Electronic Frontier Foundation

The EFF Resigns from the W3C

The World Wide Web Consortium (W3C) officially published its recommendation for a digital rights management (DRM) scheme. By doing so it put an end to its era of promoting an open web. After fighting the W3C on this matter and even proposing a very good compromise, which was rebuffed, the Electronic Frontier Foundation (EFF) has resigned from the W3C:

We believe they will regret that choice. Today, the W3C bequeaths an legally unauditable attack-surface to browsers used by billions of people. They give media companies the power to sue or intimidate away those who might re-purpose video for people with disabilities. They side against the archivists who are scrambling to preserve the public record of our era. The W3C process has been abused by companies that made their fortunes by upsetting the established order, and now, thanks to EME, they’ll be able to ensure no one ever subjects them to the same innovative pressures.

[…]

Effective today, EFF is resigning from the W3C.

Since the W3C no longer serves its intended purpose I hope to see many other principled members resign from the organization as well.

While content creators are interested in restricting the distribution of their products, the proposal put forth by the W3C will return us to the dark days of ActiveX. Since the proposal is really an application programming interface (API), not a complete solution, content creators can require users to install any DRM scheme. These DRM schemes will be native code. If you remember the security horrors of arbitrary native code being required by websites using Active X, you have an idea of what users are in for with this new DRM scheme. At this point I hope that the W3C burns to the ground and a better organization rises from its ashes.

The Founding Fathers Did Use Encryption

One of the arguments that have been made for prohibiting strong encryption is that the Founding Fathers couldn’t have envisioned a world where law enforcers were unable to read communications. Why the Founding Fathers needed to be clairvoyant to justify something today is beyond me but the Electronic Frontier Foundation (EFF) had a great rebuttal to the argument. If you head over to the Library Of Congress’s website you can read about how James Madison encrypted his messages to prevent law enforcers from reading them:

As a Virginia delegate to the Continental Congress, while secretary of state, and in his personal correspondence with Thomas Jefferson, James Madison feared constantly that unauthorized people would seek to read his private and public correspondence. To deter such intrusions, he resorted to a variety of codes and ciphers.

Most of the early ciphers that Madison used were keyword polyalphabetic code systems involving a complex interaction of a keyword with alphabets and numbers in a preestablished pattern. The codes were designed by James Lovell, a Massachusetts delegate to the Continental Congress and an expert on ciphers. On July 5, 1782, Edmund Randolph wrote to James Madison: “I wish, that on future occasions of speaking of individuals we may use the cypher, which we were taught by Mr. Lovell. Let the keyword be the name of the negro boy, who used to wait on our common friend.” Madison noted at the bottom of Randolph’s letter, “Probably CUPID.” He added, “I have been in some pain from the danger incident to the cypher we now use. The enemy I am told have in some instances published their intercepted cyphers.”

What’s interesting here is that Madison not only encrypted his messages when he was in the Continental Congress but also after he became secretary of state and in his personal correspondences. He wasn’t just hiding his communications from British law enforcers but continued to hide them even after they had been replaced by United States law enforcers. That only makes sense because if you only encrypt important messages the simple fact you used encryption indicates to spies that the message is important and resources should be put into decrypting it.

Arguing that the Founding Fathers couldn’t have predicted pervasive encryption is idiotic because they themselves used it. There’s also no evidence that they provided either British or United States law enforcers with any keys to allow them to rapidly decrypt the communications if needed.

Court Rules State Secrets Trump Justice

I really do appreciate living in the United States. In what other country could you be subjected to constant surveillance by your own government and enjoy a court system that declares the practice legal? OK, that’s actually a lot of countries. But what makes the United States so special is its propaganda about being the land of the free. The Electronic Frontier Foundation (EFF) has been working on a lawsuit against the National Security Agency (NSA) for violating our supposed Constitutional rights against unlawful search and seizure. Today a district court in California ruled that the NSA’s was above the law because prosecuting it would require revealing state secrets:

A district court in California has issued a ruling in favor of the National Security Agency in a long-running case over the spy agency’s collection of Internet records.

The challenge against the controversial Upstream program was tossed out because additional defense from the government would have required “impermissible disclosure of state secret information,” Judge Jeffrey White wrote in his decision.

That really shows how much protection the Constitution provides. The amendments in the Bill of Rights can be rendered null and void the second state secrets exist. If the Soviet Union were around today it would likely be envious of the American system.

When You Phish it’s Illegal, When the FBI Phishes it’s Law Enforcement

The biggest problem I have with law enforcers is that they enjoy a level of privileges above the rest of us. Whereas it’s illegal for you or I to lie to a law enforcement agent they can lie to us with impunity. Heck, it’s considered part of their job. But that differences in legally permissible actions doesn’t stop there. Let’s consider the act of phishing, which is an attempt to acquire personal information from a target using a fake version of a legitimate website. It’s illegal in the United States. Unless, of course, if you have a badge:

The FBI in Seattle created a fake news story on a bogus Seattle Times web page to plant software in the computer of a suspect in a series of bomb threats to Lacey’s Timberline High School in 2007, according to documents obtained by the Electronic Frontier Foundation (EFF) in San Francisco.

[…]

The EFF documents reveal that the FBI dummied up a story with an Associated Press byline about the Thurston County bomb threats with an email link “in the style of The Seattle Times,” including details about subscriber and advertiser information.

The link was sent to the suspect’s MySpace account. When the suspect clicked on the link, the hidden FBI software sent his location and Internet Protocol information to the agents. A juvenile suspect was identified and arrested June 14.

Double standards are fun! The problem with allowing law enforcers to perform illegal actions without repercussions is that it sets a bad precedence. We’re witnessing these repercussions today as police officers use levels of force far and above what any sane person could justify, confiscate property of people who haven’t even been convicted of a crime, and hack into computers in order to obtain evidence, often against suspected hackers. Allowing law enforcers to act illegally also attracts people who want to perform illegal acts to the job, which is part of my theory of why we have so many violent individuals staffing many modern police departments.

Never Trust a Cop

The Electronic Frontier Foundation (EFF) has a valuable lesson for us: never trust a cop. OK, I’m putting words into the EFF’s mouth. But after it uncovered something nasty in a software package being given out to parents by police departments under the auspices of protecting the children I think my sentiment is fair:

Police chiefs, sheriffs, and district attorneys have handed out hundreds of thousands of copies of the disc to families for free at schools, libraries, and community events, usually as a part of an “Internet Safety” outreach initiative. The packaging typically features the agency’s official seal and the chief’s portrait, with a signed message warning of the “dark and dangerous off-ramps” of the Internet.

As official as it looks, ComputerCOP is actually just spyware, generally bought in bulk from a New York company that appears to do nothing but market this software to local government agencies.

The way ComputerCOP works is neither safe nor secure. It isn’t particularly effective either, except for generating positive PR for the law enforcement agencies distributing it. As security software goes, we observed a product with a keystroke-capturing function, also called a “keylogger,” that could place a family’s personal information at extreme risk by transmitting what a user types over the Internet to third-party servers without encryption. That means many versions of ComputerCOP leave children (and their parents, guests, friends, and anyone using the affected computer) exposed to the same predators, identity thieves, and bullies that police claim the software protects against.

That’s right at least 245 agencies spanning 35 states have been giving parents a malware package under the guise of Internet safety software. Parents who were suckered into installing it got to enjoy a keylogger sending everything typed on the computer across the Internet. Adding insult to injury the transmitted keystrokes weren’t even encrypted. I’m sure the National Security Agency (NSA) has an erection because of this.

It’s unlikely that every police departments that was peddling this software is directly at fault here. They were probably naive and got suckered in by the company that, as the article points out, used fraudulent endorsements to encourage police departments to buy its software. But the bottom line is still that the departments were distributing malware, which demonstrates that they don’t know what they’re doing when it comes to software and therefore shouldn’t be trusted with such matters.

I said that not every police department is directly to blame. There is one department headed by a real asshole that is directly to blame. That department is the Limestone County Sheriff’s Department. After this news broke the Limestone County sheriff, Mike Blakely, decided that the EFF’s claims were incorrect. In fact he had some pretty harsh words for the EFF:

Sheriff Blakely said, Computer Cop is spyware designed for parents to watch and protect their kids but said the system has been vetted.

“We have had the key logger checked out with our IT people. They have run it on our computer system.” He said. “There is no malware.”

Blakely referred to the EFF criticism politics as an “Ultra-liberal organization that is not in any way credible on this. They’re more interested in protecting predators and pedophiles than in protecting our children.”

You read correctly. According to Sheriff Blakely the fucking EFF, the organization that has a long and proud history of fighting for the rights of computer users, isn’t credible on this. Furthermore he claims that the organization is interested in protecting predators and pedophiles, which would be a laughable claim if it wasn’t obvious that Blakely is trying to poison the well.

If what he said is true, if his department did check out the software, then it is directly at fault for knowingly distributing malware to unsuspecting parents. Were I a parent that received a copy of ComputerCOP from the Limestone County Sheriff’s Department I would seriously consider filing a lawsuit.

Down the Memory Hole

In the book 1984 the Party uses a device called a memory hold to dispose of information that it wants censored. A little known fact is that the United States government (and probably every other government) also have memory holes in the form of classified information. The Electronic Frontier Foundation (EFF) recently got to see this wonderful eraser of information as the National Security Agency (NSA) attempted to rewrite the history of a court transcript:

On June 6, the court held a long hearing in Jewel in a crowded, open courtroom, widely covered by the press. We were even on the local TV news on two stations. At the end, the Judge ordered both sides to request a transcript since he ordered us to do additional briefing. But when it was over, the government secretly, and surprisingly sought permission to “remove” classified information from the transcript, and even indicated that it wanted to do so secretly, so the public could never even know that they had done so.

Read the story, it’s an eye opener if you’re one of those poor unfortunate souls who still trusts the state. What’s more worrisome is that an unknown number of court case transcripts may have been altered in the past. In other words even the reliability of the judicial system is in question in this country. It’s pretty hard to set precedents when the information regarding a case is classified.

The Tor Challenge is Apparently Going Strong

On June 4^th the Electronic Frontier Foundation (EFF) kicked off the Tor Challenge, which is its attempt to encourage more people to run Tor Relays. Running a relay is fun and easy to do but I never imagined that the Tor Challenge would be such a rousing success:

However, Adrian Leppard, the guy in charge of the City of London Police’s Intellectual Property Crime Unit (funded both by taxpayers and legacy entertainment companies) spoke at an IP Enforcement Summit in London and his comments, relayed by Torrentfreak, should raise questions about whether or not this is the right person to have anything to do with stopping “crime” on the internet:

“Whether it’s Bitnet, The Tor – which is 90% of the Internet – peer-to-peer sharing, or the streaming capability worldwide. At what point does civil society say that as well as the benefits that brings, this enables huge risk and threat to our society that we need to take action against?”

The Tor is now 90% of the Internet?* Holy shit, that’s one hell of an increase since June 4^th! Congratulations to the EFF for transforming almost the entire Internet into an anonymous network in less than one month!

Seriously, this guy is a fucking tool who shouldn’t be allowed to head anything, let alone a crime unit focused on intellectual “property” violations.

* Just in case it’s unclear 90% of the Internet is not The Tor. The guy is simply an idiot.

How Companies Protect Your Data from the State

The Electronic Frontier Foundation (EFF) has published its Who Has Your Back? 2013 report, which explains how many of the largest tech companies response to government requests for user data. What I find interesting is the company that best protects the data of its users is Twitter, the company that has a service focused primarily on publishing public information. Google does pretty well but their support for the Cyber Intelligence Sharing and Protection Act (CISPA) doesn’t leave me with a lot of confidence. Apple basically surrenders your data if the state merely whispers to them.

All in all, more than anything, this report justifies my decision to run my own services. My e-mail, calendaring, and web hosting are running on my own server. There is no way for the state to acquire my important data without me knowing about it (even if they steal my server they won’t have the key to decrypt the drive).

Paying Twice for Information

California is such an interesting state to watch. Not only is it the state that shows us what happens when you rely on the state for everything, it is currently giving us a glimpse of the aftermath of state reliance. One of the more laughable proposals being put forth by California’s state is double charging denizens for access to public information:

A proposal under consideration in California would significantly limit access to public information by levying a $10 fee any time anyone—including members of the public and the media—wants to look at a court case record in person. While EFF is certainly sympathetic to the budgetary woes facing all levels of government in California, this measure would trade transparency, citizen engagement and the power of a free press for a short-sighted fiscal stop-gap. On the whole, such a fee would do little to fix institutional spending problems while inflicting massive damage to the public trust.

Not only do you pay for the creation of this information through taxes, state issued fines, and other regulatory fees but now you can get pay to read it! On top of soaking California denizens for more money this proposal, from a more cynical point of view, may also discourage individuals from investigating the goings-on of the state they suffer under. If you want to know what dirty little deeds the political bureau of California is up to you’ll have to pay for the privilege.

Beginning Tomorrow Unlocking Your Phone Will Again be Illegal

Here’s a question to ponder for a moment, is your cell phone yours? You paid for it, you pay for the plan that makes it useful, you have it in your possession, and you store your personal data on it so obviously it’s yours, right? Wrong. Your cell phone belongs to the state, which is why, beginning tomorrow, you could be kidnapped and locked in a cage for unlocking the phone in your pocket:

The clock to unlock a new mobile phone is running out.

In October 2012, the Librarian of Congress, who determines exemptions to a strict anti-hacking law called the Digital Millennium Copyright Act (DMCA), decided that unlocking mobile phones would no longer be allowed. But the librarian provided a 90-day window during which people could still buy a phone and unlock it. That window closes on January 26.

Unlocking a phone frees it from restrictions that keep the device from working on more than one carrier’s network, allowing it run on other networks that use the same wireless standard. This can be useful to international travellers who need their phones to work on different networks. Other people just like the freedom of being able to switch carriers as they please.

How could the act of unlocking “your” cell phone be illegal? In the name of defending the legal fiction of intellectual property the state passed a law known as the Digital Millenium Copyright Act (DMCA), which made it a criminal act to circumvent Digital Rights Management (DRM). In 2009 the Electronic Frontier Foundation (EFF) was able to get an exemption in the DMCA for unlocking cell phones but those exemptions must be renewed periodically and the state apparently has no desire to renew such an exemption. Just remember that you live in a free country where the right to property is guaranteed by the Constitution. Oh, and we’ve always been at war with Eastasia.