In our 659th issue: Security researchers this week disclosed details about a major weakness in the basic architecture of the Web. Heartbleed exploits a critical flaw in OpenSSL, which is used to secure hundreds of thousands of websites including major sites like Instagram, Yahoo, and Google. This security exploit allows an attacker to obtain sensitive information like logins and passwords, as well as session cookies and possibly SSL keys that encrypt all traffic on a site. EFF has been tracking this issue closely, and we’ve put together guides for how systems administrators and website operators can take immediate action to secure their systems. We've also analyzed logs that seem to indicate intelligence agencies have exploited the vulnerability. We’ll have more on Heartbleed in the coming days; watch the EFF Twitter account for updates. EFF has unveiled new tools to help student and community activists engage in campaigns to defend digital rights. Our exciting new resources include a mailing list, media tips, graphics, handy one page issue sheets, and more, so it's easy for you to take part, no matter how much organizing experience you have. EFF is also traveling across the country to help engage organizers, with a special focus on campus activism. Together, we're going to make history. Fusion centers are state and local intelligence hubs that feed unconstitutionally collected intelligence information from local law enforcement to federal agencies like the FBI and DOJ. These centers also send intelligence information collected by federal agencies down to local law enforcement--including, potentially, unminimized NSA data. Fusion centers are known to promote racial profiling and political oppression, while wasting taxpayer money and churning out useless "intelligence." But change might be on the horizon: one locality has already passed regulations limiting fusion centers. EFF Updates The Patent Reform We Need to See from the Senate Senate debates on patent reform seem to be missing the core issues that need to be addressed. Patent reform must address patent quality, protect end-users of technology from being targeted, increase transparency of patent ownership, and crack down on misleading demand letters that allege patent infringement. We also want to see reform of patent lawsuits, including heightened pleading standards for patent lawsuits, an end to discovery abuse, and fee shifting that discourages patent trolls from frivolous lawsuits. We need to tell the Senate that the time for reform is now. Reforming Terms of Service: Microsoft Changes Its Policy on Access to User Data In mid-March, we wrote about Microsoft conducting a warrantless search of a blogger's Hotmail account as part of an internal investigation into the alleged theft of Microsoft trade secrets. After our post, we were pleased to hear that Microsoft would be reforming its terms of service so that they will now seek a warrant in such cases. Microsoft has also proposed a project that will bring together EFF, Center for Democracy, technology companies, and other privacy advocates to address this problem industry-wide. The Trials and Tribulations of Secure Free Software for the European Parliament In the light of revelations about NSA and GCHQ spying that has targeted European leaders, the European Parliament has discussed shifting to DebianParl, a version of Linux intended for parliaments that would offer increased security. This would be a positive step but would require some significant shifts with the participation of the Parliament's IT department. An NSA "Reform Bill" of the Intelligence Community, Written by the Intelligence Community, and for the Intelligence Community Representatives Mike Rogers and Dutch Ruppersberger, two of the NSA's biggest defenders, have introduced an NSA "reform" bill that, in some ways, really just makes mass collection easier. The only genuine positive change in this bill is that it ends the government collection of all Americans' calling records using Section 215 of the Patriot Act. However, the bill also creates an new, ill-defined process that potentially enables even more collection. The problems with this bill come as no surprise, and it is clear that bills such as the USA FREEDOM Act are far superior. Bringing Transparency and Democracy to the US Trade Representative Leaks are no substitute for integral transparency, something sorely lacking for the United States Trade Representative. The negotiation of the Trans-Pacific Partnership (TPP) and the more recent Transatlantic Trade and Investment Partnership (TTIP, or TAFTA) have made this issue crystal clear. The USTR is attempting to create public policy without the public. There appear to be substantive problems with TPP and TTIP, and there has been a strong push for transparency. Philippines: Inching Toward Censorship Philippines' Cybercrime Prevention Act criminalizes a broad swath of behavior on the internet, including anonymous online criticism. Activists have protested this draconian law, and the Philippine Supreme Court ruled that parts of the act are unconstitutional. Unfortunately, much of the law was left untouched, and it appears to be part of a move in the Phillipines towards internet censorship. Court Orders Government Not to Destroy Evidence in EFF Cases Against the NSA In an emergency hearing last month, the government tried to argue that it should not be required to preserve evidence of dragnet collection of all call records. While we believe the case can go forward without evidence of each individual being surveilled, we also can’t allow the government to simultaneously insist the evidence is necessary and destroy that evidence. On March 21st, the court ruled in our favor. There Are Lots of Legit Reasons to Look at Pornography: New Restrictions on NIH Grants Are Unscientific And Possibly Illegal A new mandate forces researchers who rely on National Institute of Health funding to place anti-pornography filters on their computer networks. It's clear that essential scientific research is hindered by this restriction. EFF to Receive 10% of HOPE X Ticket Proceeds Throughout April, the Electronic Frontier Foundation will receive 10% of ticket proceeds for HOPE X, the tenth biennial Hackers On Planet Earth conference founded by 2600 Magazine. miniLinks Edward Snowden: US government spied on human rights workers In live testimony via video, Edward Snowden told the Council of Europe that the NSA deliberately spied on groups like Amnesty International and Human Rights Watch. Bay of Tweets: USAID's boneheaded idea to secretly make a “Cuban Twitter” USAID's "ZunZuneo",a social media project aimed at creating social change in Cuba, has justified the cries of authoritarian governments that their online critics are "foreign agents." Reuters: NSA infiltrated RSA security more deeply than thought -- study: Academic researchers have discovered a new tool the NSA may have used to undermine RSA encryption. Supported by Members Our members make it possible for EFF to bring legal and technological expertise into crucial battles about online rights. Whether defending free speech online or challenging unconstitutional surveillance, your participation makes a difference. Every donation gives technology users who value freedom online a stronger voice and more formidable advocate. If you aren't already, please consider becoming an EFF member today. Donate Today Administrivia Editor: Nadia Kayyali, Activist editor@eff.org EFFector is a publication of the Electronic Frontier Foundation. eff.org Membership & donation queries: membership@eff.org General EFF, legal, policy, or online resources queries: info@eff.org Reproduction of this publication in electronic media is encouraged. MiniLinks do not necessarily represent the views of EFF. Back issues of EFFector Change your email address This newsletter is printed from 100% recycled electrons. EFF appreciates your support and respects your privacy. Privacy Policy. Unsubscribe or change your email preferences, or opt out of all EFF email 815 Eddy Street San Francisco, CA 94109-7701 United States |
No comments:
Post a Comment