An anonymous reader sends this report from TechDirt: As you know, last year the Supreme Court made a very important ruling in the Alice v. CLS Bank case, in which it basically said that merely doing something on a general purpose computer didn't automatically make it patentable. ... However, the USPTO apparently was offended at parts of the EFF's comment submission, claiming that it was an "improper protest." Protest or not, the EFF denies in strong terms that the original comments were improper.

An anonymous reader writes: The Digital Millennium Copyright Act contains anti-circumvention prohibitions that affect everything from music files to cell phones. The EFF noticed that it could apply to cars as well, so they asked for an exemption to be put in place so car owners would be free to inspect and modify the code running on their vehicles. It turns out U.S. automakers don't agree — they filed opposition comments through trade associations. "They say you shouldn't be allowed to repair your own car because you might not do it right. They say you shouldn't be allowed to modify the code in your car because you might defraud a used car purchaser by changing the mileage. They say no one should be allowed to even look at the code without the manufacturer's permission because letting the public learn how cars work could help malicious hackers, "third-party software developers" (the horror!), and competitors. John Deere even argued that letting people modify car computer systems will result in them pirating music through the on-board entertainment system, which would be one of the more convoluted ways to copy media (and the exemption process doesn't authorize copyright infringement, anyway)."

itwbennett writes The attack against GitHub was enabled by someone tampering with regular website traffic to unrelated Chinese websites, all of which used a JavaScript analytics and advertising related tool from Baidu. Somewhere on China's network perimeter, that analytics code was swapped out for code that transparently sent data traffic to GitHub. The reason GitHub's adversaries were able to swap out the code is because many of the Chinese websites weren't encrypting their traffic.

angry tapir writes: It's not clear if the U.S. government is living up to its promise to disclose serious software flaws to technology companies, a policy it put in place five years ago, according to the Electronic Frontier Foundation. They write, "ODNI has now finished releasing documents in response to our suit, and the results are surprisingly meager. Among the handful of heavily redacted documents is a one-page list of VEP 'Highlights' from 2010. It briefly describes the history of the interagency working group that led to the development of the VEP and notes that the VEP established an office called the 'Executive Secretariat' within the NSA. The only other highlight left unredacted explains that the VEP 'creates a process for notification, decision-making, and appeals.' And that's it. This document, which is almost five years old, is the most recent one released. So where are the documents supporting the 'reinvigorated' VEP 2.0 described by the White House in 2014?"

jones_supa writes As is the search engine company's annual habit, DuckDuckGo has chosen to advance four open source projects by donating to them. The primary focus this year was to support FOSS projects that bring privacy tools to anyone who needs them. $25,000 goes to The Freedom of the Press Foundation to support SecureDrop, which is a whistleblower submission used to securely accept documents from anonymous sources. The Electronic Frontier Foundation was given $25,000 to support PrivacyBadger, which is a browser add-on that stops advertisers and other third-party trackers from secretly tracking your surfing habits. Another $25,000 arrives at GPGTools to support GPG Suite, which is a software package for OS X that encrypts files or messages. Finally, $25,000 was donated to Riseup to support Tails, which is a live operating system that aims at preserving your privacy and anonymity.

An anonymous reader writes On Monday, the U.S. Supreme Court refused to review a case involving the conviction of a man based solely on the analysis of his "inadvertently shed" DNA. The Electronic Frontier Foundation (EFF) argues that this tacit approval of the government's practice of collecting anyone's DNA anywhere without a warrant will lead to a future in which people's DNA are "entered into and checked against DNA databases and used to conduct pervasive surveillance."

snydeq writes Strong legislation that will weaken the ability of the trolls to shake down innovators is likely to pass Congress, but more should be done, writes InfoWorld's Bill Snyder. "The Innovation Act isn't an ideal fix for the program patent system. But provisions in the proposed law, like one that will make trolls pay legal costs if their claims are rejected, will remove a good deal of the risk that smaller companies face when they decide to resist a spurious lawsuit," Snyder writes. That said, "You'd have to be wildly optimistic to think that software patents will be abolished. Although the EFF's proposals call for the idea to be studied, [EFF attorney Daniel] Nazer doesn't expect it to happen; he instead advocates several reforms not contained in the Innovation Act."

An anonymous reader writes: The Electronic Frontier Foundation went through a recent leak of the secretive Trans-Pacific Partnership agreement, an international treaty in development that (among other things) would impose new intellectual property laws on much of the developed world. The EFF highlights one section in particular, which focuses on the punishments for copyright infringement. The document doesn't set specific sentences, but it actively encourages high monetary penalties and jail terms. Its authors reason that these penalties will be a deterrent to future infringement. "The TPP's copyright provisions even require countries to enable judges to unilaterally order the seizure, destruction, or forfeiture of anything that can be 'traceable to infringing activity,' has been used in the 'creation of pirated copyright goods,' or is 'documentary evidence relevant to the alleged offense.' Under such obligations, law enforcement could become ever more empowered to seize laptops, servers, or even domain names."

According to the EFF's Deep LInks, Through a request under South Carolina’s Freedom of Information Act, EFF found that, over the last three years, prison officials have brought more than 400 hundred disciplinary cases for "social networking" — almost always for using Facebook. The offenses come with heavy penalties, such as years in solitary confinement and deprivation of virtually all privileges, including visitation and telephone access. In 16 cases, inmates were sentenced to more than a decade in what’s called disciplinary detention, with at least one inmate receiving more than 37 years in isolation. ... The sentences are so long because SCDC issues a separate Level 1 violation for each day that an inmate accesses a social network. An inmate who posts five status updates over five days, would receive five separate Level 1 violations, while an inmate who posted 100 updates in one day would receive only one. In other words, if a South Carolina inmate caused a riot, took three hostages, murdered them, stole their clothes, and then escaped, he could still wind up with fewer Level 1 offenses than an inmate who updated Facebook every day for two weeks.

An anonymous reader writes: Games that rely on remote servers became the norm many years ago, and as those games age, it's becoming more and more common for the publisher to shut them down when they're no longer popular. This is a huge problem for the remaining fans of the games, and the Digital Millennium Copyright Act forbids the kind of hacks and DRM circumvention required for the players to host their own servers. Fortunately, the EFF and law student Kendra Albert are on the case. They've asked the Copyright Office for an exemption in the case of players who want to keep abandoned games alive. It's another important step in efforts to whittle away at overreaching copyright laws.

An anonymous reader writes with news about what might be the largest Freedom of Information Act fee yet. "The EFF recently kicked off a contest for the 'most outrageous response to a Freedom of Information Act request' and we already have a frontrunner for the first inaugural 'Foilie.' MuckRock's loose confederation of FOIA rabblerousers has been hit with a $1.4 million price tag for John Dyer's request for documents related to the 'localization and capture' of Mexican drug lord 'El Chapo.'"

Trailrunner7 writes: In the years since Edward Snowden began putting much of the NSA's business in the street, including its reliance on the secret FISA court and National security Letters, warrant canaries have emerged as a key method for ISPs, telecoms, and other technology providers to let the public know whether they have received any secret orders. But keeping track of the various canaries scattered around the Web is difficult, so a group of legal and civil liberties organizations have come together to launch a new site to monitor the known warrant canaries.

The Canary Watch site is the work of the EFF, the Berkman Center for Internet and Society, and NYU's Technology Law and Policy Center and it works on a simple concept. The site maintains a list of all of the known warrant canaries and periodically checks each organization's site to see whether the canary is still there and then lists any changes to the status. Right now, Canary Watch lists 11 organizations, including Lookout, Pinterest, Reddit, and Tumblr.

"Canarywatch lists the warrant canaries we know about, tracks changes or disappearances of those canaries, and allows users to submit canaries not listed on the site. For people with interest in a particular canary, the site will show any changes we know about," Nadia Kayyali of the EFF said in a blog post.

itwbennett writes: The Federal Aviation Administration has issued eight more commercial drone licenses, the latest approvals for several hundred applications it has received. The newest licenses went to companies planning to use drones for video and TV production, aerial photography and surveying and inspecting flare stacks in the oil, natural gas and petro-chemical industry. Other readers sent in followups to last week's stories about an enthusiast's drone that crashed onto the White House grounds, and the subsequent firmware update from the drone's manufacturer to enforce a no-fly zone in that area. The EFF argues that this is a shortsighted solution and only serves to highlight how the concept of ownership is increasingly being pulled out of users' hands. Meanwhile, such "no-fly zone" updates give rise to a host of liability issues for manufacturers and enthusiasts alike.

An anonymous reader writes: The Electronic Frontier Foundation has published a detailed, global strategy for ridding ourselves of mass surveillance. They stress that this must be an international effort — while citizens of many countries can vote against politicians who support surveillance, there are also many countries where the citizens have to resort to other methods. The central part of the EFF's plan is: encryption, encryption, encryption. They say we need to build new secure communications tools, pressure existing tech companies to make their products secure against everyone, and get ordinary internet-goers to recognize that encryption is a fundamental part of communication in the surveillance age.

They also advocate fighting for transparency and against overreach on a national level. "[T]he more people worldwide understand the threat and the more they understand how to protect themselves—and just as importantly, what they should expect in the way of support from companies and governments—the more we can agitate for the changes we need online to fend off the dragnet collection of data." The EFF references a document created to apply the principles of human rights to communications surveillance, which they say are "our way of making sure that the global norm for human rights in the context of communication surveillance isn't the warped viewpoint of NSA and its four closest allies, but that of 50 years of human rights standards showing mass surveillance to be unnecessary and disproportionate."

An anonymous reader tips an Associated Press report saying that Healthcare.gov is sending users' personal data to private companies. The information involved is typical ad-related analytic data: "...it can include age, income, ZIP code, whether a person smokes, and if a person is pregnant. It can include a computer's Internet address, which can identify a person's name or address when combined with other information collected by sophisticated online marketing or advertising firms." The Electronic Frontier Foundation confirmed the report, saying that data is being sent from Healthcare.gov to at least 14 third-party domains.

The EFF says, "Sending such personal information raises significant privacy concerns. A company like Doubleclick, for example, could match up the personal data provided by healthcare.gov with an already extensive trove of information about what you read online and what your buying preferences are to create an extremely detailed profile of exactly who you are and what your interests are. It could do all this based on a tracking cookie that it sets which would be the same across any site you visit. Based on this data, Doubleclick could start showing you smoking ads or infer your risk of cancer based on where you live, how old you are and your status as a smoker. Doubleclick might start to show you ads related to pregnancy, which could have embarrassing and potentially dangerous consequences such as when Target notified a woman's family that she was pregnant before she even told them. "

Gamoid writes: The Electronic Frontier Foundation has identified online harassment as a major challenge facing free speech on the Internet, and lays out its plan to fix it. They say, "Online harassment is a digital rights issue. At its worst, it causes real and lasting harms to its targets, a fact that must be central to any discussion of harassment. Unfortunately, it's not easy to craft laws or policies that will address those harms without inviting government or corporate censorship and invasions of privacy—including the privacy and free speech of targets of harassment. ... Just because the law sometimes allows a person to be a jerk (or worse) doesn’t mean that others in the community are required to be silent or to just stand by and let people be harassed. We can and should stand up against harassment. Doing so is not censorship—it’s being part of the fight for an inclusive and speech-supporting Internet."

schwit1 writes The EFF launched a new app that will make it easier for people to take action on digital rights issues using their phone. The app allows folks to connect to their action center quickly and easily, using a variety of mobile devices. Sadly, though, they had to leave out Apple devices and the folks who use them. Why? Because they could not agree to the terms in Apple's Developer Agreement and Apple's DRM requirements.

An anonymous reader writes with this news from the EFF's Deep Links: The public got an early holiday gift today when a federal court agreed with us that six weeks of continually video recording the front yard of someone's home without a search warrant violates the Fourth Amendment. In United States v. Vargas local police in rural Washington suspected Vargas of drug trafficking. In April 2013, police installed a camera on top of a utility pole overlooking his home. Even though police did not have a warrant, they nonetheless pointed the camera at his front door and driveway and began watching every day. A month later, police observed Vargas shoot some beer bottles with a gun and because Vargas was an undocumented immigrant, they had probable cause to believe he was illegally possessing a firearm. They used the video surveillance to obtain a warrant to search his home, which uncovered drugs and guns, leading to a federal indictment against Vargas.

Peter Eckersley writes: Today EFF, Mozilla, Cisco, and Akamai announced a forthcoming project called Let's Encrypt. Let's Encrypt will be a certificate authority that issues free certificates to any website, using automated protocols (demo video here). Launching in summer 2015, we believe this will be the missing piece that deprecates the woefully insecure HTTP protocol in favor of HTTPS.

New submitter riskkeyesq writes with a link to a blog post from Dane Jasper, CEO of Sonic.net, about what Jasper sees as the deepest problem in the U.S. broadband market and the Internet in general: "There are a number of threats to the Internet as a system for innovation, commerce and education today. They include net neutrality, the price of Internet access in America, performance, rural availability and privacy. But none of these are the root issue, they're just symptoms. The root cause of all of these symptoms is a disease: a lack of competition for consumer Internet access." Soft landings for former legislators, lobbyists disguised as regulators, hundreds of thousands of miles of fiber sitting unused, the sham that is the internet provider free market is keeping the US in a telecommunications third-world. What, exactly, can American citizens do about it? One upshot, in Jasper's opinion (hardly disinterested, is his role at CEO at an ISP that draws praise from the EFF for its privacy policies) is this: "Today’s FCC should return to the roots of the Telecom Act, and reinforce the unbundling requirements, assuring that they are again technology neutral. This will create an investment ladder to facilities for competitive carriers, opening access to build out and serve areas that are beyond our reach today."