Last week Cory Doctorow shared his own answer for what Apple and Google should've done about Parler: They should remove it, and tell users, "We removed Parler because we think it is a politically odious attempt to foment violence. Our judgment is subjective and may be wielded against others in future. If you don't like our judgment, you shouldn't use our app store." I'm 100% OK with that: first, because it is honest; and second, because it invites the question, "How do we switch app stores?" Doctorow warns that "vital sectors of the digital economy became as concentrated as they are due to four decades of shameful, bipartisan neglect of antitrust law." And now Slashdot reader esm88 notes that "The EFF has made a statement raising concerns over tech giants control over the internet and who gets to decide which speech is allowed" (authored by legal director Corynne McSherry, strategy director Danny O'Brien, and Jillian C. York, EFF director for international freedom of expression): Whatever you think of Parler, these decisions should give you pause. Private companies have strong legal rights under U.S. law to refuse to host or support speech they don't like. But that refusal carries different risks when a group of companies comes together to ensure that forums for speech or speakers are effectively taken offline altogether... Amazon's decision highlights core questions of our time: Who should decide what is acceptable speech, and to what degree should companies at the infrastructure layer play a role in censorship? At EFF, we think the answer is both simple and challenging: wherever possible, users should decide for themselves, and companies at the infrastructure layer should stay well out of it.... The core problem remains: regardless of whether we agree with an individual decision, these decisions overall have not and will not be made democratically and in line with the requirements of transparency and due process. Instead they are made by a handful of individuals, in a handful of companies, the most distanced and least visible to the most Internet users. Whether you agree with those decisions or not, you will not be a part of them, nor be privy to their considerations. And unless we dismantle the increasingly centralized chokepoints in our global digital infrastructure, we can anticipate an escalating political battle between political factions and nation states to seize control of their powers. On Friday Bill Ottman, founder and CEO of the right-leaning blockchain-based social network Minds (which includes a Slashdot discussion area), posted that in order to remain in the Google Play store, "We had to remove search, discovery, and comments..." We aren't happy and will be working towards something better. What is fascinating is how Signal and Telegram are navigating this and in my opinion they are still there because they are encrypted messengers without much "public" content. Obviously controversial speech is happening there too... We will be releasing a full report on our plan for fully censorship-resistant infrastructure. Ottman also advises users downloading apps from Apple's store to "leave if you're smart."

Read more of this story at Slashdot.

EFF special consultant/blogger/science fiction writer Cory Doctorow warns in Locus magazine about the dangers of what Bruce Schneier calls "feudal security": Here in the 21st century, we are beset by all manner of digital bandits, from identity thieves, to stalkers, to corporate and government spies, to harassers... To be safe, then, you have to ally yourself with a warlord. Apple, Google, Facebook, Microsoft, and a few others have built massive fortresses bristling with defenses, whose parapets are stalked by the most ferocious cybermercenaries money can buy, and they will defend you from every attacker — except for their employers. If the warlord turns on you, you're defenseless. We see this dynamic playing out with all of our modern warlords. Google is tweaking Chrome, its dominant browser, to block commercial surveillance, but not Google's own commercial surveillance. Google will do its level best to block scumbag marketers from tracking you on the web, but if a marketer pays Google, and convinces Google's gatekeepers that it is not a scumbag, Google will allow them to spy on you. If you don't mind being spied on by Google, and if you trust Google to decide who's a scumbag and who isn't, this is great. But if you and Google disagree on what constitutes scumbaggery, you will lose, thanks, in part, to other changes to Chrome that make it much harder to block the ads that Chrome lets through. Over in Facebook land, this dynamic is a little easier to see. After the Cambridge Analytica scandal, Facebook tightened up who could buy Facebook's surveillance data about you and what they could do with it. Then, in the runup to the 2020 US elections, Facebook went further, instituting policies intended to prevent paid political disinformation campaigns at a critical juncture. But Facebook isn't doing a very good job of defending its users from the bandits. It's a bad (or possibly inattentive, or indifferent, or overstretched) warlord, though... Back to Apple. In 2017, Apple removed all effective privacy tools from the Chinese version of the iPhone/iPad App Store, at the behest of the Chinese government. The Chinese government wanted to spy on Apple customers in China, and so it ordered Apple to facilitate this surveillance... If Apple chose not to comply with the Chinese order, it would either have to risk fines against its Chinese subsidiary and possible criminal proceedings against its Chinese staff, or pull out of China and risk having its digital services blocked by China's Great Firewall, and its Chinese manufacturing subcontractors could be ordered to sever their relations with Apple. In other words, the cost of noncompliance with the order is high, so high that Apple decided that putting its customers at risk was an acceptable alternative. Therein lies the problem with trusting warlords to keep you safe: they have priorities that aren't your priorities, and when there's a life-or-death crisis that requires them to choose between your survival and their own, they will throw you to the bandits... "The fact that Apple devices are designed to prevent users from overriding the company's veto over their computing makes it inevitable that some government will demand that this veto be exercised in their favor..." Doctorow concludes. "As with feudal aristocrats, the state is happy to lend these warlords their legitimacy, in exchange for the power to militarize the aristocrat's holdings... " His proposed solution? What if Google didn't collect or retain so much user data in the first place -- or gave its users the power to turn off data-collection and data-retention altogether? And "What if Apple — by design — made is possible for users to override its killswitches?"

Read more of this story at Slashdot.

As part of its "Year in Review" series, the EFF shares their dramatic behind-the-scenes details about 2020's fight over the future of .org domains. It begins when the Internet Society (ISOC) announced plans to sell the Public Interest Registry — which manages the .org top-level domain (TLD) — to private equity firm Ethos Capital. "If you come at the nonprofit sector, you'd best not miss." EFF and other leaders in the NGO community sprung to action, writing a letter to ISOC urging it to stop the sale. What follows was possibly the most dramatic show of solidarity from the nonprofit sector of all time. And we won. Prior to the announcement, EFF had spent six months voicing our concerns to the Internet Corporation for Assigned Names and Numbers (ICANN) about the 2019 .ORG Registry Agreement, which gave the owner of .ORG new powers to censor nonprofits' websites (the agreement also lifted a longstanding price cap on .ORG registrations and renewals)... Throughout that six-month process of navigating ICANN's labyrinthine decision-making structure, none of us knew that ISOC would soon be selling PIR. With .ORG in the hands of a private equity firm, those fears of censorship and price gouging became a lot more tangible for nonprofits and NGOs. The power to take advantage of .ORG users was being handed to a for-profit company whose primary obligation was to make money for its investors.... More NGOs began to take notice of the .ORG sale and the danger it posed to nonprofits' freedom of expression online. Over 500 organizations and 18,000 individuals had signed our letter by the end of 2019, including big-name organizations like Greenpeace, Consumer Reports, Oxfam, and the YMCA of the USA. At the same time, questions began to emerge (PDF) about whether Ethos Capital could possibly make a profit without some drastic changes in policy for .ORG. By the beginning of 2020, the financial picture had become a lot clearer: Ethos Capital was paying $1.135 billion for .ORG, nearly a third of which was financed by a loan. No matter how well-meaning Ethos was, the pressure to sell "censorship as a service" would align with Ethos' obligation to produce returns for its investors... Six members of Congress wrote a letter to ICANN in January urging it to scrutinize the sale more carefully. A few days later, EFF, nonprofit advocacy group NTEN, and digital rights groups Fight for the Future and Demand Progress participated in a rally outside of the ICANN headquarters in Los Angeles. Our message was simple: stop the sale and create protections for nonprofits. Before the protest, ICANN staff reached out to the organizers offering to meet with us in person, but on the day of the protest, ICANN canceled on us. That same week, Amnesty International, Access Now, the Sierra Club, and other global NGOs held a press conference at the World Economic Forum to tell world leaders that selling .ORG threatens civil society. All of the noise caught the attention of California Attorney General Xavier Becerra, who wrote to ICANN (PDF) asking it for key information about its review of the sale... Click through to read the conclusion...

Read more of this story at Slashdot.

In October, Edward Snowden was granted permanent residency in Russia. A new web page by the EFF applauds his past activities as a U.S. whistleblower. "His revelations about secret surveillance programs opened the world's eyes to a new level of government misconduct, and reinvigorated EFF's continuing work in the courts and with lawmakers to end unlawful mass spying." And then they shared this fund-raising pitch written by Edward Snowden: Seven years ago I did something that would change my life and alter the world's relationship to surveillance forever. When journalists revealed the truth about state deception and illegal conduct against citizens, it was human rights and civil liberties groups like EFF — backed by people around the world just like you — that seized the opportunity to hold authority to account. Surveillance quiets resistance and takes away our choices. It robs us of private space, eroding our dignity and the things that make us human. When you're secure from the spectre of judgement, you have room to think, to feel, and to make mistakes as your authentic self. That's where you test your notions of what's right. That's when you question the things that are wrong. By sounding the alarm and shining a light on mass surveillance, we force governments around the world to confront their wrongdoing. Slowly, but surely, grassroots work is changing the future. Laws like the USA Freedom Act have just begun to rein in excesses of government surveillance. Network operators and engineers are triumphantly "encrypting all the things" to harden the Internet against spying. Policymakers began holding digital privacy up to the light of human rights law. And we're all beginning to understand the power of our voices online. This is how we can fix a broken system. But it only works with your help. For 30 years, EFF members have joined forces to ensure that technology supports freedom, justice, and innovation for all people. It takes unique expertise in the courts, with policymakers, and on technology to fight digital authoritarianism, and thankfully EFF brings all of those skills to the fight. EFF relies on participation from you to keep pushing the digital rights movement forward . Each of us plays a crucial role in advancing democracy for ourselves, our neighbors, and our children. I hope you'll answer the call by joining EFF to build a better digital future together. Sincerely, Edward Snowden

Read more of this story at Slashdot.

The California Bar released data last week confirming that during its use of ExamSoft for the October Bar exam, over one-third of the nearly nine-thousand online examinees were flagged by the software. The Electronic Frontier Foundation is concerned that the exam proctoring software is incorrectly flagging students for cheating "due either to the software's technical failures or to its requirements that students have relatively new computers and access to near-broadband speeds." From the report: This is outrageous. It goes without saying that of the 3,190 applicants flagged by the software, the vast majority were not cheating. Far more likely is that, as EFF and others have said before, remote proctoring software is surveillance snake oil -- you simply can't replicate a classroom environment online, and attempting to do so via algorithms and video monitoring only causes harm. In this case, the harm is not only to the students who are rightfully upset about the implications and the lack of proper channels for redress, but to the institution of the Bar itself. While examinees have been searching for help from other examinees as well as hiring legal counsel in their attempt to defend themselves from potentially baseless claims of cheating, the California Committee of Bar Examiners has said "everything is going well" and called these results "a good thing to see" (13:30 into the video of the Committee meeting). That is not how we see it. These flags have triggered concern for hundreds, if not thousands, of test takers, most of whom had no idea that they were flagged until recently. Many only learned about the flag after receiving an official "Chapter 6 Notice" from the Bar, which is sent when an applicant is observed (supposedly) violating exam conduct rules or seen or heard with prohibited items, like a cell phone, during the exam. In a depressingly ironic introduction to the legal system, the Bar has requested that students respond to the notices within 10 days, but it would appear that none of them have been given enough information to do so, as Chapter 6 Notices contain only a short summary of the violation. These summaries are decidedly vague: "Facial view of your eyes was not within view of the camera for a prolonged period of time"; "No audible sound was detected"; "Leaving the view of the webcam outside of scheduled breaks during a remote-proctored exam." Examinees do not currently have access to the flagged videos themselves, and are not expected to receive access to them, or any other evidence against them, before they are required to submit a response. The report goes on to say that some of these flags are technical issues with ExamSoft. For example, Lenovo laptops appear to have been flagged en masse for an issue with the software's inability to access the internal microphone. Other flags are likely due to the inability of the software to correctly recognize the variability of examinees' demeanors and expressions. "We implore the California Bar to rethink its plans for remotely-proctored future exams, and to work carefully to offer clearer paths for examinees who have been flagged by these inadequate surveillance tools," the EFF says in closing. "Until then, the Bar must provide examinees who have been flagged with a fair appeals process, including sharing the videos and any other information necessary for them to defend themselves before requiring a written response."

Read more of this story at Slashdot.

The MacRumors site writes: Facebook's recent criticism directed at Apple over an upcoming tracking-related privacy measure is "laughable," according to the Electronic Frontier Foundation (EFF), a non-profit organization that defends civil liberties in the digital world. Facebook has claimed that Apple's new opt-in tracking policy will hurt small businesses who benefit from personalized advertising, but the EFF believes that Facebook's campaign against Apple is really about "what Facebook stands to lose if its users learn more about exactly what it and other data brokers are up to behind the scenes," noting that Facebook has "built a massive empire around the concept of tracking everything you do...." According to the EFF, a number of studies have shown that most of the money made from targeted advertising does not reach app developers, and instead goes to third-party data brokers like Facebook, Google, and lesser-known firms. "Facebook touts itself in this case as protecting small businesses, and that couldn't be further from the truth," the EFF said. "Facebook has locked them into a situation in which they are forced to be sneaky and adverse to their own customers. The answer cannot be to defend that broken system at the cost of their own users' privacy and control." "This is really about who benefits from the normalization of surveillance-powered advertising..." argues the EFF. And they ultimately come down in support of Apple's new privacy changes. "Here, Apple is right and Facebook is wrong."

Read more of this story at Slashdot.

Saturday saw 2020's virtual observation of the annual Aaron Swartz Day and International Hackathon, which the EFF describes as "a day dedicated to celebrating the continuing legacy of activist, programmer, and entrepreneur Aaron Swartz." Its official web site notes the wide-ranging event includes "projects and ideas that are still bearing fruit to this day, such as SecureDrop, Open Library, and the Aaron Swartz Day Police Surveillance Project." The event even included a virtual session for the Atlas of Surveillance project which involved documenting instances of law enforcement using surveillance technologies like social media monitoring, automated license plate readers, and body-worn cameras. And EFF special advisor Cory Doctorow, director of strategy Danny O'Brien, and senior activist Elliot Harmon also spoke "about Aaron's legacy and how his work lives on today," according to the EFF's announcement: Aaron Swartz was a brilliant champion of digital rights, dedicated to ensuring the Internet remained a thriving ecosystem for open knowledge. EFF was proud to call him a close friend and collaborator. His life was cut short in 2013, after he was charged under the notoriously draconian Computer Fraud and Abuse Act for systematically downloading academic journal articles from the online database JSTOR. Federal prosecutors stretch this law beyond its original purpose of stopping malicious computer break-ins, reserving the right to push for heavy penalties for any behavior they don't like that happens to involve a computer. This was the case for Aaron, who was charged with eleven counts under the CFAA. Facing decades in prison, Aaron died by suicide at the age of 26. He would have turned 34 this year, on November 8. In addition to EFF projects, the hackathon will focus on projects including SecureDrop, Open Library, and the Aaron Swartz Day Police Surveillance Project. The full lineup of speakers includes Aaron Swartz Day co-founder Lisa Rein, SecureDrop lead Mickael E., researcher Mia Celine, Lucy Parsons Lab founder Freddy Martinez, and Brewster Kahle — co-founder of Aaron Swartz Day and the Internet Archive. All of the presentations are now online.

Read more of this story at Slashdot.

"EFF is launching How to Fix the Internet, a new podcast mini-series to examine potential solutions to six ills facing the modern digital landscape," announces EFF.org: Over the course of 6 episodes, we'll consider how current tech policy isn't working well for users and invite experts to join us in imagining a better future... It's easy to see all the things wrong with the modern Internet, and how the reality of most peoples' experience online doesn't align with the dreams of its early creators. How did we go astray and what should we do now? And what would our world look like if we got it right...? In each episode, we are joined by a guest to examine how the current system is failing, consider different possibilities for solutions, and imagine a better future. After all, we can't build a better world unless we can imagine it. We are launching the podcast with two episodes: The Secret Court Approving Secret Surveillance, featuring the Cato Institute's specialist in surveillance legal policy Julian Sanchez; and Why Does My Internet Suck?, featuring Gigi Sohn, one of the nation's leading advocates for open, affordable, and democratic communications networks. Future episodes will be released on Tuesdays. Other topics to be covered by the podcast mini-series: The third-party doctrine [which asserts "no reasonable expectation of privacy"]Barriers to interoperable technologyLaw enforcement's use of face recognition technology Digital first sale and the resale of intellectual property

Read more of this story at Slashdot.

In a new essay at EFF.org, Cory Doctorow re-visits HP's anti-consumer "security updates" that disabled third-party ink cartridges (while missing real vulnerabilities that could actually bypass network firewalls). Doctorow writes that it was just the beginning: HP's latest gambit challenges the basis of private property itself: a bold scheme! With the HP Instant Ink program, printer owners no longer own their ink cartridges or the ink in them. Instead, HP's customers have to pay a recurring monthly fee based on the number of pages they anticipate printing from month to month; HP mails subscribers cartridges with enough ink to cover their anticipated needs. If you exceed your estimated page-count, HP bills you for every page (if you choose not to pay, your printer refuses to print, even if there's ink in the cartridges). If you don't print all your pages, you can "roll over" a few of those pages to the next month, but you can't bank a year's worth of pages to, say, print out your novel or tax paperwork. Once you hit your maximum number of "banked" pages, HP annihilates any other pages you've paid for (but continues to bill you every month). Now, you may be thinking, "All right, but at least HP's customers know what they're getting into when they take out one of these subscriptions," but you've underestimated HP's ingenuity. HP takes the position that its offers can be retracted at any time. For example, HP's "Free Ink for Life" subscription plan offered printer owners 15 pages per month as a means of tempting users to try out its ink subscription plan and of picking up some extra revenue in those months when these customers exceeded their 15-page limit. But Free Ink for Life customers got a nasty shock at the end of last month: HP had unilaterally canceled their "free ink for life" plan and replaced it with "a $0.99/month for all eternity or your printer stops working" plan... For would-be robber-barons, "smart" gadgets are a moral hazard, an irresistible temptation to use those smarts to reconfigure the very nature of private property, such that only companies can truly own things, and the rest of us are mere licensors, whose use of the devices we purchase is bound by the ever-shifting terms and conditions set in distant boardrooms. From Apple to John Deere to GM to Tesla to Medtronic, the legal fiction that you don't own anything is used to force you to arrange your affairs to benefit corporate shareholders at your own expense. And when it comes to "razors and blades" business-model, embedded systems offer techno-dystopian possibilities that no shaving company ever dreamed of: the ability to use law and technology to prevent competitors from offering their own consumables. From coffee pods to juice packets, from kitty litter to light-bulbs, the printer-ink cartridge business-model has inspired many imitators. HP has come a long way since the 1930s, reinventing itself several times, pioneering personal computers and servers. But the company's latest reinvention as a wallet-siphoning ink grifter is a sad turn indeed, and the only thing worse than HP's decline is the many imitators it has inspired.

Read more of this story at Slashdot.

While the RIAA has objected to a tool for downloading online videos, EFF senior activist Elliot Harmon responds with this question. "Who died and put them in charge of YouTube?" He asks the question in a new video "explainer" on the controversy, and argues in a new piece at EFF.org that the youtube-dl tool "doesn't infringe on any RIAA copyrights." RIAA's argument relies on a different section of the DMCA, Section 1201. DMCA 1201 says that it's illegal to bypass a digital lock in order to access or modify a copyrighted work. Copyright holders have argued that it's a violation of DMCA 1201 to bypass DRM even if you're doing it for completely lawful purposes; for example, if you're downloading a video on YouTube for the purpose of using it in a way that's protected by fair use. (And thanks to the way that copyright law has been globalized via trade agreements, similar laws exist in many other jurisdictions too.) RIAA argues that since youtube-dl could be used to download music owned by RIAA-member labels, no one should be able to use the tool, even for completely lawful purposes. This is an egregious abuse of the notice-and-takedown system, which is intended to resolve disputes over allegedly infringing material online. Again, youtube-dl doesn't use RIAA-member labels' music in any way. The makers of youtube-dl simply shared information with the public about how to perform a certain task — one with many completely lawful applications. Harmon wants to hear from people using youtube-dl for lawful purposes. And he also links to an earlier EFF piece arguing that DMCA 1201 "is incredibly broad, apparently allowing rightsholders to legally harass any 'trafficker' in code that lets users re-take control of their devices from DRM locks..." And EFF's concern over DMCA 1201 has been ongoing: DMCA 1201 has been loaded with terrible implications for innovation and free expression since the day it was passed. For many years, EFF documented these issues in our "Unintended Consequences" series; we continue to organize and lobby for temporary exemptions to its provisions for the purposes of cellphone unlocking, restoring vintage videogames and similar fair uses, as well as file and defend lawsuits in the United States to try and mitigate its damage. We look forward to the day when it is no longer part of U.S. law. But due to the WIPO Copyright Treaty, the DMCA's anti-circumvention provisions infest much of the world's jurisdictions too, including the European Union via the Information Society Directive 2001/29/EC.

Read more of this story at Slashdot.

An anonymous reader quotes a report from the Electronic Frontier Foundation: This is not a drill. Red alert: The police surveillance center in Jackson, Mississippi, will be conducting a 45-day pilot program to live stream the Amazon Ring cameras of participating residents. Now, our worst fears have been confirmed. Police in Jackson, Mississippi, have started a pilot program that would allow Ring owners to patch the camera streams from their front doors directly to a police Real Time Crime Center. The footage from your front door includes you coming and going from your house, your neighbors taking out the trash, and the dog walkers and delivery people who do their jobs in your street. In Jackson, this footage can now be live streamed directly onto a dozen monitors scrutinized by police around the clock. Even if you refuse to allow your footage to be used that way, your neighbor's camera pointed at your house may still be transmitting directly to the police. Only a few months ago, Jackson stood up for its residents, becoming the first city in the southern United States to ban police use of face recognition technology. Clearly, this is a city that understands invasive surveillance technology when it sees it, and knows when police have overstepped their ability to invade privacy. If police want to build a surveillance camera network, they should only do so in ways that are transparent and accountable, and ensure active resident participation in the process. If residents say "no" to spy cameras, then police must not deploy them. The choices you and your neighbors make as consumers should not be hijacked by police to roll out surveillance technologies. The decision making process must be left to communities.

Read more of this story at Slashdot.