In our 725th issue:
Facial recognition, fingerprinting, and retina scans—the government could extract all of these and more from travelers at checkpoints throughout domestic airports.
The TSA Modernization Act (S. 1872) would authorize the U.S. Transportation Security Administration and U.S. Customs and Border Protection (CBP) to deploy "biometric technology to identify passengers" throughout our nation's airports, including at "checkpoints, screening lanes, [and] bag drop and boarding areas."
Today, CBP is subjecting travelers on certain outgoing international flights to facial recognition screening. The bill would expand biometric screening to domestic flights as well, and would increase the frequency that a traveler is subjected to biometric screening (not just once per trip).
EFF opposes S. 1872 as well as similarly invasive data collection bills S. 1757 and H.R. 3548., both of which target U.S. borders.
"Phish for the Future", an advanced persistent spearphishing campaign targeting digital civil liberties activists at Free Press and Fight for the Future, appears to have been aimed at stealing credentials for various business services including Google, Dropbox, and LinkedIn. We were unable to determine what the secondary goal of the campaign was after the credentials were stolen. The attackers were remarkably persistent, switching up their attacks after each failed attempt and becoming increasingly creative with their targeting over time.
Although this phishing campaign does not appear to have been carried out by a nation-state actor and does not involve malware, it serves as an important reminder that civil society is under attack.
It is our recommended best practice to secure all accounts with two-factor authentication so that trusted compromised accounts can't be used in the service of more effective spearphishing attacks.
EFF Updates
No Justification for Spanish Internet Censorship During Catalonian Referendum
The Spanish government censored the Internet with ruthless efficiency before and during the referendum vote on Catalonian independence on October 1.
Examples of overreach include a censorship order blocking current and future referendum-related content publicized on any social network by a member of the Catalonian Government, as well as a court order requiring Google to remove a voting app from the Google Play app store. On the day of the referendum itself, the Internet was shut down at polling places.
The Spanish government's censorship of online speech during the Catalonian referendum period is wildly disproportionate and overbroad.
Will the Equifax Data Breach Finally Spur the Courts to Recognize Data Harms?
This summer 143 million Americans had their most sensitive information breached from Equifax's database. Misuse of this data can lead to financial devastation or, if a criminal uses stolen information to commit fraud, can lead to the breach victim being arrested and prosecuted.
Courts, too narrowly focused on financial losses directly traceable to a breach, too often dismiss lawsuits based on a cramped view of what constitutes "harm." So far, the federal bills being floated in response to the Equifax breach and earlier breaches do not remove the obstacles to victims bringing legal claims.
Google Will Survive SESTA. Your Startup May Not.
In response to the suggestion that members of Congress should consider how SESTA might affect small Internet startups, not just giant companies like Google and Facebook, Sen. Richard Blumenthal's (D-CT) response was "I believe that those outliers—and they are outliers—will be successfully prosecuted, civilly and criminally under this law."
In that unusual moment of candor, Sen. Blumenthal seemed to lay bare his opinions about Internet startups—he thinks of them as unimportant outliers and would prefer that the new law put them out of business.
Internet startups would take the much greater hit from SESTA than large Internet firms would, but ultimately, those most impacted would be users themselves.
Apple Does Right By Users and Advertisers Are Displeased
With the new Safari 11 update, Apple addresses how your browsing habits are tracked and shared with parties other than the sites you visit. In response, Apple is getting criticized by the advertising industry for "destroying the Internet's economic model."
Safari has been blocking third-party cookies by default since releasing Safari 5.1 in 2010. The new Safari update, with Intelligent Tracking Prevention, closes loopholes around third-party cookie-blocking by using machine learning to distinguish the sites a user has a relationship with from those they don't, and treating the cookies differently based on that.
Azure Confidential Computing Heralds the Next Generation of Encryption in the Cloud
The new gold standard for cloud application encryption will soon be the cloud provider never having access to the user's data—not even while performing computations on it.
Microsoft has become the first major cloud provider to offer developers the ability to build their applications on top of Intel's Software Guard Extensions (SGX) technology, making Azure "the first SGX-capable servers in the public cloud." Azure customers in Microsoft's Early Access program can now begin to develop applications with the "confidential computing" technology.
The underlying technology is not yet perfect, but it's efficient enough for practical usage, stops whole classes of attacks, and is available today. Secure enclaves have the potential to be a new frontier in offering users privacy in the cloud.
miniLinks
First Open-Access Data From Large Collider Confirm Subatomic Particle Patterns
For the first time, independent physics researchers have uncovered a new method to explain particle behavior using publicly-available data. (Phys.org)
Challenge to Data Transfer Tool Used by Facebook Will Go to Europe’s Top Court
Due to concerns over the U.S. government's mass surveillance programs, the European Court of Justice is now tasked with determining if EU citizens' privacy rights are sufficiently protected during Facebook data transfers. (TechCrunch)
Supported by Donors
Our members make it possible for EFF to bring legal and technological expertise into crucial battles about online rights. Whether defending free speech online or challenging unconstitutional surveillance, your participation makes a difference. Every donation gives technology users who value freedom online a stronger voice and more formidable advocate.
If you aren't already, please consider becoming an EFF member today.
Donate Today
Administrivia
Editor: Camille Ochoa, Activist
editor@eff.org
EFFector is a publication of the Electronic Frontier Foundation.
eff.org
Membership & donation queries: membership@eff.org
General EFF, legal, policy, or online resources queries: info@eff.org
Reproduction of this publication in electronic media is encouraged. MiniLinks do not necessarily represent the views of EFF.
Back issues of EFFector
This newsletter is printed from 100% recycled electrons.
EFF appreciates your support and respects your privacy. Privacy Policy.
Unsubscribe or change your email preferences, or opt out of all EFF email
815 Eddy Street San Francisco, CA 94109-7701 United States
|