Unnecessary and Disproportionate: How the NSA Violates International Human Rights Standards. Even before Ed Snowden leaked his first document, human rights lawyers and activists were concerned about law enforcement and intelligence agencies spying on the digital world. One of the tools developed to tackle those concerns was the development of the International Principles on the Application of Human Rights to Communications Surveillance (the “Necessary and Proportionate Principles”). This set of principles was intended to guide governments in understanding how new surveillance technologies eat away at fundamental freedoms, and outlined how communications surveillance can be conducted consistent with human rights obligations. Furthermore, the Necessary and Proportionate Principles act as a resource for citizens—used to compare new tools of state surveillance to global expectations of privacy and due process. As you might expect, the NSA programs do not fare well.
Some of the conclusions are as follows: EFF's Reading List: Books of 2013. At the end of each year, EFF puts together a list of some of the interesting and noteworthy books that have been published in the past 12 months or so. We don't endorse all of their arguments, but we find they've added some valuable insight to the conversation around the areas and issues on which we work. Some notes about this list: it's presented in alphabetical order by author's last name, and the links contain our Amazon affiliate code, which means EFF will receive a portion of purchases made through this page. The Internet Police: How Crime Went Online, and the Cops Followed, by Nate Anderson Nate Anderson is a writer for Ars Technica and has had occasion to report on many stories of crime—and investigation—online. In The Internet Police, he gets a chance to re-tell the most interesting, using those anecdotes to make points about how law enforcement reacts to technology.
On Internet Freedom, by Marvin Ammori Copyright Unbalanced: From Incentive to Excess, edited by Jerry Brito. Try as it might, anti-surveillance group can’t avoid Washington. “My first thought was: This is attention we don’t need,” said John Gilmore, a tech millionaire who helped found EFF. “In a sense, we were dragged into this by that sticker.” That was June. Four months later, worries that EFF would be cast as aiding and abetting the enemy have eased. Instead, the foundation’s donations have surged by a factor of 10. It has won victories in court, forcing the release of secret documents. This political momentum has brought EFF to a crossroads. Rooted in San Francisco’s counterculture idealism and tech-industry ferment, the foundation has long shunned the dirty work of legislative politics.
But the foundation’s allies and even some of its own staff wonder if EFF is ready to capitalize on a potentially historic moment. The question is complicated by EFF’s own history, dating to a painful stretch in the 1990s when it was headquartered in the nation’s capital and sought to be a lobbying force there. It’s easy to see why. Where? Washington. Effector: n, Computer Sci. A device for producing a desired change. Six Tips to Protect Your Search Privacy. By Peter Eckersley, Seth Schoen, Kevin Bankston, and Derek Slater. Google, MSN Search, Yahoo! , AOL, and most other search engines collect and store records of your search queries. If these records are revealed to others, they can be embarrassing or even cause great harm. Would you want strangers to see searches that reference your online reading habits, medical history, finances, sexual orientation, or political affiliation?
Recent events highlight the danger that search logs pose. Disclosures like AOL's are not the only threats to your privacy. Search companies should limit data retention and make their logging practices more transparent to the public,4 while Congress ought to clarify and strengthen privacy protections for search data. The Electronic Frontier Foundation has developed the following search privacy tips. 1. Don't search for your name, address, credit card number, social security number, or other personal information. 2. 3. 4. 5. 6. Conclusion September 2006. HTTPS Everywhere. HTTPS Everywhere is produced as a collaboration between The Tor Project and the Electronic Frontier Foundation. Many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use. For instance, they may default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site.
The HTTPS Everywhere extension fixes these problems by using clever technology to rewrite requests to these sites to HTTPS. Information about how to access the project's Git repository and get involved in development is here. HTTPS Everywhere now uses the DuckDuckGo Smarter Encryption dataset, to enable even greater coverage and protection for our users. Original announcement can be found here: Further technical details on how we utilize Smarter Encryption: HTTPS and Tor: Working Together to Protect Your Privacy and Security Online. This week EFF released a new version its HTTPS Everywhere extension for the Firefox browser and debuted a beta version of the extension for Chrome. EFF frequently recommends that Internet users who are concerned about protecting their anonymity and security online use HTTPS Everywhere, which encrypts your communications with many websites, in conjunction with Tor, which helps to protect your anonymity online.
But the best security comes from being an informed user who understands how these tools work together to protect your privacy against potential eavesdroppers. Whenever you read your email, or update your Facebook page, or check your bank statement, there are dozens of points at which potential adversaries can intercept your Internet traffic. By using Tor to anonymize your traffic and HTTPS to encrypt it, you gain considerable protection, most notably against eavesdroppers on your wifi network and eavesdroppers on the network between you and the site you are accessing. New Year's Resolution: Full Disk Encryption on Every Computer You Own.
The New Year is upon us, and you might be partaking in the tradition of making a resolution for the coming year. This year, why not make a resolution to protect your data privacy with one of the most powerful tools available? Commit to full disk encryption on each of your computers. Many of us now have private information on our computers: personal records, business data, e-mails, web history, or information we have about our friends, family, or colleagues.
Encryption is a great way to ensure that your data will remain safe when you travel or if your laptop is lost or stolen. Best of all, it's free. So don't put off taking security steps that can help protect your private data. Join EFF in resolving to encrypt your disks 2012. Here's some basic info about full disk encryption. Full disk encryption uses mathematical techniques to scramble data so it is unintelligible without the right key. Choosing a Disk Encryption Tool Make a Strong Passphrase and Don't Lose It. S.F. team wins paper shredder puzzle prize. To most people, 10,000 slivers of shredded paper are as good as trash. To three coders in San Francisco, they're a challenge - especially when the jumbled mass of paper once made up five classified government documents. The three were not hackers trying to steal state secrets, but participants in a contest run by the Defense Advanced Research Projects Agency, the government group that funds high-tech military research.
In October, DARPA offered $50,000 to the first group to piece together the shredded documents or the one that made the most progress by Dec. 4. In previous DARPA tournaments, participants have been asked to build robotic cars or use the Internet to find balloons scattered across the country. The goal of the paper shredder puzzle was to unearth technologies that could be used for national security. Good and his partners, a software engineer working at Lockheed Martin and a mobile app maker, spent 600 hours combined piecing together the five shredded pages. Technology Research and Development. EFF's technology development and research projects aim to improve the rights of free expression, security, and privacy on the internet. All of our work is released under free and open source licenses such as the GNU General Public License or Creative Commons licenses. We welcome your code patches and other contributions!
HTTPS Everywhere is a browser extension that ensures you use HTTPS to the greatest extent possible, for sites that support HTTPS. It is part of our larger mission to Encrypt the Web in its entirety. The SSL Observatory is a view of the state of HTTPS deployment in the IPv4 address space. The Observatory has exposed insecure behavior by certificate authorities, the huge number of CAs and intermediate signing certificates in use on the internet, surprisingly widespread cryptographic errors, and more.
Panopticlick shows how easy it is to uniquely identify browsers on the web, even without cookies. MyTube protects people's privacy from third-party video hosting providers. Anonymous Versus EFF? Corporate Donation Riles Activists | Threat Level. This snippet from the leaked anti-WikiLeaks document shows U.S. journalists to be targeted in the proposed disinformation campaign. Online freedom advocates blasted the Electronic Frontier Foundation, on Monday, angry that the digital rights group accepted money for its annual awards ceremony from Palantir, a secretive data mining software firm involved in a convoluted plot to bring down Wikileaks.
Palantir, which has made hundreds of millions of dollars selling high-end data analysis tools to secretive govenerment agencies, was exposed in February as being party to an attempt to win a federal contract to wage a disinformation and hacking campaign against Wikileaks and its supporters, including journalists and Anonymous. The company is the premier sponsor of the EFF’s award ceremony Tuesday. In a presentation unearthed by Anonymous hackers, someone at Palantir used the company’s powerful software to create a visualization of a Wikileaks support network. Godwin was hardly alone. Iranian Man-in-the-Middle Attack Against Google Demonstrates Dangerous Weakness of Certificate Authorities. Commentary by Seth Schoen and Eva Galperin What’s worse than finding a worm in your apple? Finding half a worm. What’s worse than discovering that someone has launched a man-in-the-middle attack against Iranian Google users, silently intercepting everything from email to search results and possibly putting Iranian activists in danger?
Discovering that this attack has been active for two months. People all over the world use Google services for sensitive or private communications every day. Google enables encrypted connections to these services in order to protect users from spying by those who control the network, such as ISPs and governments. The certificate authority system was created decades ago in an era when the biggest on-line security concern was thought to be protecting users from having their credit card numbers intercepted by petty criminals. EFF's own SSL Observatory aims to find attacks of this kind in the wild.
And Bitcoin. For several months, EFF has been following the movement around Bitcoin, an electronic payment system that touts itself as "the first decentralized digital currency. " We helped inform our members about this unique project through our blog and we experimented with accepting Bitcoin donations for several months in an account that was started by others. However, we’ve recently removed the Bitcoin donation option from the Other Ways to Help page on the EFF website, and we have decided to not accept Bitcoins. We decided on this course of action for a few reasons: 1. We don't fully understand the complex legal issues involved with creating a new currency system.
Bitcoin raises untested legal concerns related to securities law, the Stamp Payments Act, tax evasion, consumer protection and money laundering, among others. And that’s just in the U.S. 2. 3. What is Traitorware? Your digital camera may embed metadata into photographs with the camera's serial number or your location. Your printer may be incorporating a secret code on every page it prints which could be used to identify the printer and potentially the person who used it. If Apple puts a particularly creepy patent it has recently applied for into use, you can look forward to a day when your iPhone may record your voice, take a picture of your location, record your heartbeat, and send that information back to the mothership.
This is traitorware: devices that act behind your back to betray your privacy. Perhaps the most notable example of traitorware was the Sony rootkit. In 2005 Sony BMG produced CD's which clandestinely installed a rootkit onto PC's that provided administrative-level access to the users' computer. Traitorware is sometimes included in products with less obviously malicious intent. Traitorware is not some science-fiction vision of the future. On Locational Privacy, and How to Avoid Losing it Forever. August 2009 By Andrew J. Blumberg and Peter Eckersley, August 2009 Over the next decade, systems which create and store digital records of people's movements through public space will be woven inextricably into the fabric of everyday life. We are already starting to see such systems now, and there will be many more in the near future. Here are some examples you might already have used or read about: Monthly transit swipe-cards Electronic tolling devices (FastTrak, EZpass, congestion pricing) Cellphones Services telling you when your friends are nearby Searches on your PDA for services and businesses near your current location Free Wi-Fi with ads for businesses near the network access point you're using Electronic swipe cards for doors Parking meters you can call to add money to, and which send you a text message when your time is running out Unfortunately, these systems pose a dramatic threat to locational privacy.
What is "locational privacy"? Did you go to an anti-war rally on Tuesday? FOIA: Social Networking Monitoring.