Here's the problem. "You could download Comma.ai's new open-source Python code from Github, grab the necessary hardware, and follow the company's instructions to add semi-autonomous capabilities to specific Acura and Honda model cars (with more vehicles to follow)," writes IEEE Spectrum. But then who's legally responsible if there's an accident? Long-time Slashdot reader Registered Coward v2 writes: While many legal experts agree OSS is "buyer beware" and that Comma.ai and its CEO Georg Hotz would not be liable, it's a gray area in the law. The software is release under the MIT OSS license and the Read Me contains the disclaimer "This is alpha-quality software for research purposes only... You are responsible for complying with local laws and regulatons." The U.S. Supreme Court, in a series of court cases in the 1990s, ruled open source code as free speech protected under the First Amendment of the U.S. Constitution.

The question is does that release the author(s) from liability. The EU has no EU wide rules on liability in such cases. One open question is even if the person who used the software could not sue, a third party injured by it might be able to since they are not a party to the license agreement.
An EFF attorney told HotHardware "Prosecutors and plaintiffs often urge courts to disregard traditional First Amendment protections in the case of software." But not everyone agrees. "Most legal experts that spoke with IEEE Spectrum -- and Hotz himself -- believe that if you use the company's code and something goes wrong, then it isn't liable for damages. You are."

Automakers are using the Digital Millennium Copyright Act to shut down tools used by car mechanics -- but three states are trying to stop them. An anonymous reader quotes IFixIt.Org: in 2014, Ford sued Autel for making a tool that diagnoses car trouble and tells you what part fixes it. Autel decrypted a list of Ford car parts, which wound up in their diagnostic tool. Ford claimed that the parts list was protected under copyright (even though data isn't creative work) -- and cracking the encryption violated the DMCA. The case is still making its way through the courts. But this much is clear: Ford didn't like Autel's competing tool, and they don't mind wielding the DMCA to shut the company down...

Thankfully, voters are stepping up to protect American jobs. Just last week, at the behest of constituents, three states -- Nebraska, Minnesota, and New York -- introduced Right to Repair legislation (more states will follow). These 'Fair Repair' laws would require manufacturers to provide service information and sell repair parts to owners and independent repair shops.
Activist groups like the EFF and Repair.org want to "ensure that repair people aren't marked as criminals under the DMCA," according to the site, arguing that we're heading towards a future with many more gadgets to fix. "But we'll have to fix copyright law first."

Earlier this month The Guardian reported what it called a "backdoor" in WhatsApp, a Facebook-owned instant messaging app. Some security researchers were quick to call out The Guardian for what they concluded was irresponsible journalism and misleading story. Now, a group of over three dozen security researchers including Matthew Green and Bruce Schneier (as well as some from companies such as Google, Mozilla, Cloudflare, and EFF) have signed a long editorial post, pointing out where The Guardian's report fell short, and also asking the publication to retract the story. From the story: The WhatsApp behavior described is not a backdoor, but a defensible user-interface trade-off. A debate on this trade-off is fine, but calling this a "loophole" or a "backdoor" is not productive or accurate. The threat is remote, quite limited in scope, applicability (requiring a server or phone number compromise) and stealthiness (users who have the setting enabled still see a warning; "even if after the fact). The fact that warnings exist means that such attacks would almost certainly be quickly detected by security-aware users. This limits this method. Telling people to switch away from WhatsApp is very concretely endangering people. Signal is not an option for many people. These concerns are concrete, and my alarm is from observing what's actually been happening since the publication of this story and years of experience in these areas. You never should have reported on such a crucial issue without interviewing a wide range of experts. The vaccine metaphor is apt: you effectively ran a "vaccines can kill you" story without interviewing doctors, and your defense seems to be, "but vaccines do kill people [through extremely rare side effects]."

Jim Whitehurst joined Red Hat in 2008, as its valuation rose past $10 billion and the company entered the S&P 500. He believes that leaders should engage people, and then provide context for self-organizing, and in 2015 even published The Open Organization: Igniting Passion and Performance (donating all proceeds to the Electronic Frontier Foundation). The book describes a post-bureaucratic world of community-centric companies led with transparency and collaboration, with chapters on igniting passion, building engagement, and choosing meritocracy over democracy.

Jim's argued that Red Hat exemplifies "digital disruption," and recently predicted a world of open source infrastructure running proprietary business software. Fortune has already called Red Hat "one of the geekiest firms in the business," and their open source cloud computing platform OpenStack now competes directly with Amazon Web Services. Red Hat also sponsors the Fedora Project and works with the One Laptop Per Child initiative.

So leave your best questions in the comments. (Ask as many questions as you'd like, but please, one per comment.) We'll pick out the very best questions, and then forward them on for answers from Red Hat CEO Jim Whitehurst.

EFF's "Deeplinks" blog has published nearly two dozen "2016 in Review" posts over the last nine days, one of which applauds 2016 as "a great year for adoption of HTTPS encryption for secure connections to websites." An anonymous reader writes: In 2016 most pages viewed on the web were encrypted. And over 21 million web sites obtained security certificates -- often for the first time -- through Let's Encrypt. But "a sizeable part of the growth in HTTPS came from very large hosting providers that decided to make HTTPS a default for sites that they host, including OVH, Wordpress.com, Shopify, Tumblr, Squarespace, and many others," EFF writes. Other factors included the support of Transport Layer Security (TLS) 1.3 by Firefox, Chrome, and Opera.
Other "2016 in Review" posts from EFF include Protecting Net Neutrality and the Open Internet and DRM vs. Civil Liberties. Click through for a complete list of all EFF "2016 in Review" posts.

"The federal government has not justified its excessive secrecy about the massive telephone surveillance program known as Hemisphere, a court ruled in an EFF Freedom of Information Act lawsuit on Thursday." schwit1 quotes the EFF announcement: As a result, the federal government must submit roughly 260 pages of previously withheld or heavily redacted records to the court so that it can review them and decide whether to make more information about Hemisphere public. Hemisphere is a partnership between AT&T and federal, state, and local law enforcement agencies that allows police almost real-time access to telephone call detail records. The program is both extremely controversial -- AT&T requires police to hide its use from the public -- and appears to violate our First and Fourth Amendment rights.
Government lawyers had argued the disputed documents were restricted to use at the federal level, but the court remained unconvinced, especially "after EFF demonstrated that many of them appeared to have been given to state and local law enforcement."

Electronic Frontier Foundation has dispatched a team of technologists and lawyers to a protest site in Standing Rock, North Dakota, to investigate "several reports of potentially unlawful surveillance." An anonymous reader writes: The EFF has "collected anecdotal evidence from water protectors about suspicious cell phone behavior, including uncharacteristically fast battery drainage, applications freezing, and phones crashing completely," according to a recent report. "Some water protectors also saw suspicious login attempts to their Google accounts from IP addresses originating from North Dakota's Information & Technology Department. On social media, many reported Facebook posts and messenger threads disappearing, as well as Facebook Live uploads failing to upload or, once uploaded, disappearing completely."

The EFF reports "it's been very difficult to pinpoint the true cause or causes," but they've targeted over 20 law enforcement agencies with public records requests, noting that "Of the 15 local and state agencies that have responded, 13 deny having any record at all of cell site simulator use, and two agencies -- Morton County and the North Dakota State Highway Patrol (the two agencies most visible on the ground) -- claim that they can't release records in the interest of "public safety"...
"Law enforcement agencies should not be allowed to sidestep public inquiry into the surveillance technologies they're using," EFF writes, "especially when citizens' constitutional rights are at stake... It is past time for the Department of Justice to investigate the scope of law enforcement's digital surveillance at Standing Rock and its consequences for civil liberties and freedoms in the digital world."

An anonymous reader quotes a report from Electronic Frontier Foundation: No one should have to fear losing their internet connection because of unfounded accusations. But some rights holders want to use copyright law to force your Internet service provider (ISP) to cut off your access whenever they say so, and in a case the Washington Post called "the copyright case that should worry all Internet providers," they're hoping the courts will help them. We first wrote about this case -- BMG v. Cox Communications -- when it was filed back in 2014, and last month, EFF, Public Knowledge (PK), and the Center for Democracy and Technology (CDT) urged the Court of Appeals for the Fourth Circuit to overturn a ruling that ISP Cox Communications was liable for copyright infringement. EFF, PK and CDT advised the court to consider the importance of Internet access in daily life in determining when copyright law requires an ISP to cut off someone's Internet subscription. The case turns in part on a provision in copyright law that gives internet intermediaries a safe harbor -- legal protection against some copyright infringement lawsuits -- provided they follow certain procedures. Online platforms like Facebook and YouTube, along with other internet intermediaries, have to "reasonably implement" a policy for terminating "subscribers and account holders" that are "repeat infringers" in "appropriate circumstances." But given the importance of Internet access, the circumstances where it's appropriate to cut off a home Internet subscription entirely are few and far between. The law as written is flexible enough that providers can design and implement policies that make sense for the nature of their service and their subscribers' circumstances. A repeat infringer policy for the company that provides your link to the Internet as a whole should take into account the essential nature of internet access and the severe harm caused by disconnection. But music publisher BMG wants to use this provision to force ISPs to become tougher enforcers of copyright law. According to BMG, ISPs should be required both to forward rights holders' threatening demand letters to their subscribers and terminate a subscriber's Internet access whenever rights holders allege that person has repeatedly violated copyright law. A subscriber is a "repeat infringer" and subject to termination, they argue, whenever they say so. Cox's appeal of the ruling raises two very important issues: (1) Who should be considered a "repeat infringer" who should be cut off from the Internet, and (2) whether ISPs must either cede to rights holders' demands or monitor their subscribers' internet habits to avoid liability. Slashdot reader waspleg adds: Two landmark Supreme Court cases, Metro-Goldwyn-Mayer Studios Inc. v. Grokster, Ltd., and Sony Corp. of America v. Universal Studios made clear that if a service is capable of significant lawful uses, and the provider doesn't actively encourage users to commit copyright infringement, the provider shouldn't be held responsible when someone nonetheless uses the service unlawfully.

The controversial Trans-Pacific Partnership can't go into effect without U.S. approval, Japan's Prime Minister Shinzo Abe has acknowledged. Yet despite president-elect Trump's promise to withdraw from the agreement -- Friday Japan's parliament voted to approve it. An anonymous reader quotes the Business Times. Was last Friday's vote simply a Quixotic tribute to a dying cause or -- as some are asking -- does Mr. Abe know something that others don't? They note that he is the only foreign leader to have met with the anointed heir to the U.S. presidency since the election result was announced. What went on in New York's Trump Tower during that "informal" meeting is unknown but some speculate that there may have been some equally informal -- but nonetheless significant -- dealmaking between the two men on the TPP. This seems quite possible, analysts say, because the TPP is of great importance to Japan and to Mr. Abe's grand design for Japan to remain a pivotal Asia-Pacific power.
The EFF has decried "the intense push to ram Internet issues into international law through the TPP," and complained Friday that Japan's newly-passed law "includes the extension of Japan's copyright term from 50 to 70 years after the death of the author, which makes today a very sad day for Japan's public domain."

And in addition, "There remains a risk that other TPP countries such as Singapore -- and even countries that weren't part of the original deal, such as Taiwan -- will soon also bring their domestic legislation into conformity with the requirements of this dead agreement."

An anonymous reader writes: OnlineCensorship.org just released a new report "to provide an objective, data-driven voice in the conversation around commercial content moderation." They're collecting media reports about censorship on Facebook, Twitter, Instagram, YouTube, Flickr and Google+, and have now analyzed 294 reports of content takedowns -- 74% of which pertained to Facebook. (Followed by Instagram with 16% and Twitter with 7%.) 47% of all the takedowns were nudity-related, while the next two most frequent reasons given were "real name" violations and "inappropriate content".

Noting "a more visible public debate" over content moderation, the report acknowledges that 4.7 billion Facebook posts are made every day. (It also reports the "consistent refrain" from services apologizing for issues -- that "our team processes millions of reports each week...") But the most bizarre incident they've identified was the tech blogger in India who was locked out of his Facebook account in October because he shared a photo of a cat in a business suit. "It might sound stupid but this just happened to me," he told Mashable India, which reports Facebook later apologized and said it had made a mistake.
Their report -- part of the EFF's collaboration with Visualizing Impact -- urges platforms to clarify their guidelines (as well as applicable laws), to explain the mechanisms being used to evaluate content and appeals, and to share those criteria when notifying users of take-downs. For example, in August Facebook inexplicably removed a 16-century sketch by Erasmus of Rotterdam detailing a right hand.

The EFF is describing it as "a break for your brain." An anonymous reader writes: Humble Bundle has announced a special "pay what you want" sale for four ebooks about LEGO from No Starch Press, with proceeds going to the Electronic Frontier Foundation, or to the charity of your choice. The ebooks include Beautiful LEGO (a compendium of creations by dozens of artists) and Medieval LEGO, which describes and recreates English history in the Middle Ages using LEGO blocks. Contributors who pay more than $8 also receive six more books, including "Forbidden LEGO" a more free-style building guide that one reviewer called "The Anarchist Cookbook of the nursery," as well as "The Cult of LEGO", a tour of the block-building community. And for a $15 donation, contributors receive six more ebooks -- bringing the total to 16 -- including The LEGO Christmas Ornaments Book and Steampunk LEGO.

An anonymous reader quotes The Guardian: White House officials conceded on Friday that the president's hard-fought-for Trans-Pacific Partnership trade deal would not pass Congress, as lawmakers there prepared for the anti-global trade policies of President-elect Donald Trump. Earlier this week, congressional leaders in both parties said they would not bring the trade deal forward during a lame-duck session of Congress, before the formal transition of power on January 20.
One Canadian law professor had argued the case against the TPP included its unbalanced intellectual property rules and risks to privacy, while the EFF believed it locked in the worst parts of U.S. copyright law and also exported them to other countries.

"This weekend you have the chance to add to Aaron Swartz's legacy by boosting tools for whistleblowers," the EFF writes. An anonymous reader quotes their report. The 2016 Aaron Swartz International Hackathon -- held in honor of the late Internet and political activist -- will take place during the day Saturday and Sunday at the Internet Archive in San Francisco. The hackathon will focus on whistleblower submission system SecureDrop, which was created by Swartz and Kevin Poulsen to connect media organizations and anonymous sources and is managed by the Freedom of the Press Foundation. This weekend's events -- timed to what would have been his 30th birthday on Nov. 8 -- will also feature a series of speakers on Saturday night, including SecureDrop's Conor Schaefer, Fight for the Future Co-founder Tiffiniy Cheng, and EFF Executive Director Cindy Cohn, as well as a special statement from Chelsea Manning.

An anonymous reader writes: EFF's list of costume ideas for digital rights activists include a Stingray costume, dressing up like a Privacy Badger (or a patent troll), and using facepaint to simulate the eerie digitization algorithms that are currently capturing images of your face for government databases. "Just this week we learned that facial recognition is far more prevalent among local and federal law enforcement than we thought, with at least 26 states using this biometric technology... To draw attention to this emerging threat to privacy, you can use your face painting skills to recreate the digitization algorithms on your own mug based on public records we and others have obtained from law enforcement agencies."
Sixteen states already grant the FBI access to their DMV databases, reports EFF, noting that it's "almost completely unregulated," with one study reporting that 50% of American faces are already in a government database.

An anonymous Slashdot reader quotes the Daily Herald: Investigators in Lancaster, California, were granted a search warrant last May with a scope that allowed them to force anyone inside the premises at the time of search to open up their phones via fingerprint recognition, Forbes reported Sunday. The government argued that this did not violate the citizens' Fifth Amendment protection against self incrimination because no actual passcode was handed over to authorities...

"I was frankly a bit shocked," said Andrew Crocker, a staff attorney at the Electronic Frontier Foundation, when he learned about the scope of search warrant. "As far as I know, this warrant application was unprecedented"... He also described requiring phones to be unlocked via fingerprint, which does not technically count as handing over a self-incriminating password, as a "clever end-run" around constitutional rights.

For the first time ever, secure HTTPS encryption was used for over half the pageloads served to Mozilla users, representing a big milestone for encryption. TechCrunch reports on the telemetry data tweeted by the Head of Let's Encrypt: Mozilla, which is one of the organizations backing Let's Encrypt, was reporting that 40% of page views were encrypted as of December 2015. So it's an impressively speedy rise...

The Let's Encrypt initiative, which exited beta back in April, is doing some of that work by providing sites with free digital certificates to help accelerate the switch to HTTPS. According to [co-founder Josh] Aas, Let's Encrypt added more than a million new active certificates in the past week -- which is also a significant step up. In the initiative's first six months (when still in beta) it only issued around 1.7 million certificates in all.
The "50% HTTPS" figure is just a one-day snapshot, and it's from "only a subset of Firefox users who are running Mozilla's telemetry browser...not default switched on for most Firefox users (only for users of pre-release Firefox builds)." But the biggest caveat is it's only counting Firefox users, which in July represented just 7.7% of web surfers (according to Statista), behind both Chrome (49.5%) and Safari (13.68%) -- but also ahead of Internet Explorer (5.4%) and Opera (5.99%).

An anoymous Slashdot reader reports: "I was dead for about 8 mins. on Wed. eve," EFF co-founder John Perry Barlow posted last year on Facebook. "total cardiac arrest...sad to report, no Ascending Light." The cyber-rights activist told the San Francisco Chronicle that he had gone "down the tunnel of eternity and it turned out to be a cheap carnival ride." He paused for a moment. "Probably not cheap, though."

Yesterday Barlow posted a Twitter update announcing a big benefit concert in Mill Valley, California to help pay his mounting medical bills on Monday, October 24th. Performers will include Bob Weir (also of The Grateful Dead), Jerry Harrison (of The Talking Heads), Lukas Nelson, Members of The String Cheese Incident, Sean Lennon and Les Claypool, plus 85-year-old folk singer Ramblin' Jack Elliott, as well as "special guests."
Barlow's family describes the last 18 months as a "medical incarceration" with "a dizzying array of medical events and complications" that has depleted his savings and insurance benefits. They've also set up a site for donations from "his fellow innovators, artists, cowboys, and partners-in-crime, to help us provide the quality of care necessary for Barlow's recovery."

An anonymous Slashdot reader writes: Look at this contradiction in the government's story about their secret scans on hundreds of millions of Yahoo emails. "Intelligence officials told Reuters that all Yahoo had to do was modify existing systems for stopping child pornography from being sent through its email or filtering spam messages." But three former Yahoo employee have now said that actually the court-ordered search "was done by a module attached to the Linux kernel -- in other words, it was deeply buried near the core of the email server operating system, far below where mail sorting was handled... They said that made it hard to detect and also made it hard to figure out what the program was doing."
Slashdot reader Trailrunner7 writes: Now, experts at the EFF and Sen. Ron Wyden say that the order served on Yahoo should be made public according to the text of a law passed last year. The USA Freedom Act is meant to declassify certain kinds of government orders, and the EFF says the Yahoo order fits neatly into the terms of the law. "If the reports about the Yahoo order are accurate -- including requiring the company to custom build new software to accomplish the scanning -- it's hard to imagine a better candidate for declassification and disclosure under Section 402," Aaron Mackey of the EFF said.

America spent $16 billion on classifying documents last year, and Senator Wyden argues the process is now "too unwieldy to be truly secure... over-classification prevents effective information sharing between agencies." An anonymous Slashdot reader quotes the Senator's new announcement: The Reducing Over-Classification Act of 2010 allows government agencies to pay cash awards to employees who accurately classify government documents consistently and avoid unnecessary over-classification of information that is not a threat to national security. In response to a Freedom of Information Act request by the EFF, the Office of the Director of National Intelligence said it could not locate any records about the criteria for awarding those incentives.

"Congress included this provision...to reverse the culture of unnecessary classification, reduce the volume of classified documents, and better protect the secrets whose disclosure would truly threaten national security," Wyden wrote [in a new letter to National Intelligence]. "I am concerned that federal agencies with the power to classify and declassify documents may not be taking advantage of these payment awards, and I believe doing so could benefit our national security."

Soon after the Electronic Frontier Foundation (EFF) issued a letter to HP, calling for them to apologize to customers for releasing firmware that prevents the use of non-HP ink cartridges and refilled HP cartridges, the company has responded with a temporary solution. HP "will issue an optional firmware update that will remove the dynamic security feature" for certain OfficeJet printers. Ars Technica reports: HP made its announcement in a blog post titled "Dedicated to the best printing experience." "We updated a cartridge authentication procedure in select models of HP office inkjet printers to ensure the best consumer experience and protect them from counterfeit and third-party ink cartridges that do not contain an original HP security chip and that infringe on our IP," the company said. The recent firmware update for HP OfficeJet Pro, and OfficeJet Pro X printers "included a dynamic security feature that prevented some untested third-party cartridges that use cloned security chips from working, even if they had previously functioned," HP said. For customers who don't wish to be protected from the ability to buy less expensive ink cartridges, HP said it "will issue an optional firmware update that will remove the dynamic security feature. We expect the update to be ready within two weeks and will provide details here." This customer-friendly move may just be a one-time thing. HP said it will continue to use security features that "protect our IP including authentication methods that may prevent some third-party supplies from working." Without the optional firmware update, printers will only be able to use third-party ink cartridges that have an "original HP security chip," the company said.