In our 706th issue:
HP released a deceptive security update that reconfigured thousands of printers to accept only HP’s ink cartridges rather than third-party or recycled ones. Over 10,000 of you joined EFF in calling on HP to make amends for its self-destructing printers—and we got HP’s attention. HP responded on its blog, recognizing the mistake and saying it will issue an optional firmware update to roll back the changes it had made.
We’re very glad to see HP making this step. But a number of questions remain. We want to see HP promise to never again use a security update to take away features, and to commit to not attacking security researchers who disclose vulnerabilities in its printers. HP must also be more transparent about how many printers were affected by this update, and tell us how they will communicate the optional patch to all customers. Join us in demanding that HP say "no" to DRM.
Do you get creeped out when an ad eerily related to your recent Internet activity seems to follow you around the web? Do you ever wonder why you sometimes see a green lock with “https” in your address bar, and other times just plain “http”? EFF’s team of technologists and computer scientists can help with tools like Privacy Badger, Panopticlick, HTTPS Everywhere, Certbot, and Surveillance Self-Defense.
EFF Updates
Google’s Allo Sends The Wrong Message About Encryption
When Google announced its new Allo messaging app, we were initially pleased to see the company responding to long-standing consumer demand for user-friendly, secure messaging. Unfortunately, it now seems that Google's response may cause more harm than good. While Allo does expose more users to end-to-end encrypted messaging, this potential benefit is outweighed by the cost of Allo’s mixed signals about what secure messaging is and how it works.
Oversight Transition Isn't Giving Away the Internet, But Won't Fix ICANN's Problems
Oversight over the performance of ICANN's IANA functions has passed from the National Telecommunications and Information Administration to ICANN's global multi-stakeholder community. Despite several weeks of heated discussion within the United States, we haven’t commented much on this transition. That’s because there has not been much to say: little has changed with the transition, and that includes the continuing threats to free expression and privacy that sometimes emerge within the domain name system.
Fair Processes, Better Outcomes
What can we do when threats to digital rights aren’t the result of a law or an individual company’s practices, but the result of a private industry agreement? Unlike laws, such agreements aren’t developed with public input or accountability. We call these invisible arrangements Shadow Regulation. EFF is proposing a set of criteria focused on inclusion, balance, and accountability to set a positive agenda for how such such agreements could be done better.
Stupid Design Patent of the Month: Rectangles on a Screen
This month’s stupid patent shows just how broken the current system of design patents is. U.S. Patent D767,583 is a patent on a design for a “display screen portion with graphical user interface.” The only thing claimed in this design patent are three rectangles at the top of a display screen and a square beneath them. This patent is both remarkably trivial and remarkably easy to be accused of infringing.
Victory! Gov. Brown Signs Bill to Overhaul California's Broken Gang Databases
Over the last few weeks, a broad coalition of civil liberties and social justice organizations rained down letters, tweets, and op-eds on Gov. Jerry Brown, urging him to sign A.B. 2298, a bill to begin the process of overhauling the state's CalGang gang affiliation database. Last week, it all paid off.
Why the Warrant to Hack in the Playpen Case Was an Unconstitutional General Warrant
Should the government be able to get a warrant to search a potentially unlimited number of computers belonging to unknown people located anywhere in the world? That’s the question posed by the Playpen case, involving the FBI’s use of malware against over 1000 visitors to a site hosting child pornography. The prosecutions resulting from this mass hacking operation are unprecedented in many ways, but the scope of the single warrant that purportedly authorized the FBI’s actions represents perhaps the biggest departure from traditional criminal procedure.
Facial Recognition, Differential Privacy, and Trade-Offs in Apple's Latest OS Releases
With new machine learning features in its latest phone and desktop operating system releases, Apple is exploring ways to provide cloud-based services and collect related user data with more regard for privacy. Two of these features—on-device facial recognition and differential privacy—deserve a closer look from a privacy perspective. While we applaud these steps, it’s hard to know how effective they are without more information from Apple about their implementation and methods.
Record Labels Make New Grab For Website-Blocking Power in YouTube-MP3 Suit
Major record labels are once again asking a court to give them power over the Internet’s basic infrastructure. This is the very power that Congress has refused to give them, and the very power they have proven unable and unwilling to use responsibly. This time, their alleged target is the website Youtube-MP3.org, a site that extracts the audio tracks from YouTube videos and allows users to download them.
NSA’s Failure to Report Shadow Broker Vulnerabilities Underscores Need for Oversight
An entity calling itself the “Shadow Brokers” took the security world by surprise this summer by publishing what appears to be a portion of the NSA’s hacking toolset. Government investigators now believe that the Shadow Brokers stole the cache of powerful NSA network exploitation tools when they were accidentally left on a computer located outside of the NSA’s network.
A Digital Rumor Should Never Lead to a Police Raid
If police raided a home based only on an anonymous phone call claiming residents broke the law, it would be clearly unconstitutional. Yet EFF has found that police and courts are regularly conducting and approving raids based on the similar type of unreliable digital evidence: Internet Protocol address information.
BaycloudSystems Joins EFF's Do Not Track Coalition
Baycloud Systems is the latest company to join the EFF's Do Not Track coalition, which opposes the tracking of users without their consent. Baycloud designs systems to help companies and users monitor and manage tracking cookies. Based in the UK, it provides thousands of sites across Europe with tools for compliance with European Union data protection laws.
miniLinks
Police surveillance: The US city that beat Big Brother
Grassroots activists in Oakland, CA took action against proposed police surveillance. The BBC reports.
How an Old Hacking Law Hampers the Fight Against Online Discrimination
The New Yorker on how the outdated Computer Fraud & Abuse Act impedes online discrimination research.
Librarians Stand Again Against FBI Overreach
“The Connecticut Four,” a group of librarians who challenged National Security Letters in 2005, explain why the Senate should not expand those powers now.
Supported by Donors
Our members make it possible for EFF to bring legal and technological expertise into crucial battles about online rights. Whether defending free speech online or challenging unconstitutional surveillance, your participation makes a difference. Every donation gives technology users who value freedom online a stronger voice and more formidable advocate.
If you aren't already, please consider becoming an EFF member today.
Donate Today
Administrivia
Editor: Gennie Gebhart, Researcher
editor@eff.org
EFFector is a publication of the Electronic Frontier Foundation.
eff.org
Membership & donation queries: membership@eff.org
General EFF, legal, policy, or online resources queries: info@eff.org
Reproduction of this publication in electronic media is encouraged. MiniLinks do not necessarily represent the views of EFF.
Back issues of EFFector
This newsletter is printed from 100% recycled electrons.
EFF appreciates your support and respects your privacy. Privacy Policy.
Unsubscribe or change your email preferences, or opt out of all EFF email
815 Eddy Street San Francisco, CA 94109-7701 United States
|