Go to Stop the Secrecy.net and you'll see that this is something that requires action now, not someday, It's about the TPP, or Trans Pacific Partnership, a trade agreement that could place major restrictions on how we use the Internet. This is far from the only attack on Internet freedom we need to fight against, just one the EFF (and others) feel is one of the worst ones in play right now. Mild-mannered Steve Anderson, founder and Executive Director of OpenMedia.ca, is today's interview guest. He's Canadian, but OpenMedia.ca doesn't stop at Canada's southern border. Steve and the rest of the group want U.S. citizens to have the same Internet freedoms they want Canadians to have -- as well as people all over the world, because Internet balkanization hurts all Internet users. Including you. And worse, this is not the only problem with the TPP. Did you notice, in the TPP link above (to Wikipedia), that parts of this trade agreement are secret? So even if you want to protest against it, you might end up holding a sign that's mostly blank. This is a "Call your Congressional representatives" situation. Unless you're in Canada, in which case it's a "Call your Member of Parliament" situation. Ditto if you're in another TPP country. In any case, it's going to take a lot of calls, letters, emails, and faxes from people like us to overcome some of the heavy money that wants the TPP to go through. (Alternate video link.)

After being forced to turn over encryption keys (being held in contempt of court for several weeks after initially refusing to comply), secure mail provider Lavabit halted all operations last year. With the assistance of the EFF, an appeal was mounted. Today, the appeals court affirmed the district court decision and rejected the appeal. From Techdirt: "The ruling does a decent job explaining the history of the case, which also details some of the (many, many) procedural mistakes that Lavabit made along the way, which made it a lot less likely it would succeed here. ... The procedural oddities effectively preclude the court even bothering with the much bigger and important question of whether or not a basic pen register demand requires a company to give up its private keys. The hail mary attempt in the case was to argue that because the underlying issues are of 'immense public concern' (and they are) that the court should ignore the procedural mistakes. The court flatly rejects that notion: 'exhuming forfeited arguments when they involve matters of “public concern” would present practical difficulties. For one thing, identifying cases of a “public concern” and “non-public concern” –- divorced from any other consideration –- is a tricky task governed by no objective standards..... For another thing, if an issue is of public concern, that concern is likely more reason to avoid deciding it from a less-than-fully litigated record....'"

Advocatus Diaboli writes "The EFF has been investigating the FBI's Next-Generation Identification (NGI) scheme, an enormous database of biometric information. It's based on the agency's fingerprint database, which already has 100 million records. But according to the documents EFF dug up, the NGI database will include 52 million images of people's faces by 2015. At least 4.3 million images will have been taken outside any sort of criminal context. 'Currently, if you apply for any type of job that requires fingerprinting or a background check, your prints are sent to and stored by the FBI in its civil print database. However, the FBI has never before collected a photograph along with those prints. This is changing with NGI. Now an employer could require you to provide a 'mug shot' photo along with your fingerprints. If that's the case, then the FBI will store both your face print and your fingerprints along with your biographic data.'"

An anonymous reader links to this editorial at Ars Technica which argues that "As chief executive, Obama has the power to reform the NSA on his own with the stroke of a pen. By not putting this initiative into an executive order, he punted to Congress on an issue that affects the civil liberties of most anybody who picks up a phone. Every day Congress waits on the issue is another day Americans' calling records are being collected by the government without suspicion that any crime was committed. 'He does not need congressional approval for this,' said Mark Jaycoxx, an Electronic Frontier Foundation staff attorney."

First time accepted submitter tor528 (896250) writes "Patent troll Personal Audio has sued top podcasters including Adam Carolla and HowStuffWorks, claiming that they own the patent for delivery of episodic content over the Internet. Adam Carolla is fighting back and has started a Fund Anything campaign to cover legal fees. From the Fund Anything campaign page: 'If Adam Carolla loses this battle, then every other Podcast will be quickly shut down. Why? Because Patent Trolls like Personal Audio would use a victory over Carolla as leverage to extort money from every other Podcast.. As you probably know, Podcasts are inherently small, owner-operated businesses that do not have the financial resources to fight off this type of an assault. Therefore, Podcasts as we know them today would cease to exist.' James Logan of Personal Audio answered Slashdotters' questions in June 2013. Links to the patent in question can be found on Personal Audio's website. The EFF filed a challenge against Personal Audio's podcasting patent in October 2013."

An anonymous reader writes with a link to an article by the EFF's Jennifer Lynch, carried by Gizmodo, which reports that the L.A. Police Department and L.A. Sheriff's Department "took a novel approach in the briefs they filed in EFF and the ACLU of Southern California's California Public Records Act lawsuit seeking a week's worth of Automatic License Plate Reader (ALPR) data. They have argued that 'All [license plate] data is investigatory.' The fact that it may never be associated with a specific crime doesn't matter. This argument is completely counter to our criminal justice system, in which we assume law enforcement will not conduct an investigation unless there are some indicia of criminal activity. In fact, the Fourth Amendment was added to the U.S. Constitution exactly to prevent law enforcement from conducting mass, suspicionless investigations under "general warrants" that targeted no specific person or place and never expired.

ALPR systems operate in just this way. The cameras are not triggered by any suspicion of criminal wrongdoing; instead, they automatically and indiscriminately photograph all license plates (and cars) that come into view. ... Taken to an extreme, the agencies' arguments would allow law enforcement to conduct around-the-clock surveillance on every aspect of our lives and store those records indefinitely on the off-chance they may aid in solving a crime at some previously undetermined date in the future. If the court accepts their arguments, the agencies would then be able to hide all this data from the public."

Daniel_Stuckey writes "Last March, weev, the notorious internet troll who seems to be equally celebrated and reviled, was convicted of accessing a computer without authorization and identity fraud, and sentenced to serve 41 months in prison.'He had to decrypt and decode, and do all of these things I don't even understand,' Assistant US Attorney Glenn Moramarco argued. Here, on a Wednesday morning in Philadelphia, before a packed courtroom, the federal prosecution argued that a hacker should spend three and a half years in prison for committing a crime it couldn't fully comprehend. Previously, Orin Kerr, a law professor at George Washington University and weev's defense attorney, had argued first and foremost that there was no criminal hacking to speak of. According to Kerr, what weev and Daniel Spitler (who pleaded guilty to avoid jail time) had done while working as an outfit called Goatse Security was entirely legal, even though it embarrassed public officials and some of the country's biggest corporations."

An anonymous reader writes in with news about Russias censorship of internet sites critical of President Vladimir Putin. "Russia blocked access to the internet sites of prominent Kremlin foes Alexei Navalny and Garry Kasparov on Thursday under a new law critics say is designed to silence dissent in President Vladimir Putin's third term. The prosecutor general's office ordered Russian internet providers to block Navalny's blog, chess champion and Putin critic Kasparov's internet newspaper and two other sites, grani.ru and ej.ru, state regulator Roskomnadzor said. The move was the latest evidence of what government opponents see as a crackdown on independent media and particularly the internet, a platform for dissenting views in a nation where state channels dominate the airwaves. Ej.ru editor Alexander Ryklin called it 'monstrous' and a 'direct violation of all the principles of freedom of speech,' More at EFF, and in earlier stories at the The Huffington Post, and Deutsche Welle, which notes, 'This year's report by Reporters Without Borders on World Day against Cyber Censorship condemns Russia as one of the "Enemies of the Internet." "Russia has adopted dangerous legislation governing the flow of news and information and freedom of expression online," it concludes.'"

In a followup to our story yesterday, Bismillah writes "It seems US prosecutors agree that just publishing a link doesn't amount to transmitting actual files. Brown is not out of the legal woods yet though, and still faces further charges. The EFF released this statement about the decision: 'We are relieved that federal prosecutors have decided to drop these charges against Barrett Brown. In prosecuting Brown, the government sought to criminalize a routine practice of journalism—linking to external sources—which is a textbook violation of free speech protected by the First Amendment. Although this motion is good news for Brown, the unnecessary and unwarranted prosecution has already done much damage; not only has it harmed Brown, the prosecution—and the threat of prosecution it raised for all journalists—has chilled speech on the Internet. We hope that this dismissal of charges indicates a change in the Department of Justice priorities. If not, we will be ready to step in and defend free speech.'"

sandbagger writes in with a story about U.S. and British government interest and involvement with journalists visiting the Wikileaks website. "The Intercept recently published an article and supporting documents indicating that the NSA and its British counterpart GCHQ surveilled and even sought to have other countries prosecute the investigative journalism website WikiLeaks. GCHQ also surveilled the millions of people who merely read the WikiLeaks website. The article clarifies the lengths that these two spy organizations go to track their targets and confirms, once again, that they do not confine themselves to spying on to those accused of terrorism. One document contains a summary of an internal discussion in which officials from two NSA offices discuss whether to categorize WikiLeaks as a "malicious foreign actor" for surveillance targeting purposes. This would be an important categorization because agents have significantly more authority to engage in surveillance of malicious foreign actors."

This site's "Your Rights Online" section, sadly, has never suffered for material. The revelations we've seen over the last year-and-change, though, of widespread spying on U.S. citizens, government spying in the E.U. on international conferences, the UK's use of malware against citizens, and the use of modern technology to oppress government protesters in the middle east and elsewhere shows how persistent it is. It's been a banner year on that front, and the banner says "You are being spied on, online and off." A broad coalition of organizations is calling today "The Day We Fight Back" against the growing culture of heads-they-win, tails-you-lose surveillance, but all involved know this is not a one-day struggle. (Read more, below.)

Peter Eckersley writes "Over at EFF, we just released a version of our HTTPS Everywhere extension for Firefox for Android. HTTPS Everywhere upgrades your insecure web requests to HTTPS on many thousands of sites, and this means that Firefox on Android with HTTPS Everywhere is now by far the most secure browser against dragnet surveillance attacks like those performed by the NSA, GCHQ, and other intelligence agencies. Android users should install the Firefox app and then add HTTPS Everywhere to it. iPhone and iPad users will unfortunately have to switch to Android to get this level of security because Apple has locked Mozilla Firefox out of their platforms."

An anonymous reader points out this recently published study (PDF) on detecting malicious (or at least suspicious) Tor exit relays. From their conclusions: "After developing a scanner, we closely monitored all ~1000 exit relays over a period of four months. Wed discovered 25 relays which were either outright malicious or simply misconfigured. Interestingly, the majority of the attacks were coordinated instead of being isolated actions of independent individuals. Our results further suggest that the attackers made an active effort to remain under the radar and delay detection." One of the authors, Philipp Winter, wrote a followup blog post to help clarify what the paper's findings mean for Tor users, including this clarification: "First, it's important to understand that 25 relays in four months isn't a lot. It is ultimately a very small fraction of the Tor network. Also, it doesn't mean that 25 out of 1,000 relays are malicious or misconfigured (we weren't very clear on that in the paper). We have yet to calculate the churn rate of exit relays which is the rate at which relays join and leave the network. 1,000 is really just the approximate number of exit relays at any given point in time. So the actual number of exit relays we ended up testing in four months is certainly higher than that. As a user, that means that you will not see many malicious relays 'in the wild."

greatgreygreengreasy writes "In 2005, then-governor of North Dakota John Hoeven signed into law a bill 'ensuring drivers' ownership of their EDR (Electronic Data Recorder) data.' Now a U.S. senator, Hoeven (R-ND) has teamed up with Amy Klobuchar, D-MN, to introduce similar legislation at the Federal level. 'Under this legislation, EDR data could only be retrieved [for specific reasons].' The EFF has expressed concern in the past over the so-called black boxes and their privacy implications. This legislation, however, would not address the recent revelations by a Ford executive on their access to data, since in those cases, 'The vehicle owner or lessee consents to the data retrieval.' The bill has gained the support of about 20 senators so far."

A few days ago, we mentioned that the UK's ISP-level censorware software not only does a poor job of its stated job (blocking porn), but blocks at least some sex education sites, too; now, reader badger.foo writes to say that's not all: "It fell to the UK Tories to actually implement the Nanny State. Too bad Nanny Tory does not want kinds to read up on tech web sites such as slashdot.org, or civil liberties ones such as the EFF or Amnesty International. Read on for a small sample of what the filter blocks, from a blocked-by-default tech writer."

hypnosec writes "Evad3rs, the famous iOS jailbreak team, has announced an iOS 7 jailbreak that will work in all iDevices including iPhone 5S, iPhone 5C and iPad Air running iOS 7.0 through to iOS 7.0.4. The iOS 7 jailbreak was announced without much of a hype, unlike the one for iOS 6. 'Merry Christmas! The iOS 7 jailbreak has been released at http://evasi0n.com/! All donations will go to @publicknowledge, @eff and @ffii,' tweeted evad3rs." Reader FrogBlastTheVentCore adds a note of caution: "They recommend restoring your device to iOS 7.0.4 if it has received OTA updates before attempting to jailbreak."

An anonymous reader writes "Peter Eckersley at the EFF reports that the 'App Ops' privacy feature added to Android in 4.3 has been removed as of 4.4.2. The feature allowed users to easily manage the permission settings for installed apps. Thus, users could enjoy the features of whatever app they liked, while preventing the app from, for example, reporting location data. Eckersley writes, 'When asked for comment, Google told us that the feature had only ever been released by accident — that it was experimental, and that it could break some of the apps policed by it. We are suspicious of this explanation, and do not think that it in any way justifies removing the feature rather than improving it.1 The disappearance of App Ops is alarming news for Android users. The fact that they cannot turn off app permissions is a Stygian hole in the Android security model, and a billion people's data is being sucked through. Embarrassingly, it is also one that Apple managed to fix in iOS years ago.'"

New submitter chrylis writes "SCOTUSblog is reporting that the U.S. Supreme Court has accepted an appeal in Alice v. CLS Bank, a case in which the Federal Circuit ruled haphazardly that the particular patents in question were invalid but did not address the issue of software patents generally. 'The case will provide a new test of the Patent Act’s most basic provision — Section 101, which broadly outlines what kinds of inventions are patentable. One of the long-standing exceptions to the types of inventions mentioned in that section is that an abstract idea can never be patented. That issue arises frequently these days, especially with rapidly developing technology in computer software. The EFF wrote a summary of the issues in the case when it was before the Federal Circuit this spring. The case files are also available."

snydeq writes "The U.S. House of Representatives has passed the Innovation Act, dealing trolls a severe blow despite opposition from universities looking to protect patents, InfoWorld's Simon Phipps reports. The act cleared the House of Representatives with an overwhelming majority of 325 to 91 despite opposition from the organizations most likely to feed new patents to the trolls. 'So bravo to the Innovation Act. It's far from perfect, as the EFF documents and as I commented before the holiday. But it's a step in the right direction, and the tidal surge of support it's seeing suggests legislators' appetite for proper patent reform is finally growing strong enough for them to contemplate substantial change.'"

Fnord666 writes with this excerpt from Tech Crunch "Twitter has enabled Perfect Forward Secrecy across its mobile site, website and API feeds in order to protect against future cracking of the service's encryption. The PFS method ensures that, if the encryption key Twitter uses is cracked in the future, all of the past data transported through the network does not become an open book right away. 'If an adversary is currently recording all Twitter users' encrypted traffic, and they later crack or steal Twitter's private keys, they should not be able to use those keys to decrypt the recorded traffic,' says Twitter's Jacob Hoffman-Andrews. 'As the Electronic Frontier Foundation points out, this type of protection is increasingly important on today's Internet.'" Of course, they are also using Elliptic Curve ciphers.