In our 725th issue:
- UPDATES
- MINILINKS
- ANNOUNCEMENTS
No Airport Biometric Surveillance
Facial recognition, fingerprinting, and retina scans—the government could extract all of these and more from travelers at checkpoints throughout domestic airports.
The TSA Modernization Act (S. 1872) would authorize the U.S. Transportation Security Administration and U.S. Customs and Border Protection (CBP) to deploy „biometric technology to identify passengers“ throughout our nation’s airports, including at „checkpoints, screening lanes, [and] bag drop and boarding areas.“
Today, CBP is subjecting travelers on certain outgoing international flights to facial recognition screening. The bill would expand biometric screening to domestic flights as well, and would increase the frequency that a traveler is subjected to biometric screening (not just once per trip).
EFF opposes S. 1872 as well as similarly invasive data collection bills S. 1757 and H.R. 3548., both of which target U.S. borders.
Phish for the Future
„Phish for the Future“, an advanced persistent spearphishing campaign targeting digital civil liberties activists at Free Press and Fight for the Future, appears to have been aimed at stealing credentials for various business services including Google, Dropbox, and LinkedIn. We were unable to determine what the secondary goal of the campaign was after the credentials were stolen. The attackers were remarkably persistent, switching up their attacks after each failed attempt and becoming increasingly creative with their targeting over time.
Although this phishing campaign does not appear to have been carried out by a nation-state actor and does not involve malware, it serves as an important reminder that civil society is under attack.
It is our recommended best practice to secure all accounts with two-factor authentication so that trusted compromised accounts can’t be used in the service of more effective spearphishing attacks.
EFF Updates
No Justification for Spanish Internet Censorship During Catalonian Referendum
The Spanish government censored the Internet with ruthless efficiency before and during the referendum vote on Catalonian independence on October 1.
Examples of overreach include a censorship order blocking current and future referendum-related content publicized on any social network by a member of the Catalonian Government, as well as a court order requiring Google to remove a voting app from the Google Play app store. On the day of the referendum itself, the Internet was shut down at polling places.
The Spanish government’s censorship of online speech during the Catalonian referendum period is wildly disproportionate and overbroad.
Will the Equifax Data Breach Finally Spur the Courts to Recognize Data Harms?
This summer 143 million Americans had their most sensitive information breached from Equifax’s database. Misuse of this data can lead to financial devastation or, if a criminal uses stolen information to commit fraud, can lead to the breach victim being arrested and prosecuted.
Courts, too narrowly focused on financial losses directly traceable to a breach, too often dismiss lawsuits based on a cramped view of what constitutes „harm.“ So far, the federal bills being floated in response to the Equifax breach and earlier breaches do not remove the obstacles to victims bringing legal claims.
Google Will Survive SESTA. Your Startup May Not.
In response to the suggestion that members of Congress should consider how SESTA might affect small Internet startups, not just giant companies like Google and Facebook, Sen. Richard Blumenthal’s (D-CT) response was „I believe that those outliers—and they are outliers—will be successfully prosecuted, civilly and criminally under this law.“
In that unusual moment of candor, Sen. Blumenthal seemed to lay bare his opinions about Internet startups—he thinks of them as unimportant outliers and would prefer that the new law put them out of business.
Internet startups would take the much greater hit from SESTA than large Internet firms would, but ultimately, those most impacted would be users themselves.
Apple Does Right By Users and Advertisers Are Displeased
With the new Safari 11 update, Apple addresses how your browsing habits are tracked and shared with parties other than the sites you visit. In response, Apple is getting criticized by the advertising industry for „destroying the Internet’s economic model.“
Safari has been blocking third-party cookies by default since releasing Safari 5.1 in 2010. The new Safari update, with Intelligent Tracking Prevention, closes loopholes around third-party cookie-blocking by using machine learning to distinguish the sites a user has a relationship with from those they don’t, and treating the cookies differently based on that.
Azure Confidential Computing Heralds the Next Generation of Encryption in the Cloud
The new gold standard for cloud application encryption will soon be the cloud provider never having access to the user’s data—not even while performing computations on it.
Microsoft has become the first major cloud provider to offer developers the ability to build their applications on top of Intel’s Software Guard Extensions (SGX) technology, making Azure „the first SGX-capable servers in the public cloud.“ Azure customers in Microsoft’s Early Access program can now begin to develop applications with the „confidential computing“ technology.
The underlying technology is not yet perfect, but it’s efficient enough for practical usage, stops whole classes of attacks, and is available today. Secure enclaves have the potential to be a new frontier in offering users privacy in the cloud.
miniLinks
First Open-Access Data From Large Collider Confirm Subatomic Particle Patterns
For the first time, independent physics researchers have uncovered a new method to explain particle behavior using publicly-available data. (Phys.org)
Challenge to Data Transfer Tool Used by Facebook Will Go to Europe’s Top Court
Due to concerns over the U.S. government’s mass surveillance programs, the European Court of Justice is now tasked with determining if EU citizens’ privacy rights are sufficiently protected during Facebook data transfers. (TechCrunch)
Supported by Donors
Our members make it possible for EFF to bring legal and technological expertise into crucial battles about online rights. Whether defending free speech online or challenging unconstitutional surveillance, your participation makes a difference. Every donation gives technology users who value freedom online a stronger voice and more formidable advocate.
If you aren’t already, please consider becoming an EFF member today.
Administrivia
Editor: Camille Ochoa, Activist
editor@eff.org
EFFector is a publication of the Electronic Frontier Foundation.
eff.org
Membership & donation queries: membership@eff.org
General EFF, legal, policy, or online resources queries: info@eff.org
Reproduction of this publication in electronic media is encouraged. MiniLinks do not necessarily represent the views of EFF.
This newsletter is printed from 100% recycled electrons.
EFF appreciates your support and respects your privacy. Privacy Policy.
Unsubscribe or change your email preferences, or opt out of all EFF email
815 Eddy Street
San Francisco, CA 94109-7701
United States
Members make it possible for EFF to fight for your rights. Become a member today.
Announcements
Launch Event Hosted by IntrusiveTech
A local community group in the Electronic Frontier Alliance will host an introductory meeting in New York City, NY on October 9.
Discussion Hosted by EFF-Austin
A local community group in the Electronic Frontier Alliance will host an informative discussion in Austin, TX on October 9.
Discussion Hosted by Electronic Frontiers Georgia
A local community group in the Electronic Frontier Alliance will host a discussion on October 12 about Section 230, the law that makes modern online community possible, and the latest threat to it. EFF’s Elliot Harmon will give a presentation remotely.
Join Indivisible Rapid City, Queer South Dakota, and EFF’s Elliot Harmon on October 17 for a discussion about the latest threat to online community and how you can get involved.
EFF’s Cindy Cohn will participate in a conversation with technology writers and other thought leaders regarding the impact of the iPhone on our economy and society on October 18 at the Computer History Museum.
EFF at Data Demo Day in Sacramento, CA
EFF is a co-sponsor of the Data Coalition’s third annual California Data Demo Day on October 19 at the Capitol Event Center in Sacramento. The event will bring together state agency officials and legislators to explore the benefits of open data, inside and outside government.
Join EFF’s Elliot Harmon on October 19 for an informal discussion on important digital rights issues coming up in Congress this year, as well as ways that South Dakotans can get involved with the fight for free expression, privacy, and innovation online.
EFF at Bioneers in San Rafael, CA
Join Democracy Now!'s Amy Goodman, EFF’s Cory Doctorow, and EFF’s Danny O’Brien for a discussion about the importance of independent media and an open Internet at the National Bioneers Conference on October 21.
EFF at All Things Open in Raleigh, NC
On October 23 & 24 EFF will host a booth at All Things Open, the annual gathering of free and open source software developers. EFF’s Elliot Harmon will give a presentation on how coders can fight back against DRM on October 24.
EFF at Open Access Symposium in Stony Brook, NY
EFF’s Elliot Harmon will give a keynote presentation on reclaiming open access’ place in academia at the Stony Brook University Open Access Symposium on October 27.
EFF at Copyright Symposium in Provo, UT
EFF’s Mitch Stoltz will be participating in a debate on fair use in copyright at the BYU Copyright Symposium on November 3.
Job Opening: Staff Technologist
EFF is seeking a staff technologist or senior staff technologist to join our Technology Projects team. The role’s primary responsibility will be working on one of EFF’s technical projects, which may require a basic familiarity with web cryptography and other web technologies. All projects are open source and have active community contributors.
EFF is seeking a web developer to join our Engineering & Design team. The ideal candidate has strong programming skills with one of our server-side languages (Python, PHP, JavaScript, or Ruby), familiarity with HTML, CSS, and client-side JavaScript, and a love of free and open-source software.