Ask Me Anything - The Electronic Frontier Foundation (EFF)

Page 2 - Seeking answers? Join the Tom's Hardware community: where nearly two million members share solutions and discuss the latest tech.
Toggle sidebar Toggle sidebar
Status
Not open for further replies.


I'm sorry that you're disappointed in us, but I hope I can clear things up a bit.

First, I would say that assessing our legal work by the number of minutes we spend in court or even the number of new cases we take on is really a poor metric. Despite the television portrayals, litigation is a slow-moving beast, and most of it involves exchange of papers between the parties and the court, not arguing in front of a judge. Parties often have little control over when they actually appear in court; this is mostly a function of the judge's calendar and other administrative factors. Moreover, EFF practices impact litigation, which means we only take on cases if we think they can make a positive change in the law or prevent it from getting worse. So unlike your average law firm, we don't measure our effectiveness by billable hours.

Litigation is important, but it's not all the EFF legal team does--we file comments with administrative agencies, testify before state and federal legislatures, offer legal counseling and advice, and yes, do outreach work. Finally, that's just the work of the legal team; describing the work of EFF's other teams would take volumes.

We file a lot of amicus briefs, it's true, but those can impact the law. We are often contacted proactively by courts who want us to file amicus briefs in order to have input with a sophisticated understanding of technology. In one such case, United States v. Vargas, EFF filed an amicus brief that was relied on by a judge in ruling that the government's installation of a pole camera overlooking a defendant's front yard and secretly recording his activities for more than a month was unconstitutional. The government appealed, and EFF now represents Mr. Vargas directly.

To clear up any misunderstanding, however, EFF lawyers spent way more than 10 minutes in court in 2015, and we took on a ton of new cases, in addition to all of our other work. Off the top of my head, we had major hearings in our NSA cases (Smith, Jewel, and as amicus in Klayman v. Obama), our National Security Letter cases, defending student developers, arguing for government transparency, stopping patent trolls, on and on. We had a single hearing in Jewel v. NSA in December 2014 that lasted 3+ hours.

As for new cases, again I can't give you a complete list, but we filed a number of FOIA suits, defended clients against bogus copyright and trademark demands, initiated agency proceedings, and so on. Again, this is in addition to some of our bigger cases, like Jewel, which has been going strong since 2008. In other words, we play a long game and a short game. 2015 won't be any different.

 


Snowden already has very capable US lawyers at ACLU, but you can be sure that EFF wouldn't sit by idly. The whole range of options, from co-counseling to weighing in as amicus would be on the table. How exactly we assist, if and when that's called for, depends on what's needed.
 
Why is it illegal to hack your smart doorbell or car or Mr. Coffee, etc.? Is it safety issues (I guess that actually makes sense, now that I think about it).

Is it an issue with the Digital Millennium Copyright Act? I just don't see why my Keurig should only take Keurig cups, except for the part where it might explode if I modify it.
 


Just to add to Andrew's answer, EFF's mission isn't solely protecting digital rights in the courtroom. We also try to be proactive in protecting digital rights so that we don't have to end up in a courtroom. That's why we have technologists on staff who (besides advising the attorneys or activists about technical questions) also develop anti-surveillance, pro-encryption tools like HTTPS Everywhere, Privacy Badger, STARTTLS Everywhere, and Let's Encrypt, the latter three of which were all launched last year.
 
Oh - also!
Are there any cities, states, countries we should be emulating in our Internet/Free Speech/Copyright laws? Like Brazil? If so, why?
 


To piggyback on Andrew, one of the cases I'm proudest of launched in 2014. We're suing the government of Ethiopia: https://www.eff.org/cases/kidane-v-ethiopia
 
I'm going to go out on a limb and guess that the cloud isn't as safe as I'd hope it is. What kind of security needs to be implemented in order to be able to sleep soundly while my documents are in Dropbox, Google Drive, iCloud, etc.?
 
SO... when content is taken from someone such as pictures that cannot be replaced, what would be EFF stance on the returning of these pictures? And with sites with Admins how can u not have a morality clause for people who are in control and manipulate peoples mindset into FEAR??. For example, Threats of retaliation to have pictures posted on pedophile sites, being followed by DRONES, or even Hacking into computer and phones. ID venture to say a court of pears would put the burden of anything that happens because of such an instant on the ADMIN. So my SOLUTION would be... for sites that encourage posting of sensitive information, HOLD ADMINS responcible. a outsider does not have the information that the ADMIN does... and such an ADMIN who acts in a friendly manner just to ultimately turn it around and SCARE the bejesus out of a person.... with the remote technology of today... anyone can be ADMIN from HOME.... WHY NOT HIRE ONE??? LIKE ME<<< to uphold order and keep the uproar to a minimum... NOT ESCALATE TO THE POINT OF NO RETURN!!!! PEOPLE COULD get hurt or die when you have someone fearing for their life and childrens life!!!
 
Hey all, please keep to the spirit of the AMA and keep your responses on topic as questions.
Opinion commentary can be made in other areas of the forum - this is a venue specifically for questions at current.
Thanks!
-JP
 
A few questions:
  • ■What's your thoughts on allowing [strike]electronic[/strike] online voting? Do you think the benefits in terms of increasing voter turnout (particularly amongst young people) outweigh the dangers of poor and insecure implementation?

    ■Some countries, notably Brazil, have chosen not to buy equipment from the US specifically as a result of the NSA's spying. Do you expect this to have any significant impact?
 


I understand the difference between TV and the flesh reality world that we live in.

So the EFF spent about 3+ hours in a court room for the entire year of 2014. This is appalling.

So if this is a bad metric, please provide an example of a good metric. EFF has not had a single victory, in the entire year of 2014, that it can conclusively point to as an example of its progress. Yes, I would certainly say the fact that EFF spent a total of 3+ hours in a courtroom, for an entire year, attributed to such a poor performance by the organization.

Less legal blogging, more legal action.

I hope 2015 you spend 6+ hours in a court room fighting for digital rights!

Thank you,
-Long time EFF supporter
 
When you speak of DRM tech, aren't companies like Blizzard/Ubisoft and the likes taking a strong dislike towards your campaign? After all it was a route that most folks thought were to curb piracy problems.
 
How far should free speech on the internet go?

I'm all for people having free speech, but that doesn't mean I (or anyone else) have to listen to them.

That is, there's lots of abuse on Twitter and in the comments sections on websites. At what point is online free speech more important than a platform enforcing rules and protecting users?
 


Nothing is being spent on behalf of the opposition to our digital rights; there is no opposition!
DRM and the DMCA protect the right of hard-working artists and content creators to benefit from their work.
The NSA protects the rights of American citizens not to be blown up by foreign extremists. Now that we have home-grown extremists, that protection must be extended to save us from American-citizen extremists, too.

It's all in the spin.

@snorlax316 - I know I'm not with the EFF, but unless I'm told to stick to my knitting I'm going to take a swing at that.

The idea of freedom of speech protects my right to print up and distribute literature espousing just about any view short of incitement to violence or other crime (and Steal This Book was published). It doesn't mean that Amy, the newspaper publisher, has to publish my views in her paper. It may or may not mean that Bob, the printer, has to print my screed if I pay him his going rate.

The company running the platform is running it for its own benefit, profit, or other satisfaction. Separate the idea of "free speech on the internet" from the idea of "free speech on Joe's Web Parlor."

(oh, my. I was afraid that this AMA was going to bring out my soapbox spirit.)
 


Fundamentally it comes down to encryption. If all you're doing is storing files which you have locally encrypted before uploading them to the cloud, then you should indeed be able to sleep soundly.

But if you're using those things to backup the raw files themselves, then anyone who got access to your account (malicious attacker, government, malicious cloud service employee, etc.) could see your files.

With that said, there are services out there which offer encrypted backup (i.e. the data is encrypted locally, then backed up). I probably shouldn't name specific ones here (since it might be misconstrued as an endorsement), but they shouldn't be too hard to find. (Or if you're really having trouble, you can send me an email and I can tell you personally, not as an EFF employee, which ones I've liked.)
 
Electronic voting in itself is a bad idea in my opinion.... TOO often people manipulate data, this would just be another instance where the smarter you are the better you can manipulate the results... id be for it if it had no outside connection to the internet. In todays time you can TRUST NO ONE online.... everyone wants to be anonymous, and some people prefer to know who they are talking to!
 
If someone doesn't have a great deal of time or expertise (or money) to invest, what practical or specific actions would you recommend an individual take towards personal and community electronic freedom? What actions or choices have the biggest impact?
 


You'd think it might be safety issues, but that's not the source of the restriction. As you've noted, it's legal uncertainty stemming from the Digital Millennium Copyright Act: specifically, the provision that prohibits circumventing technical protection measures on a copyrighted work.

What's the "copyrighted work" here? The argument is that it's the firmware of the devices itself. If you think this sounds like an absolutely ridiculous application of copyright law, you're not alone. This section of the DMCA has been a wellspring of unintended consequences, restricting user autonomy and competition around all sorts of devices in ways never imagined for copyright law.

The public can request exemptions to the this section of the DMCA in a long process that takes place every three years. This triennial rulemaking is time-consuming and difficult, and each exemption must be argued from scratch every time. So we've gotten exemptions to unlock phones for different carriers, or jailbreak them to run unauthorized apps, or to rip DVDs for making noncommercial remixes of them; this time we're requesting those sorts of things, plus the right to modify old games to remain playable once the authorization servers have been taken offline, to repair and do security research on cars, etc, etc.
 
Well, now that I'm wound up I'm going to ask if a couple of my pet peeves are on the EFF's radar, or anyone's but mine.

The first is the legislation known in the vernacular as Check 21, the "Check Clearing for the 21st Century Act." A digital image that is supposedly a scan of a check I wrote has the same validity as a check that I wrote. Safety paper, permanent inks, any consumer protection is gone by the wayside. Anyone with Photoshop skills could take one of my checks and forge an extra ten thousand dollars onto it, and I'd have no way to prove it.

Check conversion ( http://www.federalreserve.gov/pubs/checkconv/ ) is even worse. A company gets to take money out of my account because they said that I wrote them a check - image not required. Even with a large, reputable financial institution, I have had things come back in the amount they considered appropriate, not the amount that I wrote the check for.

Is this protection of the consumer eliminated for the convenience and cost-saving of the banks and other institutions? Am I a raving paranoid? Or are both of those correct.

I still have in my file cabinet a letter of explanation and apology from the bank for the only time I have ever bounced a check. The bank cashed a check of mine with a "two" that I wrote, both in the numbers and the words, as a "five." Account overdrawn, subsequent check bounces, I provide check, bank takes responsibility. If the check was "converted," do I have any protection? Sure, I can file a fraud claim, but my ability to hire a lawyer vs. that of a major financial institution? And "file a fraud claim" isn't the imagination of my fevered mind; it's the only option a bank has presented me when I feel that a mistake was made. A form to file fraud charges.

Or are there proper protections in place and I just haven't heard about them?
 
[EDIT: This refers to xor_eff's response, not WK's]

That brings to mind another question:

From what I understand, the main barrier to unlocking phones in the US is that the radio firmware is copyright the carrier, and modifying it would be against the DMCA/other copyright law.

What effect does this have on completely replacing the radio firmware with a factory unlocked version, providing that it was not subject to copyright issues?
 
Another online thing that scares the spit out of me is the idea of electronic signatures as implemented in current law, or at least my poor understanding of current law. I have to make some sort of indication on the form, frequently typing my name or initials, and intend to have that serve as my enforceable agreement to whatever I'm "signing."

Well, fine as far as that goes. It's easy for me, and if I type my name there I'd better mean it. But what happens if Joe Blow signs up for credit in my name, or orders 500 pounds of pastrami and agrees for me to pay for it? Is there any way for me to prove that it wasn't I who typed my name into that box? Any equivalent of comparing signatures? I may write my name differently from the way Joe Blow writes my name, but I'll bet Joe can type WyomingKnott with exactly the same series of keystrokes that I use. So is there any practical protection at all for someone who claims "No, I did not sign that?"

(with my apologies to everyone out there named Joe Blow; I'll use Susan Smith next time.)
 
If by electronic voting you mean voting over the Internet, I am scared [censored]-less by the prospect of electronic voting. Electronic voting makes election fraud, which is difficult to do today (and almost never happens) into a feasible (and potentially much cheaper) way to subvert democracy.

It basically comes down to the economics/centralization: if I want to get someone elected, then I only need to put in the effort to find one vulnerability in the voting website/app/service/whatever--instead of hiring lots of people to do in-person voter fraud all over the place. Plus, finding a vulnerability (or hiring someone to do so) could be cheaper than actually running a campaign, and potentially leave far fewer traces than in-person voter fraud might.

Maybe if proofs of correctness weren't an NP-hard problem for actual software, we could do it. But everything has bugs, and I don't want one of those bugs to result in any more subversion of our democracy than already happens (even if it might help turnout amongst younger voters).

I think it already is having an impact. Many countries (Brazil, Germany, China) have reduced the amount of US technology (both hardware and software) that they purchase.

I think that US companies trying to position themselves as pro-encryption and pro-security, as well as some of the corporate blowback against the NSA, is due to this. While some of it might be PR, some of it is having a real impact on the amount of encryption being deployed in the world. (For example, Apple's iPhone encryption has absolutely zilch to do with any way the NSA has been spying on the world, but it's good PR for them, and it's good for everybody to have encrypted smartphones.) So I'd say it's having an impact. Maybe not as large an impact as I might wish for, but an impact nonetheless.

With that said, we should remind everyone that mass surveillance isn't a US only (or even Five Eyes only) thing. Many countries participate in mass surveillance, so no matter where you live you should call on your politicians to support the Necessary and Proportionate Principles.
 


Unfortunately I think these issues are outside EFF's wheelhouse. 🙁
 


You're absolutely right that abuse and harassment are very real problems .

People mean a variety of things when they talk about harassment. You mentioned protecting users, enforcing rules, and abusive comments, so I'll try to address those issues.

We think of the question of abuse and speech not as a zero-sum game, but as a problem that needs creative solutions. Waves of account suspensions and content takedown aren't the answer. And in fact, we regularly see content moderation go wrong—people get accounts suspended erroneously, while complaints about disturbing abuse remain unanswered. So, we don't encourage websites to enforce rules that just shut down dialogue.

When it comes to abusive comments, we encourage solutions that help people have more control over what they see (for instance, better blocking tools on Twitter). As you point out, free speech doesn't mean people have to be forced to listen. But platforms are often designed that way. That's not the whole answer, but it's a good start.

Finally, when you say protecting users, that again depends on what you mean. if you mean protecting people from offline danger, unfortunately, a lot of that has to do with law enforcement and the courts doing a very poor job of dealing with online threats. For example, no one should have to explain to the police what Facebook is if they had to call in a threat of violence...but we hear comments from people (especially women) that this happens on a regular basis. Additionally, posting people's address and other information can be incredibly dangerous, but underlying the issue is the fact that it is so easy to get that info from databrokers—something that deserves more attention in the conversation about harassment. If you've ever tried to get your data off of some of the "people search" websites that exist, you know what a pain it is.

We don't think anyone, including EFF, has the perfect answer to how to deal with abuse. But for more on our take, you can check out our detailed blog post on the issue: https://www.eff.org/deeplinks/2015/01/facing-challenge-online-harassment


 


Thanks for the in-depth answer to my question, Nadia.
When I say protect from abuse, I don't simply mean in real life. People shouldn't have to SEE those kinds of messages.

To block on Twitter (reddit, facebook, really anything), you have to engage with nasty comments. Maybe it's just me, but I'm of the opinion you shouldn't have to engage with an Internet commenter's nastiness if you don't want to. Filtering options should be much stronger to prevent the psychological toll these can take on a person. Is it worth making a person click through piles of filth for someone else's speech? Just because they type it doesn't mean the receiver doesn't have to see the abuse.

As for real life, I agree, law enforcement is ill prepared, but that's another story.
 
Status
Not open for further replies.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom