Skip to main content
 
Security Education Companion
A free resource for digital security educators

Security News

Security News is an archive of curated EFF Deeplinks posts for trainers, technologists, and educators who teach digital security.

Issues that we track here include: country-specific policy updates on security and privacy, updates on malware and vulnerabilities, discussions on encryption and privacy-protecting tools, updates on surveillance (corporate surveillance, street-level surveillance, and mass surveillance), device searches by law and border enforcement, tracking via devices, and general digital security tips.

Responsibility Deflected, the CLOUD Act Passes

Cloud leaky 0

UPDATE, March 23, 2018: President Donald Trump signed the $1.3 trillion government spending bill—which includes the CLOUD Act—into law Friday morning.

“People deserve the right to a better process.”

Those are the words of Jim McGovern, representative for Massachusetts and member of the House of Representatives Committee on Rules, when, after 8:00 PM EST on Wednesday, he and his colleagues were handed a 2,232-page bill to review and approve for a floor vote by the...

Read More

The New Frontier of E-Carceration: Trading Physical for Virtual Prisons

Prison ankle bracelet 1b

Criminal justice advocates have been working hard to abolish cash bail schemes and dismantle the prison industrial complex. And one of the many tools touted as an alternative to incarceration is electronic monitoring or “EM”: a form of digital incarceration, often using a wrist bracelet or ankle “shackle” that can monitor a subject’s location, blood alcohol level, or breath. But even as the use of this new incarceration technology expands, regulation and oversight over it—and the...

Read More

How Congress Censored the Internet

Congress action 0
In Passing SESTA/FOSTA, Lawmakers Failed to Separate Their Good Intentions from Bad Law

Today was a dark day for the Internet.

The U.S. Senate just voted 97-2 to pass the Allow States and Victims to Fight Online Sex Trafficking Act (FOSTA, H.R. 1865), a bill that silences online speech by forcing Internet platforms to censor their users. As lobbyists and members of Congress applaud themselves for enacting a law tackling the problem of trafficking, let’s be clear:...

Read More

We Still Need More HTTPS: Government Middleboxes Caught Injecting Spyware, Ads, and Cryptocurrency Miners

Sovereign keys

Last week, researchers at Citizen Lab discovered that Sandvine's PacketLogic devices were being used to hijack users' unencrypted internet connections, making yet another case for encrypting the web with HTTPS. In Turkey and Syria, users who were trying to download legitimate applications were instead served malicious software intending to spy on them. In Egypt, these devices injected money-making content into users' web traffic, including advertisements and cryptocurrency mining...

Read More

Offline/Online Project Highlights How the Oppression Marginalized Communities Face in the Real World Follows Them Online

Facebook censorship2

People in marginalized communities who are targets of persecution and violence—from the Rohingya in Burma to Native Americans in North Dakota—are using social media to tell their stories, but finding that their voices are being silenced online.

This is the tragic and unjust consequence of content moderation policies of companies like Facebook, which is deciding on a daily basis what can be and can’t be said and shown online. Platform censorship has ratcheted up in these times of...

Read More

Geek Squad's Relationship with FBI Is Cozier Than We Thought

Geek 1 1

Update: A Best Buy spokesperson confirmed to reporters that at least four Geek Squad employees received payments from the FBI.

After the prosecution of a California doctor revealed the FBI’s ties to a Best Buy Geek Squad computer repair facility in Kentucky, new documents released to EFF show that the relationship goes back years. The records also confirm that the FBI has paid Geek Squad employees as informants.

EFF filed a Freedom of Information Act (FOIA) lawsuit...

Read More

The Revolution and Slack

Slack 1

UPDATE (2/16/18): We have corrected this post to more accurately reflect the limits of Slack's encryption of user data at rest. We have also clarified that granular retention settings are only available on paid Slack workspaces.

The revolution will not be televised, but it may be hosted on Slack. Community groups, activists, and workers in the United States are increasingly gravitating toward the popular collaboration tool to communicate and coordinate efforts. But many...

Read More

Keep Border Spy Tech Out of Dreamer Protection Bills

Border wall

UPDATE Feb. 14, 2018: Today, President Trump endorsed Sen. Grassley's bill on border and immigration issues (H.R. 2579). EFF opposes it. Like many of its predecessors, this bill would expand invasive surveillance on Americans and foreigners alike, with biometric screening, social media snooping, drones, and automatic license plates readers.

If Congress votes this month on legislation to protect Dreamers from deportation, any bill it considers should not...

Read More

ICE Accesses a Massive Amount of License Plate Data. Will California Take Action?

Sls header plain

The news that Immigrations & Customs Enforcement is using a massive database of license plate scans from a private company sent shockwaves through the civil liberties and immigrants’ rights community, who are already sounding the alarm about how mass surveillance will be used to fuel deportation efforts.

The concerns are certainly justified: the vendor, Vigilant Solutions, offers access to 6.5 billion data points, plus millions more collected by law enforcement agencies around...

Read More

Google’s Advanced Protection Program Offers Security Options For High-Risk Users

Google security

Security is not a one-size-fits-all proposition, and features that are prohibitively inconvenient for some could be critical for others. For most users, standard account security settings options are sufficient protection against common threats. But for the small minority of users who might be targeted individually—like journalists, policy makers, campaign staff, activists, people with abusive exes, or victims of stalking—standard security options won’t cut it.

For those users,...

Read More

Dark Caracal: Good News and Bad News

Dark caracal 1

Yesterday, EFF and Lookout announced a new report, Dark Caracal, that uncovers a new, global malware espionage campaign. One aspect of that campaign was the use of malicious, fake apps to impersonate legitimate popular apps like Signal and WhatsApp. Some readers had questions about what this means for them. This blog post is here to answer those questions and dive further into the Dark Caracal report.

Read the full Dark Caracal report here

First, the good news: Dark...

Read More

An Open Letter to Our Community On Congress’s Vote to Extend NSA Spying From EFF Executive Director Cindy Cohn

Paglen nsa credit 1

Dear friends,

Today, the United States Congress struck a significant blow against the basic human right to read, write, learn, and associate free of government’s prying eyes. 

Goaded by those who let fear override democratic principles, some members of Congress shuttered public debate in order to pass a bill that extends the National Security Agency’s unconstitutional Internet surveillance for six years. 

This means six more years of warrantless surveillance under...

Read More

EFF to Supreme Court: Protect the Privacy of Cross-Border Data

Database 1

Update (April 17, 2018): In light of the passage of the CLOUD Act, the Supreme Court dismissed the case as moot and vacated the lower court rulings.

The Electronic Frontier Foundation urged the Supreme Court today to hold that Microsoft cannot be forced by the U.S. government to disclose the contents of users’ emails stored on the company’s computers in Dublin, Ireland.

The stakes for user privacy in the court’s decision are extremely high. Governments around the...

Read More

How to Assess a Vendor's Data Security

Icon security 2

Perhaps you’re an office manager tasked with setting up a new email system for your nonprofit, or maybe you’re a legal secretary for a small firm and you’ve been asked to choose an app for scanning sensitive documents: you might be wondering how you can even begin to assess a tool as “safe enough to use.” This post will help you think about how to approach the problem and select the right vendor.

As every organization has unique circumstances and needs, we can’t provide definitive...

Read More

Communities from Coast to Coast Fight for Control Over Police Surveillance: 2017 in Review

Og sls 1

Americans in 2017 lived under a threat of constant surveillance, both online and offline. While the battle to curtail unaccountable and unconstitutional NSA surveillance continued this year with only limited opportunities appearing in Congress, the struggle to secure community control over surveillance by local police has made dramatic and expanding strides across the country at the local level.

In July, Seattle passed a law making it the nation’s second jurisdiction to require...

Read More

Seven Times Journalists Were Censored: 2017 in Review

Icon free speech 1 0

Social media platforms have developed into incredibly useful resources for professional and citizen journalists, and have allowed people to learn about and read stories that may never have been published in traditional media. Sharing on just one of a few large platforms like Facebook, Twitter, and YouTube may mean the difference between a story being read by a few hundred versus tens of thousands of people.

Unfortunately, these same platforms have taken on the role of censor. They...

Read More

The Supreme Court Finally Takes on Law Enforcement Access to Cell Phone Location Data: 2017 in Review

Protecting the highly personal location data stored on or generated by digital devices is one of the 21st century’s most important privacy issues. In 2017, the Supreme Court finally took on the question of how law enforcement can get ahold of this sensitive information.

Whenever you use a cell phone, whether to make calls, send or receive texts, or browse the Internet, your phone automatically generates “cell site location information” (CSLI) through its interactions with cell...

Read More

Video: How the Court System Is Abused to Chill Activist Speech

Icon free speech 1 0

One of the most pernicious forms of censorship in modern America is the abuse of the court system by corporations and wealthy individuals to harass, intimidate, and silence their critics.

We use the term “Strategic Lawsuit Against Public Participation,” more commonly known as a “SLAPP,” to describe this phenomenon.  With a SLAPP, a malicious party will file a lawsuit against a person whose speech is clearly protected by the First Amendment. The strategy isn’t to win on the legal...

Read More

EFF’s Street-Level Surveillance Project Dissects Police Technology

Sls header plain

Step onto any city street and you may find yourself subject to numerous forms of police surveillance—many imperceptible to the human eye.

A cruiser equipped with automated license plate readers (also known as ALPRs) may have just logged where you parked your car. A cell-site simulator may be capturing your cell-phone data incidentally while detectives track a suspect nearby. That speck in the sky may be a drone capturing video of your commute. Police might use face recognition...

Read More

DHS Should Stop the Social Media Surveillance of Immigrants

UPDATE: EFF joined coalition comments on October 18, 2017 in opposition to the A-File notice.

The U.S. Department of Homeland Security (DHS) last month issued a notice that it is storing social media information on immigrants, including lawful permanent residents and naturalized U.S. citizens, apparently indefinitely, in a government database that contains “Alien Files” (A-Files). This is an invasive new feature of DHS’s previously known programs on collecting social media...

Read More

Attack on CCleaner Highlights the Importance of Securing Downloads and Maintaining User Trust

Some of the most worrying kinds of attacks are ones that exploit users’ trust in the systems and softwares they use every day. Yesterday, Cisco’s Talos security team uncovered just that kind of attack in the computer cleanup software CCleaner. Download servers at Avast, the company that owns CCleaner, had been compromised to distribute malware inside CCleaner 5.33 updates for at least a month. Avast estimates that over 2 million users downloaded the affected update. Even worse, CCleaner’s...

Read More

Crossing the U.S. Border? Here’s How to Securely Wipe Your Computer

Many people crossing the U.S. border are concerned about the amount of power that the government has asserted to search and examine travelers’ possessions, including searching through or copying contents of digital devices, like photos, emails, and browsing history. The frequency of these intrusive practices has been increasing over time.

Some travelers might choose to delete everything on a particular device or disk to ensure that border agents...

Read More

No Hunting Undocumented Immigrants with Stingrays

In the latest sign of mission creep in domestic deployment of battlefield-strength surveillance technology, U.S. Immigration and Customs Enforcement (ICE) earlier this year used a cell site simulator (CSS) to locate and arrest an undocumented immigrant, according to a report yesterday by The Detroit News.

CSSs, often called IMSI catchers or Stingrays, masquerade as cell phone towers and trick our phones into connecting to them so police can track down a target. EFF has long...

Read More
Close tooltip