The U.S. Government Is Targeting Cryptocurrency to Expand the Reach of Its Financial Surveillance

Electronic Frontier Foundation

One of the most important aspects of cryptocurrencies from a civil liberties perspective is that they can provide privacy protections for their users. But EFF is concerned that the U.S. government has been increasingly taking steps to undermine the anonymity of cryptocurrency transactions and importing the widespread financial surveillance of the traditional banking system to cryptocurrencies.  

On Friday, the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) announced a proposed regulation that would require money service businesses (which includes, for example, cryptocurrency exchanges) to collect identity data about people who transact with their customers using self-hosted cryptocurrency wallets or foreign exchanges. The proposed regulation would require them to keep that data and turn it over to the government in some circumstances (such as when the dollar amount of transactions in a day exceeds a certain threshold). 

The proposal appears designed to be a midnight regulation pushed through before the end of the current presidential administration, as its 15-day comment period is unusually short and coincides with the winter holiday. The regulation’s authors write that this abbreviated comment period is required to deal with the “threats to United States national interests” posed by these technologies, but they provide no factual basis for this claim. 

Although EFF is still reviewing the proposal, we have several initial concerns. First, the regulation would mean that people who store cryptocurrency in their own wallets (rather than using a professional service) would effectively be unable to transact anonymously with people who store their cryptocurrency with a money service business. The regulation will likely chill the ability to use self-hosted wallets to transact with the privacy of cash.

Full article

Facebook’s Laughable Campaign Against Apple Is Really Against Users and Small Businesses

Electronic Frontier Foundation

Facebook has recently launched a campaign touting itself as the protector of small businesses. This is a laughable attempt from Facebook to distract you from its poor track record of anticompetitive behavior and privacy issues as it tries to derail pro-privacy changes from Apple that are bad for Facebook’s business.

Facebook’s campaign is targeting a new AppTrackingTransparency feature on iPhones that will require apps to request permission from users before tracking them across other apps and websites or sharing their information with and from third parties. Requiring trackers to request your consent before stalking you across the Internet should be an obvious baseline, and we applaud Apple for this change. But Facebook, having built a massive empire around the concept of tracking everything you do by letting applications sell and share your data across a shady set of third-party companies, would like users and policymakers to believe otherwise.

Make no mistake: this latest campaign from Facebook is one more direct attack against our privacy and, despite its slick packaging, it’s also an attack against other businesses, both large and small.

Full article

Protecting Your Rights to Understand and Innovate on the Tech in Your Life

Electronic Frontier Foundation

Every three years, the public has an opportunity to chip away at the harm inflicted by an offshoot of copyright law that doesn’t respect traditional safeguards such as fair use. This law, Section 1201 of the Digital Millennium Copyright Act, impedes speech, innovation, and access to knowledge by threatening huge financial penalties to those who simply access copyrighted works that are encumbered by access restriction technology. To mitigate the obvious harm this law causes, Americans have the right to petition for exemptions to Section 1201, which last for three years before the whole process starts over.

The liability created by Section 1201 can attach even to those who aren’t infringing copyright, because their access is in service of research, education, criticism, remix, or other fair and noninfringing uses. The law allows rightsholders to enforce their business models in ways that have nothing to do with the rights actually granted to copyright holders. A willful and commercial act of circumvention can even result in criminal charges and jail time, and the Department of Justice takes the position that there doesn’t need to be any connection to actual copyright infringement for them to prosecute.

EFF is representing Matthew Green and bunnie Huang in a First Amendment challenge to Section 1201, based on its failure to respect copyright’s traditional boundaries, including safeguards like fair use.  At the same time, we’re participating in the rulemaking process in hopes of winning some exemptions that will mitigate the law’s harms.  In the past, we’ve won exemptions for remix videos, jailbreaking personal computing devices, repairing and modifying car software, security research, and more.

Full article

macOS Leaks Application Usage, Forces Apple to Make Hard Decisions

Electronic Frontier Foundation

Last week, users of macOS noticed that attempting to open non-Apple applications while connected to the Internet resulted in long delays, if the applications opened at all. The interruptions were caused by a macOS security service attempting to reach Apple’s Online Certificate Status Protocol (OCSP) server, which had become unreachable due to internal errors. When security researchers looked into the contents of the OCSP requests, they found that these requests contained a hash of the developer’s certificate for the application that was being run, which was used by Apple in security checks.[1] The developer certificate contains a description of the individual, company, or organization which coded the application (e.g. Adobe or Tor Project), and thus leaks to Apple that an application by this developer was opened.

Full article

We Fight For the Users

Electronic Frontier Foundation

Here at the Electronic Frontier Foundation, we have a guiding motto: “I Fight For the Users.” (We even put it on t-shirts from time to time!) We didn’t pick that one by accident (nor merely because we dig the 1982 classic film “Tron”), but because it provides such a clear moral compass when we sit down to work every day.

Full article

Cryptographer and Entrepreneur Jon Callas Joins EFF as Technology Projects Director

Electronic Frontier Foundation

Some of the most important work we do at EFF is build technologies to protect users’ privacy and security, and give developers tools to make the entire Internet ecosystem more safe and secure. Every day, EFF’s talented and dedicated computer scientists and engineers are creating and making improvements to our free, open source extensions, add-ons, and software to solve the problems of creepy tracking and unreliable encryption on the web.

Joining EFF this week to direct and shepherd these technology projects is internationally-recognized cybersecurity and encryption expert Jon Callas. He will be working with our technologists on Privacy Badger, a browser add-on that stops advertisers and other third-party trackers from secretly tracking users’ web browsing, and HTTPS Everywhere, a Firefox, Chrome, and Opera extension that encrypts user communications with major websites, to name of few of EFF’s tech tools.

Full article

Turkey’s New Internet Law Is the Worst Version of Germany’s NetzDG Yet

Electronic Frontier Foundation

For years, free speech and press freedoms have been under attack in Turkey. The country has the distinction of being the world’s largest jailer of journalists and has in recent years been cracking down on online speech. Now, a new law, passed by the Turkish Parliament on the 29th of July, introduces sweeping new powers and takes the country another giant step towards further censoring speech online. The law was ushered through parliament quickly and without allowing for opposition or stakeholder inputs and aims for complete control over social media platforms and the speech they host. The bill was introduced after a series of allegedly insulting tweets aimed at President Erdogan’s daughter and son-in-law and ostensibly aims to eradicate hate speech and harassment online. Turkish lawyer and Vice President of Ankara Bar Association IT, Technology & Law Council Gülşah Deniz-Atalar called the law “an attempt to initiate censorship to erase social memory on digital spaces.”

Once ratified by President Erdogan, the law would mandate social media platforms with more than a million daily users to appoint a local representative in Turkey, which activists are concerned will enable the government to conduct even more censorship and surveillance. Failure to do so could result in advertisement bans, steep penalty fees, and, most troublingly, bandwidth reductions. Shockingly, the legislation introduces new powers for Courts to order Internet providers to throttle social media platforms’ bandwidth by up to 90%, practically blocking access to those sites. Local representatives would be tasked with responding to government requests to block or take down content. The law foresees that companies would be required to remove content that allegedly violates “personal rights” and the “privacy of personal life” within 48 hours of receiving a court order or face heavy fines. It also includes provisions that would require social media platforms to store users’ data locally, prompting fears that providers would be obliged to transmit those data to the authorities, which experts expect to aggravate the already rampant self-censorship of Turkish social media users. 

While Turkey has a long history of Internet censorship, with several hundred thousand websites currently blocked, this new law would establish unprecedented control of speech online by the Turkish government. When introducing the new law, Turkish lawmakers explicitly referred to the controversial German NetzDG law and a similar initiative in France as a positive example. 

Germany’s Network Enforcement Act, or NetzDG for short, claims to tackle “hate speech” and illegal content on social networks and passed into law in 2017 (and has been tightened twice since). Rushedly passed amidst vocal criticism from lawmakers, academia and civil experts, the law mandates social media platforms with one million users to name a local representative authorized to act as a focal point for law enforcement and receive content take down requests from public authorities. The law mandates social media companies with more than two million German users to remove or disable content that appears to be “manifestly illegal” within 24 hours of having been alerted of the content. The law has been heavily criticized in Germany and abroad, and experts have suggested that it interferes with the EU’s central Internet regulation, the e-Commerce Directive. Critics have also pointed out that the strict time window to remove content does not allow for a balanced legal analysis. Evidence is indeed mounting that NetzDG’s conferral of policing powers to private companies continuously leads to takedowns of innocuous posts, thereby undermining the freedom of expression.

Full article

EU Court Again Rules That NSA Spying Makes U.S. Companies Inadequate for Privacy

Electronic Frontier Foundation

The European Union’s highest court today made clear—once again—that the US government’s mass surveillance programs are incompatible with the privacy rights of EU citizens. The judgment was made in the latest case involving Austrian privacy advocate and EFF Pioneer Award winner Max Schrems. It invalidated the “Privacy Shield,” the data protection deal that secured the transatlantic data flow, and narrowed the ability of companies to transfer data using individual agreements (Standard Contractual Clauses, or SCCs).

Despite the many “we are disappointed” statements by the EU Commission, U.S. government officials, and businesses, it should come as no surprise, since it follows the reasoning the court made in Schrems’ previous case, in 2015.

Back then, the EU Court of Justice (CJEU) noted that European citizens had no real recourse in US law if their data was swept up in the U.S. governments’ surveillance schemes. Such a violation of their basic privacy rights meant that U.S. companies could not provide an “adequate level of [data] protection,” as required by EU law and promised by the EU/U.S. “Privacy Safe Harbor” self-regulation regime. Accordingly, the Safe Harbor was deemed inadequate, and data transfers by companies between the EU and the U.S. were forbidden.

Since that original decision, multinational companies, the U.S. government, and the European Commission sought to paper over the giant gaps between U.S. spying practices and the EU’s fundamental values. The U.S. government made clear that it did not intend to change its surveillance practices, nor push for legislative fixes in Congress. All parties instead agreed to merely fiddle around the edges of transatlantic data practices, reinventing the previous Safe Harbor agreement, which weakly governed corporate handling of EU citizen’s personal data, under a new name: the EU-U.S. Privacy Shield.

Full article

EFF Launches Searchable Database of Police Agencies and the Tech Tools They Use to Spy on Communities

Electronic Frontier Foundation

San Francisco—The Electronic Frontier Foundation (EFF), in partnership with the Reynolds School of Journalism at the University of Nevada, Reno, today launched the largest-ever collection of searchable data on police use of surveillance technologies, created as a tool for the public to learn about facial recognition, drones, license plate readers, and other devices law enforcement agencies are acquiring to spy on our communities.

The Atlas of Surveillance database, containing several thousand data points on over 3,000 city and local police departments and sheriffs’ offices nationwide, allows citizens, journalists, and academics to review details about the technologies police are deploying, and provides a resource to check what devices and systems have been purchased locally.

Users can search for information by clicking on regions, towns, and cities, such as Minneapolis, Tampa, or Tucson, on a U.S. map. They can also easily perform text searches by typing the names of cities, counties, or states on a search page that displays text results. The Atlas also allows people to search by specific technologies, which can show how surveillance tools are spreading across the country.

Built using crowdsourcing and data journalism over the last 18 months, the Atlas of Surveillance documents the alarming increase in the use of unchecked high-tech tools that collect biometric records, photos, and videos of people in their communities, locate and track them via their cell phones, and purport to predict where crimes will be committed.

While the use of surveillance apps and face recognition technologies are under scrutiny amid the COVID-19 pandemic and street protests, EFF and students at University of Nevada, Reno, have been studying and collecting information for more than a year in an effort to, for the first time, aggregate data collected from news articles, government meeting agendas, company press releases, and social media posts.

Full article

Egypt’s Crackdown on Free Expression Will Cost Lives

Electronic Frontier Foundation

For years, EFF has been monitoring a dangerous situation in Egypt: journalists, bloggers, and activists have been harassed, detained, arrested, and jailed, sometimes without trial, in increasing numbers by the Sisi regime. Since the COVID-19 pandemic began, these incidents have skyrocketed, affecting free expression both online and offline. 

As we’ve said before, this crisis means it is more important than ever for individuals to be able to speak out and share information with one another online. Free expression and access to information are particularly critical under authoritarian rulers and governments that dismiss or distort scientific data. But at a time when true information about the pandemic may save lives, instead, the Egyptian government has expelled journalists from the country for their reporting on the pandemic, and arrested others on spurious charges for seeking information about prison conditions. Shortly after the coronavirus crisis began, a reporter for The Guardian was deported, while a reporter for the The New York Times was issued a warning.. Just last week the editor of Al Manassa, Nora Younis, was arrested on cybercrime charges (and later released). And the Committee to Protect Journalists reported today that at least four journalists arrested during the pandemic remain imprisoned.

Full article