Inside the EFF
Mike Saunders investigates how the Electronic Frontier Foundation (EFF) is protecting us from dodgy megacorps and surveillance-happy governments.
Our freedom to share information, speak our minds, come up with new ideas and keep our lives private is being threatened. Governments are continually seeking new ways to monitor what we’re doing, while big businesses are constantly trying to lock us into their products. Bit by bit, our freedoms are being eroded.
Popular media often makes comparisons between our current situation and George Orwell’s 1984, which many people find hyperbolic. But think about it for a minute: governments are tapping our phone lines, reading our emails, and watching our online movements. Social media sites and search engines are building up giant databases of our browsing and purchasing habits. And all of this takes place against a backdrop of perpetual so-called terrorist threats, politicians in bed with media executives, and an ultra-wealthy elite getting even richer.
Keep your eyes peeled
So it pays to be vigilant – perhaps even a tiny bit paranoid. Airstrip One wasn’t built in a day, nor will a total police state suddenly appear overnight. But times are changing, the threats to our freedom are coming from every direction, and fighting this battle demands a great deal of persistence and determination. One group firmly on our side is the EFF.
The Electronic Frontier Foundation’s goal is “defending your rights in the digital world”, and its activities span the full gamut of freedom fighting: providing help with court cases; issuing white papers that explain current threats; running campaigns to spread awareness of various issues; and developing technologies that make our online activities safer from prying eyes. It’s a non-profit, donation-supported organisation based in San Francisco with an impressive staff roster (see www.eff.org/about/staff), including attorneys, analysts and activists – and generally with a strong pro-free software and pro-GNU/Linux culture.
Read on to find out how the EFF came together, what it has done so far, and how it’s preparing for upcoming battles.
The Electronic Frontier Foundation is made up of superheroes who wear their underpands on the outside of their trousers. Fact.
Inside the EFF
Taking on the United States Secret Service is a pretty risky venture... But that’s exactly what the EFF did, shortly after it was founded in July 1990. The Secret Service had raided a small videogames book publisher, looking for a stolen technical document that might fall into the wrong hands. Ultimately, it found no evidence to press charges, but the publisher ended up facing bankruptcy, after having its computers seized, missing deadlines, and being forced to lay off staff. Worst of all, the Secret Service erased much of the publisher’s valuable data.
A group of civil liberty-aware geeks – who had seen similar instances of rights being trampled on in the growing digital and online world – caught wind of this. So Mitch Kapor (founder of Lotus and later chair of the Mozilla Foundation), John Perry Barlow (former Grateful Dead lyricist), and John Gilmore (an early Sun Microsystems employee) founded the EFF, taking extra funding from Apple co-founder Steve Wozniak. Their first major task was to support the publisher in a lawsuit against the Secret Service.
In the end, the publisher won two of the three counts, $50,000 in damages and $250,000 in attorney’s fees. Most importantly, however, the issue of whether electronic communication deserves the same legal protection as other forms of communication (such as telephone calls) came to the forefront. The court ruled that the Secret Service had no right to access the publisher’s emails without a search warrant that specifically referred to the emails, setting a precedent that remains today.
The EFF went on to assist in many other cases, as we’ll see over the page, and its scope broadened as internet usage skyrocketed and new problems emerged in the 1990s. Today, Gilmore and Barlow remain on the EFF’s Board of Directors, joined by other famous names, such as Brian Behlendorf, early Apache developer, interviewed in LXF80, (Apache Angel, p48) and John Buckman (founder of music service Magnatune). Together they oversee a team of 44, with tens of thousands of supporters around the globe.
Cut-out-and-keep ‘win the argument’ guide
A lot of well-meaning types think that this is all a big hoo-hah and we don’t need such strong defensive measures. Here are the arguments they typically use, and ammunition against them.
- “I’m not afraid of Government X or Company Y!”
- Good for you, but you don’t know what X or Y will become in the future. You might have a decent government at the moment, but what happens with all the data they’re collecting about you when someone else takes power? Would you still want all of these surveillance laws and communication monitoring techniques in place when a party that you deeply dislike takes over? The same applies with companies – you might think Company Y is doing well currently with privacy issues and your data, but how will it behave in 10 years with a completely different set of top management?
- "If you’re doing something online that you don’t want people to know about, maybe you shouldn’t do it in the first place.”
- We all have a right to privacy, and there are plenty of legal, valid reasons why you’d want to do things on the net without being tracked and monitored. You might want to look up an awkward health problem, for instance, without related adverts appearing everywhere in the future. You might want to secretly book a holiday or buy a gift for a loved one and leave no trace of the purchase until the surprise moment. Perhaps you want to research something politically or historically sensitive, without red lights going off at government HQ.
- “If Company X starts screwing me over, I’ll just move to Company Y.”
- If only life were that simple. This isn’t like changing to a different shop for your groceries – it can be extremely complicated. What happens to all of the books and music you bought from X, which only work on X’s devices? Can you easily get all of your data out and easily import it into Y? What happens to all the profiling data that X gathered about you over the years – can you easily get it deleted? It’s rarely this simple.
- “Oh no! Won’t somebody PLEASE think of the children!”
- Calm down. I’ll make you a lovely cup of tea.
How does the EFF choose to provide legal assistance? After all, it doesn’t have infinite time or funding, and there are countless areas in which it could get involved. EFF staffers monitor firstname.lastname@example.org, which anyone seeking legal help can contact; whether the team choose to put the foundation’s resources behind a specific case depends on a few key points.
First, if the case will have a large impact on the law – setting a precedent for future court cases – then the EFF is more likely to get involved. Landmark cases that shape the future also help to raise awareness of the foundation’s work. Second, if the EFF can help multiple people or groups in a case, such as filing a class action lawsuit, then that’s an important factor too. And finally, the EFF is particularly keen to help people and groups who simply can’t afford the vast legal fees involved.
Sometimes the EFF has been criticised for being quiet on an issue, especially if a major development relating to digital rights has taken place, and half of the internet is engaged in major flame wars about it. But the EFF has to play a canny, gently paced game: “The worst thing we could do is to talk publicly before a legal strategy is in place.” So next time you see some dodgy freedom-limiting behaviour from a government or company, and there’s not a whisper from the EFF straight away, the foundation could still be investigating.
EFF supported software projects aimed at protecting your freedom
HTTPS Everywhere www.eff.org/https-everywhere
This Firefox and Chrome web browser extension tries to use HTTPS (secure) connections wherever possible, even when sites normally default to plain HTTP. This encrypts the data transfer between your computer and remote websites. Not all sites support HTTPS, or at least for every page, so you can disable the extension for selected sites via an icon click.
A brilliant (and frankly, very scary) web page which shows just how much information your browser gives away to websites. Even if you have cookies disabled, websites may still be able to identify and track you based on a combination of data from your browser, such as the user agent string, plugin versions, screen size and installed fonts. This is your ‘browser fingerprint’, and if nobody else shares it on the internet, you’re very easy to track.
Some ISPs have been known to interfere with their customer’s connections, trying to restrict the use of certain technologies such as BitTorrent. Switzerland lets you test the integrity of connections between two machines on the internet, alerting you if IP data packets have been modified along the way.
Who reads website terms-of-service agreements? They’re usually thousands of words long and full of incomprehensible legal babble designed to make lawyers feel good about themselves. This website, albeit currently undergoing a major revamp, shows you when major online services change their TOS agreements, highlighting the exact parts that could affect you. So if you hear that Facebook is changing its TOS, for instance, but you don’t want to wade through the whole text looking for the differences, this site can help.
Panoptickick is an experiment to gauge online tracking and protect against it.
EFF’s biggest wins
Throughout its history, the EFF has gotten involved in some major tussles and come out on the winning side. Here’s a selection of the best.
In the mid 2000s, Apple rumour websites were having the time of their lives. Apple’s notorious secrecy, combined with its expanding range of iGadgets, meant that leaks of product information were in great demand by these rumour sites. Occasionally, intriguing facts and photos somehow slipped out of Apple HQ, which were then hard to cover up.
Now, Apple didn’t like any of this, and filed a lawsuit against a bunch of online journalists, issuing subpoenas to find the identity of sources behind certain leaks. The EFF got involved and represented the journalists, stating that they had a right to keep their sources confidential.
Eventually, they ruled in the EFF’s favour, providing the journalists with protection against Apple’s subpoenas. A big win for independent media.
In 2005, Sony started distributing music CDs that also contained Windows software to implement copy protection and Digital Rights Management. The programs installed hidden files, sent information back over the internet about usage of the CDs, and opened up computers to potential security holes. The whole idea was utterly disastrous from the start, yet Sony managed to ship 22 million CDs with these highly controversial programs included.
It didn’t take long for a scandal to emerge, and Sony initially rebuffed the criticism, saying that the programs didn’t compromise security. After a while, however, Sony agreed to withdraw the CDs, but it was only after an EFF lawsuit that the company took some proper steps to clean up the damage, offering uninstallers and pointing users in the direction of support, if they were struggling to remove the program.
vs various government agencies
One particularly nasty proposal in the early 2000s was the ‘broadcast flag’, from the US Federal Communications Commission (FCC). Essentially, this was a status code that broadcasters could send to home recording devices, telling them that they couldn’t record certain programmes. This took control out of the hands of consumers, who had bought hardware and software for recording video, and handed control to the media empires. In a court case, the EFF argued that the FCC should not be able to regulate what happens in our TVs and computers once they have received a broadcast signal, and the court agreed. This was an important step in asserting the rights we have to use and control the products that we buy.
Meanwhile, for many years the US Justice Department had been employing some very questionable surveillance techniques, such as monitoring the locations of suspects’ mobile phones without sufficient warrants. The EFF has taken up the fight here, advising judges that they shouldn’t grant such far-reaching and highly intrusive warrants without first being shown ‘probable cause’ of a crime – that is, a reasonable likeliness that a crime is being committed. It’s an ongoing battle, but vital for protecting us against a creepy, Big Brother-esque state.
The (best/worst) is yet to come...
Rebecca Jeschke is the EFF’s media relations director, and also a digital rights analyst for the foundation. We caught up with her to see what the future holds…
LXF: What, in your opinion, do we need to be concerned about in the next few years?
RJ: One big thing to watch over the next couple of years is the US government’s extensive attempts to grab for big data. We already know the NSA (National Security Agency) is collecting massive amounts of internet activity data through new spying facilities (http://tinyurl.com/c8fk466, http://tinyurl.com/buttjre) and there are calls to make everything that is online more easily wiretapped by the authorities (http://tinyurl.com/cv5yn52).
And the US government doesn’t need to do all the collecting itself – you only have to look at the law enforcement support for CISPA, a bill that would grant companies more power to obtain ‘threat’ information (such as from the private communications of users) and to disclose that data to the government without a warrant – including sending data to the National Security Agency. Needless to say, while these are US practices they will still affect people all over the world.
LXF: And how about with companies?
RJ: Third parties like Facebook and Twitter know so much about us already – and they’ll only know more soon. It’s really important to protect this information from indiscriminate collection and use. We’re not saying that law enforcement shouldn’t get access to it, but the government should have to get a warrant in most cases and have the collection supervised by a judge. People who don’t want their lives to be an open book should make sure their lawmakers know where they stand. We’ve had a strong push-back about CISPA in the US, and we believe that’s one reason it may have stalled in the Senate for now.
You should follow us on Identi.ca or Twitter