Skip to main content
 
Security Education Companion
A free resource for digital security educators

Security News

Security News is an archive of curated EFF Deeplinks posts for trainers, technologists, and educators who teach digital security.

Issues that we track here include: country-specific policy updates on security and privacy, updates on malware and vulnerabilities, discussions on encryption and privacy-protecting tools, updates on surveillance (corporate surveillance, street-level surveillance, and mass surveillance), device searches by law and border enforcement, tracking via devices, and general digital security tips.

Responsibility Deflected, the CLOUD Act Passes

Cloud leaky 0

UPDATE, March 23, 2018: President Donald Trump signed the $1.3 trillion government spending bill—which includes the CLOUD Act—into law Friday morning.

“People deserve the right to a better process.”

Those are the words of Jim McGovern, representative for Massachusetts and member of the House of Representatives Committee on Rules, when, after 8:00 PM EST on Wednesday, he and his colleagues were handed a 2,232-page bill to review and approve for a floor vote by the...

Read More

A Smattering of Stars in Argentina's First "Who Has Your Back?" ISP Report

Quien datos 2017 og 3

It’s Argentina's turn to take a closer look at the practices of their local Internet Service Providers, and how they treat their customers’ personal data when the government comes knocking.

Argentina's ¿Quien Defiende Tus Datos? (Who Defends Your Data?) is a project of Asociación por los Derechos Civiles and the Electronic Frontier Foundation, and is part of a region-wide initiative by leading Iberoamerican digital rights groups to turn a spotlight on how the policies of...

Read More

How Congress’s Extension of Section 702 May Expand the NSA’s Warrantless Surveillance Authority

Nsa eagle 2

Last month, Congress reauthorized Section 702, the controversial law the NSA uses to conduct some of its most invasive electronic surveillance. With Section 702 set to expire, Congress had a golden opportunity to fix the worst flaws in the NSA’s surveillance programs and protect Americans’ Fourth Amendment rights to privacy. Instead, it reupped Section 702 for six more years.

But the bill passed by Congress and signed by the president, labeled S. 139, didn’t just extend Section...

Read More

ETICAS Releases First Ever Evaluations of Spanish Internet Companies' Privacy and Transparency Practices

Quien spain

It’s Spain's turn to take a closer look at the practices of their local Internet companies, and how they treat their customers’ personal data.

Spain's ¿Quien Defiende Tus Datos? (Who Defends Your Data?) is a project of ETICAS Foundation, and is part of a region-wide initiative by leading Iberoamerican digital rights groups to shine a light on Internet privacy practices in Iberoamerica. The report is based on EFF's annual Who Has Your Back? report, but adapted...

Read More

EFF's Fight to End Warrantless Device Searches at the Border: A Roundup of Our Advocacy

EFF has been working on multiple fronts to end a widespread violation of digital liberty—warrantless searches of travelers’ electronic devices at the border. Government policies allow border agents to search and confiscate our cell phones, tablets, and laptops at airports and border crossings for no reason, without explanation or any suspicion of wrongdoing. It’s as if our First and Fourth Amendment rights don’t exist at the border. This is wrong, which is why we’re working to challenge...

Read More

Europe's GDPR Meets WHOIS Privacy: Which Way Forward?

Europe's General Data Protection Regulation (GDPR) will come into effect in May 2018, and with it, a new set of tough penalties for companies that fail to adequately protect the personal data of European users. Amongst those affected are domain name registries and registrars, who are required by ICANN, the global domain name authority, to list the personal information of domain name registrants in publicly-accessible WHOIS directories. ICANN and European registrars have clashed over this...

Read More

Dark Caracal: Good News and Bad News

Dark caracal 1

Yesterday, EFF and Lookout announced a new report, Dark Caracal, that uncovers a new, global malware espionage campaign. One aspect of that campaign was the use of malicious, fake apps to impersonate legitimate popular apps like Signal and WhatsApp. Some readers had questions about what this means for them. This blog post is here to answer those questions and dive further into the Dark Caracal report.

Read the full Dark Caracal report here

First, the good news: Dark...

Read More

An Open Letter to Our Community On Congress’s Vote to Extend NSA Spying From EFF Executive Director Cindy Cohn

Paglen nsa credit 1

Dear friends,

Today, the United States Congress struck a significant blow against the basic human right to read, write, learn, and associate free of government’s prying eyes. 

Goaded by those who let fear override democratic principles, some members of Congress shuttered public debate in order to pass a bill that extends the National Security Agency’s unconstitutional Internet surveillance for six years. 

This means six more years of warrantless surveillance under...

Read More

EFF to Supreme Court: Protect the Privacy of Cross-Border Data

Database 1

Update (April 17, 2018): In light of the passage of the CLOUD Act, the Supreme Court dismissed the case as moot and vacated the lower court rulings.

The Electronic Frontier Foundation urged the Supreme Court today to hold that Microsoft cannot be forced by the U.S. government to disclose the contents of users’ emails stored on the company’s computers in Dublin, Ireland.

The stakes for user privacy in the court’s decision are extremely high. Governments around the...

Read More

Groups Line Up For Meaningful NSA Surveillance Reform

702 og

Multiple nonprofit organizations and policy think tanks, and one company have recently joined ranks to limit broad NSA surveillance. Though our groups work for many causes— freedom of the press, shared software development, universal access to knowledge, equal justice for all—our voices are responding to the same threat: the possible expansion of Section 702 of the FISA Amendments Act.

On January 5, the Rules Committee for the House of Representatives introduced S. 139. The...

Read More

Supreme Court Won’t Hear Key Surveillance Case

702 og 1

The Supreme Court announced today that it will not review a lower court’s ruling in United States v. Mohamud, which upheld warrantless surveillance of an American citizen under Section 702 of the Foreign Intelligence Surveillance Act. EFF had urged the Court to take up Mohamud because this surveillance violates core Fourth Amendment protections. The Supreme Court’s refusal to get involved here is disappointing.

Using Section 702, the government warrantlessly collects...

Read More

The Worst Law in Technology Strikes Again: 2017 in Review

The latest on the Computer Fraud and Abuse Act? It’s still terrible. And this year, the detrimental impacts of the notoriously vague and outdated criminal computer crime statute showed themselves loud and clear. The statute lies at the heart of the Equifax breach, which might have been averted if our laws didn’t criminalize security research. And it’s at the center of a court case pending in the Ninth Circuit Court of Appeals, hiQ v. LinkedIn, which threatens a hallmark of today’s...

Read More

Court Challenges to NSA Surveillance: 2017 in Review

Nsa eagle 2

One of the government’s most powerful surveillance tools is scheduled to sunset in less than three weeks, and, for months, EFF has fought multiple legislative attempts to either extend or expand the NSA’s spying powers—warning the public, Representatives, and Senators about circling bills that threaten Americans’ privacy. But the frenetic, deadline-pressure environment on Capitol Hill betrays the slow, years-long progress that EFF has made elsewhere: the courts.

2017 was a year...

Read More

Urgent: We Only Have Hours Left to Stop the NSA Expansion Bill

According to reports published Tuesday evening by Politico, a group of surveillance hawks  in the House of Representatives is trying to ram through a bill that would extend mass surveillance by the National Security Agency. We expect a vote to happen on the House floor as early as tomorrow, which means there are only a few hours to rally opposition.  

The backers of this bill are attempting to rush a vote on a bill that we’ve criticized for failing to secure Americans’ privacy. If...

Read More

Don’t Reauthorize NSA Spying in a Must-Pass Funding Bill

Nsa eagle 2

The next two weeks will be a flurry of activity in Congress. Before they can leave for the holidays, our government must—at minimum—pass at least one bill to keep the government running and also decide what to do about a controversial NSA spying authority called Section 702. Some legislators want to reauthorize Section 702, without meaningful reform, by attaching it to must-pass spending legislation. This is a terrible idea. The legislative process surrounding Section 702 already lacks...

Read More

FISC Assurances on Spying Leave Too Many Questions Unanswered

Nsa eagle 2

Last week, FBI Director Christopher Wray faced questions from the House Judiciary Committee about how his department is implementing one of the government’s most powerful surveillance tools. Despite repeated bipartisan requests, Director Wray refused to tell the Members of the Committee how many Americans have been impacted by Section 702, enacted as part of the FISA Amendments Act. This isn’t the first time the FBI has refused to answer to Congress.

EFF has long held that Section...

Read More

CBP Reveals How Agents Implement New Policy Not to Access Cloud Content

President Trump’s nominee to be Commissioner of U.S. Customs and Border Protection (CBP), Kevin McAleenan, revealed during his confirmation process how the agency implements its new policy not to access cloud content during border searches of digital devices.

In response to written questions for the record submitted by Sen. Ron Wyden (D-OR) and other members of the Senate Finance Committee, McAleenan explained that in accordance with CBP’s new policy to access only...

Read More

Who Has Your Back in Colombia? Karisma's Third-Annual Report Shows Progress

Donde estan 2

Fundación Karisma in cooperation with EFF has released its third-annual ¿Dónde Estan Mis Datos? report, the Colombian version of EFF’s Who Has Your Back. And this year’s report has some good news.   According to the Colombian Ministry of Information and Communication Technologies, broadband Internet penetration in Colombia is well over 50% and growing fast. Like users around the world, Colombians put their most private data, including their online relationships, political, artistic and...

Read More

Who Has Your Back in Colombia? Our Third-Annual Report Shows Progress

Donde estan 2

Fundación Karisma in cooperation with EFF has released its third-annual ¿Dónde Estan Mis Datos? report, the Colombian version of EFF’s Who Has Your Back. And this year’s report has some good news.   According to the Colombian Ministry of Information and Communication Technologies, broadband Internet penetration in Colombia is well over 50% and growing fast. Like users around the world, Colombians put their most private data, including their online relationships, political, artistic and...

Read More

India's Supreme Court Upholds Right to Privacy as a Fundamental Right—and It's About Time

Last week's unanimous judgment by the Supreme Court of India (SCI) in Justice K.S. Puttaswamy (Retd) vs Union of India is a resounding victory for privacy. The ruling is the outcome of a petition challenging the constitutional validity of the Indian biometric identity scheme Aadhaar. The judgment's ringing endorsement of the right to privacy as a fundamental right marks a watershed moment in the constitutional history of India. The one-page order signed by all nine judges declares:

... Read More

Crossing the U.S. Border? Here’s How to Securely Wipe Your Computer

Many people crossing the U.S. border are concerned about the amount of power that the government has asserted to search and examine travelers’ possessions, including searching through or copying contents of digital devices, like photos, emails, and browsing history. The frequency of these intrusive practices has been increasing over time.

Some travelers might choose to delete everything on a particular device or disk to ensure that border agents...

Read More

Global Condemnation for Turkey's Detention of Innocent Digital Security Trainers

The detention of a group of human rights defenders in Turkey for daring to learn about digital security and encryption continued last week with a brief appearance of the accused in an Istanbul court. Six were returned to jail, and four released on bail. In an additionally absurd twist, the four released activists were named in new detention orders on Friday, and are now being re-arrested.

Among those currently being held in jail are Ali Gharavi and Peter Steudtner, digital security...

Read More

EFF Condemns Detentions at Turkish Digital Security Meeting

Turkish police officers in plainclothes yesterday raided a digital security training meeting on the island of Buyukuda in Istanbul, seizing equipment and detaining ten attendees­, including Idil Eser, the director of Amnesty International Turkey. The human rights defenders are still being held in separate detention centers, and were denied access to lawyers and the press for over 24 hours.

Amnesty's Turkey researcher reports that Eser faces at least seven days pre-trial detention...

Read More

Five Eyes Unlimited: What A Global Anti-Encryption Regime Could Look Like

This week, the political heads of the intelligence services of Canada, New Zealand, Australia, the United Kingdom, and the United States (the "Five Eyes" alliance) met in Ottawa.  The Australian delegation entered the meeting saying publicly that they intended to "thwart the encryption of terrorist messaging." The final communiqué states more diplomatically that "Ministers and Attorneys General [...] noted that encryption can severely undermine public safety efforts by impeding lawful...

Read More

Aadhaar: Ushering in a Commercialized Era of Surveillance in India

Fingerprint 1

Since last year, Indian citizens have been required to submit their photograph, iris and fingerprint scans in order to access legal entitlements, benefits, compensation, scholarships, and even nutrition programs. Submitting biometric information is needed for the rehabilitation of manual scavengers, the training and aid of disabled people, and anti-retroviral therapy for HIV/AIDS patients. Soon police in the Alwar district of Rajasthan will be able to register criminals, and track missing...

Read More
Close tooltip