netbuzz writes "The Electronic Frontier Foundation nine months ago filed a Freedom of Information Act request to prompt the FAA to release the names of government agencies and private entities that have received permission to fly unmanned aircraft over our heads. Nine months later, the FAA has neither released the information nor explained why it hasn't. On Tuesday the EFF filed suit (PDF) to force the agency to do so. Says EFF staff attorney Jennifer Lynch: 'Drones give the government and other unmanned aircraft operators a powerful new surveillance tool to gather extensive and intrusive data on Americans' movements and activities. As the government begins to make policy decisions about the use of these aircraft, the public needs to know more about how and why these drones are being used to surveil United States citizens.'"

If you've ever tried to look up public records online, you may have run into byzantine sign-up procedures, proprietary formats, charges just to view what are ostensibly public documents, and generally the sense that you're in a snooty library with closed stacks. Carl Malamud of Public.Resource.Org has for years been forging a path through the grey goo of U.S. government data, helping to publicize the need for accessible digital archives — not just awkward, fee-per-page access. (Mother Jones calls him a "badass.") Malamud has (with help) been making it easier to get to the huge swathes of data in government sources like PACER, EDGAR, and the U.S. Patent Office. He's got a new initiative now to establish a "Federal Scanning Commission," the task of which would be to assess the scope and outcomes of a large-scale effort to actually digitize and make available online as much as practical of the vast holdings of the U.S. government. ("If we were able to put a man on the moon, why can't we launch the Library of Congress into cyberspace?") Ask Malamud below questions about his plans and challenges in disseminating public information. (But please, post unrelated questions separately, lest ye be modded down.)

sunbird writes "The Ninth Circuit yesterday issued two decisions in the Electronic Frontier Foundation's lawsuits against the National Security Agency (Jewel v. NSA) and the telecommunications companies (Hepting v. AT&T). EFF had argued in Hepting that the retroactive immunity passed by Congress was unconstitutional. The Ninth Circuit decision (PDF) upholds the immunity and the district court's dismissal of the case. Short of an appeal to the U.S. Supreme Court, this effectively ends the suit against the telecoms. In much better news, the same panel issued a decision (PDF) reversing the dismissal of the lawsuit against the N.S.A. and remanded the case back to the lower court for more proceedings. These cases have been previously discussed here."

MrSeb writes "At this point we have a fairly good idea of what Carrier IQ is, and which manufacturers and carriers see fit to install it on their phones, but the Electronic Frontier Foundation — the preeminent protector of your digital rights — has taken it one step further and reverse engineered some of the program's code to work out what's actually going on. There are three parts to a Carrier IQ installation on your phone: The program itself, which captures your keystrokes and other 'metrics'; a configuration file, which varies from handset to handset and carrier to carrier; and a database that stores your actions until it can be transmitted to the carrier. It turns out that that the config profiles are completely unencrypted, and thus very easy to crack."

A few weeks ago you asked security guru Moxie Marlinspike about all manner of security issues, being searched at the border, and how to come up with a good online name. He's graciously answered a number of your inquiries which you will find below.

New submitter realized writes "Yesterday Carrier IQ released a report (PDF) which tries to answer some questions about how their system operates. Also, after reports of the FBI using Carrier IQ data, the company responded by saying, 'Carrier IQ has never provided any data to the FBI. If approached by a law enforcement agency, we would refer them to the network operators.' Additionally, the EFF just released a report which says they believe keystroke data 'is in fact being inadvertently transmitted to some third parties,' but they would like to study carrier profiles to verify information." Reader Trailrunner7 adds that Carrier IQ's report indicates "under some limited circumstances its software will log the contents of SMS messages sent to a user's phone, but that that the contents of those messages would not be human readable. Instead, they would be in an encoded form that could not be decoded without special software and the carriers don't have access to the contents of the messages either. The company said it has worked on a fix for the bug, which affected devices running the embedded version of the Carrier IQ agent."

Diggester writes "Jailbreaking is a way to break off from the limitations imposed by the mobile vendor to download additional applications and themes etc. which aren't available otherwise. It provides root access to the device by use of custom kernels. It is common with the iDevices and has been rendered legal by the efforts of EFF (Electronic Frontier Foundation) in July 2010. The Electronic Frontier Foundation is now determined to make Jailbreaking legal for all the consumer electric goods. They have asked the US copyright office to declare it legal to jailbreak all the devices like smartphones, tablets, gaming consoles etc. no matter who the vendor is. The aim behind this plead is to change the Digital Millennium Copyright Act (DMCA) which prohibits such an access to the user."

First time accepted submitter Cmdrm writes with an article about Kaspersky Lab quitting the BSA over their (now lukewarm) support of SOPA. From the press release: "Kaspersky Lab would like to clarify that the company did not participate in the elaboration or discussion of the SOPA initiative and does not support it. Moreover, the company believes that the SOPA initiative might actually be counter-productive for the public interest, and decided to discontinue its membership in the BSA as of January 1, 2012.'"

alphadogg writes "A Cornell University professor is calling the controversial Carrier IQ smartphone software revelations a privacy disaster. 'This is my worst nightmare,' says Stephen Wicker, a professor of electrical and computer engineering at Cornell. 'As a professor who studies electronic security, this is everything that I have been working against for the last 10 years. It is an utterly appalling invasion of privacy with immense potential for manipulation and privacy theft that requires immediate federal intervention.'" Read on for a grab-bag of other news about the ongoing story of Carrier IQ's spyware.

jrepin writes "Global Chokepoints is an online resource created to document and monitor global proposals to turn Internet intermediaries into copyright police. These proposals harm Internet users' rights of privacy, due process and freedom of expression, and endanger the future of the free and open Internet. Our goal is to provide accurate empirical information to digital activists and policy makers, and help coordinate international opposition to attempts to cut off free expression through misguided copyright laws, policies, agreements and court cases. Scroll down to see a list of countries currently featured for threatening free expression through copyright censorship."

symbolset writes "Update from an earlier story here, where Carrier IQ was pursuing a security researcher for pointing out privacy issues in an application alleged to track and record the activities of smartphone users. The company has relented, and retracted their Cease and Desist letter. In their press release [PDF] they say: 'As of today, we are withdrawing our cease and desist letter to Mr. Trevor Eckhart. We have reached out to Mr. Eckhart and the Electronic Frontier Foundation (EFF) to apologize. Our action was misguided and we are deeply sorry for any concern or trouble that our letter may have caused Mr. Eckhart. We sincerely appreciate and respect EFF's work on his behalf, and share their commitment to protecting free speech in a rapidly changing technological world.' Notch another win for the Streisand effect."

phaedrus5001 sends this quote from a story at Wired: "A data-logging software company is seeking to squash an Android developer's critical research into its software that is secretly installed on millions of phones, but Trevor Eckhart is refusing to publicly apologize for his research and remove the company's training manuals from his website. Though the software is installed on millions of Android, Blackberry and Nokia phones, Carrier IQ was virtually unknown until the 25-year-old Eckhart analyzed its workings, recently revealing that the software secretly chronicles a user's phone experience, from its apps, battery life and texts. Some carriers prevent users who actually find the software from controlling what information is sent." The EFF is hosting PDFs of CarrierIQ's C&D letter, as well as their response on Eckhart's behalf.

TheNextCorner writes "Remember how the Stop Online Piracy Act would make streaming of copyrighted material a felony? Many of these lawmakers actually stream copyrighted videos on their websites." However, that's not the whole story. according to a followup at Ars Technica to the tweeted claims about streaming and SOPA. From which: "The Electronic Frontier Foundation tweeted the post, and it was re-tweeted more than 100 times. So are the sponsors of SOPA hypocrites? We're not fans of SOPA, so we'd love to have this story check out. But we're also a news site, so we contacted James Grimmelmann, a copyright scholar at New York Law School, (and judging from his tweets, not a SOPA supporter) to get his expert opinion."

Weezul writes "Today's House Judiciary Committee meeting on the Stop Online Piracy Act excluded any witnesses who advocate for civil rights. Google's Katherine Oyama was the only witness to object to the bill in a meaningful way. In particular, the AFL-CIO's Paul Almeida advocated for the internet blacklist, saying 'the First Amendment does not protect stealing goods off trucks.'"

Adrian Lopez writes "Techdirt reports that 'apparently, the folks behind SOPA are really scared to hear from the opposition. We all expected that the Judiciary Committee hearings wouldn't be a fair fight. In Congress, they rarely are fair fights. But most people expected the typical "three in favor, one against" weighted hearings. That's already childish, but it seems that the Judiciary Committee has decided to take the ridiculousness to new heights. We'd already mentioned last week that the Committee had rejected the request of NetCoalition to take part in the hearings. At the time, we'd heard that the hearings were going to be stacked four-to-one in favor of SOPA. However, the latest report coming out of the Committee is that they're so afraid to actually hear about the real opposition that they've lined up five pro-SOPA speakers and only one "against."' Demand Progress is running an online petition against such lopsided representation."

ideonexus writes "CNET has obtained a statement to be released by the Department of Justice tomorrow defending its broad interpretation of the Computer Fraud and Abuse Act (CFAA) that defines violations of 'authorized access' in information systems as including any act that violates a Web site's terms of service, while the White House is arguing for expanding the law even further. This would criminalize teenagers using Google for violating its ToS, which says you can't use its services if 'you are not of legal age to form a binding contract,' and turns multiple attempts to upload copyrighted videos to YouTube into 'a pattern of racketeering' according to a GWU professor and an attorney cited in the story."

hessian writes with this quote from the Electronic Frontier Foundation about the Stop Online Piracy Act: "Of course the word 'blacklist' does not appear in the bill's text — the folks who wrote it know Americans don't approve of blatant censorship. The early versions of PROTECT-IP, the Senate's counterpart to SOPA, did include an explicit Blacklist Provision, but this transparent attempt at extrajudicial censorship was so offensive that the Senate had to re-write that part of the bill. However, provisions that encourage unofficial blacklisting remained, and they are still alive and well in SOPA. First, the new law would allow the Attorney General to cut off sites from the Internet, essentially 'blacklisting' companies from doing business on the web. Under section 102, the Attorney General can seek a court order that would force search engines, DNS providers, servers, payment processors, and advertisers to stop doing business with allegedly infringing websites. Second, the bill encourages private corporations to create a literal target list—a process that is ripe for abuse."

Trailrunner7 writes "The EFF, through the use of its SSL Observatory, has taken a look at the data from certificate revocation lists for SSL certificates in recent months, and found that there were four separate CAs compromised in the last four months. The only widely known CA compromise since June is the attack on DigiNotar this summer that completely compromised that company's CA infrastructure and eventually led to it being shut down. All of the major browser vendors were forced to revoke their trust in the DigiNotar root certificates and the attacker who claimed credit for the attack said that he also had compromised several other CAs. There are apparently three other CAs that have discovered compromises since June, but have not made them public."

Hugh Pickens writes writes "Steve Green reports that newspaper copyright infringement lawsuit filer Righthaven of Las Vegas has been hit with an order to pay $119,488 in attorney's fees and costs in its failed lawsuit against former federal prosecutor Thomas DiBiase, who was sued over allegations he posted a story without authorization on a murder case by the Las Vegas Review-Journal. US District Judge Roger Hunt dismissed Righthaven's suit against DiBiase this summer because Righthaven lacked standing to sue him under its flawed lawsuit contract with R-J owner Stephens Media. The DiBiase case was noteworthy because his attorneys at the EFF said DiBiase's nonprofit website, 'No Body Murder Cases,' performed a public service by assisting law enforcement officials in bringing justice to crime victims — and that his post was protected by the fair use concept of copyright law. Case law created by the Righthaven lawsuits suggests DiBiase's use of the story would be protected by fair use as it was noncommercial and judges have found there can be no market harm to Righthaven for such uses since there is no market for copyrights Righthaven obtains for lawsuit purposes. Although this was by far the largest fee award against Righthaven, it will likely will be dwarfed by an upcoming award in Righthaven's failed suit against the Democratic Underground."

bs0d3 writes "After months of Google+ being unsuccessful at taking the edge over Facebook, Google announces a new plan. Google executive Vic Gundotra announced yesterday that they will be 'adding features that will "support other forms of identity,"' a major victory for security and privacy advocates. If Google+ gets rid of their 'real names' policy, they will finally be the social networking site that people will flock to when running away from Facebook." JWZ is a skeptic; he describes as "premature victory" (and much harsher things, too) any rejoicing in the announced policy change, writing in part "My guess? I'll bet they still require you to register with your 'real' name, but then they'll graciously allow you to have a linked nickname or two, meaning they're still fully prepared to roll over on you to authoritarian governments or advertisers at the drop of a hat."