bsharma writes from an article on the New York Times: WhatsApp, which is owned by Facebook, allows customers to send messages and make phone calls over the Internet. In the last year, the company has been adding encryption to those conversations, making it impossible for the Justice Department to read or eavesdrop, even with a judge's wiretap order. [As recently as this past week, officials said,] the Justice Department was discussing how to proceed in a continuing criminal investigation in which a federal judge had approved a wiretap, but investigators were stymied by WhatsApp's encryption. (WhatsApp uses Signal software developed by Open Whisper Systems.) "WhatsApp cannot provide information we do not have," the company said this month when Brazilian police arrested a Facebook executive after the company failed to turn over information about a customer who was the subject of a drug trafficking investigation. "The F.B.I. and the Justice Department are just choosing the exact circumstance to pick the fight that looks the best for them," said Peter Eckersley, the chief computer scientist at the Electronic Frontier Foundation, a nonprofit group that focuses on digital rights. "They're waiting for the case that makes the demand look reasonable."

New submitter Kurast writes with this article at Boing Boing: Code is speech: critical court rulings from the early history of the Electronic Frontier Foundation held that code was a form of expressive speech, protected by the First Amendment. The EFF has just submitted an amicus brief in support of Apple in its fight against the FBI, representing 46 "technologists, researchers and cryptographers," laying out the case that the First Amendment means that Apple can't be forced to utter speech to the government's command, and they especially can't be forced to sign and endorse that speech. In a "deep dive" post, EFF's Andrew Crocker and Jamie Williams take you through the argument, step by step. (You can follow along by reading the brief itself (PDF), too.)

blottsie writes: In a series of court battles in the late 1990s and early 2000s, Cindy Cohn represented plaintiffs challenging restrictions on DVD copying and the publication of cryptographic code. In all three cases—Bernstein v. United States, Universal City Studios v. Reimerdes, and Junger v. Daley—federal courts held that computer code merited protection under the First Amendment. Cohn, now the executive director of the Electronic Frontier Foundation, endorsed Apple's repeated citations of her cases in its fight against a court order to unlock a terrorism suspect's iPhone for the FBI. But she said that the controversial iPhone-unlocking order impinged even further on Apple's free-speech rights than the restrictions in her cases.

Mephistophocles writes: A sneaky and underhanded change to the TPP, spotted by the EFF and summarized here by Jeremy Malcolm, means much stiffer penalties for copyright "infringement:"

Under the TPP's original terms, a country could limit the exposure of the owner of such a website to prison time, or to the seizure and possible destruction of their server, on the grounds that by definition their infringement didn't cause any lost sales to the copyright owner. (Note that they would be liable for civil damages to the copyright owner in any case.)

Although a country still has the option to limit criminal penalties to "commercial scale" infringements (which is so broadly defined that it could catch even a non-profit subtitles website), the new language compels TPP signatories to make these penalties available even where those infringements cause absolutely no impact on the copyright holder's ability to profit from the work. This is a massive extension of the provision's already expansive scope.

Perhaps most concerning, however, is the fact that this means those stiff penalties apply even when there is no harm or threat of harm to the copyright owner caused by the infringement.

Think about it. What sense is there in sending someone to jail for an infringement that causes no harm to the copyright holder, whether they complain about it or not? And why should it matter that the copyright holder complains about something that didn't affect them anyway? Surely, if the copyright holder suffers no harm, then a country ought to be able to suspend the whole gamut of criminal procedures and penalties, not only the availability of ex officio action.

This is no error -- or if it is, then the parties were only in error in agreeing to a proposal that was complete nonsense to begin with.

blottsie writes: Over her career, Shari Steel has taken on United States Department of Justice, the National Security Agency, and the Federal Bureau of Investigation. She built the Electronic Frontier Foundation into an international powerhouse for protecting online rights. Today, she has a new mission, perhaps her heaviest challenge yet: Take the Internet's most powerful privacy tool mainstream. From the Daily Dot article linked, a hint of one reason that bringing Tor mainstream isn't straightforward: At the heart of Tor's image problems are what's known as "hidden services" -- sites that are only accessible through the Tor network. Hidden services have been home to drug and gun marketplaces, child pornography forums, fraud and hacking sites, and sites where you can place bets on when a high-profile target may be assassinated. While the media tends to focus on the nefarious elements Tor enables, hidden services make up only about 1 percent of the Tor network, according to Steele, and are in no way operated by the Tor Project.

"I'm trying to teach everyone that we need to recognize that we are doing the work of the angels," Steele says. "What we are providing is really important and really great, and there happen to be uses that are residual that aren't what we're doing. We're not creating this for [illegal activity]. And OK, maybe it's being used for that, but that's not what we're about!"

Reader iamthecheese writes RT reports that France's National Commission of Information and Freedoms found Facebook tracking of non-user browsers to be illegal. Facebook has three months to stop doing it. The ruling points to violations of members and non-members privacy in violation of an earlier ruling. The guidance, published last October, invalidates safe harbor provisions. If Facebook fails to comply the French authority will appoint someone to decide upon a sanction. Related: A copy of the TPP leaked last year no longer requires signing countries to have a safe harbor provision.

An anonymous reader writes: The Electronic Frontier Foundation is sounding the alarm about a deal between Texas law enforcement agencies and Vigilant Solutions — a company that provides vehicle surveillance tech. The deal will give Texas police access to a bunch of automated license plate readers (ALPRs), and access to the company's data and analytic tools. For free. How is Vigilant making money? "The government agency in turn gives Vigilant access to information about all its outstanding court fees, which the company then turns into a hot list to feed into the free ALPR systems. As police cars patrol the city, they ping on license plates associated with the fees. The officer then pulls the driver over and offers them a devil's bargain: get arrested, or pay the original fine with an extra 25% processing fee tacked on, all of which goes to Vigilant. In other words, the driver is paying Vigilant to provide the local police with the technology used to identify and then detain the driver. If the ALPR pings on a parked car, the officer can get out and leave a note to visit Vigilant's payment website." Vigilant also gets to keep the data collected on citizens while the ALPRs are in use.

According to The Next Web, the NSA would like to get rid of something that a lot of people wish they'd never had in the first place: phone records that the agency has collected over a decade and a half (more, really) of mass surveillance. However, the EFF wants to make sure that the evidence of snooping doesn't get buried along with the actual recorded data. From the article: [T]he government says that it can't be sued by bodies like the EFF. The organization is currently involved in two pending cases seeking a remedy for the past 14 years of illegal phone record collection. EFF wrote a letter (PDF) to the secret Foreign Intelligence Surveillance Act court last December which it has now made public, explaining that it is ready to discuss options that will allow destruction of the records in ways that still preserve its ability to prosecute the cases. It'll be interesting to see how this pans out: if the government doesn't agree to a discussion about how to handle these phone records, it's possible that they will remain on file for years to come. Plus, it could allow the NSA to avoid being held accountable for its illegal mass surveillance.

The Linux Foundation, though it's straightforwardly not a grassroots organization along the lines of the FSF or EFF, has long had a degree of non-corporate involvement by way of community-elected members on its board. Now, writes new submitter Ensign Nemo, that's no longer true. An excerpt from Matthew Garrett's blog on the change: The by-laws were amended to drop the clause that permitted individual members to elect any directors. Section 3.3(a) now says that no affiliate members may be involved in the election of directors, and section 5.3(d) still permits at-large directors but does not require them[2]. The old version of the bylaws are here - the only non-whitespace differences are in sections 3.3(a) and 5.3(d).

These changes all happened shortly after Karen Sandler announced that she planned to stand for the Linux Foundation board during a presentation last September. A short time later, the "Individual membership" program was quietly renamed to the "Individual supporter" program and the promised benefit of being allowed to stand for and participate in board elections was dropped (compare the old page to the new one).

An anonymous reader writes: A coalition of rights groups has sent a letter to the U.S. Federal Communications Commission asking for tougher privacy regulations on providers of broadband internet services. The letter was sent by the ACLU, the EFF, Public Citizen, and over 50 other groups. "Critics say broadband providers are already harvesting huge amounts of consumer data for use in targeted advertising, the groups wrote. 'This can create a chilling effect on speech and increase the potential for discriminatory practices derived from data use,' the letter said." FCC Chairman Tom Wheeler has said such firms need to ensure their data is protected, and that consumers should know more about what data is being collected, but he hasn't addressed whether the data should be harvested in the first place. He expects the FCC to review these practices "in the next several months."

itwbennett writes: In a lawsuit in Northern California that was dismissed in 2014, Falun Gong practitioners alleged that Cisco Systems built a security system, dubbed "Golden Shield," for the Chinese government knowing it would be used to track and persecute members of the religious minority. That case is being appealed, and on Monday the EFF, Privacy International and free-speech group Article 19 filed a brief that supports the appeal. Many U.S. and European companies sell technology to regimes that violate human rights, and if this case goes to trial and Cisco loses, they may think twice, said EFF Staff Attorney Sophia Cope. "In a lot of instances, these companies are selling directly to the government, and they know exactly what is going to be happening," Cope said.

itwbennett writes: On Wednesday, Trend Micro wrote that it discovered a cyberattack on Dec. 21 that was designed to install banking malware on computers. The cybercriminals had compromised a legitimate website and set up a subdomain that led to a server under their control, wrote Joseph Chen, a fraud researcher with Trend. The subdomain used an SSL/TLS (Secure Sockets Layer/Transport Layer Security) certificate issued by Let's Encrypt, the first large-scale project to issue free digital certificates. which is run by the ISRG (Internet Security Research Group) and is backed by Mozilla, the Electronic Frontier Foundation, Cisco, and Akamai, among others. The incident has sparked disagreement over how to deal with such abuse, writes Jeremy Kirk.

onedobb writes: Tests confirm that when Binge On is enabled, T-Mobile throttles all HTML5 video streams to around 1.5Mps, even when the phone is capable of downloading at higher speeds, and regardless of whether or not the video provider enrolled in Binge On. This is the case whether the video is being streamed or being downloaded—which means that T-Mobile is artificially reducing the download speeds of customers with Binge On enabled, even if they're downloading the video to watch later. It also means that videos are being throttled even if they're being watched or downloaded to another device via a tethered connection.

An anonymous reader writes with news that the EFF has given Microsoft a dubious award this month for their slider patent. According to Ars: "The Electronic Frontier Foundation's 'Stupid Patent of the Month' for December isn't owned by a sketchy shell company, but rather the Microsoft Corporation. The selection, published yesterday, is the first time the EFF has picked a design patent as the SPOTM. The blog post seeks to highlight some of the problems with those lesser-known cousins to standard 'utility' patents, especially the damages that can result. The chosen patent (PDF), numbered D554,140, would seem to be one of those things that's so simple it raises some basic philosophical questions about the patent system. That's because it's just a slider, in the bottom-right corner of a window, with a plus sign at one end and a minus sign at the other. That's it.

Peter Eckersley writes: The EFF has launched Panopticlick 2.0. In addition to measuring whether your browser exposes unique — and therefore trackable — settings and configuration to websites, the site can now test if you have correctly configured ad- and tracker-blocking software. Think you have correctly configured tracker-blocking software? Visit Panopticlick to test if you got it right.

jones_supa writes: Canonical introduced Amazon Product Results as part of Ubuntu 12.10, which meant that local searches performed by a user in Dash were also sent online. This made many Ubuntu users spill their coffee and got criticism from EFF and FSF as well. The so called "Shopping Lens" had to be manually disabled if that kind of search behavior was not desired. Finally after years, Canonical is reacting to the negative feedback and respecting users' privacy, so that Ubuntu 16.04 (the next Long Term Support release) won't send local searches over the web by default. The Amazon search feature is still available for those who explicitly want to use it.

itwbennett writes: Shari Steele, a 20-year veteran of the Electronic Frontier Foundation (EFF), has been hired as executive director of the Tor Project, the widely used anonymity tool that frequently comes up in debates over encryption and privacy. Steele, who started at EFF as a staff attorney, then legal director and eventually executive director, comes on board at a time when Tor has been embroiled in controversy. In November, the organization accused the FBI of paying Carnegie Mellon University $1 million for information on security issues that later facilitated arrests related to online drug markets.

Mike Godwin worked as the first staff counsel of the EFF and served as general counsel for the Wikimedia Foundation. He has been a contributing editor of Reason magazine and was elected to the Open Source Initiative board in 2011. Mike is probably best known however for coining the internet adage Godwin's Law. He is currently general counsel and director of innovation policy at the R Street Institute. Mike has given us some of his time to answer any questions you may have. As usual, ask as many as you'd like, but please, one question (and one comparison involving Nazis or Hitler) per post.

itwbennett writes: The US Federal Trade Commission has appointed Lorrie Faith Cranor as Chief Technologist. Cranor is the director of the Carnegie Mellon Usable Privacy and Security Laboratory and a member of the Electronic Frontier Foundation (EFF) Board of Directors. She was previously a researcher at AT&T Labs Research and has also taught at the Stern School of Business at New York University. She will succeed Ashkan Soltani at the FTC. "Cranor has authored over 150 research papers on online privacy and usable security, and has played a central role in establishing the usable privacy and security research community."

MojoKid writes: The Electronic Frontier Foundation (EFF) caused quite a stir this week when it alleged that Google is using its Chromebook platform, which has made a significant impact in education markets, to snoop on students. The charges were damning, with the EFF claiming that Google was violating its own corporate policies and using students' personally identifiable browsing data/habits to refine its services, in addition to sharing that data with partners. Obviously, Google would take such allegations seriously, and has thus responded to every claim brought forth by the EFF. "While we appreciate the EFF's focus on student data privacy, we are confident that our tools comply with both the law and our promises, including the Student Privacy Pledge..." said Jonathan Rochelle, the Director of Google Apps for Education. With respect to Google Apps for Education Core Services (GAFE), Rochelle asserts that all student data stored is "only used to provide the services themselves" and that student data isn't used for advertising purposes, nor are ads served to students. Rochelle also explains that personally identifiable data of students is removed, and only aggregated data of its millions of users is utilized to help improve its services.