to encrypt the web further, too. Early this year, Chrome and Firefox started showing users "Not secure" warnings when HTTP websites asked them to submit password or credit card information. In October, Chrome expanded the warning to cover all input fields, as well as all pages viewed in Incognito mode. Chrome has eventual plans to show a "Not secure" warning for all HTTP pages... The next big step in encrypting the web is ensuring that most websites default to HTTPS without ever sending people to the HTTP version of their site. The technology to do this is called HTTP Strict Transport Security (HSTS), and is being more widely adopted. Notably, the registrar for the .gov TLD announced that all new .gov domains would be set up with HSTS automatically...

The Certification Authority Authorization (CAA) standard became mandatory for all CAs to implement this year... [And] there's plenty to look forward to in 2018. In a significant improvement to the TLS ecosystem, for example, Chrome plans to require Certificate Transparency starting next April.

An anonymous reader quotes a report from Ars Technica: If you've read our coverage of the Electronic Frontier Foundation's "Stupid Patent of the Month" series, you know America has a patent quality problem. People apply for patents on ideas that are obvious, vague, or were invented years earlier. Too often, applications get approved and low-quality patents fall into the hands of patent trolls, creating headaches for real innovators. Why don't more low-quality patents get rejected? A recent paper published by the Brookings Institution offers fascinating insights into this question. Written by legal scholars Michael Frakes and Melissa Wasserman, the paper identifies three ways the patent process encourages approval of low-quality patents:

-The United States Patent and Trademark Office (USPTO) is funded by fees -- and the agency gets more fees if it approves an application.
-Unlimited opportunities to refile rejected applications means sometimes granting a patent is the only way to get rid of a persistent applicant.
-Patent examiners are given less time to review patent applications as they gain seniority, leading to less thorough reviews.

None of these observations is entirely new. But what sets Frakes and Wasserman's work apart is that they have convincing empirical evidence for all three theories. They have data showing that these features of the patent system systematically bias it in the direction of granting more patents. Which means that if we reformed the patent process in the ways they advocate, we'd likely wind up with fewer bogus patents floating around.

An anonymous reader quotes a report from Gizmodo: Tis the season for giving, and one Bitcoin investor claims to be giving away the majority of their cryptocurrency holdings after experiencing an incredible year. The unnamed donor has set up a fund to hand out $86 million worth of Bitcoin to various charities, and they've already started listing the donations and providing receipts. If this whole thing works out, you can just call this mystery person the Bitcoin Bill Gates. So far, The Pineapple Fund claims to have distributed just over $6.5 million in Bitcoin between eight charities. Its website provides links to the blockchain transactions under the name of each charity. These transactions are in a public ledger, but the sender and recipient are only identified by a long string of digits. We contacted the Electronic Freedom Foundation to ask if the two transactions that were purportedly sent to the activist group were indeed legitimate. A spokesperson confirmed via email that the EFF has "been in touch with the Pineapple Fund and are in the process of receiving the donation." The anonymous founder writes: "Sometime around the early days of bitcoin, I saw the promise of decentralized money and decided to mine/buy/trade some magical internet tokens. The expectation shattering returns of bitcoin over many years has lead to an amount far more than I can spend. What do you do when you have more money than you can ever possibly spend? Donating most of it to charity is what I'm doing. For reference, The Pineapple Fund is bigger than the entire market cap of bitcoin when I got in, and one of the richest 250 bitcoin addresses today."

An anonymous reader quotes a report from EFF: EFF is fighting another attempt by a giant corporation to take advantage of our poorly drafted federal computer crime statute for commercial advantage -- without any regard for the impact on the rest of us. This time the culprit is LinkedIn. The social networking giant wants violations of its corporate policy against using automated scripts to access public information on its website to count as felony "hacking" under the Computer Fraud and Abuse Act, a 1986 federal law meant to criminalize breaking into private computer systems to access non-public information.

EFF, together with our friends DuckDuckGo and the Internet Archive, have urged the Ninth Circuit Court of Appeals to reject LinkedIn's request to transform the CFAA from a law meant to target "hacking" into a tool for enforcing its computer use policies. Using automated scripts to access publicly available data is not "hacking," and neither is violating a website's terms of use. LinkedIn would have the court believe that all "bots" are bad, but they're actually a common and necessary part of the Internet. "Good bots" were responsible for 23 percent of Web traffic in 2016. Using them to access publicly available information on the open Internet should not be punishable by years in federal prison. LinkedIn's position would undermine open access to information online, a hallmark of today's Internet, and threaten socially valuable bots that journalists, researchers, and Internet users around the world rely on every day -- all in the name of preserving LinkedIn's advantage over a competing service. The Ninth Circuit should make sure that doesn't happen.

An anonymous reader writes: The EFF describes the FCC's official plan to kill net neutrality as "riddled with technical errors and factual inaccuracies," including, for example, a false distinction between "Internet access service" and "a distinct transmission service" which the EFF calls "utterly ridiculous and completely ungrounded from reality."

"Besides not understanding how Internet access works, the FCC also has a troublingly limited knowledge of how the Domain Name System (DNS) works -- even though hundreds of engineers tried to explain it to them this past summer... As the FCC would have it, an Internet user actively expects their ISP to provide DNS to them." And in addition, "Like DNS, it treats caching as if it were some specialized service rather than an implementation detail and general-purpose computing technique."

"There are at least two possible explanations for all of these misunderstandings and technical errors. One is that, as we've suggested, the FCC doesn't understand how the Internet works. The second is that it doesn't care, because its real goal is simply to cobble together some technical justification for its plan to kill net neutrality. A linchpin of that plan is to reclassify broadband as an 'information service,' (rather than a 'telecommunications service,' or common carrier) and the FCC needs to offer some basis for it. So, we fear, it's making one up, and hoping no one will notice."
"We noticed," their editorial ends, urging Americans "to tell your lawmakers: Don't let the FCC sell the Internet out."

According to a New York Times report citing American officials, the Trump administration has decided that the National Security Agency and the FBI can lawfully keep operating their warrantless surveillance program even if Congress fails to extend the law authorizing it before an expiration date of New Year's Eve. The Verge reports: The White House believes the Patriot Act's surveillance provisions won't expire until four months into 2018. Lawyers point to a one-year certification that was granted on April 26th of last year. If that certification is taken as a legal authorization for the FISA court overall -- as White House lawyers suggest -- then Congress will have another four months to work out the details of reauthorization. There are already several proposals for Patriot Act reauthorization in the Senate, which focus the Section 702 provisions that authorize certain types of NSA surveillance. Some of the proposals would close the backdoor search loophole that allows for warrantless surveillance of U.S. citizens, although a recent House proposal would leave it in place. But with Congress largely focused on tax cuts and the looming debt ceiling fight, it's unlikely the differences could be reconciled before the end of the year.

orgelspieler writes: My son paid for a copy of a novel on his iPad. When his school made it against the rules to bring iPads, he wanted to get the same book on his Kindle. I tried to explain that the format of his eBook was not readily convertible to the Kindle. So he tried to go on his schools online library app. He checked it out just fine, but ironically, the offline reading function only works on the now-disallowed iPads. Rather than paying Amazon $7 for a book I already own, and he has already checked out from the library, I found a bootleg PDF online. I tried to explain that he could just read that, but he freaked out. "That's illegal, Dad!" I tried to explain format shifting, and the injustice of the current copyright framework in America. Even when he did his own research, stumbling across EFF's website on fair use, he still would not believe me.

Have any of you fellow Slashdotters figured out a good way to navigate the moral, legal, and technological issues of copyright law, as it relates to the next generation of nerds? Interestingly, my boy seems OK with playing old video games on the Wayback Machine, so I don't think it's a lost cause.

An anonymous reader quotes a report from Slate: Anyone who has ever paid a bill to or waited for customer service from Comcast knows why it is one of America's most detested companies, its recent efforts to improve its image notwithstanding. While Comcast says its customers will "enjoy strong net neutrality protections," it hasn't explicitly said it won't offer paid prioritization, which is how the company would most likely monetize its new ability to legally muck with internet traffic. In other words, Comcast might not choke or slow service to any website, but it could speed access to destinations that pay for the priority service. The company's promises should sound familiar. As Jon Brodkin pointed out in Ars Technica on Monday, back when the FCC was crafting the network neutrality rules in 2014, Comcast said it had no plans to enact paid prioritization, either. "We don't prioritize Internet traffic or have paid fast lanes, and have no plans to do so," a Comcast executive wrote in a blog post that year.

But Comcast's line has changed in an important way. In a comment to the FCC from earlier this year, the company said it is time for the FCC to adopt a "more flexible" approach to paid prioritization, and noted in a blog post at the time that the FCC should consider net neutrality principles that prevent "no anticompetitive paid prioritization." In other words, not necessarily all paid prioritization. The inclusion of "anti-competitive" could signal that the company does in fact hope to offer fast-lane service, but at the same price for all. And it might be a price that say, Fox News and the New York Times can afford, but one that smaller outlets can't. That Comcast's language is changing is one reason to distrust its promises regarding net neutrality, but its track record is an even bigger one. The company has been caught red-handed lying about its traffic discrimination in the past. In 2007, for example, when Comcast was found intermittently blocking users' ability to use BitTorrent, the company made numerous false claims about its network interference before finally admitting its bad behavior and halting the disruptions.

FCC on Tuesday said it plans to dismantle landmark regulations that ensure equal access to the internet, clearing the way for companies to charge more and block access to some websites. From a report on the New York Times: The proposal, put forward by the F.C.C. chairman, Ajit Pai, is a sweeping repeal of rules put in place by the Obama administration that prohibited high-speed internet service providers from blocking or slowing down the delivery of websites, or charging extra fees for the best quality of streaming and other internet services for their subscribers. The clear winners from the move would be telecom giants like AT&T and Comcast that have lobbied for years against regulations of broadband and will now have more control over the online experiences of American consumers. The losers could be internet sites that will have to answer to telecom firms to get their content in front of consumers. And consumers may see their bills increase for the best quality of internet service. Note from the editor: the aforementioned link could be paywalled; consider the alternative sources: NPR, ArsTechnica, Associated Press, BBC, Axios, Reuters, TechCrunch, and Slate.

FTC Commissioner Terrell McSweeny criticized the move. She said, "So many things wrong here, like even if FCC does this FTC still won't have jurisdiction. But even if we did, most discriminatory conduct by ISPs will be perfectly legal. This won't hurt tech titans with deep pockets. They can afford to pay all the trolls under the bridge. But the entrepreneurs and innovators who truly make the Internet great won't be so lucky. It will be harder for them to compete. The FCC is upending the Internet as we know it, not saving it."

This is what the internet looks like when there is no net neutrality. Earlier today, news outlet Motherboard suggested we should build our own internet if we want to safeguard the essence of open internet.

An Australian court can't make a California advocacy group take down a web page, a U.S. federal judge just ruled on Friday. Even if that web page calls a company's patents "stupid." Courthouse News reports: San Francisco-based Electronic Frontier Foundation sued Global Equity Management, or GEMSA, in April, claiming the Australian firm exploited its home country's weaker free speech protections to secure an unconstitutional injunction against EFF. Kurt Opsahl, EFF's deputy executive director and general counsel, hailed the ruling as a victory for free speech. "We knew all along the speech was protected by the First Amendment," Opsahl said in a phone interview Friday. "We were pleased to see the court agree." Opsahl said the ruling sends a strong message EFF and other speakers can weigh in on important topics, like patent reform, without fear of being muzzled by foreign court orders.

The dispute stems from an article EFF published in June 2016, featuring GEMSA in its "Stupid Patent of the Month" series. The GEMSA patent is for a "virtual cabinet" to store data. In the article, EFF staff attorney Daniel Nazer called GEMSA a "classic patent troll" that uses its patent on graphic representations of data storage to sue "just about anyone who runs a website." The article also says GEMSA "appears to have no business other than patent litigation."
The judge granted EFF a default judgment, saying the Australian court's injunction was not only unenforceable in the United States but also "repugnant" to the U. S. Constitution.

New submitter Danngggg writes: As you may recall from Slashdot last year, alleged Anonymous hacktivist Martin Gottesfeld has been imprisoned without bail since federal agents arrested him on board a Disney Cruise ship in February of 2016 to face hacking charges brought by controversial former U.S. attorney Carmen Ortiz. Though he's the only activist after Aaron Swartz to face a felony CFAA indictment from Ortiz, apparently Aaron Swartz Day organizer and Chelsea Manning archivist Lisa Rein don't want to include Gottesfeld in the festivities this year. So, he has taken to Huffington Post to argue that his story should be told this November 4th and, perhaps with a sense of irony, to publish some potentially scandalous Signal messages allegedly sent by Rein to his wife revealing what seems to be disdain for hacking in general and Anonymous in particular. Indeed, Rein seems to borrow from the movie Mean Girls in her contemptuous rejection of Mrs. Gottesfeld's appeals on behalf of her embattled husband. What does the Slashdot crowd have to say about whether Gottesfeld's story belongs at Aaron Swartz Day as well as Rein's alleged attitude towards his significant other?

"One might think that my voice would be welcomed at Aaron Swartz Day given all that the late internet/freedom of information activist and I share in common," writes Gottesfeld. "For starters, we were both indicted under the same controversial federal law, the CFAA, by the same Boston U.S. Attorney's Office and indeed under the tenure of the same notorious U.S. Attorney, Carmen Ortiz. Both of us have been persecuted for doing the moral thing; Aaron for trying to make taxpayer-funded research available to the general public and me for stopping the torture of an innocent child."

An anonymous reader quotes a report from TechCrunch: You may remember that last year, Verizon (which owns Oath, which owns TechCrunch) was punished by the FCC for injecting information into its subscribers' traffic that allowed them to be tracked without their consent. That practice appears to be alive and well despite being disallowed in a ruling last March: companies appear to be able to request your number, location, and other details from your mobile provider quite easily. The possibility was discovered by Philip Neustrom, co-founder of Shotwell Labs, who documented it in a blog post earlier this week. He found a pair of websites which, if visited from a mobile data connection, report back in no time with numerous details: full name, billing zip code, current location (as inferred from cell tower data), and more. (Others found the same thing with slightly different results depending on carrier, but the demo sites were taken down before I could try it myself.)

Last month, we covered a story about how turning off Wi-Fi and Bluetooth in iOS 11's Control Center doesn't really turn off Wi-Fi and Bluetooth. EFF has called the situation bad for user security. From the report: Instead, what actually happens in iOS 11 when you toggle your quick settings to "off" is that the phone will disconnect from Wi-Fi networks and some devices, but remain on for Apple services. Location Services is still enabled, Apple devices (like Apple Watch and Pencil) stay connected, and services such as Handoff and Instant Hotspot stay on. Apple's UI fails to even attempt to communicate these exceptions to its users. It gets even worse. When you toggle these settings in the Control Center to what is best described as "off-ish," they don't stay that way. The Wi-Fi will turn back full-on if you drive or walk to a new location. And both Wi-Fi and Bluetooth will turn back on at 5:00 AM. This is not clearly explained to users, nor left to them to choose, which makes security-aware users vulnerable as well. The only way to turn off the Wi-Fi and Bluetooth radios is to enable Airplane Mode or navigate into Settings and go to the Wi-Fi and Bluetooth sections. When a phone is designed to behave in a way other than what the UI suggests, it results in both security and privacy problems. A user has no visual or textual clues to understand the device's behavior, which can result in a loss of trust in operating system designers to faithfully communicate what's going on.

An anonymous reader quotes the EFF: In the past few years, the sale of pre-configured Kodi boxes, and the availability of a range of plugins providing access to streaming media, has seen the software's popularity balloon -- and made it the latest target of Hollywood's copyright enforcement juggernaut. We've seen this in the appearance of streaming media boxes as an enforcement priority in the U.S. Trade Representative's Special 301 Report, in proposals for new legislation targeting the sale of "illicit" media boxes, and in lawsuits that have been brought on both sides of the Atlantic to address the "problem" that media boxes running Kodi, like any Web browser, can be used to access media streams that were not authorized by the copyright holder...

The difficulty facing the titans of TV is that since neither those who sell Kodi boxes, nor those who write or host add-ons for the software, are engaging in any unauthorized copying by doing so, cases targeting these parties have to rely on other legal theories. So far several legal theories have been used; one in Europe against sellers of Kodi boxes, one in Canada against the owner of the popular Kodi add-on repository TVAddons, and two in the United States against TVAddons and a plugin developer... These lawsuits by big TV incumbents seem to have a few goals: to expand the scope of secondary copyright infringement yet again, to force major Kodi add-on distributors off of the Internet, and to smear and discourage open source, freely configurable media players by focusing on the few bad actors in that ecosystem.
The EFF details the specific lawsuits in each region, and concludes that their courts "should reject these expansions of copyright liability, and TV networks should not target neutral platforms and technologies for abusive lawsuits."

New submitter Frobnicator writes: Four years ago, the W3C began standardizing Encrypted Media Extensions, or EME. Several organizations, including the EFF, have argued against DRM within web browsers. Earlier this year, after the W3C leadership officially recommended EME despite failing to reach consensus, the EFF filed the first-ever official appeal that the decision be formally polled for consensus. That appeal has been denied, and for the first time the W3C is endorsing a standard against the consensus of its members.

In response, the EFF published their resignation from the body: "The W3C is a body that ostensibly operates on consensus. Nevertheless, as the coalition in support of a DRM compromise grew and grew -- and the large corporate members continued to reject any meaningful compromise -- the W3C leadership persisted in treating EME as topic that could be decided by one side of the debate. [...] Today, the W3C bequeaths an legally unauditable attack-surface to browsers used by billions of people. Effective today, EFF is resigning from the W3C." Jeff Jaffe, CEO of W3C said: "I know from my conversations that many people are not satisfied with the result. EME proponents wanted a faster decision with less drama. EME critics want a protective covenant. And there is reason to respect those who want a better result. But my personal reflection is that we took the appropriate time to have a respectful debate about a complex set of issues and provide a result that will improve the web for its users. My main hope, though, is that whatever point-of-view people have on the EME covenant issue, that they recognize the value of the W3C community and process in arriving at a decision for an inherently contentious issue. We are in our best light when we are facilitating the debate on important issues that face the web."

Artem Tashkinov writes: The World Wide Web Consortium (W3C), the industry body that oversees development of HTML and related Web standards, has today published the Encrypted Media Extensions (EME) specification as a Recommendation, marking its final blessing as an official Web standard. Final approval came after the W3C's members voted 58.4 percent to approve the spec, 30.8 percent to oppose, with 10.8 percent abstaining. EME provides a standard interface for DRM protection of media delivered through the browser. EME is not itself a DRM scheme; rather, it defines how Web content can work with third-party Content Decryption Modules (CDMs) that handle the proprietary decryption and rights-management portion. The principal groups favoring the development of EME have been streaming media companies such as Netflix and Microsoft, Google, and Apple, companies that both develop browsers and operate streaming media services. Following the announcement, EFF wrote a letter to W3C director, chief executive officer and team, in which it expressed its disappointment and said it was resignation from the W3C.

An anonymous reader quotes a report from Ars Technica: The country's biggest Internet service providers and advertising industry lobby groups are fighting to stop a proposed California law that would protect the privacy of broadband customers. AT&T, Comcast, Charter, Frontier, Sprint, Verizon, and some broadband lobby groups urged California state senators to vote against the proposed law in a letter Tuesday. The bill would require Internet service providers to obtain customers' permission before they use, share, or sell the customers' Web browsing and application usage histories. California lawmakers could vote on the bill Friday of this week, essentially replicating federal rules that were blocked by the Republican-controlled Congress and President Trump before they could be implemented. The text and status of the California bill, AB 375, are available here.

The letter claims that the bill would "lead to recurring pop-ops to consumers that would be desensitizing and give opportunities to hackers" and "prevent Internet providers from using information they have long relied upon to prevent cybersecurity attacks and improve their service." The Electronic Frontier Foundation picked apart these claims in a post yesterday. The proposed law won't prevent ISPs from taking security measures because the bill "explicitly says that Internet providers can use customer's personal information (including things like IP addresses and traffic records) 'to protect the rights or property of the BIAS [Broadband Internet Access Service] provider, or to protect users of the BIAS and other BIAS providers from fraudulent, abusive, or unlawful use of the service,'" EFF Senior Staff Technologist Jeremy Gillula wrote.

An anonymous reader quote The Verge: After four months of debate, the FCC is nearly ready to stop accepting feedback on its proposal to kill net neutrality. Final comments are due this Wednesday, August 30th, by end-of-day Eastern time. Once the comment period closes, the FCC will review the feedback it received and use it as guidance to revise its proposal, which if passed, would reverse the Title II classification that guaranteed net neutrality just two years ago. The commission is supposed to factor in all of the feedback it received when writing its final draft, so if you do have strong feelings on the matter, it's worth leaving a comment...

To leave a comment, you'll have to go to this site, click "+ Express," and then fill out the form it opens up to. Make sure you leave the proceeding number "17-108" in place, as that's what ties it to the net neutrality proposal. Also, be aware that everything filed is public, so others will be able to see your name and address.
"ISPs shouldn't be gatekeepers," wrote the EFF in a tweet sharing tips on the way to write effective comments. The number of comments matter because "the commission will very likely have to defend its changes in court," according to the article. And the commission has now received a record 22 million filings -- nearly six times the previous record of 3.7 million comments (when the net neutrality rules were first implemented).