EFF’s 2013 Holiday Wishlist
As we did last year and the year before, EFF welcomes the winter season with a new wishlist of some things we’d love to have happen for the holidays—for us and for all Internet users. These are some of the actions we’d most like to see from companies, governments, organizations, and individuals in the new year.
- Citizens, organizations, privacy officials, and governments should unite around the International Principles on the Application of Human Rights to Communications Surveillance and add their voices to declare that mass surveillance violates international human rights.
- The U.S. Congress should create a new Church Committee to find out what intelligence agencies are actually doing; since mass surveillance is a global problem, we also need parliamentary commissions of inquiry around the world to look into the same question.
- Congress should pass meaningful reform to the Computer Fraud and Abuse Act and the Electronic Communications Privacy Act.
- The Department of Justice should notify everyone who’s been convicted of a crime using evidence derived—directly or indirectly—from warrantless surveillance programs (not just a cherry-picked handful of defendants).
- All communications companies should publish transparency reports showing the scope and nature of government requests for user information. The Internet industry, led by Google, has made this a standard for corporate transparency, but telecom companies are still totally missing in action.
- All Internet sites should adopt cryptographic best practices for every connection, every time, including PFS, STARTTLS, HSTS, and encrypted traffic between data centers.
- In 2014, every certificate authority and web browser should commit to adopt Google’s Certificate Transparency system to detect and stop the issuance of fake certificates that facilitate spying on web users.
- Companies that sell books, movies, music, or other digital media should commit to the principle that if you bought it, you own it. That means no DRM and no sneaky license agreements.
- Every wireless device should let you change its MAC address (a hardware serial number), and no new technology standards should be designed to transmit any persistent hardware serial numbers over the air or on a network. (If your device keeps sending the same hardware serial number, like wifi devices and cell phones, among others, whoever’s at the other end or listening in can recognize you and track your location. Businesses and governments are already taking advantage of this to build massive databases of our devices.)
- Web sites should publish historical versions of their terms of service and privacy policies, with their effective dates, to help users understand what’s changed over time. At a bare minimum, companies like Facebook should stop blocking the Internet Archive from creating and displaying a historical record of their policies.
- Governments should come clean about how they’ve weakened computer and communications security, clean up the damage, and stop doing it.
- Companies entering the secure communications space (as well as those that have been there a while!) should explain exactly how secure they are and why. They should get public technical audits by experts and clearly explain how they handle classic, fundamental security challenges. They should clearly and publicly explain whether and to what extent they could be compelled to record or turn over user data or to help break users’ security (including by disclosing cryptographic keys or passwords, by issuing false digital certificates, or by modifying their software).
- The surveillance industry should take responsibility for ensuring that it’s not assisting mass surveillance and other human rights violations.
Find out why computer applications lag behind hardware, and how new apps could end drudgery.
Technology makes it easier than ever to play fast and loose with the truth—but easier than ever to get caught.
Researchers have discovered that the iPhone is keeping track of where you go and storing that information in a file that is stored – unencrypted and unprotected – onto any machine with which you synchronize your phone.
…While it is not unusual for cellphones to track users’ location, that information is typically kept behind a firewall and it requires a court order for others to be able to access it. This isn’t the case with this particular file, raising serious questions about privacy and security.
Your iPhone Is Tracking Your Every Move (ReadWriteWeb)
On Wednesday, January 12, 2011, the SirsiDynix corporation released a case study featuring Waubonsee Community College’s very own Todd Library. SirsiDynix is a leader in the library software industry and provides services to libraries in seventy countries. The case study highlights many of the advances in technology the Todd Library’s Technology Coordinator John Wohlers has pioneered in the past seven years. The study will be used by SirsiDynix to promote the advanced features of their products to its clients world wide.
Read the full case study at the SirsiDynix website by selecting “Academic” from the “Solutions” menu, and then following the link to “Case Studies” or by visiting the url: http://bit.ly/edLqwx .