Protecting personal information in the digital age | EFFector 30.15 - Admin

6 Oct 2017


      _______  _______  _______                                 
(_______)(_______)(_______)               _                
 _____    _____    _____  _____   ____  _| |_  ___    ____ 
|  ___)  |  ___)  |  ___)| ___ | / ___)(_   _)/ _ \  / ___)
| |_____ | |      | |    | ____|( (___   | |_| |_| || |    
|_______)|_|      |_|    |_____) ____)   __)___/ |_|
EFFector Vol. 30, No. 12  Thursday, October 5, 2017  editor@eff.org
A Publication of the Electronic Frontier Foundation
ISSN 1062-9424
effector: n, Computer Sci. A device for producing a
desired change.
: . : . : . : . : . : . : . : . : . : . : . : . : . : . :
In our 725th issue:
* No Airport Biometric Surveillance
Facial recognition, fingerprinting, and retina scans--the
government could extract all of these and more from
travelers at checkpoints throughout domestic airports.
The TSA Modernization Act (S. 1872) would authorize the
U.S. Transportation Security Administration and U.S.
Customs and Border Protection (CBP) to deploy "biometric
technology to identify passengers" throughout our nation's
airports, including at "checkpoints, screening lanes, [and]
bag drop and boarding areas."
Today, CBP is subjecting travelers on certain outgoing
international flights to facial recognition screening. The
bill would expand biometric screening to domestic flights
as well, and would increase the frequency that a traveler
is subjected to biometric screening (not just once per
trip).
EFF opposes S. 1872 as well as similarly invasive data
collection bills S. 1757 and H.R. 3548., both of which
target U.S. borders.
Read more:
https://www.eff.org/deeplinks/2017/10/no-airport-biometric-surveillance
* Phish for the Future
"Phish For The Future", an advanced persistent
spearphishing campaign targeting digital civil liberties
activists at Free Press and Fight for the Future, appears
to have been aimed at stealing credentials for various
business services including Google, Dropbox, and LinkedIn.
We were unable to determine what the secondary goal of the
campaign was after the credentials were stolen. The
attackers were remarkably persistent, switching up their
attacks after each failed attempt and becoming increasingly
creative with their targeting over time.
Although this phishing campaign does not appear to have
been carried out by a nation-state actor and does not
involve malware, it serves as an important reminder that
civil society is under attack.
It is our recommended best practice to secure all accounts
with two-factor authentication so that trusted compromised
accounts can't be used in the service of more effective
spearphishing attacks.
Read more:
https://www.eff.org/deeplinks/2017/09/phish-future
: . : . : . : . : . : . : . : . : . : . : . : . : . : . :
EFF Updates
* No Justification for Spanish Internet Censorship During
  Catalonian Referendum
The Spanish government censored the Internet with ruthless
efficiency before and during the referendum vote on
Catalonian independence on October 1.
Examples of overreach include a censorship order blocking
current and future referendum-related content publicized on
any social network by a member of the Catalonian
Government, as well as a court order requiring Google to
remove a voting app from the Google Play app store. On the
day of the referendum itself, the Internet was shut down at
polling places.
The Spanish government's censorship of online speech during
the Catalonian referendum period is wildly disproportionate
and overbroad.
https://www.eff.org/deeplinks/2017/10/no-justification-spanish-internet-cens...
* Will the Equifax Data Breach Finally Spur the Courts to
  Recognize Data Harms?
This summer 143 million Americans had their most sensitive
information breached from Equifax's database. Misuse of
this data can lead to financial devastation or, if a
criminal uses stolen information to commit fraud, can lead
to the breach victim being arrested and prosecuted.
Courts, too narrowly focused on financial losses directly
traceable to a breach, too often dismiss lawsuits based on
a cramped view of what constitutes "harm." So far, the
federal bills being floated in response to the Equifax
breach and earlier breaches do not remove the obstacles to
victims bringing legal claims.
https://www.eff.org/deeplinks/2017/09/will-equifax-data-breach-finally-spur-...
* Google Will Survive SESTA. Your Startup May Not.
In response to the suggestion that members of Congress
should consider how SESTA might affect small Internet
startups, not just giant companies like Google and
Facebook, Sen. Richard Blumenthal's (D-CT) response was "I
believe that those outliers--and they are outliers--will be
successfully prosecuted, civilly and criminally under this
law."
In that unusual moment of candor, Sen. Blumenthal seemed to
lay bare his opinions about Internet startups--he thinks of
them as unimportant outliers and would prefer that the new
law put them out of business.
Internet startups would take the much greater hit from
SESTA than large Internet firms would, but ultimately,
those most impacted would be users themselves.
https://www.eff.org/deeplinks/2017/09/google-will-survive-sesta-your-startup...
* Apple Does Right By Users and Advertisers Are Displeased
With the new Safari 11 update, Apple addresses how your
browsing habits are tracked and shared with parties other
than the sites you visit. In response, Apple is getting
criticized by the advertising industry for "destroying the
Internet's economic model."
Safari has been blocking third-party cookies by default
since releasing Safari 5.1 in 2010. The new Safari update,
with Intelligent Tracking Prevention, closes loopholes
around third-party cookie-blocking by using machine
learning to distinguish the sites a user has a relationship
with from those they don't, and treating the cookies
differently based on that.
https://www.eff.org/deeplinks/2017/09/apple-does-right-users-wrong-advertise...
* Azure Confidential Computing Heralds the Next Generation
  of Encryption in the Cloud
The new gold standard for cloud application encryption will
soon be the cloud provider never having access to the
user's data--not even while performing computations on it.
Microsoft has become the first major cloud provider to
offer developers the ability to build their applications on
top of Intel's Software Guard Extensions (SGX) technology,
making Azure "the first SGX-capable servers in the public
cloud." Azure customers in Microsoft's Early Access program
can now begin to develop applications with the
"confidential computing" technology.
The underlying technology is not yet perfect, but it's
efficient enough for practical usage, stops whole classes
of attacks, and is available today. Secure enclaves have
the potential to be a new frontier in offering users
privacy in the cloud.
https://www.eff.org/deeplinks/2017/09/azure-confidential-computing-heralds-n...
: . : . : . : . : . : . : . : . : . : . : . : . : . : . :
miniLinks
~ First Open-Access Data From Large Collider Confirm
  Subatomic Particle Patterns
For the first time, independent physics researchers have
uncovered a new method to explain particle behavior using
publicly-available data. (Phys.org)
https://phys.org/news/2017-09-open-access-large-collider-subatomic-particle....
~ Challenge to Data Transfer Tool Used by Facebook Will Go
  to Europe’s Top Court
Due to concerns over the U.S. government's mass
surveillance programs, the European Court of Justice is now
tasked with determining if EU citizens' privacy rights are
sufficiently protected during Facebook data transfers.
(TechCrunch)
https://techcrunch.com/2017/10/03/challenge-to-data-transfer-tool-used-by-fa...
: . : . : . : . : . : . : . : . : . : . : . : . : . : . :
Announcements
* Launch Event Hosted by IntrusiveTech
A local community group in the Electronic Frontier Alliance
will host an introductory meeting in New York City, NY on
October 9.
https://www.eff.org/event/launch-event-hosted-intrusivetech
* Discussion Hosted by EFF-Austin
A local community group in the Electronic Frontier Alliance
will host an informative discussion in Austin, TX on
October 9.
https://www.eff.org/event/discussion-hosted-eff-austin-0
* Discussion Hosted by Electronic Frontiers Georgia
A local community group in the Electronic Frontier Alliance
will host a discussion on October 12 about Section 230, the
law that makes modern online community possible, and the
latest threat to it. EFF's Elliot Harmon will give a
presentation remotely.
https://www.eff.org/event/fight-over-sesta-defending-online-speech-and-commu...
* EFF in Rapid City, SD
Join Indivisible Rapid City, Queer South Dakota, and EFF's
Elliot Harmon on October 17 for a discussion about the
latest threat to online community and how you can get
involved.
https://www.eff.org/event/fight-over-sesta-keeping-marginalized-voices-onlin...
* EFF in Mountain View, CA
EFF's Cindy Cohn will participate in a conversation with
technology writers and other thought leaders regarding the
impact of the iPhone on our economy and society on October
18 at the Computer History Museum.
https://www.eff.org/event/putting-new-world-your-hands-impact-iphone-our-eco...
* EFF at Data Demo Day in Sacramento, CA
EFF is a co-sponsor of the Data Coalition's third annual
California Data Demo Day on October 19 at the Capitol Event
Center in Sacramento. The event will bring together state
agency officials and legislators to explore the benefits of
open data, inside and outside government.
https://www.eff.org/event/california-data-demo-day
* EFF in Sioux Falls, SD
Join EFF's Elliot Harmon on October 19 for an informal
discussion on important digital rights issues coming up in
Congress this year, as well as ways that South Dakotans can
get involved with the fight for free expression, privacy,
and innovation online.
https://www.eff.org/event/defending-our-rights-changing-digital-world
* EFF at Bioneers in San Rafael, CA
Join Democracy Now!'s Amy Goodman, EFF's Cory Doctorow, and
EFF's Danny O'Brien for a discussion about the importance
of independent media and an open Internet at the National
Bioneers Conference on October 21.
https://www.eff.org/event/fighting-pillars-democracy-independent-media-and-o...
* EFF at All Things Open in Raleigh, NC
On October 23 & 24 EFF will host a booth at All Things
Open, the annual gathering of free and open source software
developers. EFF's Elliot Harmon will give a presentation on
how coders can fight back against DRM on October 24.
https://www.eff.org/event/eff-all-things-open
* EFF at Open Access Symposium in Stony Brook, NY
EFF's Elliot Harmon will give a keynote presentation on
reclaiming open access' place in academia at the Stony
Brook University Open Access Symposium on October 27.
https://www.eff.org/event/stony-brook-university-open-access-symposium
* EFF at Copyright Symposium in Provo, UT
EFF's Mitch Stoltz will be participating in a debate on
fair use in copyright at the BYU Copyright Symposium on
November 3.
https://www.eff.org/event/fair-use-debate-byu-copyright-symposium
* Job Opening: Staff Technologist
EFF is seeking a staff technologist or senior staff
technologist to join our Technology Projects team. The
role's primary responsibility will be working on one of
EFF's technical projects, which may require a basic
familiarity with web cryptography and other web
technologies. All projects are open source and have active
community contributors.
https://www.eff.org/opportunities/jobs/staff-technologist-0
* Job Opening: Web Developer
EFF is seeking a web developer to join our Engineering &
Design team. The ideal candidate has strong programming
skills with one of our server-side languages (Python, PHP,
JavaScript, or Ruby), familiarity with HTML, CSS, and
client-side JavaScript, and a love of free and open-source
software.
https://www.eff.org/opportunities/jobs/senior-software-engineer
: . : . : . : . : . : . : . : . : . : . : . : . : . : . :
Our members make it possible for EFF to bring legal and technological 
expertise into crucial battles about online rights. Whether defending 
free speech online or challenging unconstitutional surveillance, your 
participation makes a difference. Every donation gives technology users 
who value freedom online a stronger voice and more formidable advocate.
If you aren't already, please consider becoming an EFF member today.
Donate: https://supporters.eff.org/join/effector
: . : . : . : . : . : . : . : . : . : . : . : . : . : . :
* Administrivia
Editor:
Camille Ochoa, Activist
 editor@eff.org
EFFector is published by:
The Electronic Frontier Foundation
https://www.eff.org/
Membership & donation queries:
 membership@eff.org
General EFF, legal, policy, or online resources queries:
 info@eff.org
Reproduction of this publication in electronic media is
encouraged. MiniLinks do not necessarily represent
the views of EFF.
Back issues of EFFector are available via the Web at:
https://www.eff.org/effector/
Unsubscribe from future mailings or change your email preferences: https://supporters.eff.org/update-your-preferences?cid1=2061725&cs=580a0...
Opt out of all EFF email: https://supporters.eff.org/civicrm/mailing/optout?reset=1&jid=25286&...
815 Eddy Street
San Francisco, CA 94109-7701
United States