Digital privacy, surveillance, data protection, civil liberties
Law enforcement is reportedly scanning social media for individuals who post criticism of AI data centers. This surveillance activity raises concerns about privacy and freedom of expression.
The EFF welcomes Nicole Ozer as its new Executive Director. Ozer is a legal expert with extensive experience in privacy, surveillance, and AI, and has previously worked with the ACLU of Northern California.
Russia has significantly expanded its SORM surveillance requirements, imposing stricter data retention and access mandates on telecommunications and internet service providers. This move is part of an ongoing effort to increase state control over online communications and data within the country.
A gay Palestinian asylum-seeker found Israel's system to be precarious, alleging attempts to exploit him for intelligence after fleeing persecution. The article highlights the tension between Israel's public image of LGBTQ+ rights and the treatment of queer Palestinian asylum-seekers.
California's AB 1856 proposes to exempt open-source operating systems from the age-gating requirements of AB 1043, but it also expands these requirements to web browsers and websites. The Electronic Frontier Foundation (EFF) opposes the bill, arguing that the expanded age-gating harms users' speech, privacy, and anonymity, and continues to disproportionately burden open-source developers.
U.S. Immigration and Customs Enforcement (ICE) has awarded a $25 million contract for a biometric scanner system that will collect iris and facial scans. The system, developed by Idemia Identity & Security, is intended to improve border security and identify individuals entering the country.
California's Attorney General has filed a lawsuit against 23andMe following a 2023 data breach that exposed customer health and genetic information. The lawsuit alleges that the company failed to implement adequate security measures to protect this sensitive data.
A Google security engineer has been charged with insider trading. The engineer allegedly used confidential company information to gain an advantage on the Polymarket decentralized prediction market, resulting in $1.2 million in winnings. This case highlights the intersection of employee access, financial markets, and the potential for misuse of privileged information.
Communities across the US are protesting the rapid construction of AI data centers, voicing concerns that have escalated from local zoning issues to national political debates. Residents are demanding moratoriums on new data center development as these facilities proliferate.
US lawmakers are urging the Department of Defense (DoD) to implement stricter controls on troops' smartphones. This comes after reports revealed that commercial location data, often collected and sold by third-party apps, was exploited by foreign adversaries to track military personnel. The current regulations are deemed insufficient to prevent such breaches of sensitive information.
The article argues that online age verification schemes, despite good intentions, create significant privacy and security risks by forcing users to submit sensitive personal information. Centralized data from these schemes becomes a prime target for leaks and hacks, with past incidents already demonstrating these dangers.
A Canadian man has been sentenced to 33 years in prison for orchestrating an eight-year sextortion scheme that targeted over 145 children in the United States. The victims ranged in age from as young as six years old, highlighting the severe impact of such crimes.
New EU rules for accessing documents, intended to increase transparency, could paradoxically reduce it by creating loopholes that allow public bodies to refuse requests. This is particularly concerning for large tech companies, who may exploit these new provisions to shield their internal operations and data from public scrutiny.
Researchers have discovered a new method for websites to monitor user activity by analyzing their Solid State Drive (SSD) behavior through JavaScript in the browser. This technique leverages the timing differences in SSD read/write operations to infer user actions, potentially creating a new avenue for invasive tracking.
An EFF analysis of Flock Safety automated license plate reader (ALPR) data revealed that law enforcement is increasingly using these systems for low-level investigations, such as verifying school residency, conducting background checks, and investigating noise complaints, due to the absence of warrant requirements for database searches. This widespread use goes beyond the stated purpose of solving high-stakes crimes and amplifies surveillance through broad data sharing among agencies.
Researchers are exploring WiFi sensing technology, which uses WiFi signals to infer information about a physical environment, including the presence and movement of people. By analyzing how WiFi signals interact with objects and individuals, details about the surrounding space can be deduced.
Nigel Farage, a prominent UK politician, has claimed that Russia hacked his phone to obtain information about a £5 million gift he received. However, cybersecurity experts are skeptical, stating that they have yet to see any concrete evidence to support these allegations.
The Texas Attorney General has filed a lawsuit against Meta, alleging that WhatsApp does not provide true end-to-end encryption. Critics, including a US Senate candidate, have pointed out a lack of factual support for the claims made in the lawsuit.
This article discusses how various groups, including those leveraging AI, cryptocurrency, and gambling, are using front organizations to obscure their significant spending in elections. The Intercept staff are analyzing this trend in election news.
Politicians in Australia are reportedly considering ditching the encrypted messaging app Signal for domestically developed applications. This move is driven by concerns over foreign ownership and potential data access by foreign governments. The shift aims to bolster national security and data sovereignty.
EPIC, along with over 40 civil society groups, is urging the U.S. House Committee on Transportation and Infrastructure to ban the use of automatic license plate readers (ALPRs) except for tolling purposes. This push is in response to the increasing prevalence of ALPR surveillance technology and is part of an amendment to the Highway Bill.
EPIC and other child safety organizations have urged the FTC to investigate Roblox for its use of manipulative design features that exploit children. The request highlights how Roblox's design makes it difficult for children to log off, encourages spending of real money, and uses chat features that expose children to risks of predation and abuse.
EPIC has submitted comments to CalPrivacy, urging the agency to ensure privacy policies are accessible and free from dark patterns. The organization advocates for policies that clearly link to actionable steps for Californians to exercise their privacy rights under state law.
The EFFector newsletter issue 38.10 highlights advancements and challenges in end-to-end encrypted messaging, emphasizing its role in protecting digital conversations from eavesdropping by companies and governments. The newsletter also touches upon issues like social media bans for youth and Canada's surveillance bill, and features a podcast discussing both positive steps and disappointments in encrypted messaging.
EPIC has released a new report titled "Good Luck Opting Out: Manipulative Design Patterns in Opt-Out Processes." The report identifies manipulative design patterns used by major online platforms to make opting out of data collection and services more difficult for users. This aims to highlight privacy concerns related to user control over their data.
London's Metropolitan Police made over 700,000 requests for communications data from major technology companies in the past year. These requests, made under various legal powers, aimed to obtain information about individuals' online activities and communications. The figures highlight the significant scale of digital surveillance conducted by law enforcement.
Microsoft's Israel chief has departed following ethical controversy over the company's business with the Israeli Ministry of Defense. This comes after reports that Microsoft technologies were used in surveillance and targeting operations, potentially violating the company's own human rights standards. Microsoft had previously suspended certain services amid these concerns, indicating a step toward accountability.
EPIC and a coalition of civil society groups are urging state attorneys general to take legal action against Apple and Google. The groups accuse the tech giants of profiting from and enabling the proliferation of deepfake 'nudify' applications on their app stores.
This article from EFF Deeplinks criticizes tech corporations like Meta, Google, and Palantir for privacy-invasive practices and breaking user trust. It highlights EFF's work in holding these companies accountable through lawsuits, developing privacy-enhancing software, and advocating for stronger privacy laws.
The EFF has updated its privacy policy, introducing an opt-in system for email tracking. This allows users to explicitly consent to the organization tracking whether they open emails and click on links, which helps EFF gauge campaign effectiveness and prioritize strategies. The EFF emphasizes that this is a consensual tracking method, differentiating it from the ubiquitous, non-consensual tracking prevalent online.
The EFF has released a new guide, "Tackling Arbitrary Digital Surveillance in the Americas," to combat systematic human rights violations stemming from state digital surveillance abuses in the region. The guide offers concrete, actionable guidance based on human rights norms to governments, outlining necessary safeguards and institutional measures to protect individuals from pervasive and arbitrary surveillance practices.
Several new healthcare data breaches have been reported, impacting hundreds of thousands to millions of individuals. These incidents have been officially logged on the HHS tracker.
The Polish government has instructed its officials to stop using the Signal messaging app due to concerns about potential social engineering attacks targeting high-ranking individuals. Officials are directed to switch to a domestically developed secure communication alternative.
Mozilla is warning the UK government against plans to mandate VPN providers block access to age-verified adult content. The company argues that VPNs are essential security tools for protecting user privacy and anonymity online, not tools for circumventing age verification. Mozilla suggests that breaking VPN functionality would undermine fundamental internet security for all users.
EPIC Counsel Suzanne Bernstein testified before the New Jersey Assembly Commerce and Economic Development Committee in support of AB 4085. This bill aims to protect New Jersey consumers from surveillance pricing.
Privacy International has submitted a report to the UN High Commissioner for Human Rights concerning the protection of human rights defenders in the digital age. The submission highlights the increasing digital threats faced by these individuals and calls for stronger measures to safeguard their privacy and security online.
This article analyzes a new U.S. counterterrorism strategy, highlighting how its implementation could potentially increase risks for individuals. The White House document outlines the government's approach to domestic counterterrorism efforts.
This article discusses the potential negative impacts of Generative AI, specifically Grok AI, on individuals and society. It highlights concerns about the collection and use of personal data for training AI models and the potential for these models to perpetuate biases or cause harm, even if unintended.
A UK parliamentary committee has expressed concerns that the current online safety regime is inadequately protecting children on social media platforms. The committee is urging ministers to treat social media companies with greater scrutiny, comparing them to the regulation of unsafe children's toys.
The EFF is seeking support to combat online tracking, which fuels both commercial surveillance and government data collection. Their work includes advocating for stronger privacy laws, pursuing consumer rights in court, investigating the impact of surveillance technologies, and developing tools like Privacy Badger to block trackers.
Instagram has discontinued its opt-in end-to-end encryption feature for direct messages, abandoning a promise made by Meta to offer this privacy protection across its platforms. Meta cited low user adoption as the reason for the reversal, despite the opt-in process being complex and obscure.
Messaging app Signal has implemented new in-app security warnings to protect users from social engineering and phishing attacks. These warnings aim to prevent various forms of fraud by alerting users to potentially malicious interactions.
Apple has begun rolling out iOS 26.5, which enables end-to-end encryption for Rich Communication Services (RCS) messages between Android and iPhone devices. This update means conversations in default chat apps will be protected, preventing Google, Apple, and carriers from accessing message content, though metadata may still be collected.
The EFF is launching an offline campaign for Osama Khalid, a Saudi Wikipedian and advocate for internet freedom who was sentenced to 14 years in prison for sharing information online that conflicted with official narratives. Khalid's Wikipedia contributions and blog posts covered critical human rights issues and criticized government surveillance plans.
This article discusses the increasing prevalence of internet shutdowns implemented by governments and the impact on human rights, citing examples in Iran, Venezuela, India, and Syria. It highlights how these shutdowns can precede acts of violence and disrupt access to essential information and communication services.
Apple and Google are rolling out end-to-end encryption (E2EE) for cross-platform messaging, enabling secure communication between iPhone and Android users. This move aims to enhance privacy and security by protecting message content from intermediaries.
Apple has released iOS 26.5 with beta support for end-to-end encrypted Rich Communication Services (RCS) messaging. This initiative aims to replace traditional SMS with a more secure alternative, with E2EE RCS rolling out to iPhone and Android users under specific conditions.
General Motors has agreed to a proposed $12.75 million settlement with California over allegations of violating the California Consumer Privacy Act (CCPA). The lawsuit claimed that GM illegally sold drivers' data without proper consent. This settlement addresses concerns about how personal data is collected, shared, and protected.
Canada's Bill C-22, also known as The Lawful Access Act, is a proposed law that would require digital services to retain user metadata for one year and allow the Minister of Public Safety to demand backdoors for law enforcement access to data. Privacy advocates argue this bill erodes digital rights and could lead to increased data breaches due to expanded surveillance.
The EFF has filed an amicus brief urging the Fourth Circuit to require warrants for border searches of electronic devices, citing the Fourth Amendment. This case, U.S. v. Belmonte Cardozo, involves a warrantless search of a U.S. citizen's phone at Dulles airport, leading to his conviction. The EFF argues that the increasing number of such searches represents a significant invasion of privacy.
