Deeplinks | Electronic Frontier Foundation

/deeplinks

  • Victory ! California Senate Votes Against Face Surveillance on Police Body Cams
    https://www.eff.org/deeplinks/2019/09/victory-california-senate-passes-bill-pause-face-surveillance-police-cameras

    The California Senate listened to the many voices expressing concern about the use of face surveillance on cameras worn or carried by police officers, and has passed an important bill that will, for three years, prohibit police from turning a tool intended to foster police accountability into one that furthers mass surveillance. A.B. 1215, authored by Assemblymember Phil Ting, prohibits the use of face recognition, or other forms of biometric technology, on a camera worn or carried by a (...)

    #CCTV #biométrie #facial #vidéo-surveillance #surveillance #EFF

  • Facebook’s Dating Service is Full of Red Flags
    https://www.eff.org/deeplinks/2019/09/facebooks-dating-service-full-red-flags

    If you open Facebook’s mobile app today, it will likely suggest that you try the company’s new Dating service, which just launched in the U.S. after a rollout in 19 other countries last year. But with the company’s track record of mishandling user data, and its business model of monetizing our sensitive information to power third-party targeted advertising, potential users should view Facebook’s desire to peek into our bedrooms as a huge red flag. Bad at Data Privacy But Good at Dating Privacy (...)

    #Facebook #BigData #publicité #marketing #profiling #FTC #EFF

    ##publicité

  • Americans Deserve Their Day in Court About NSA Mass Surveillance Programs
    https://www.eff.org/deeplinks/2019/09/americans-deserve-their-day-court-about-legality-nsa-mass-surveillance-programs

    EFF continues our fight to have the U.S. courts protect you from mass government surveillance. Today in our landmark Jewel v. NSA case, we filed our opening brief in the Ninth Circuit Court of Appeals, asserting that the courts don’t have to turn a blind eye to the government’s actions. Instead, the court must ensure justice for the millions of innocent Americans who have had their communications subjected to the NSA’s mass spying programs since 2001. Just this spring the Ninth Circuit Court (...)

    #NSA #surveillance #EFF

  • Five Concerns about Amazon Ring’s Deals with Police
    https://www.eff.org/deeplinks/2019/08/five-concerns-about-amazon-rings-deals-police

    More than 400 police departments across the country have partnered with Ring, tech giant Amazon’s “smart” doorbell program, to create a troubling new video surveillance system. Ring films and records any interaction or movement happening at the user’s front door, and alerts users’ phones. These partnerships expand the web of government surveillance of public places, degrade the public’s trust in civic institutions, purposely breed paranoia, and deny citizens the transparency necessary to ensure (...)

    #Amazon #Ring #sonnette #vidéo-surveillance #délation #surveillance #EFF #Neighbors

  • A Cycle of Renewal, Broken : How Big Tech and Big Media Abuse Copyright Law to Slay Competition | Electronic Frontier Foundation
    https://www.eff.org/deeplinks/2019/08/cycle-renewal-broken-how-big-tech-and-big-media-abuse-copyright-law-slay


    Cory Doctorow explique comment le droit d’auteur sert à freiner le progrès technologique.

    As long we’ve had electronic mass media, audiences and creators have benefited from periods of technological upheaval that force old gatekeepers to compete with brash newcomers with new ideas about what constitutes acceptable culture and art. Those newcomers eventually became gatekeepers themselves, who then faced their own crop of revolutionaries. But today, the cycle is broken: as media, telecoms, and tech have all grown concentrated, the markets have become winner-take-all clashes among titans who seek to dominate our culture, our discourse and our communications.

    How did the cycle end? Can we bring it back? To understand the answers to these questions, we need to consider how the cycle worked — back when it was still working.
    How Things Used to Work

    In 1950, a television salesman named Robert Tarlton put together a consortium of TV merchants in the town of Lansford, Pennsylvania to erect an antenna tall enough to pull down signals from Philadelphia, about 90 miles to the southeast. The antenna connected to a web of cables that the consortium strung up and down the streets of Lansford, bringing big-city TV to their customers — and making TV ownership for Lansfordites far more attractive. Though hobbyists had been jury-rigging their own “community antenna television” networks since 1948, no one had ever tried to go into business with such an operation. The first commercial cable TV company was born.

    We don’t think that companies should be able to make up their own laws, because these turn into “Felony Contempt of Business Model.”

    The rise of cable over the following years kicked off decades of political controversy over whether the cable operators should be allowed to stay in business, seeing as they were retransmitting broadcast signals without payment or permission and collecting money for the service. Broadcasters took a dim view of people using their signals without permission, which is a little rich, given that the broadcasting industry itself owed its existence to the ability to play sound recordings over the air without permission or payment.

    The FCC brokered a series of compromises in the years that followed, coming up with complex rules governing which signals a cable operator could retransmit, which ones they must retransmit, and how much all this would cost. The end result was a second way to get TV, one that made peace with—and grew alongside—broadcasters, eventually coming to dominate how we get cable TV in our homes.

    By 1976, cable and broadcasters joined forces to fight a new technology: home video recorders, starting with Sony’s Betamax recorders. In the eyes of the cable operators, broadcasters, and movie studios, these were as illegitimate as the playing of records over the air had been, or as retransmitting those broadcasts over cable had been. Lawsuits over the VCR continued for the next eight years. In 1984, the Supreme Court finally weighed in, legalizing the VCR, and finding that new technologies were not illegal under copyright law if they were “capable of substantial noninfringing uses.”

    It’s hard to imagine how controversial the VCR was in its day. MPAA president Jack Valenti made history by attending a congressional hearing where he thundered ,"I say to you that the VCR is to the American film producer and the American public as the Boston Strangler is to the woman home alone."

    Despite that unequivocal condemnation, home recording is so normal today that your cable operator likely offers to bundle a digital recorder with your subscription. Just as the record companies made peace with broadcasters, and broadcasters made peace with cable, cable has made its peace with home recording.

    It’s easy to imagine that this is the general cycle of technology: a new technology comes along and rudely shoulders its way into the marketplace, pouring the old wine of the old guard into its shiny new bottles. The old guard insist that these brash newcomers are mere criminals, and demand justice.

    The public flocks to the new technology, and, before you know it, the old guard and the newcomers are toasting one another at banquets and getting ready to sue the next vulgarian who has the temerity to enter their market and pour their old wine into even newer bottles.

    That’s how it used to work, but the cycle has been interrupted.
    The Cycle is Broken

    In 1998, Congress passed the Digital Millennium Copyright Act, whose Section 1201 bans bypassing a “technical measure” that “controls access” to copyrighted works. The statute does not make an exemption for people who need to bypass a copyright lock to do something legal, so traditional acts of “adversarial interoperability” (making a new thing that plugs into an old thing without asking for permission) can be headed off before they even get started. Once a company adds a digital lock to its products, it can scare away other companies that want to give it the broadcasters vs records/cable vs broadcasters/VCRs vs cable treatment. These challengers will have to overcome their fear that “trafficking” in a “circumvention device” could trigger DMCA 1201’s civil damages or even criminal penalties—$500,000 and 5 years in prison...for a first offense.

    When companies like Sony made the first analog TV recorders, they focused on what their customer wanted, not what the winners of last year’s technological battle thought was proper. That’s how we got VCRs that could record off the air or cable (so you could record any show, even major Hollywood movies getting their first broadcast airing) and that allowed recordings made on one VCR to be played on another recorder (so you could bring that movie over to a friend’s house to watch with a bowl of popcorn).

    Today’s digital video products are different. Cable TV, satellite TV, DVDs/HD DVDs/Blu-Ray, and streaming services all use digital locks that scramble their videos. This allows them to threaten any would-be adversarial interoperators with legal reprisals under DMCA 1201, should they have the temerity to make a user-focused recorder for their products. That stifles a lot of common-sense ideas: for example, a recorder that works on all the programs your cable delivers (even pay-per-views and blockbusters); a recorder that lets you store the Christmas videos that Netflix and Amazon Prime take out of rotation at Christmastime so that you have to pay an upcharge to watch them when they’re most relevant; or a recorder that lets you record a video and take it over to a friend’s house or transfer it to an archival drive so you can be sure you can watch it ten years (or even ten minutes from now.

    Since the first record players, every generation of entertainment technology has been overtaken by a new generation—a generation that allowed new artists to find new audiences, a new generation that overturned the biases and preconceptions of the executives that controlled the industry and allowed for new modes of expression and new ideas.

    Today, as markets concentrate—cable, telecoms, movie studios, and tech platforms—the competition is shifting from the short-lived drive to produce the best TV possible to a long-term strategy of figuring out how to use a few successful shows to sell bundles of mediocre ones.

    In a world where the cycle that led to the rise of cable and streaming was still in effect, you could record your favorite shows before they were locked behind a rival’s paywalls. You could search all the streaming services’ catalogs from a single interface and figure out how to make your dollar go farther by automatically assembling a mix of one-off payments and subscriptions. You could stream the videos your home devices received to your phone while you were on the road...and more.

    And just as last year’s pirates — the broadcasters, the cable operators, the VCR makers — became this year’s admirals, the companies that got their start by making new services that centered your satisfaction instead of the goodwill of the entrenched industries would someday grow to be tomorrow’s Goliaths, facing a new army of Davids.

    Fatalistic explanations for the unchecked rise of today’s monopolized markets—things like network effects and first-mover advantage—are not the whole story. They are not unstoppable forces of nature. The cycle of concentration and renewal in media-tech shows us that, whatever role the forces of first-mover advantage and network effects are playing in market concentration, they are abetted by some badly written and oft-abused legal rules.

    DMCA 1201 let companies declare certain kinds of competition illegal: adversarial interoperability, one of the most historically tried-and-true methods for challenging dominant companies, can be made into a crime simply by designing products so that connecting to them requires you to bypass a copyright lock. Since DMCA 1201 bans this “circumvention,” it also bans any competition that requires circumvention.

    That’s why we’re challenging DMCA 1201 in court: we don’t think that companies should be able to make up their own laws, because inevitably, these turn into “Felony Contempt of Business Model.”

    DMCA 1201 is just one of the laws and policies that have created the thicket that would-be adversarial interoperators run up against when they seek to upend the established hierarchy: software patents, overreaching license agreements, and theories of tortious interference with contractual relations are all so broadly worded and interpreted that they can be used to intimidate would-be competitors no matter how exciting their products are and no matter how big the market for them would be.

    #Technologie #copyright #droit_d_auteur

  • Adversarial Interoperability: Reviving an Elegant Weapon From a More Civilized Age to Slay Today’s Monopolies | Electronic Frontier Foundation
    https://www.eff.org/deeplinks/2019/06/adversarial-interoperability-reviving-elegant-weapon-more-civilized-age-slay

    Voici ce que le mouvement pour le logiciel libre peut apprendre des tactiques des concurrents de Microsoft - si vous ne pouvez pas gagner contre les géants, profitez d’eux.

    Today, Apple is one of the largest, most profitable companies on Earth, but in the early 2000s, the company was fighting for its life. Microsoft’s Windows operating system was ascendant, and Microsoft leveraged its dominance to ensure that every Windows user relied on its Microsoft Office suite (Word, Excel, Powerpoint, etc). Apple users—a small minority of computer users—who wanted to exchange documents with the much larger world of Windows users were dependent on Microsoft’s Office for the Macintosh operating system (which worked inconsistently with Windows Office documents, with unexpected behaviors like corrupting documents so they were no longer readable, or partially/incorrectly displaying parts of exchanged documents). Alternatively, Apple users could ask Windows users to export their Office documents to an “interoperable” file format like Rich Text Format (for text), or Comma-Separated Values (for spreadsheets). These, too, were inconsistent and error-prone, interpreted in different ways by different programs on both Mac and Windows systems.

    Apple could have begged Microsoft to improve its Macintosh offerings, or they could have begged the company to standardize its flagship products at a standards body like OASIS or ISO. But Microsoft had little motive to do such a thing: its Office products were a tremendous competitive advantage, and despite the fact that Apple was too small to be a real threat, Microsoft had a well-deserved reputation for going to enormous lengths to snuff out potential competitors, including both Macintosh computers and computers running the GNU/Linux operating system.

    Apple did not rely on Microsoft’s goodwill and generosity: instead, it relied on reverse-engineering. After its 2002 “Switch” ad campaign—which begged potential Apple customers to ignore the “myths” about how hard it was to integrate Macs into Windows workflows—it intensified work on its iWork productivity suite, which launched in 2005, incorporating a word-processor (Pages), a spreadsheet (Numbers) and a presentation program (Keynote). These were feature-rich applications in their own right, with many innovations that leapfrogged the incumbent Microsoft tools, but this superiority would still not have been sufficient to ensure the adoption of iWork, because the world’s greatest spreadsheets are of no use if everyone you need to work with can’t open them.

    What made iWork a success—and helped re-launch Apple—was the fact that Pages could open and save most Word files; Numbers could open and save most Excel files; and Keynote could open and save most PowerPoint presentations. Apple did not attain this compatibility through Microsoft’s cooperation: it attained it despite Microsoft’s noncooperation. Apple didn’t just make an “interoperable” product that worked with an existing product in the market: they made an adversarially interoperable product whose compatibility was wrested from the incumbent, through diligent reverse-engineering and reimplementation. What’s more, Apple committed to maintaining that interoperability, even though Microsoft continued to update its products in ways that temporarily undermined the ability of Apple customers to exchange documents with Microsoft customers, paying engineers to unbreak everything that Microsoft’s maneuvers broke. Apple’s persistence paid off: over time, Microsoft’s customers became dependent on compatibility with Apple customers, and they would complain if Microsoft changed its Office products in ways that broke their cross-platform workflow.

    Since Pages’ launch, document interoperability has stabilized, with multiple parties entering the market, including Google’s cloud-based Docs offerings, and the free/open alternatives from LibreOffice. The convergence on this standard was not undertaken with the blessing of the dominant player: rather, it came about despite Microsoft’s opposition. Docs are not just interoperable, they’re adversarially interoperable: each has its own file format, but each can read Microsoft’s file format.

    The document wars are just one of many key junctures in which adversarial interoperability made a dominant player vulnerable to new entrants:

    Hayes modems
    Usenet’s alt.* hierarchy
    Supercard’s compatibility with Hypercard
    Search engines’ web-crawlers
    Servers of every kind, which routinely impersonate PCs, printers, and other devices

    Scratch the surface of most Big Tech giants and you’ll find an adversarial interoperability story: Facebook grew by making a tool that let its users stay in touch with MySpace users; Google products from search to Docs and beyond depend on adversarial interoperability layers; Amazon’s cloud is full of virtual machines pretending to be discrete CPUs, impersonating real computers so well that the programs running within them have no idea that they’re trapped in the Matrix.

    Adversarial interoperability converts market dominance from an unassailable asset to a liability. Once Facebook could give new users the ability to stay in touch with MySpace friends, then every message those Facebook users sent back to MySpace—with a footer advertising Facebook’s superiority—became a recruiting tool for more Facebook users. MySpace served Facebook as a reservoir of conveniently organized potential users that could be easily reached with a compelling pitch about why they should switch.

    Today, Facebook is posting 30-54% annual year-on-year revenue growth and boasts 2.3 billion users, many of whom are deeply unhappy with the service, but who are stuck within its confines because their friends are there (and vice-versa).

    A company making billions and growing by double-digits with 2.3 billion unhappy customers should be every investor’s white whale, but instead, Facebook and its associated businesses are known as “the kill zone” in investment circles.

    Facebook’s advantage is in “network effects”: the idea that Facebook increases in value with every user who joins it (because more users increase the likelihood that the person you’re looking for is on Facebook). But adversarial interoperability could allow new market entrants to arrogate those network effects to themselves, by allowing their users to remain in contact with Facebook friends even after they’ve left Facebook.

    This kind of adversarial interoperability goes beyond the sort of thing envisioned by “data portability,” which usually refers to tools that allow users to make a one-off export of all their data, which they can take with them to rival services. Data portability is important, but it is no substitute for the ability to have ongoing access to a service that you’re in the process of migrating away from.

    Big Tech platforms leverage both their users’ behavioral data and the ability to lock their users into “walled gardens” to drive incredible growth and profits. The customers for these systems are treated as though they have entered into a negotiated contract with the companies, trading privacy for service, or vendor lock-in for some kind of subsidy or convenience. And when Big Tech lobbies against privacy regulations and anti-walled-garden measures like Right to Repair legislation, they say that their customers negotiated a deal in which they surrendered their personal information to be plundered and sold, or their freedom to buy service and parts on the open market.

    But it’s obvious that no such negotiation has taken place. Your browser invisibly and silently hemorrhages your personal information as you move about the web; you paid for your phone or printer and should have the right to decide whose ink or apps go into them.

    Adversarial interoperability is the consumer’s bargaining chip in these coercive “negotiations.” More than a quarter of Internet users have installed ad-blockers, making it the biggest consumer revolt in human history. These users are making counteroffers: the platforms say, “We want all of your data in exchange for this service,” and their users say, “How about none?” Now we have a negotiation!

    Or think of the iPhone owners who patronize independent service centers instead of using Apple’s service: Apple’s opening bid is “You only ever get your stuff fixed from us, at a price we set,” and the owners of Apple devices say, “Hard pass.” Now it’s up to Apple to make a counteroffer. We’ll know it’s a fair one if iPhone owners decide to patronize Apple’s service centers.

    This is what a competitive market looks like. In the absence of competitive offerings from rival firms, consumers make counteroffers by other means.

    There is good reason to want to see a reinvigorated approach to competition in America, but it’s important to remember that competition is enabled or constrained not just by mergers and acquisitions. Companies can use a whole package of laws to attain and maintain dominance, to the detriment of the public interest.

    Today, consumers and toolsmiths confront a thicket of laws and rules that stand between them and technological self-determination. To change that, we need to reform the Computer Fraud and Abuse Act, Section 1201 of the Digital Millennium Copyright Act, , patent law, and other rules and laws. Adversarial interoperability is in the history of every tech giant that rules today, and if it was good enough for them in the past, it’s good enough for the companies that will topple them in the future.

    #adversarial_Interoperability #logiciel_libre #disruption

  • A Terrible Patent Bill is On the Way
    https://www.eff.org/deeplinks/2019/05/terrible-patent-bill-way

    Recently, we reported on the problems with a proposal from Senators Coons and Tillis to rewrite Section 101 of the Patent Act. Now, those senators have released a draft bill of changes they want to make. It’s not any better. Section 101 prevents monopolies on basic research tools that nobody could have invented. That protects developers, start-ups, and makers of all kinds, especially in software-based fields. The proposal by Tillis and Coons will seriously weaken Section 101, leaving makers (...)

    #copyright #EFF

  • E-evidence - cross-border access to electronic evidence | European Commission
    https://ec.europa.eu/info/policies/justice-and-fundamental-rights/criminal-justice/e-evidence-cross-border-access-electronic-evidence_en

    More than half of all criminal investigations today include a cross-border request to access electronic evidence such as texts, e-mails or messaging apps. That is why the Commission is proposing new rules which will make it easier and faster for police and judicial authorities to access the electronic evidence they need in investigations to catch and convict criminals and terrorists.

    To make it easier and faster for law enforcement and judicial authorities to obtain the electronic evidence they need to investigate and eventually prosecute criminals and terrorists, the Commission proposed on 17 April 2018 new rules in the form of a Regulation and a Directive

    The U.S. CLOUD Act and the EU: A Privacy Protection Race to the Bottom | Electronic Frontier Foundation
    https://www.eff.org/deeplinks/2018/04/us-cloud-act-and-eu-privacy-protection-race-bottom

    Between the U.S. CLOUD Act and new European Union (EU) efforts to dismantle international rules for cross-border law enforcement investigations, the United States and EU are racing against one another towards an unfortunate finish-line: weaker privacy protections around the globe.

    E-evidence-VO: Deutschland lehnt EU-Pläne ab
    https://www.lto.de/recht/hintergruende/h/elektronische-beweismittel-e-evidence-verordnung-eu-bmjv-datenschutz-grundrechte

    Strafverfolgungsbehörden sollen künftig grenzüberschreitend und unmittelbar bei Service-Providern anderer Mitgliedsstaaten die Herausgabe digitaler Daten als mögliche Beweismittel für ein Strafverfahren erzwingen dürfen. Kommen Anbieter der Anordnung nicht nach, droht ihnen eine Strafzahlung bis zu zwei Prozent ihres weltweiten Jahresumsatzes. Insbesondere für kleinere Unternehmen könnte dies zum Problem werden.

    CLOUD Act - Wikipedia
    https://en.wikipedia.org/wiki/CLOUD_Act

    E-Evidence: Kommt jetzt der internationale Daten-Supermarkt der Sicherheitsbehörden? | EAID
    https://www.eaid-berlin.de/?p=2175

    Die Idee ist alt, aber der konkrete Vorschlag ziemlich neu: Während Waren im EU-Binnenmarkt frei fließen und digitale Dienstleistungen grenzüberschreitend angeboten werden, endet die Kompetenz der Strafverfolgungsbehörden an den nationalen Grenzen. EiVerordnung für den grenzüberschreitenden Zugang zu elektronischen Beweismitteln: Rat legt seinen Standpunkt fest - Consilium
    https://www.consilium.europa.eu/de/press/press-releases/2018/12/07/regulation-on-cross-border-access-to-e-evidence-council-agrees-its-

    Die Verordnung sieht die Einführung eines Mechanismus vor, der eine Alternative zu den vorhandenen Instrumenten für die internationale Zusammenarbeit und Rechtshilfe bietet. Insbesondere sollen die Probleme gelöst werden, die durch die Volatilität elektronischer Beweismittel und das Phänomen des „Standortverlusts“ entstehen, indem neue Verfahren für einen raschen, effizienten und wirksamen grenzüberschreitendem Zugang eingeführt werden.

    Hauptbestandteile der Neuregelung:

    Es werden Europäische Herausgabeanordnungen und Sicherungsanordnungen eingeführt, mit denen elektronische Beweismittel eingeholt und gesichert werden können, unabhängig davon, wo sich die Daten befinden.
    Die Anordnungen können alle Datenkategorien – Teilnehmerdaten, Zugangsdaten, Transaktionsdaten und Inhaltsdaten – betreffen, wobei Transaktions- und Inhaltsdaten nur bei Straftaten, die im Anordnungsstaat mit einer Freiheitsstrafe im Höchstmaß von mindestens drei Jahren geahndet werden, oder bei Cyber-Straftaten und Straftaten mit terroristischem Hintergrund angefordert werden dürfen.
    Die angeforderten Daten dürfen nur für die Zwecke verwendet werden, für die sie eingeholt wurden, es sei denn, es gilt, eine unmittelbare und schwere Bedrohung der öffentlichen Sicherheit oder der grundlegenden Interessen des Anordnungsstaats abzuwenden, oder sie werden für Verfahren verwendet, für die eine Herausgabeanordnung hätte erlassen werden können.
    Es gilt eine verbindliche Frist von zehn Tagen für die Ausführung einer Herausgabeanordnung. In hinreichend begründeten Notfällen kann diese Frist auf sechs Stunden verkürzt werden. Überdies können Anordnungen in Bezug auf Teilnehmer- und Zugangsdaten unter bestimmten Voraussetzungen ohne eine vorherige Validierung durch die zuständige Justizbehörde erlassen werden. In diesen Fällen muss so rasch wie möglich, spätestens jedoch binnen 48 Stunden, eine Ex-post-Validierung angefordert werden.
    Gegen Dienstanbieter können Sanktionen verhängt werden, wenn sie einer Anordnung nicht nachkommen. So können ihnen finanzielle Sanktionen in Höhe von bis zu 2 % ihres im vorhergehenden Geschäftsjahr weltweit erzielten Jahresgesamtumsatzes auferlegt werden.
    Zudem wird ein Notifizierungssystem für Inhaltsdaten für die Fälle eingeführt, in denen die Anordnungsbehörde annimmt, dass die Person, deren Daten angefordert werden, ihren Wohnsitz in einem anderen Hoheitsgebiet hat. Mit der Notifizierung wird der Vollstreckungsstaat informiert und kann gegebenenfalls darauf hinweisen, dass die angeforderten Daten durch Immunitäten und Vorrechte oder durch Vorschriften zur Bestimmung und Beschränkung der strafrechtlichen Verantwortlichkeit in Bezug auf die Meinungsfreiheit/Pressefreiheit geschützt sind oder dass die Offenlegung der betreffenden Daten seine grundlegenden Interessen beeinträchtigen würde. Die Anordnungsbehörde berücksichtigt diese Umstände und passt die Anordnung entsprechend an oder erlässt sie nicht. Die Notifizierung hat keine aufschiebende Wirkung.

    ne Polizeibehörde, die im Rahmen ihrer Ermittlungen – etwa in einer Betrugssache – auf Daten zugreifen möchte, muss sich bisher an die Behörden des Staates wenden, wo die Daten verarbeitet werden. Wie mit diesem Ersuchen der ausländischen Behörde umgegangen wird, richtet sich nach dem Recht des Staates, auf dessen Territorium die Server stehen. Die Prozeduren hierfür richten sich nach den jeweils anwendbaren internationalen Rechtshilfeabkommen.❞

    E-Evidence: Das europäische Gegenstück zum CLOUD Act - Recht-Steuern-Wirtschaft - Verlag C.H.BECK
    https://rsw.beck.de/cms/?toc=mmr.30&docid=411736

    Gravierende Grundrechtseinschränkung

    Handlungen, die im Anordnungsstaat strafbar sind, nicht aber im Staat, in dem die Verarbeitung stattfindet, könnten so auch Gegenstand einer Herausgabeverpflichtung sein. Die Vorgabe, Inhalts- und Transaktionsdaten nur bei Straftaten anzufordern, die im Anordnungsstaat mit einer Freiheitsstrafe im Höchstmaß von mind. 3 Jahren geahndet werden, ist wenig geeignet, die Bedenken zu zerstreuen. Ein Blick in das StGB zeigt, dass dieses Kriterium auf eine Vielzahl von Straftaten zutrifft und nicht etwa nur auf Verbrechen oder andere schwere Straftaten.

    So wird etwa Abtreibung in Polen mit einer Freiheitsstrafe von bis zu 3 Jahren bestraft. Die Voraussetzung zur Herausgabeverpflichtung wäre damit erfüllt. Ein deutscher Anbieter müsste die Daten an die polnische Strafverfolgungsbehörde herausgeben, die in einem Abtreibungsfall ermittelt. Der Anbieter eines elektronischen Buchhaltungsdiensts, bei dem der Arzt einen Account hat, könnte ggf. auch Adressat einer entsprechenden Anordnung sein.

    Anschaulich wird diese Problematik auch beim Fall des katalanischen Exilpolitikers Puigdemont, gegen den ein spanischer Haftbefehl wegen „Aufruhr“ ergangen war. Nach dem Beschluss des OLG Schleswig erfüllte das Tatgeschehen nach deutschem Recht keinen vergleichbaren Straftatbestand. Der in Spanien erlassene Europäische Haftbefehl durfte gegen ihn in Deutschland nicht vollstreckt werden. Nach der E-Evidence-VO wären die deutschen Provider trotzdem zur Herausgabe entsprechender elektronischer Dokumente verpflichtet gewesen.

    Während beim Europäischen Haftbefehl und bei der Europäischen Ermittlungsanordnung (EEA), die Vollstreckung den Behörden unterliegt, in dessen Gebiet die Verarbeitung stattfindet, sollen elektronische Speicherungs- und Herausgabeanordnungen unmittelbar an den ausländischen Provider ergehen. Eine Überprüfung durch ein inländisches Gericht oder eine Justizbehörde ist nicht vorgesehen. Damit würden auch Daten an ausländische Stellen übermitteln zu sein, bei denen inländischen Behörden eine entsprechende Befugnis nicht zusteht. Auch strafprozessuale Sicherungen - etwa ein vorgesehener Richtervorbehalt - werden umgangen, wenn das Recht des Anordnungsstaats einen solchen nicht vorsieht. Schließlich würden Anforderungen, die etwa das BVerfG aufgestellt hat, z.B. zum Schutz des Kernbereichs privater Lebensgestaltung, nicht gewährleistet.

    #Europe #surveillance #police #internet

  • Ironiquement, alors que l’Europe s’apprête à généraliser les Robocopyrights, une des affaires les plus emblématiques de leurs dérives (Dancing Baby) arrive à son terme aux États-Unis après 10 ans de procédure...

    After More Than a Decade of Litigation, the Dancing Baby Has Done His Part to Strengthen Fair Use for Everyone.
    https://www.eff.org/deeplinks/2018/06/after-more-decade-litigation-dancing-baby-ready-move

    Litigation can always take twists and turns, but when EFF filed a lawsuit against Universal Music Group in 2007 on behalf of Stephanie Lenz, few would have anticipated it would be ten years until the case was finally resolved. But today, at last, it is. Along the way, Lenz v. Universal contributed to strengthening fair use law, bringing nationwide attention to the issues of copyright and fair use in new digital movie-making and sharing technologies.

    It all started when Lenz posted a YouTube video of her then-toddler-aged son dancing while Prince’s song “Let’s Go Crazy” played in the background, and Universal used copyright claims to get the link disabled. We brought the case hoping to get some clarity from the courts on a simple but important issue: can a rightsholder use the Digital Millennium Copyright Act to take down an obvious fair use, without consequence?

    Congress designed the DMCA to give rightsholders, service providers, and users relatively precise rules of the road for policing online copyright infringement. The center of the scheme is the notice and takedown process. In exchange for substantial protection from liability for the actions of their users, service providers must promptly take offline content on their platforms that has been identified as infringing, as well as several other prescribed steps. Copyright owners, for their part, are given an expedited, extra-judicial procedure for obtaining redress against alleged infringement, paired with explicit statutory guidance regarding the process for doing so, and provisions designed to deter and ameliorate abuse of that process.

    Without Section 512, the risk of crippling liability for the acts of users would have prevented the emergence of most of the social media outlets we use today. Instead, the Internet has become the most revolutionary platform for the creation and dissemination of speech that the world has ever known.

  • Attention PGP Users : New Vulnerabilities Require You To Take Action Now | Electronic Frontier Foundation
    https://www.eff.org/deeplinks/2018/05/attention-pgp-users-new-vulnerabilities-require-you-take-action-now

    A group of European security researchers have released a warning about a set of vulnerabilities affecting users of PGP and S/MIME. EFF has been in communication with the research team, and can confirm that these vulnerabilities pose an immediate risk to those using these tools for email communication, including the potential exposure of the contents of past messages.

    The full details will be published in a paper on Tuesday at 07:00 AM UTC (3:00 AM Eastern, midnight Pacific). In order to reduce the short-term risk, we and the researchers have agreed to warn the wider PGP user community in advance of its full publication.

    Our advice, which mirrors that of the researchers, is to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email. Until the flaws described in the paper are more widely understood and fixed, users should arrange for the use of alternative end-to-end secure channels, such as Signal, and temporarily stop sending and especially reading PGP-encrypted email.

    #sécurité #boum

    • Par contre, si vous n’utilisez que des messages au format « texte » il semble qu’il n’y ait pas de trou de sécu. L’algorithme de PGP est toujour aussi sûr que possibe après meltdown :-)

      The EFAIL attacks exploit vulnerabilities in the OpenPGP and S/MIME standards to reveal the plaintext of encrypted emails. In a nutshell, EFAIL abuses active content of HTML emails, for example externally loaded images or styles, to exfiltrate plaintext through requested URLs. To create these exfiltration channels, the attacker first needs access to the encrypted emails, for example, by eavesdropping on network traffic, compromising email accounts, email servers, backup systems or client computers. The emails could even have been collected years ago.

      The attacker changes an encrypted email in a particular way and sends this changed encrypted email to the victim. The victim’s email client decrypts the email and loads any external content, thus exfiltrating the plaintext to the attacker.

      EFAIL
      https://efail.de

      EFAIL describes vulnerabilities in the end-to-end encryption technologies OpenPGP and S/MIME that leak the plaintext of encrypted emails.

    • OK, après la première lecture du site efail.de il semble qu’on puisse se protéger en suivant les indications suivantes :

      Mitigations

      Here are some strategies to prevent EFAIL attacks:

      Short term: No decryption in email client. The best way to prevent EFAIL attacks is to only decrypt S/MIME or PGP emails in a separate application outside of your email client. Start by removing your S/MIME and PGP private keys from your email client, then decrypt incoming encrypted emails by copy&pasting the ciphertext into a separate application that does the decryption for you. That way, the email clients cannot open exfiltration channels. This is currently the safest option with the downside that the process gets more involved.

      Short term: Disable HTML rendering. The EFAIL attacks abuse active content, mostly in the form of HTML images, styles, etc. Disabling the presentation of incoming HTML emails in your email client will close the most prominent way of attacking EFAIL. Note that there are other possible backchannels in email clients which are not related to HTML but these are more difficult to exploit.

      Medium term: Patching. Some vendors will publish patches that either fix the EFAIL vulnerabilities or make them much harder to exploit.

      Long term: Update OpenPGP and S/MIME standards. The EFAIL attacks exploit flaws and undefined behavior in the MIME, S/MIME, and OpenPGP standards. Therefore, the standards need to be updated, which will take some time.

  • A propos de John Perry Barlow, Seenthis, The Grateful Dead et The WELL
    https://www.well.com
    https://ia801502.us.archive.org/14/items/grateful_dead-2018/grateful_dead.jpeg?cnt=0
    En réponse à https://seenthis.net/messages/667401 d’ @arno

    Governments of the Industrial World, you weary giants of flesh and steel, I come from Cyberspace, the new home of Mind. On behalf of the future, I ask you of the past to leave us alone. You are not welcome among us. You have no sovereignty where we gather.

    Aujourd’hui les manifestes ne sont guere d’intérêt pour les jeunes. C’est la la conclusion que j’ai tiré de la rencontre avec des étudiants de la création multimedia à qui j’ai eu l’honneur d’enseigner les systèmes de publication sur internet. Du côté des militants politiques c’est pareil en ce qui concerne le choix et la maîtrise des logiciels pour leur publications.

    Nous, nous sommes les enfants du mariage entre les idées libertaires et les révolutions européennes à l’ère digitale. Nous avons grandi à une époque extraordinaire quand se croisaient le monde ancien et l’ère digitale post-communiste. Nous avons assisté et participé à ses guerres analogues, à ses luttes des classes, nous avons adopté ses modèles de liberté antagonistes et ses musiques bruyantes. Nous avons bâti les premières marches de l’échelle digitale avec JPB et ses amis. Nous avons connu l’époque quand l’internet consistait dans une centaine de serveurs nationaux et quelques milliers dans le reste du monde. C’était notre internet. Les admins étaient nos copains qui restaient au téléphone avec nous pendant des heures quand il fallait implémenter un changement de config important. Tout était encore à faire et il n’y avait que nous qui pouvaient le faire.

    Aujourd’hui #Seenthis est notre The WELL que nous utilison pour créer notre internet à nous. Voilà l’héritage de JPB.

    Bon, après ce discours il est temps d’écouter un des derniers concerts des Grateful Dead avec Jerry Garcia.

    Grateful Dead - The Spectrum - 3-17-95 - Full Show
    https://www.youtube.com/watch?v=o9iJ21xbYqc

    The WELL
    https://en.wikipedia.org/wiki/The_WELL

    The Whole Earth ’Lectronic Link, normally shortened to The WELL, is one of the oldest virtual communities in continuous operation. As of June 2012, it had 2,693 members.

    Home > The WELL
    https://www.well.com

    Why is conversation so treasured on The WELL? Why did members of this community band together to buy the site in 2012? Check out the story of The WELL.

    The Internet Age Began on August 9, 1995
    http://www.litkicks.com/AugustNine

    Two separate things happened on August 9, 1995, both by chance emerging from Northern California though they had little else in common. The first was a scheduled event: the initial public offering (IPO) by Netscape, a startup tech firm designed to make software to power the Internet.
    ...
    I remember walking through the hallway at work that morning, probably heading for a coffee refill, when I saw a clump of co-workers and magazine editors talking anxiously. I thought they were talking about the Netscape IPO, but they weren’t. “Jerry Garcia died,” one of the editors said to me. “We need to replace the front page and get a new headline up, stat.”

    Jerry Garcia. This one hit home.
    ...
    Nobody said “going viral” yet by the summer of 1995, but that’s exactly what Jerry Garcia’s death did, and it was pretty much the biggest anything had gone viral anywhere up to this point.
    ...
    The Grateful Dead’s influence on the evolving culture of the Internet has always been a godsend, and still is. When music-sharing became a way of life with the advent of Napster a few years later, and when online publishers began to give content away for free, many smart observers realized that the Grateful Dead (who had always allowed fans to freely create and share concert recordings) were the greatest success model in the world for a profitable long-term business cycle based on peer-to-peer sharing. The positive and peaceful philosophy the band had always stood for seemed to fit the Internet’s optimistic emerging culture as well.

    John Perry Barlow, Internet Pioneer, 1947-2018 | Electronic Frontier Foundation
    https://www.eff.org/deeplinks/2018/02/john-perry-barlow-internet-pioneer-1947-2018

    Barlow knew that new technology could create and empower evil as much as it could create and empower good. He made a conscious decision to focus on the latter: "I knew it’s also true that a good way to invent the future is to predict it. So I predicted Utopia, hoping to give Liberty a running start before the laws of Moore and Metcalfe delivered up what Ed Snowden now correctly calls ’turn-key totalitarianism.’”

    A Declaration of the Independence of Cyberspace | Electronic Frontier Foundation
    https://www.eff.org/cyberspace-independence

    by John Perry Barlow, Davos, Switzerland, February 8, 1996

    John Perry Barlow
    https://archive.org/search.php?query=John%20Perry%20Barlow

    The Grateful Dead
    https://archive.org/search.php?query=%22Grateful%20Dead%22

    Jerry Garcia Band
    https://archive.org/search.php?query=subject%3A%22Jerry+Garcia+Band%22

    #internet #musique

    • un manifeste d’une naïveté confondante, et qui ne veut strictement rien dire.

      Justement, tu en fais ce que tu veux ;-)

      You are not welcome among us. You have no sovereignty where we gather.

      Là par contre ce n’est pas dépourvu de sens ; en plus c’est du rock’n’roll, JPB sur son ranch en train de traire les vaches, et qu’il refuse que le gouvernement s’y mêle, c’est une belle image allégorique pour la liberté, non ?

      Autrement c’est vrai l’histoire avec le néoibéralisme, mais bof, pas la peine de tout prendre trop sérieusement. On sait que le vieux était un peu réac, mais son manifeste c’était un beau texte, un truc sentimental quoi.

      Oui, oui, je sais, la CIA payait des écrivains pour qu’ils arrêtent de dire des choses contre les #USA, etc. - mais tu ne critiques pas Bach parce qu’il était religieux, pas vrai ?

      L’ironie de l’histoire c’est qu’aujourd’hui les vaches sont télécommandées par internet ;-)

    • Le rôle joué par l’évangélisme internet dans la victoire du néo-libéralisme est toujours incompris par beaucoup de gens à gauche.

      Coup d’État contre Allende, Chicago Boys, 1973.
      Margaret Thatcher, première Ministre en 1979.
      Milton Friedman, prix Nobel d’économie en 1979.
      Ronald Reagan élu en 1981.
      Georges Stigler, prix Nobel d’économie en 1982.
      Tournant de la rigueur de Mitterrand en 1983
      etc.

      Quand commence l’« évangélisme internet » ?

      Plus sérieusement, comme je l’écrivais dans mon message sur le sujet :
      https://seenthis.net/messages/667401
      dans mon souvenir l’« évangélisme internet » en France était critique de l’espace libertarien américain (même si, à l’époque, ce n’était pas un courant très connu en France). Pour notre petite chapelle, c’est peut-être aussi pour ça qu’on a voulu faire notre propre Manifeste, et pas s’aligner sur une traduction de la Déclaration de Barlow.

      Et paradoxalement, j’ai toujours ressenti que ceux qui agitaient le chiffon route du « libéral libertaire » pour sauver « nos valeurs », l’utilisaient justement pour flinguer la possibilité d’un usage progressiste et social de la liberté d’expression, tout en renforçant l’usage purement mercantile du Net.

    • Qu’il repose en paix.

      Ses propes acolytes ne le laisseront pas reposer longtemps avant de le sortir de sa tombe pour en faire leur zombie pour les basses besognes idéologiques. A ce stade il ne restera pas grand chose du hippie et le « farmer » réactionnaire brandira so revolver pour éliminer tous les défenseur d’un réseau libre au service des peuples du monde.

  • John Perry Barlow, Internet Pioneer, 1947-2018 | Electronic Frontier Foundation
    https://www.eff.org/deeplinks/2018/02/john-perry-barlow-internet-pioneer-1947-2018

    Barlow was sometimes held up as a straw man for a kind of naive techno-utopianism that believed that the Internet could solve all of humanity’s problems without causing any more. As someone who spent the past 27 years working with him at EFF, I can say that nothing could be further from the truth. Barlow knew that new technology could create and empower evil as much as it could create and empower good. He made a conscious decision to focus on the latter: "I knew it’s also true that a good way to invent the future is to predict it. So I predicted Utopia, hoping to give Liberty a running start before the laws of Moore and Metcalfe delivered up what Ed Snowden now correctly calls ’turn-key totalitarianism.’”

    #John_Perry_Barlow #Histoire_numérique
    Barlow’s lasting legacy is that he devoted his life to making the Internet into “a world that all may enter without privilege or prejudice accorded by race, economic power, military force, or station of birth . . . a world where anyone, anywhere may express his or her beliefs, no matter how singular, without fear of being coerced into silence or conformity.”

  • Portugal Bans Use of DRM to Limit Access to Public Domain Works | Electronic Frontier Foundation
    https://www.eff.org/deeplinks/2017/10/portugal-bans-use-drm-limit-access-public-domain-works

    The amendments to Articles 217 and 221 of Portugal’s Code of Copyright and Related Rights do three things. First, they provide that the anti-circumvention ban doesn’t apply to circumvention of DRM in order to enjoy the normal exercise of copyright limitations and exceptions that are provided by Portuguese law. Although Portugal doesn’t have a generalized fair use exception, the more specific copyright exceptions in Articles 75(2), 81, 152(4) and 189(1) of its law do include some key fair uses; including reproduction for private use, for news reporting, by libraries and archives, in teaching and education, in quotation, for persons with disabilities, and for digitizing orphan works. The circumvention of DRM in order to exercise these user rights is now legally protected.

    Second and perhaps even more significantly, the law prohibits the application of DRM to certain categories of works in the first place. These are works in the public domain (including new editions of works already in the public domain), and to works published or financed by the government. This provision alone will be a boon for libraries, archives, and for those with disabilities, ensuring that they never again have to worry about being unable to access or preserve works that ought to be free for everyone to use. The application of DRM to such works will now be an offence under the law, and if DRM has been applied to such works nevertheless, it will be permitted for a user to circumvent it.

    Third, the law also permits DRM to be circumvented where it was applied without the authorization of the copyright holder. From now on, if a licensee of a copyright work wishes to apply DRM to it when it is distributed in a new format or over a new streaming service, the onus will be on them to ask the copyright owner’s permission first. If they don’t do that, then it won’t be an offence for its customers to bypass the DRM in order to obtain unimpeded access to the work, as its copyright owner may well have intended.

    If there’s a shortcoming to the law, it’s that it doesn’t include any new exceptions to the ban on creating or distributing (or as lawmakers ludicrously call it, “trafficking in”) anti-circumvention devices. This means that although users are now authorized to bypass DRM in more cases than before, they’re on their own when it comes to accomplishing this.