itwbennett writes: Shari Steele, a 20-year veteran of the Electronic Frontier Foundation (EFF), has been hired as executive director of the Tor Project, the widely used anonymity tool that frequently comes up in debates over encryption and privacy. Steele, who started at EFF as a staff attorney, then legal director and eventually executive director, comes on board at a time when Tor has been embroiled in controversy. In November, the organization accused the FBI of paying Carnegie Mellon University $1 million for information on security issues that later facilitated arrests related to online drug markets.

Mike Godwin worked as the first staff counsel of the EFF and served as general counsel for the Wikimedia Foundation. He has been a contributing editor of Reason magazine and was elected to the Open Source Initiative board in 2011. Mike is probably best known however for coining the internet adage Godwin's Law. He is currently general counsel and director of innovation policy at the R Street Institute. Mike has given us some of his time to answer any questions you may have. As usual, ask as many as you'd like, but please, one question (and one comparison involving Nazis or Hitler) per post.

itwbennett writes: The US Federal Trade Commission has appointed Lorrie Faith Cranor as Chief Technologist. Cranor is the director of the Carnegie Mellon Usable Privacy and Security Laboratory and a member of the Electronic Frontier Foundation (EFF) Board of Directors. She was previously a researcher at AT&T Labs Research and has also taught at the Stern School of Business at New York University. She will succeed Ashkan Soltani at the FTC. "Cranor has authored over 150 research papers on online privacy and usable security, and has played a central role in establishing the usable privacy and security research community."

MojoKid writes: The Electronic Frontier Foundation (EFF) caused quite a stir this week when it alleged that Google is using its Chromebook platform, which has made a significant impact in education markets, to snoop on students. The charges were damning, with the EFF claiming that Google was violating its own corporate policies and using students' personally identifiable browsing data/habits to refine its services, in addition to sharing that data with partners. Obviously, Google would take such allegations seriously, and has thus responded to every claim brought forth by the EFF. "While we appreciate the EFF's focus on student data privacy, we are confident that our tools comply with both the law and our promises, including the Student Privacy Pledge..." said Jonathan Rochelle, the Director of Google Apps for Education. With respect to Google Apps for Education Core Services (GAFE), Rochelle asserts that all student data stored is "only used to provide the services themselves" and that student data isn't used for advertising purposes, nor are ads served to students. Rochelle also explains that personally identifiable data of students is removed, and only aggregated data of its millions of users is utilized to help improve its services.

Peter Eckersley writes: As of today, Let's Encrypt is in Public Beta. If you're comfortable running beta software that may have a few bugs and rough edges, you can use it to instantly obtain and install certificates for any HTTPS website or TLS service. You can find installation instructions here.

We all know (or know about) Richard M. Stallmann, founder of and vociferous spokesman for the Free Software Foundation. But the organization is far from a one-man band, and Donald Robertson, their copyright administrator (and wearer of several other hats as well) is the person to turn to when you want to get into the murky depths of copyright and patent law. He's also somewhat of an expert on the Trans Pacific Partnership (TPP), which the FSF says, '...has a number of truly dangerous provisions that harm software freedom."

What can you do to help stop this trade agreement that has gotten the FSF (and the EFF, among others) up in arms? Don answers that question in the video (and accompanying transcript for those who would rather read than watch). And any unanswered questions will probably be taken care of in a second video interview with Mr. Robertson that we plan to run in the next day or two.

itwbennett writes: In a complaint (PDF) filed Tuesday with the Federal Trade Commission, the Electronic Frontier Foundation (EFF) claims that "despite publicly promising not to, Google mines students' browsing data and other information, and uses it for the company's own purposes." The EFF says Google's practice of recording everything students do while they're logged into their Google accounts, regardless of the device or browser they're using, puts the company in breach of Section 5 of the Federal Communications Act.

An anonymous reader writes with this lead from Help Net Security's story on a topic we've touched on here many times: the broad powers arrogated by the Federal government in the form of National Security Letters: On Monday, after winning an eleven-year legal battle, Nicholas Merrill can finally tell the public how the FBI has secretly construed its authority to issue National Security Letters (NSLs) to permit collection of vast amounts of private information on US citizens without a search warrant or any showing of probable cause. The PATRIOT Act vastly expanded the domestic reach of the NSL program, which allows the FBI to compel disclosure of information from online companies and forbid recipients from disclosing they have received an NSL. The FBI has refused to detail publicly the kinds of private data it believes it can obtain with an NSL. A key sentence from the same story: "Merrill is now able to reveal that the FBI believes it can force online companies to turn over the following information simply by sending an NSL demanding it: an individual’s complete web browsing history; the IP addresses of everyone a person has corresponded with; and records of all online purchases." Reader Advocatus Diaboli adds this, from The Intercept: One of the most striking revelations, Merrill said during a press teleconference, was that the FBI was requesting detailed cell site location information — cellphone tracking records — under the heading of "radius log" information. Traditionally, radius log refers to a user's attempts to connect to a server or a DSL line — a sort of anachronism given the progress of technology. "The notion that the government can collect cellphone location information — to turn your cellphone into a tracking device, just by signing a letter — is extremely troubling," Merrill said.

SysKoll writes: The DMCA is well-known for giving exorbitant powers to copyright holders, such as taking down a page or a whole web site without a court order. Media companies buy services from vendors like Rightscorp, a shake-down outfit that issues thousands of robot-generated take-down notices and issues threats against ISPs and sites ignoring them. Cox, like a lot of ISPs, is inundated with abusive take-down notices, in particular from Rightscorp. Now, BMG Rights Management and Round Hill Music are suing Cox for refusing to shut off the Internet access of subscribers that Rightscorp accused of downloading music via BitTorrent. Cox argues that as an ISP, they benefit from the Safe Harbor provision that shields access providers from subscribers' misbehavior. Not so, says U.S. District Judge Liam O'Grady. The judge sided with the media companies ahead of trial, saying Cox should have terminated the repeat offenders accused by Rightscorp. Cox's response is quite entertaining for a legal document (PDF): its description of Rightscorp includes the terms "shady," "shake-down," and "pay no attention to the facts." O'Grady also derided the Electronic Frontier Foundation's attempt to file an amicus brief supporting Cox, calling them hysterical crybabies.

Mark Wilson writes: There are many problems with the censoring of online content, not least that it can limit free speech. But there is also the question of transparency. By the very nature of censorship, unless you have been kept in the loop you would simply not know that anything had been censored. This is something the Electronic Frontier Foundation wants to change, and today the digital rights organization launches Onlinecensorship.org to blow the lid off online censorship. The site, run by EFF and Visualizing Impact, aims to reveal the content that is censored on Facebook, Google+, Twitter, Instagram, Flickr, and YouTube — not just the 'what' but the 'why'. If you find yourself the subject of censorship, the site also explains how to lodge an appeal.

itwbennett writes: A now infamous photo [leaked by Edward Snowden] showed NSA employees around a box labeled Cisco during a so-called 'interdiction' operation, one of the spy agency's most productive programs,' writes Jeremy Kirk. 'Once that genie is out of the bottle, it's a hell of job to put it back in,' said Steve Durbin, managing director of the Information Security Forum in London. Yet that's just what Cisco is trying to do, and early next year, the company plans to open a facility in the Research Triangle Park in North Carolina where customers can test and inspect source code in a secure environment. But, considering that a Cisco router might have 30 million lines of code, proving a product hasn't been tampered with by spy agencies is like trying 'to prove the non-existence of god,' says Joe Skorupa, a networking and communications analyst with Gartner.

v3rgEz writes: EFF and MuckRock teamed up in August to reveal how state and local law enforcement agencies are using mobile biometric technology in the field by filing public records requests around the country. With the help of members of the public who nominated jurisdictions for investigation, we have now obtained thousands of pages of documents from more than 30 agencies. Here's how police around California are using iris scanners, fingerprint readers, and facial recognition to monitor civilians.

An anonymous reader writes: Mozilla today launched Firefox 42 for Windows, Mac, Linux, and Android. Notable additions to the browser include tracking protection, tab audio indicators, and background link opening on Android. The new private browsing mode goes further than just not saving your browsing history (read: porn sites) — the added tracking protection means Firefox also blocks website elements (ads, analytics trackers, and social share buttons) that could track you while you're surfing the web, and it works on all four platforms. The feature is almost like a built-in ad blocker, though it's really closer to browser add-ons like Ghostery and Privacy Badger because ads that don't track you are allowed through.

An anonymous reader writes: The Electronic Frontier Foundation and Public Knowledge have asked a federal appeals court to make big changes to the rules governing venue in patent cases. The two public interest groups are seeking to file an amicus brief (PDF) which attacks the Eastern District of Texas as being one of the "most notorious situations of forum shopping in recent history." This district has made quite a few appearances on Slashdot; this is one of my favorites.

Dangerous_Minds writes: Freezenet seems to be the first website to publish a full run-down of the final draft of the Intellectual Property chapter in the Trans-Pacific Partnership. The leak was published on Wikileaks earlier. The analysis seems to confirm what the EFF has said, saying that the chapter "confirms our worst fears about the agreement, and dashes the few hopes that we held out that its most onerous provisions wouldn't survive to the end of the negotiations." The analysis focuses mainly on copyright enforcement on the Internet and the impact the chapter would have on personal devices, VPN services, and ISPs. One noteworthy find by Freezenet is the inclusion of a "TPP Commission" which would decide when different countries are supposed to meet outside of the 10-year cycle, discussing "market circumstances" of "the development of new pharmaceutical products." What other roles the TPP Commission takes on is unclear given that it is not mentioned anywhere else in the chapter.

JustAnotherOldGuy writes: Adding DRM to JPEG files is being considered by the Joint Photographic Expert Group (JPEG), which oversees the JPEG format. The JPEG met in Brussels today to discuss adding DRM to its format, so there would be images that could force your computer to stop you from uploading pictures to Pinterest or social media. The EFF attended the group's meeting to tell JPEG committee members why that would be a bad idea. Their presentation(PDF) explains why cryptographers don't believe that DRM works, points out how DRM can infringe on the user's legal rights over a copyright work (such as fair use and quotation), and warns how it places security researchers at legal risk as well as making standardization more difficult. It doesn't even help to preserve the value of copyright works, since DRM-protected works and devices are less valued by users.

An anonymous reader writes: Wikileaks has released the finalized Intellectual Property text of the Trans-Pacific Partnership (TPP), which international negotiators agreed upon a few days ago. Unfortunately, it contains many of the consumer-hostile provisions that so many organizations spoke out against beforehand. This includes the extension of the copyright term to life plus 70 years, and a ban on the circumvention of DRM. The EFF says, "If you dig deeper, you'll notice that all of the provisions that recognize the rights of the public are non-binding, whereas almost everything that benefits rightsholders is binding. That paragraph on the public domain, for example, used to be much stronger in the first leaked draft, with specific obligations to identify, preserve and promote access to public domain material. All of that has now been lost in favor of a feeble, feel-good platitude that imposes no concrete obligations on the TPP parties whatsoever." The EFF walks us through all the other awful provisions as well — it's quite a lengthy analysis.

Mark Wilson writes: The Obama administration has announced it will not require companies to decrypt encrypted messages for law enforcement agencies. This is being hailed as a "partial victory" by the Electronic Frontier Foundation; partial because, as reported by the Washington Post, the government "will not — for now — call for [such] legislation." This means companies will not be forced to build backdoors into their products, but there is no guarantee it won't happen further down the line. The government wants to continue talks with the technology industry to find a solution, but leaving things in limbo for the time being will create a sense of unease on both sides of the debate. The EFF has also compiled a report showing where the major tech companies stand on encryption.

The EFF reports a spot of bright news from California: Governor Jerry Brown today signed into law the California Electronic Communications Privacy Act. CalECPA, says the organization, "protects Californians by requiring a warrant for digital records, including emails and texts, as well as a user's geographical location. These protections apply not only to your devices, but to online services that store your data. Only two other states have so far offered these protections: Maine and Utah." The ACLU provides a fact sheet (PDF) about what the bill entails, which says: SB 178 will ensure that, in most cases, the police must obtain a warrant from a judge before accessing a person's private information, including data from personal electronic devices, email, digital documents, text messages, and location information. The bill also includes thoughtful exceptions to ensure that law enforcement can continue to effectively and efficiently protect public safety in emergency situations. Notice and enforcement provisions in the bill provide proper transparency and judicial oversight to ensure that the law is followed.

Mark Wilson writes: Facebook has seen heavy criticism for its real names (or 'authentic identities' as they are known to the social network) policy. Over the last year, all manner of rights groups and advocates have tried to convince Facebook to allow users to drop their real name in favor of a pseudonym if they want. Now the Electronic Frontier Foundation is part of the 74-member strong Nameless Coalition and has written to Facebook demanding a rethink on the ground of safety, privacy, and equality. This is far from being the first time Facebook has been called on to allow the use of 'fake names', and the latest letter is signed by LGBT groups, freedom advocates, privacy supporters, and feminist organizations.