[Admin] Victory in Carpenter

_______ _______ _______
(_______)(_______)(_______) _
_____ _____ _____ _____ ____ _| |_ ___ ____

___) | ___) | ___)| ___ | / ___)(_ _)/ _ \ / ___)
>_____ | | | | | ____|( (___ | |_| |_| || |
_______)|_| |_| |_____) \____) \__)\___/ |_|

EFFector Vol. 31, No. 10 Thursday, June 28, 2018 editor@eff.org

A Publication of the Electronic Frontier Foundation
ISSN 1062-9424

effector: n, Computer Sci. A device for producing a
desired change.

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

In our 736th issue:

* Victory! Supreme Court Says Fourth Amendment Applies to Cell Phone Tracking
The Supreme Court handed down a landmark opinion [1] in Carpenter v. United
States last week, ruling 5-4 that the Fourth Amendment protects cell phone
location information. In an opinion by Chief Justice Roberts, the court
recognized that location information—collected by cell providers like
Sprint, AT&T, and Verizon—creates a "detailed chronicle of a person's
physical presence compiled every day, every moment over years." As a
result, police must now get a warrant before obtaining this data.

Perhaps the most significant part of the ruling is its explicit recognition
that individuals can maintain an expectation of privacy in information that
they provide to third parties. The court termed that a "rare" case, but
it’s clear that other invasive surveillance technologies, particularly
those that can track individuals through physical space, are now ripe for
challenge in light of Carpenter. Expect to see much more litigation on this
subject from EFF and our friends.

Read more: https://www.eff.org/deeplinks/2018/06/victory-supreme-court-says-fourth-amendment-applies-cell-phone-tracking

* Announcing STARTTLS Everywhere: Securing Hop-to-Hop Email Delivery
We're announcing the launch of STARTTLS Everywhere [1], EFF's initiative
to improve the security of the email ecosystem.

Thanks to previous EFF efforts like Let's Encrypt [2], and Certbot [3], as
well as help from the major web browsers, we've seen significant [4] wins [5]
in encrypting the web [6]. Now we want to do for email what we've done for
web browsing: make it simple and easy for everyone to help ensure their
communications aren't vulnerable to mass surveillance.

STARTTLS is an addition to SMTP, which allows one email server to say to the
other, "I want to deliver this email to you over an encrypted
communications channel." The recipient email server can then say "Sure!
Let’s negotiate an encrypted communications channel." The two servers
then set up the channel and the email is delivered securely, so that anybody
listening in on their traffic only sees encrypted data. In other words,
network observers gobbling up worldwide information from Internet backbone
access points (like the NSA or other governments) won't be able to see the
contents of messages while they're in transit, and will need to use more
targeted, low-volume methods.

STARTTLS Everywhere provides software that a sysadmin can run on an email
server to automatically get a valid certificate from Let's Encrypt [7].
This software can also configure their email server software so that it uses
STARTTLS, and presents the valid certificate to other email servers. Finally,
STARTTLS Everywhere includes a "preload list" of email servers that have
promised to support STARTTLS, which can help detect downgrade attacks. The
net result: more secure email, and less mass surveillance.

[1] https://starttls-everywhere.org
[2] https://letsencrypt.org/
[3] https://certbot.eff.org/
[5] https://www.eff.org/deeplinks/2017/12/tipping-scales-https
[6] https://www.eff.org/encrypt-the-web
[7] https://letsencrypt.org/
Read more: https://www.eff.org/deeplinks/2018/06/announcing-starttls-everywhere-securing-hop-hop-email-delivery

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

EFF Updates

* After More Than a Decade of Litigation, the Dancing Baby Has Done His Part to Strengthen Fair Use for Everyone
It all started when Stephanie Lenz posted a YouTube video of her
then-toddler-aged son dancing while Prince's song "Let's Go Crazy"
played in the background, and Universal used copyright claims to get the link
disabled. We brought the case hoping to get some clarity from the courts
on a simple but important issue: can a rightsholder use the Digital
Millennium Copyright Act to take down an obvious fair use, without

The U.S. Court of Appeals for the Ninth Circuit held that the DMCA requires a
rightsholder to consider whether the uses she targets in a DMCA notice are
actually lawful under the fair use doctrine. However, the court also held
that a rightsholder's determination on that question passes muster as long
as she subjectively believes it to be true. This leads to a virtually
incoherent result: a rightsholder must consider fair use, but has no
incentive to actually learn what such a consideration should entail. After
all, if she doesn't know what the fair use factors are, she can't be held
liable for not applying them thoughtfully.

Thanks to the Lenz decision, courts will be more likely to think of fair
use, correctly, as a crucial vehicle for achieving the real purpose of
copyright law: to promote the public interest in creativity and innovation.
And rightsholders are on notice: they must at least consider fair use before
sending a takedown notice. After the Supreme Court denied petitions to
consider the Ninth Circuit's ruling, the case returned to the district court
for trial on the question of whether Universal's takedown was a
misrepresentation under the Ninth Circuit's subjective standard. Rather
than go to trial, the parties have agreed to a settlement.


* Volkswagen Claims Ownership of an Entire Group of Insects
Using word searches to find infringement is a bad way to go about things. It
is likely why Volkswagen filed three takedown requests on art of beetles. Not
Beetles with four wheels and headlights. Beetles with six legs and hard,
shiny carapaces. For the record, Volkswagen holds no rights to literal bugs.


* Happy Birthday Alice: Four Years Busting Software Patents
This year marks the fourth anniversary of the Supreme Court's decision in
Alice v. CLS Bank [1]. In Alice, the court ruled [2] that an abstract
idea does not become eligible for a patent simply by being implemented on a
generic computer. Now that four years have passed, we know the case's
impact: bad patents went down, and software innovation went up.

Lower courts have applied /Alice /to throw out a rogues' gallery of
abstract software patents. Counting both federal courts and the Patent Trial
and Appeal Board, there are more than 400 decisions [3] finding patent claims
invalid under /Alice/. These include rulings invalidating patents on playing
bingo [4] on a computer, computerized meal plans [5], updating games [6], and
many more. Some of these patents had been asserted by patent trolls dozens
[7] or even hundreds [8] of times. A single ruling threw out 168 cases [9]
where a troll claimed that companies infringed a patent on the idea of
storing and labeling information.

[1] https://www.eff.org/alice
[3] https://www.fenwick.com/pages/post-alice.aspx
[4] https://www.bitlaw.com/source/cases/patent/Planet_Bingo.html
[5] https://scholar.google.com/scholar_case?case=9253138216371985141
[6] https://www.eff.org/document/white-knuckle-v-ea-dismissal-order
[7] https://www.eff.org/alice/startup-runs-patent-picture-menus
[8] https://www.eff.org/alice/bike-gear-company-nearly-run-over-patent-troll

* The GDPR and Browser Fingerprinting: How It Changes the Game for the Sneakiest Web Trackers
**Browser fingerprinting is on a collision course with privacy regulations.
Compared to more well-known tracking “cookies,” browser fingerprinting is
trickier for users and browser extensions to combat: websites can do it
without detection, and it's very difficult to modify browsers so that they
are less vulnerable to it. As cookies have become more visible and easier to
block, companies have been increasingly tempted to turn to sneakier
fingerprinting techniques.

But companies also have to obey the law. And for residents of the European
Union, the General Data Protection Regulation (GDPR), which entered into
force on May 25th, is intended to cover exactly this kind of covert data
collection. The EU has also begun the process of updating its ePrivacy
Directive, best known for its mandate that websites must warn you about any
cookies they are using. If you've ever seen a message asking you to approve
a site's cookie use, that's likely based on this earlier Europe-wide law.

This leads to a key question: Will the GDPR require companies to make
fingerprinting as visible to users as the original ePrivacy Directive
required them to make cookies?

The answer, in short, is yes. Where the purpose of fingerprinting is tracking
people, it will constitute “personal data processing” and will be covered
by the GDPR.


* Border Spy Tech Shouldn't Be a Requirement for a Path to Citizenship
The Border Security and Immigration Reform Act (H.R. 6136 [1]), introduced
before Congress last week, would offer immigrants a new path to citizenship
in exchange for increased high tech government surveillance of citizens and
immigrants alike. The bill calls for increased DNA and other biometric
screening, updated automatic license plate readers, and expanded social media
snooping. It also asks for 24 hours-a-day, five-days-a-week drone
surveillance along the southern U.S. border.

This bill would give the U.S. Department of Homeland Security broad authority
to spy on millions of individuals who live and work as far as 100 miles away
from a U.S. border. It would enforce invasive biometric scans on innocent
travelers, regardless of their citizenship or immigration status.

As Congress weighs different factors in the ongoing immigration debate, we
urge them to look closely at the expanded high-tech surveillance provisions
in this proposed package. This bill would undermine the privacy of countless
law-abiding Americans and visitors, regardless of citizenship.

[1] https://www.congress.gov/bill/115th-congress/house-bill/6136/text

* EFF Pressure Results in Increased Disclosure of Abuse of California's Law Enforcement Databases
EFF's efforts to fix holes in oversight of the California Law Enforcement
Telecommunications System (CLETS) are paying off.

New data and records released by California Department of Justice (CADOJ)
show a steep increase in the number of agencies disclosing cases of abuse
of the state's network of law enforcement databases—a major victory for
transparency and law enforcement accountability.


: . : . : . : . : . : . : . : . : . : . : . : . : . : . :


* hack.summit("blockchain")
EFF has been selected as one of the exclusive non-profit partners of
hack.summit() which made history for running the largest virtual developer
conference of all time. As a non-profit partner, we will be receiving funds
generated by ticket sales & sponsorships from the event. This year's event,
hack.summit("blockchain"), focuses on spreading and democratizing
knowledge about blockchain and cryptocurrencies to attendees around the


* EFF at The Circle of HOPE: A Hacker's Dozen
HOPE (Hackers on Planet Earth) returns to the Hotel Pennsylvania for its
twelfth iteration this year, hosted by our friends at 2600. The biennial
conference is one of the foremost hacker events, chock full of projects,
talks, workshops, and more. We'll have a table in the vendor area, where you
can stop by and become a member at a discount, and pick up our latest swag.
We are gearing up to announce a New York area meetup and EFF talks as the
event gets closer. More information is available here [1]. We'll see you

[1] https://hope.net/index.html

* The Digital Townsquare: Silicon Valley and the Regulation of Online Speech
Join representatives from EFF, Mozilla, Twitter, and more on July 17th in San Francisco for a townhall on the future of free speech, now that tech giants police communications on the Internet.


* EFF Is Now on Instagram!
Learn more about the people defending your digital rights and why we're
inspired to fight to protect them.


: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

Job Openings

* Legal Intake Coordinator
EFF is seeking an organized, empathetic, and analytical person with excellent
communication skills to join EFF as its Intake Coordinator. The Intake
Coordinator is the first point of access for legal assistance and general
information about EFF for the public. You will be performing a variety of
tasks from giving information about our work to referring people to both EFF
staff attorneys and outside attorneys for legal assistance.


* Legislative Activist
The legislative activist will focus on EFF's work advocating for state laws
that protect people's right to privacy, free expression, and innovation, as
well as advocating against laws that would undercut those rights. EFF
intervenes in state legislation nationwide with a particular emphasis on the
California legislature. This person will also work in other areas as needed
including national campaigns and non-legislative work.


* Staff Technologist – JavaScript Developer
EFF is seeking a full-time Staff Technologist to work with our Browser
Extensions team as the lead developer for [1]HTTPS Everywhere [2].

[1] https://www.eff.org/https-everywhere
[2] https://www.eff.org/https-everywhere

* Civil Liberties Staff Attorney
EFF is looking to hire an experienced litigator with an unshakeable sense of
justice and Fourth Amendment expertise to join our civil liberties team.


: . : . : . : . : . : . : . : . : . : . : . : . : . : . :


- For $179 and a Biometric Scan of Your Face, You Can Skip the Line at Sea-Tac Airport
Concerned about the privacy policies of services that claim to streamline
airport screening? "The biometric data concern is one tip of a very big
iceberg," said EFF's Shahid Buttar. (KUOW)


- Whistleblower Reality Winner, Charged Under the Espionage Act for Helping to Inform Public of Russian Election Meddling, Pleads Guilty
"Painted into a corner by an unjust law," that was never intended to be
applied to whistleblowers, Reality Winner has pleaded guilty to charges under
the Espionage Act. (The Intercept)


- How to Read a Privacy Policy
You might want to bookmark this: EFF Senior Staff Attorney Nate Cardozo
explains how you can read a privacy policy like a lawyer. (The Verge)


- Europe's New Link Tax Will Enshrine Big Tech's Stranglehold Over the Internet
The EU's proposed Article 11 is a copyright rule that would take away
Europeans' right to freely link to their own news sites—unless they use a
giant, probably American, service to do so. (Motherboard)


- Proposed EU Copyright Law Could Cause Problems For Fan Content In Games
The EU's proposed Article 13 wouldn't just mean upload filters for websites.
Your favorite game could be next. (Kotaku)


- Encrypted Messaging Isn't Magic
You should use encrypted messaging apps, says Lily Hat Newman. You should
also be careful about how you use them. (Wired)


: . : . : . : . : . : . : . : . : . : . : . : . : . : . :