In a followup to our story yesterday, Bismillah writes "It seems US prosecutors agree that just publishing a link doesn't amount to transmitting actual files. Brown is not out of the legal woods yet though, and still faces further charges. The EFF released this statement about the decision: 'We are relieved that federal prosecutors have decided to drop these charges against Barrett Brown. In prosecuting Brown, the government sought to criminalize a routine practice of journalism—linking to external sources—which is a textbook violation of free speech protected by the First Amendment. Although this motion is good news for Brown, the unnecessary and unwarranted prosecution has already done much damage; not only has it harmed Brown, the prosecution—and the threat of prosecution it raised for all journalists—has chilled speech on the Internet. We hope that this dismissal of charges indicates a change in the Department of Justice priorities. If not, we will be ready to step in and defend free speech.'"
Please create an account to participate in the Slashdot moderation system
sandbagger writes in with a story about U.S. and British government interest and involvement with journalists visiting the Wikileaks website. "The Intercept recently published an article and supporting documents indicating that the NSA and its British counterpart GCHQ surveilled and even sought to have other countries prosecute the investigative journalism website WikiLeaks. GCHQ also surveilled the millions of people who merely read the WikiLeaks website. The article clarifies the lengths that these two spy organizations go to track their targets and confirms, once again, that they do not confine themselves to spying on to those accused of terrorism. One document contains a summary of an internal discussion in which officials from two NSA offices discuss whether to categorize WikiLeaks as a "malicious foreign actor" for surveillance targeting purposes. This would be an important categorization because agents have significantly more authority to engage in surveillance of malicious foreign actors."
This site's "Your Rights Online" section, sadly, has never suffered for material. The revelations we've seen over the last year-and-change, though, of widespread spying on U.S. citizens, government spying in the E.U. on international conferences, the UK's use of malware against citizens, and the use of modern technology to oppress government protesters in the middle east and elsewhere shows how persistent it is. It's been a banner year on that front, and the banner says "You are being spied on, online and off." A broad coalition of organizations is calling today "The Day We Fight Back" against the growing culture of heads-they-win, tails-you-lose surveillance, but all involved know this is not a one-day struggle. (Read more, below.)
Peter Eckersley writes "Over at EFF, we just released a version of our HTTPS Everywhere extension for Firefox for Android. HTTPS Everywhere upgrades your insecure web requests to HTTPS on many thousands of sites, and this means that Firefox on Android with HTTPS Everywhere is now by far the most secure browser against dragnet surveillance attacks like those performed by the NSA, GCHQ, and other intelligence agencies. Android users should install the Firefox app and then add HTTPS Everywhere to it. iPhone and iPad users will unfortunately have to switch to Android to get this level of security because Apple has locked Mozilla Firefox out of their platforms."
An anonymous reader points out this recently published study (PDF) on detecting malicious (or at least suspicious) Tor exit relays. From their conclusions: "After developing a scanner, we closely monitored all ~1000 exit relays over a period of four months. Wed discovered 25 relays which were either outright malicious or simply misconfigured. Interestingly, the majority of the attacks were coordinated instead of being isolated actions of independent individuals. Our results further suggest that the attackers made an active effort to remain under the radar and delay detection." One of the authors, Philipp Winter, wrote a followup blog post to help clarify what the paper's findings mean for Tor users, including this clarification: "First, it's important to understand that 25 relays in four months isn't a lot. It is ultimately a very small fraction of the Tor network. Also, it doesn't mean that 25 out of 1,000 relays are malicious or misconfigured (we weren't very clear on that in the paper). We have yet to calculate the churn rate of exit relays which is the rate at which relays join and leave the network. 1,000 is really just the approximate number of exit relays at any given point in time. So the actual number of exit relays we ended up testing in four months is certainly higher than that. As a user, that means that you will not see many malicious relays 'in the wild."
greatgreygreengreasy writes "In 2005, then-governor of North Dakota John Hoeven signed into law a bill 'ensuring drivers' ownership of their EDR (Electronic Data Recorder) data.' Now a U.S. senator, Hoeven (R-ND) has teamed up with Amy Klobuchar, D-MN, to introduce similar legislation at the Federal level. 'Under this legislation, EDR data could only be retrieved [for specific reasons].' The EFF has expressed concern in the past over the so-called black boxes and their privacy implications. This legislation, however, would not address the recent revelations by a Ford executive on their access to data, since in those cases, 'The vehicle owner or lessee consents to the data retrieval.' The bill has gained the support of about 20 senators so far."
A few days ago, we mentioned that the UK's ISP-level censorware software not only does a poor job of its stated job (blocking porn), but blocks at least some sex education sites, too; now, reader badger.foo writes to say that's not all: "It fell to the UK Tories to actually implement the Nanny State. Too bad Nanny Tory does not want kinds to read up on tech web sites such as slashdot.org, or civil liberties ones such as the EFF or Amnesty International. Read on for a small sample of what the filter blocks, from a blocked-by-default tech writer."
hypnosec writes "Evad3rs, the famous iOS jailbreak team, has announced an iOS 7 jailbreak that will work in all iDevices including iPhone 5S, iPhone 5C and iPad Air running iOS 7.0 through to iOS 7.0.4. The iOS 7 jailbreak was announced without much of a hype, unlike the one for iOS 6. 'Merry Christmas! The iOS 7 jailbreak has been released at http://evasi0n.com/! All donations will go to @publicknowledge, @eff and @ffii,' tweeted evad3rs." Reader FrogBlastTheVentCore adds a note of caution: "They recommend restoring your device to iOS 7.0.4 if it has received OTA updates before attempting to jailbreak."
An anonymous reader writes "Peter Eckersley at the EFF reports that the 'App Ops' privacy feature added to Android in 4.3 has been removed as of 4.4.2. The feature allowed users to easily manage the permission settings for installed apps. Thus, users could enjoy the features of whatever app they liked, while preventing the app from, for example, reporting location data. Eckersley writes, 'When asked for comment, Google told us that the feature had only ever been released by accident — that it was experimental, and that it could break some of the apps policed by it. We are suspicious of this explanation, and do not think that it in any way justifies removing the feature rather than improving it.1 The disappearance of App Ops is alarming news for Android users. The fact that they cannot turn off app permissions is a Stygian hole in the Android security model, and a billion people's data is being sucked through. Embarrassingly, it is also one that Apple managed to fix in iOS years ago.'"
New submitter chrylis writes "SCOTUSblog is reporting that the U.S. Supreme Court has accepted an appeal in Alice v. CLS Bank, a case in which the Federal Circuit ruled haphazardly that the particular patents in question were invalid but did not address the issue of software patents generally. 'The case will provide a new test of the Patent Act’s most basic provision — Section 101, which broadly outlines what kinds of inventions are patentable. One of the long-standing exceptions to the types of inventions mentioned in that section is that an abstract idea can never be patented. That issue arises frequently these days, especially with rapidly developing technology in computer software. The EFF wrote a summary of the issues in the case when it was before the Federal Circuit this spring. The case files are also available."
snydeq writes "The U.S. House of Representatives has passed the Innovation Act, dealing trolls a severe blow despite opposition from universities looking to protect patents, InfoWorld's Simon Phipps reports. The act cleared the House of Representatives with an overwhelming majority of 325 to 91 despite opposition from the organizations most likely to feed new patents to the trolls. 'So bravo to the Innovation Act. It's far from perfect, as the EFF documents and as I commented before the holiday. But it's a step in the right direction, and the tidal surge of support it's seeing suggests legislators' appetite for proper patent reform is finally growing strong enough for them to contemplate substantial change.'"
Fnord666 writes with this excerpt from Tech Crunch "Twitter has enabled Perfect Forward Secrecy across its mobile site, website and API feeds in order to protect against future cracking of the service's encryption. The PFS method ensures that, if the encryption key Twitter uses is cracked in the future, all of the past data transported through the network does not become an open book right away. 'If an adversary is currently recording all Twitter users' encrypted traffic, and they later crack or steal Twitter's private keys, they should not be able to use those keys to decrypt the recorded traffic,' says Twitter's Jacob Hoffman-Andrews. 'As the Electronic Frontier Foundation points out, this type of protection is increasingly important on today's Internet.'" Of course, they are also using Elliptic Curve ciphers.
An anonymous reader writes "With the advent of national security letters and all the NSA issues of late perhaps the web needs to implement a warrant 'warrant canary' metatag. Something like this: <meta name="canary" content="2013-11-17" />. With this it would be possible to build into browsers or browser extensions a means of alerting users when a company has in fact received such a secret warrant. (Similar to the actions taken by Apple recently.) The advantage the metatag approach would have its that it would not require the user to search out a report by the company in question but would show the information upon loading of the page. Once the canary metatag was not found or when the date of the canary grows older than a given date a warning could be raised. Several others have proposed similar approaches including Conor Friedersdorf in The Atlantic and Cory Doctorow's Dead Man's Switch." What problems do you see with this approach?
mahiskali writes with this interesting news via the EFF's Deep Links "The new Renault Zoe comes with a 'feature' that absolutely nobody wants. Instead of selling consumers a complete car that they can use, repair, and upgrade as they see fit, Renault has opted to lock purchasers into a rental contract with a battery manufacturer and enforce that contract with digital rights management (DRM) restrictions that can remotely prevent the battery from charging at all. This coming on the heels of the recent Trans-Pacific Partnership IP Rights Chapter leak certainly makes you wonder how much of that device (car?) you really own. Perhaps Merriam-Webster can simply change the definition of ownership."
Nerval's Lobster writes "When the GCHQ agency (Britain's equivalent of the National Security Agency) reportedly decided to infiltrate the IT network of Belgian telecommunications firm Belgacom, it relied on a sophisticated version of a man-in-the-middle attack, in which it directed its targets' computers to fake, malware-riddled versions of Slashdot and LinkedIn. If the attack could be proven without a doubt, would the GCHQ—or any similar spy agency engaging in the same sort of behavior—be liable for violating trademarks or copyrights, since a key part of its attack would necessitate the appropriation of intellectual property such as logos and content? We asked someone from the Electronic Frontier Foundation about that, and received a somewhat dispiriting answer. "From a trademark perspective, if a company uses another company's marks/logos to deceive, there may be a trademark claim," said Corynne McSherry, the EFF's Intellectual Property Director. "But it's complicated a bit by two problems: (1) the fact that while there may be confusion, it's not necessarily related to the actual purchase of any goods and services; and (2) multiple TM laws are in play here—for example UK trademark law may have different exceptions and limitations." McSherry also addressed other issues, including governments' doctrine of sovereign immunity."
sfcrazy writes "Last week Canonical sent a cease and desist letter to EFF staffer Micah F Lee asking him to remove the word Ubuntu from the URL as well as the Ubuntu logo from the site. Lee responded through an attorney who said that Canonical's 'request were not supported by trademark laws and interferes with protected speech.' Shuttleworth apologized, though it was cheeky, and while he dubbed the Mir opponents as non-technical (hello KDE, systemD, Wayland, Intel) he also went on to explain why they needed to protect their trademark. Now there is an official response from EFF. In the blog post EFF has explained that Shuttleworth is far from reality and was totally wrong about trademark."
New submitter bkerensa writes "A member of Canonical's Legal Team recently sent a email to a critic of Ubuntu's privacy settings to insist he stop using the Ubuntu name and logo, even though it falls under 'fair use.' Micah Lee is the CTO of the Freedom of the Press Foundation and maintainer of the HTTPS Everywhere project. When Ubuntu began adding commercial results in its Dash search software, Lee wrote about the privacy concerns and created a site called Fix Ubuntu to show people how to turn it off. Canonical's legal department has now sent him a letter asking him to 'remove [the] Ubuntu word from you[r] domain name and Ubuntu logo from your website.'"
theodp writes "That there's no easy way for her to get timely, affordable access to taxpayer-funded research that could help her patients leaves speech-language pathologist Cortney Grove, well, speechless. 'Cortney's frustration,' writes the EFF's Adi Kamdar, 'is not uncommon. Much of the research that guides health-related progress is funded by taxpayer dollars through government grants, and yet those who need this information most-practitioners and their patients-cannot afford to access it.' She says, 'In my field we are charged with using scientific evidence to make clinical decisions. Unfortunately, the most pertinent evidence is locked up in the world of academic publishing and I cannot access it without paying upwards of $40 an article. My current research project is not centered around one article, but rather a body of work on a given topic. Accessing all the articles I would like to read will cost me nearly a thousand dollars. So, the sad state of affairs is that I may have to wait 7-10 years for someone to read the information, integrate it with their clinical opinions (biases, agendas, and financial motivations) and publish it in a format I can buy on Amazon. By then, how will my clinical knowledge and skills have changed? How will my clients be served in the meantime? What would I do with the first-hand information that I will not be able to do with the processed, commercialized product that emerges from it in a decade?'"
Hugh Pickens DOT Com writes "Danny O'Brien writes for the EFF that as the NSA's spying has spread, more and more ordinary people want to know how they can defend themselves from surveillance online. 'The bad news is: if you're being personally targeted by a powerful intelligence agency like the NSA, it's very, very difficult to defend yourself,' writes O'Brien. 'The good news, if you can call it that, is that much of what the NSA is doing is mass surveillance on everybody. With a few small steps, you can make that kind of surveillance a lot more difficult and expensive, both against you individually, and more generally against everyone.' Here's ten steps you can take to make your own devices secure: Use end-to-end encryption; Encrypt as much communications as you can; Encrypt your hard drive; Use Strong passwords; Use Tor; Turn on two-factor (or two-step) authentication; Don't click on attachments; Keep software updated and use anti-virus software; Keep extra secret information extra secure with Truecrypt; and Teach others what you've learned. 'Ask [your friends] to sign up to Stop Watching Us and other campaigns against bulk spying. Run a Tor node; or hold a cryptoparty. They need to stop watching us; and we need to start making it much harder for them to get away with it.'"
First time accepted submitter jellie writes "According to Ars Technica, a new bill introduced by Rep. Bob Goodlatte (R-VA), the chairman of the House Judiciary Committee, has received bipartisan support and has a real chance of passing. In a press call, lawyers from the CCIA, EFF, and Public Knowledge had universal praise for the bill, which is called the Innovation Act of 2013. The EFF has a short summary of the good and bad parts of an earlier draft of the bill. The bill will require patent holders who are filing a suit to identify the specific products and claims which are being infringed, require the loser in a suit to pay attorney's fees and costs, and force trolls to reveal anyone who has a 'financial interest' in the case, making them possibly liable for damages."