"The abolition of third-party cookies will make it possible to protect privacy-related data such as what sites users visit and what pages they view from advertising companies," notes the Japan-based site Gigazine.

And this month "Google has confirmed that it is on track to start disabling third-party cookies across its Chrome browser in a matter of weeks," writes TechRadar: An internal email published online sees Google software engineer Johann Hofmann share with colleagues the company's plan to switch off third-party cookies for 1% of Chrome users from Q1 2024 — a plan that was shared months ago and that, surprisingly, remains on track, given the considerable pushbacks so far... Hofmann explains that Google is still awaiting a UK Competition and Markets Authority consultation in order to address any final concerns before "Privacy Sandbox" gets the go-ahead.
The Register explores Google's "Privacy Sandbox" idea: Since 2019 — after it became clear that European data protection rules would require rethinking how online ads work — Google has been building a set of ostensibly privacy-preserving ad tech APIs known as the Privacy Sandbox... One element of the sandbox is the Topics API: that allows websites to ask Chrome directly what the user is interested in, based on their browser history, so that targeted ads can be shown. Thus, no need for any tracking cookies set by marketers following you around, though it means Chrome squealing on you unless you tell it not to...

Peter Snyder, VP of privacy engineering at Brave Software, which makes the Brave browser, told The Register in an email that the cookie cutoff and Privacy Sandbox remains problematic as far as Brave is concerned. "Replacing third-party cookies with Privacy Sandbox won't change the fact that Google Chrome has the worst privacy protections of any major browser, and we're very concerned about their upcoming plans," he said. "Google's turtle-paced removal of third-party cookies comes along with a large number of other changes, which when taken together, seriously harm the progress other browsers are making towards a user-first, privacy-protecting Web.

"Recent Google Chrome changes restrict the ability for users to modify, make private, and harden their Web experience (Manifest v3), broadcasting users' interests to websites they visit (Topics), dissolving privacy boundaries on the Web (Related Sites), offloading the battery-draining costs of ad auctions on users (FLEDGE/Protected Audience API), and reducing user control and Web transparency (Signed Exchange/WebBundles)," Snyder explained. "And this is only a small list of examples from a much longer list of harmful changes being shipped in Chrome."

Snyder said Google has characterized the removal of third-party cookies as getting serious about privacy, but he argued the truth is the opposite. "Other browsers have shown that a more private, more user-serving Web is possible," he said. "Google removing third-party cookies should be more accurately understood as the smallest possible change it can make without harming Google's true priority: its own advertising business."
The Register notes that other browser makers such as Apple, Brave, and Mozilla have already begun blocking third-party cookies by default, while Google Chrome and Microsoft Edge "provide that option, just not out of the box."

EFF senior staff technologist Jacob Hoffman-Andrews told The Register that "When Google Chrome finishes the project on some unspecified date in the future, it will be a great day for privacy on the web. According to the announcement, the actual phased rollout is slated to begin in Q3 2024, with no stated deadline to reach 100 percent. Let's hope Google's advertising wing does not excessively delay these critical privacy improvements."

TechRadar points out that after the initial testing period in 2024, Google will begin its phased rollout of the cookie replacement program — starting in June.

Thanks to long-time Slashdot reader AmiMoJo for sharing the news.

An anonymous reader quotes a report from Wired: A little-known surveillance program tracks more than a trillion domestic phone records within the United States each year, according to a letter WIRED obtained that was sent by US senator Ron Wyden to the Department of Justice (DOJ) on Sunday, challenging the program's legality. According to the letter, a surveillance program now known as Data Analytical Services (DAS) has for more than a decade allowed federal, state, and local law enforcement agencies to mine the details of Americans' calls, analyzing the phone records of countless people who are not suspected of any crime, including victims. Using a technique known as chain analysis, the program targets not only those in direct phone contact with a criminal suspect but anyone with whom those individuals have been in contact as well.

The DAS program, formerly known as Hemisphere, is run in coordination with the telecom giant AT&T, which captures and conducts analysis of US call records for law enforcement agencies, from local police and sheriffs' departments to US customs offices and postal inspectors across the country, according to a White House memo reviewed by WIRED. Records show that the White House has, for the past decade, provided more than $6 million to the program, which allows the targeting of the records of any calls that use AT&T's infrastructure -- a maze of routers and switches that crisscross the United States. In a letter to US attorney general Merrick Garland on Sunday, Wyden wrote that he had "serious concerns about the legality" of the DAS program, adding that "troubling information" he'd received "would justifiably outrage many Americans and other members of Congress." That information, which Wyden says the DOJ confidentially provided to him, is considered "sensitive but unclassified" by the US government, meaning that while it poses no risk to national security, federal officials, like Wyden, are forbidden from disclosing it to the public, according to the senator's letter. AT&T spokesperson Kim Hart Jonson said only that the company is required by law to comply with a lawful subpoena. However, "there is no law requiring AT&T to store decades' worth of Americans' call records for law enforcement purposes," notes Wired. "Documents reviewed by WIRED show that AT&T officials have attended law enforcement conferences in Texas as recently as 2018 to train police officials on how best to utilize AT&T's voluntary, albeit revenue-generating, assistance."

"The collection of call record data under DAS is not wiretapping, which on US soil requires a warrant based on probable cause. Call records stored by AT&T do not include recordings of any conversations. Instead, the records include a range of identifying information, such as the caller and recipient's names, phone numbers, and the dates and times they placed calls, for six months or more at a time." It's unclear exactly how far back the call records accessible under DAS go, although a slide deck released under the Freedom of Information Act in 2014 states that they can be queried for up to 10 years.

From AaronSwartzDay.com: Aaron Swartz Day was founded, in 2013, after the death of Aaron Swartz, with these combined goals:

To draw attention to what happened to Aaron, in the hopes of stopping it from happening to anyone else.
- This includes clarifying that, although Aaron was a hacker, he didn't hack MIT.

To provide a yearly showcase of many of the projects that were started by Aaron before his death.
- SecureDrop
- Open Library

To provide a yearly showcase of new projects that were directly inspired by Aaron and his work.
A few Aaron-inspired examples from this year's event include:
- The Pursuance Project (by Barrett Brown & Steve Phillips)
- Open Archive (by Natalie Cadranel)
- Jason Leopold's Freedom of Information Act Request (FOIA) activism (article from 2013)
Happening right now is a livestream from 11 a.m. to 6:30 p.m. PST of "intimate virtual talks," including a special presentation by members of Brazil's Aaron Swartz Institute starting in just a few minutes. You can also playback video for talks that happened earlier today.

Other speakers include:

• Scifi novelist/technology activist Cory Doctorow (11 a.m.)
• Signal user support engineer/project manager Riya Abraham (11:30 a.m.)
• EFF executive director Cindy Cohn (12)
• EFF Certbot director of engineering Alexis Hancock (12:20)
• Internet Archive's Brewster Kahle (12:40)
• Anaconda CEO Peter Wang (1)
• The Freedom of the Press Foundation's Kevin O'Gorman (speaking on SecureDrop at 1:30)

An anonymous reader quotes a report from 404 Media: Spread across four computer monitors arranged in a grid, a blue and green interface shows the location of more than 50 different surveillance cameras. Ordinarily, these cameras and others like them might be disparate, their feeds only available to their respective owners: a business, a government building, a resident and their doorbell camera. But the screens, overlooking a pair of long conference tables, bring them all together at once, allowing law enforcement to tap into cameras owned by different entities around the entire town all at once. This is a demonstration of Fusus, an AI-powered system that is rapidly springing up across small town America and major cities alike. Fusus' product not only funnels live feeds from usually siloed cameras into one central location, but also adds the ability to scan for people wearing certain clothes, carrying a particular bag, or look for a certain vehicle.

404 Media has obtained a cache of internal emails, presentations, memos, photos, and more which provide insight into how Fusus teams up with police departments to sell its surveillance technology. All around the country, city councils are debating whether they want to have a system that qualitatively changes what surveillance cameras mean for a town's residents and public agencies. While many have adopted Fusus, others have pushed back, and refused to have the hardware and software installed in their neighborhoods. In some ways, Fusus is deploying smart camera technology that historically has been used in places like South Africa, where experts warned about it creating an ever present blanket of surveillance. Now, tech with some of the same capabilities is being used across small town America.

Rather than selling cameras themselves, Fusus' hardware and software latches onto existing installations, which can include government-owned surveillance cameras as well as privately owned cameras at businesses and homes. It turns dumb cameras into smart ones. "In essence, the Fusus solution puts a brain into every camera connected with the system," one memorandum obtained by 404 Media reads. In addition to integrating with existing surveillance installations, Fusus' hardware, called SmartCORE, can turn cameras into automatic license plate readers (ALPRs). It can reportedly offer facial recognition features, too, although Fusus hasn't provided clear clarification on this matter.

The report says the system has been adopted by numerous police departments across the United States, with approximately 150 jurisdictions using Fusus. Orland Park police have called it a "game-changer." It's also being used internationally, launching in the United Kingdom.

Here's what Beryl Lipton, investigative researcher at the Electronic Frontier Foundation (EFF), had to say about it: "The lack of transparency and community conversation around Fusus exacerbates concerns around police access of the system, AI analysis of video, and analytics involving surveillance and crime data, which can influence officer patrols and priorities. In the absence of clear policies, auditable access logs, and community transparency about the capabilities and costs of Fusus, any community in which this technology is adopted should be concerned about its use and abuse."

Long-time Slashdot reader couchslug shares a report from Ars Technica, writing: "A new attack on the right to do with one's property as the owner sees fit. First step, threaten without providing evidence." From the report: Before last week, owners of certain Mazda vehicles who also had a Home Assistant setup could create some handy connections for their car. One CX60 driver had a charger that would only power on when it confirmed his car was plugged in and would alert him if he left the trunk open. Another used Home Assistant to control their charger based on the dynamic prices of an Agile Octopus energy plan. Yet another had really thought it through, using Home Assistant to check the gas before their morning commute, alert them if their windows were down before rain was forecast, and remotely unlock and start the car in cold conditions. The possibilities were vast, and purportedly beyond what Mazda's official app offered.

Mazda, however, had issues with the project, which was largely the free-time work of one software developer, Brandon Rothweiler. In a Digital Millennium Copyright Act (DMCA) notice sent to GitHub, Mazda (or an authorized agent) alleges that Rothweiler's integration: contains code that "is violating [Mazda's] copyright ownership"; used "certain Mazda information, including proprietary API information," to "create code and information"; and contained code that "provides functionality same as what is currently" in Mazda's apps posted to the Apple App Store and Google Play Store for Android.

One day later, Rothweiler made a pull request to the Home Assistant core project: "I'm removing the Mazda integration due to a legal notice sent to me by Mazda." The Home Assistant project pushed an update to remove the integration, posted about the removal, and noted that they were "disappointed that Mazda has decided to take this position" and that "Mazda's first recourse was not to reach out to us and the maintainer but to send a cease and desist letter instead." One of the many commenters confused by Mazda's code claims said they couldn't find any of the copyrighted code the company referenced. Additionally, Ars Technica suggests the project "could be considered a fair use exception to the DMCA, as explained by the Electronic Frontier Foundation."

"When Mazda contacted me, my options were to either comply or open myself up to potential legal risk," said Rothweiler. "Even if I believe that what I'm doing is morally correct and legally protected, legal processes still have a financial cost. I can't afford to take on that financial risk for something that I do in my spare time to help others."

From science fiction author/blogger/technology activist Cory Doctorow: Right to repair has no cannier, more dedicated adversary than Apple, a company whose most innovative work is dreaming up new ways to sneakily sabotage electronics repair while claiming to be a caring environmental steward, a lie that covers up the mountains of e-waste that Apple dooms our descendants to wade through... Tim Cook laid it out for his investors: when people can repair their devices, they don't buy new ones. When people don't buy new devices, Apple doesn't sell them new devices. It's that's simple...
Specifically Doctorow is criticizing the way Apple equips parts with a tiny system-on-a-chip just to track serial numbers solely "to prevent independent repair technicians from fixing your gadget." For Apple, the true anti-repair innovation comes from the most pernicious US tech law: Section 1201 of the Digital Millennium Copyright Act (DMCA). DMCA 1201 is an "anti-circumvention" law. It bans the distribution of any tool that bypasses "an effective means of access control." That's all very abstract, but here's what it means: if a manufacturer sticks some Digital Rights Management (DRM) in its device, then anything you want to do that involves removing that DRM is now illegal — even if the thing itself is perfectly legal...

When California's right to repair bill was introduced, it was clear that it was gonna pass. Rather than get run over by that train, Apple got on board, supporting the legislation, which passed unanimously. But Apple got the last laugh. Because while California's bill contains many useful clauses for the independent repair shops that keep your gadgets out of a landfill, it's a state law, and DMCA 1201 is federal. A state law can't simply legalize the conduct federal law prohibits. California's right to repair bill is a banger, but it has a weak spot: parts-pairing, the scourge of repair techs...

Parts-pairing is bullshit, and Apple are scum for using it, but they're hardly unique. Parts-pairing is at the core of the fuckery of inkjet printer companies, who use it to fence out third-party ink, so they can charge $9,600/gallon for ink that pennies to make. Parts-pairing is also rampant in powered wheelchairs, a heavily monopolized sector whose predatory conduct is jaw-droppingly depraved...

When Bill Clinton signed DMCA 1201 into law 25 years ago, he loaded a gun and put it on the nation's mantlepiece and now it's Act III and we're all getting sprayed with bullets. Everything from ovens to insulin pumps, thermostats to lightbulbs, has used DMCA 1201 to limit repair, modification and improvement. Congress needs to rid us of this scourge, to let us bring back all the benefits of interoperability. I explain how this all came to be — and what we should do about it — in my new Verso Books title, The Internet Con: How to Seize the Means of Computation.

From an EFF announcement this week: Technical standards like fire and electrical codes developed by private organizations but incorporated into public law can be freely disseminated without any liability for copyright infringement, a federal appeals court ruled Tuesday.
The judge ruled that posting the materials constituted fair use — so the nonprofit group doing the posting won't be liable for copyright infringement. The American Bar Association Journal reports: The decision is a victory for public-domain advocate Carl Malamud and the group that he founded, Public.Resource.org. The group posts legal materials on its websites, including the standards developed by the three organizations that sued... "It has been over 10 years since plaintiffs filed suit in this case," said Malamud in a press release by the Electronic Frontier Foundation. "The U.S. Court of Appeals has found decisively in favor of the proposition that citizens must not be relegated to economy-class access to the law."
In 2012 Carl Malamud answered questions from Slashdot readers.

And now, finally, from the EFF's announcement: Tuesday's ruling by a three-judge panel of the U.S. Court of Appeals for the District of Columbia Circuit upholds the idea that our laws belong to all of us, and we should be able to find, read, and share them free of registration requirements, fees, and other roadblocks... "In a nation governed by the rule of law, private parties have no business controlling who can read, share, and speak the rules to which we are all subject," EFF Legal Director Corynne McSherry said. "We are pleased that the Court of Appeals upheld what other U.S. courts, including the Supreme Court, have said for almost 200 years: No one should control access to the law."
Or, as the EFF puts it on another page, "Copyright cannot trump the essential public interest..."

Thanks to long-time Slashdot reader schwit1 for sharing the news.

For over 30 years the EFF has presented awards recognizing those "advancing innovation and championing digital rights," according to its web site, celebrating "the accomplishments of people working toward a better future... both in the public eye and behind the scenes."

This year's ceremony — hosted by Cory Doctorow — didn't just recognize Sci-Hub's founder. The EFF also gave its award for "Communications Policy" to the Signal Foundation — and its "Information Democracy" award to the Library Freedom Project.

From the Electronic Frontier Foundation web site: Since 2013, with the release of the unified app and the game-changing Signal Protocol, Signal has set the bar for private digital communications. With its flagship product, Signal Messenger, Signal provides real communications privacy, offering easy-to-use technology that refuses the surveillance business model on which the tech industry is built. To ensure that the public doesn't have to take Signal's word for it, Signal publishes their code and documentation openly, and licenses their core privacy technology to allow others to add privacy to their own products. Signal is also a 501(c)(3) nonprofit, ensuring that investors and market pressure never provides an incentive to weaken privacy in the name of money and growth. This allows Signal to stand firm against growing international legislative pressure to weaken online privacy, making it clear that end-to-end encryption either works for everyone or is broken for everyone — there is no half measure.

The Library Freedom Project (LFP) is radically rethinking the library professional organization by creating a network of values-driven librarian-activists taking action together to build information democracy. LFP offers trainings, resources, and community building for librarians on issues of privacy, surveillance, intellectual freedom, labor rights, power, technology, and more — helping create safer, more private spaces for library patrons to feed their minds and express themselves. Their work is informed by a social justice, feminist, anti-racist approach, and they believe in the combined power of long-term collective organizing and short-term, immediate harm reduction.

Long-time Slashdot reader UnCivil Liberty writes: Following in the footsteps of three MIT students who were previously gagged from presenting their findings at Defcon 2008 are two Massachusetts teens (who presented at this year's Defcon without interference).

The four teens extended other research done by the 2008 hacker team to fully reverse engineer the "CharlieCard," the RFID touchless smart card used by Boston's public transit system. The hackers can now add any amount of money to one of these cards or invisibly designate it a discounted student card, a senior card, or even an MBTA employee card that gives them unlimited free rides. "You name it, we can make it," says Campbell.

An anonymous reader quotes a report from TorrentFreak: The Electronic Frontier Foundation will award Alexandra Elbakyan, founder of the 'pirate' library Sci-Hub, for her efforts to provide access to scientific knowledge. According to EFF, Elbakyan's site is a vital resource for millions of students and researchers. Some medical professionals have even argued that the site helped to save lives. [...] "When I was working on my research project, I found out that all research papers I needed for work were paywalled. I was a student in Kazakhstan at the time and our university was not subscribed to anything," Alexandra told TorrentFreak years ago. Today, Sci-Hub continues to tear down academic paywalls but that comes at a cost. Sci-Hub has been sued several times and owes millions in damages to major publishers. In addition, Elbakyan also drew the attention of the FBI. Instead of throwing in the towel, Sci-Hub's founder continues to defend her ideals. They're a thorn in the side of major publishers, but on the other side of the debate, Elbakyan reaps praise.

This week, the Electronic Frontier Foundation (EFF) announced that Sci-Hub's founder will receive an award for her accomplishments in advancing access to scientific knowledge. EFF's awards are presented to people who have taken a leading role in the fight for freedom and innovation online. The previous winners include Internet pioneer Vint Cerf, Linux creator Linus Torvalds, and whistleblower Chelsea Manning. According to EFF, Elbakyan deserves the award as her life's work enables millions of people to access scientific knowledge that would otherwise exist beyond their financial reach. EFF also highlights that Elbakyan's work helps to challenge the current academic publishing system, where researchers are used as unpaid workhorses. "Sci-Hub is used by millions of students, researchers, medical professionals, journalists, inventors, and curious people all over the world, many of whom provide feedback saying they are grateful for this access to knowledge," said the EFF.

"Some medical professionals have said Sci-Hub helps save human lives; some students have said they wouldn't be able to complete their education without Sci-Hub's help."

Slashdot reader j3x0n shared this report from California newspaper the Sacramento Bee: In 2015, Democratic Elk Grove Assemblyman Jim Cooper voted for Senate Bill 34, which restricted law enforcement from sharing automated license plate reader (ALPR) data with out-of-state authorities. In 2023, now-Sacramento County Sheriff Cooper appears to be doing just that. The Electronic Frontier Foundation (EFF) a digital rights group, has sent Cooper a letter requesting that the Sacramento County Sheriff's Office cease sharing ALPR data with out-of-state agencies that could use it to prosecute someone for seeking an abortion.

According to documents that the Sheriff's Office provided EFF through a public records request, it has shared license plate reader data with law enforcement agencies in states that have passed laws banning abortion, including Alabama, Oklahoma and Texas. Adam Schwartz, EFF senior staff attorney, called automated license plate readers "a growing threat to everyone's privacy ... that are out there by the thousands in California..." Schwartz said that a sheriff in Texas, Idaho or any other state with an abortion ban on the books could use that data to track people's movements around California, knowing where they live, where they work and where they seek reproductive medical care, including abortions.

The Sacramento County Sheriff's Office isn't the only one sharing that data; in May, EFF released a report showing that 71 law enforcement agencies in 22 California counties — including Sacramento County — were sharing such data... [Schwartz] said that he was not aware of any cases where ALPR data was used to prosecute someone for getting an abortion, but added, "We think we shouldn't have to wait until the inevitable happens."
In May the EFF noted that the state of Idaho "has enacted a law that makes helping a pregnant minor get an abortion in another state punishable by two to five years in prison."

"Compared to the website's average daily volume over the past month, the 52,121,649 visits Reddit saw on June 13th represented a 6.6 percent drop..." reports Engadget (citing data provided by internet analytics firm Similarweb). [A]s many subreddits continue to protest the company's plans and its leadership contemplates policy changes that could change its relationship with moderators, the platform could see a slow but gradual decline in daily active users. That's unlikely to bode well for Reddit ahead of its planned IPO and beyond.
In fact, the Financial Times now reports that Reddit "acknowledged that several advertisers had postponed certain premium ad campaigns in order to wait for the blackouts to pass." But they also got this dire prediction from a historian who helps moderate the subreddit "r/Askhistorians" (with 1.8 million subscribers).

"If they refuse to budge in any way I do not see Reddit surviving as it currently exists. That's the kind of fire I think they're playing with."

More people had the same same thought. The Reddit protests drew this response earlier this week from EFF's associate director of community organizing: This tension between these communities and their host have, again, fueled more interest in the Fediverse as a decentralized refuge... Unfortunately, discussions of Reddit-like fediverse services Lemmy and Kbin on Reddit were colored by paranoia after the company banned users and subreddits related to these projects (reportedly due to "spam"). While these accounts and subreddits have been reinstated, the potential for censorship around such projects has made a Reddit exodus feel more urgently necessary...
Saturday the EFF official reiterated their concerns when Wired asked: does this really signal the death of Reddit? "I can't see it as anything but that... [I]t's not a big collapse when a social media website starts to die, but it is a slow attrition unless they change their course. The longer they stay in their position, the more loss of users and content they're going to face."

Wired even heard a thought-provoking idea from Amy Bruckman, a regents' professor/senior associate chair at the School of Interactive Computing at Georgia Institute of Technology. Bruckman "advocates for public funding of a nonprofit version of something akin to Reddit."

Meanwhile, hundreds of people are now placing bets on whether Reddit will backtrack on its new upcoming API pricing — or oust CEO Steve Huffman — according to Insider, citing reports from online betting company BetUS.

CEO Huffman's complaint that the moderators were ignoring the wishes of Reddit's users led to a funny counter-response, according to the Verge. After asking users to vote on whether to end the protest, two forums saw overwhelming support instead for the only offered alternative: the subreddits "now only allow posts about comedian and Last Week Tonight host John Oliver."

Both r/pics (more than 30 million subscribers) and r/gifs (more than 21 million subscribers) offered two options to users to vote on... The results were conclusive:

r/pics: return to normal, -2,329 votes; "only allow images of John Oliver looking sexy," 37,331 votes.
r/gifs: return to normal, -1,851 votes; only feature GIFs of John Oliver, 13,696 votes...

On Twitter, John Oliver encouraged the subreddits — and even gave them some fodder. "Dear Reddit, excellent work," he wrote to kick off a thread that included several ridiculous pictures. A spokesperson for Last Week Tonight with John Oliver didn't immediately reply to a request for comment.

Texas Governor Greg Abbott has signed a bill prohibiting children under 18 from joining various social media platforms without parental consent. Similar legislation has been passed in Utah and Louisiana. The Verge reports: The bill, HB 18, requires social media companies to receive explicit consent from a minor's parent or guardian before they'd be allowed to create their own accounts starting in September of next year. It also forces these companies to prevent children from seeing "harmful" content -- like content related to eating disorders, substance abuse, or "grooming" -- by creating new filtering systems.

Texas' definition of a "digital service" is extremely broad. Under the law, parental consent would be necessary for kids trying to access nearly any site that collects identifying information, like an email address. There are some exceptions, including sites that primarily deliver educational or news content and email services. The Texas attorney general could sue companies found to have violated this law. The law's requirements to filter loosely defined "harmful material" and provide parents with control over their child's accounts mirror language in some federal legislation that has spooked civil and digital rights groups.

Like HB 18, the US Senate-led Kids Online Safety Act orders platforms to prevent minors from being exposed to content related to disordered eating and other destructive behaviors. But critics fear this language could encourage companies like Instagram or TikTok to overmoderate non-harmful content to avoid legal challenges. Overly strict parental controls could also harm kids in abusive households, allowing parents to spy on marginalized children searching for helpful resources online.

An anonymous reader quotes a report from Techdirt: So, this is bad. Over the last few years, we've written plenty about the so-called "inter partes review" or "IPR" that came into being about a decade ago as part of the "America Invents Act," which was the first major change to the patent system in decades. For much of the first decade of the 2000s, patent trolls were running wild and creating a massive tax on innovation. There were so many stories of people (mostly lawyers) getting vague and broad patents that they never had any intention of commercializing, then waiting for someone to come along and build something actually useful and innovative... and then shaking them down with the threat of patent litigation. The IPR process, while not perfect, was at least an important tool in pushing back on some of the worst of the worst patents. In its most basic form, the IPR process allows nearly anyone to challenge a bad patent and have the special Patent Trial and Appeal Board (PTAB) review the patent to determine if it should have been granted in the first place. Given that a bad patent can completely stifle innovation for decades this seems like the very least that the Patent Office should offer to try to get rid of innovation-killing bad patents.

However, patent trolls absolutely loathe the IPR process for fairly obvious reasons. It kills their terrible patents. The entire IPR process has been challenged over and over again and (thankfully) the Supreme Court said that it's perfectly fine for the Patent Office to review granted patents to see if they made a mistake. But, of course, that never stops the patent trolls. They've complained to Congress. And, now, it seems that the Patent Office itself is trying to help them out. Recently, the USPTO announced a possible change to the IPR process that would basically lead to limiting who can actually challenge bad patents, and which patents could be challenged.

The wording of the proposed changes seems to be written in a manner to be as confusing as possible. But there are a few different elements to the proposal. One part would limit who can bring challenges to patents under the IPR system, utilizing the power of the director to do a "discretionary denial." For example, it would say that "certain for-profit entities" are not allowed to bring challenges. Why? That's not clear. [...] But the more worrisome change is this one: "Recognizing the important role the USPTO plays in encouraging and protecting innovation by individual inventors, startups, and under-resourced innovators who are working to bring their ideas to market, the Office is considering limiting the impact of AIA post-grant proceedings on such entities by denying institution when certain conditions are met." Basically, if a patent holder is designated as an "individual inventor, startup" or "under-resourced innovator" then their patents are protected from the IPR process. But, as anyone studying this space well knows, patent trolls often present themselves as all three of those things (even though it's quite frequently not at all true). [...] And, again, none of this should matter. A bad patent is a bad patent. Why should the USPTO create different rules that protect bad patents? If the patent is legit, it will survive the IPR process. The Electronic Frontier Foundation issued a response to the proposed changes: "The U.S. Patent Office has proposed new rules about who can challenge wrongly granted patents. If the rules become official, they will offer new protections to patent trolls. Challenging patents will become far more onerous, and impossible for some. The new rules could stop organizations like EFF, which used this process to fight the Personal Audio 'podcasting patent,' from filing patent challenges altogether."

The digital rights group added: "If these rules were in force, it's not clear that EFF would have been able to protect the podcasting community by fighting, and ultimately winning, a patent challenge against Personal Audio LLC. Personal Audio claimed to be an inventor-owned company that was ready to charge patent royalties against podcasters large and small. EFF crowd-funded a patent challenge and took out the Personal Audio patent after a 5-year legal battle (that included a full IPR process and multiple appeals)."

In a groundbreaking ruling, a district court judge in New York, United States v. Smith (S.D.N.Y. May 11, 2023), declared that a warrant is necessary for cell phone searches at the border, unless there are urgent circumstances. The Electronic Frontier Foundation (EFF) reports: The Ninth Circuit in United States v. Cano (2019) held that a warrant is required for a device search at the border that seeks data other than "digital contraband" such as child pornography. Similarly, the Fourth Circuit in United States v. Aigbekaen (2019) held that a warrant is required for a forensic device search at the border in support of a domestic criminal investigation. These courts and the Smith court were informed by Riley v. California (2014). In that watershed case, the Supreme Court held that the police must get a warrant to search an arrestee's cell phone. [...]

The Smith court's application of Riley's balancing test is nearly identical to the arguments we've made time and time again. The Smith court also cited Cano, in which the Ninth Circuit engaged extensively with EFF's amicus brief even though it didn't go as far as requiring a warrant in all cases. The Smith court acknowledged that no federal appellate court "has gone quite this far (although the Ninth Circuit has come close)."

We're pleased that our arguments are moving through the federal judiciary and finally being embraced. We hope that the Second Circuit affirms this decision and that other courts -- including the Supreme Court -- are courageous enough to follow suit and protect personal privacy.

On Tuesday, the Senate Judiciary Committee in Sacramento is expected to consider a new bill called "The Delete Act," or SB 362, which aims to give Californians the power to block data tracking. "The onus is on individuals to try to protect their data from an estimated 2,000-4,000 data brokers worldwide -- many of which have no other relationship with consumers beyond the trade in their data," reports KQED. "This lucrative trade is also known as surveillance advertising, or the 'ad tech' industry." From the report: EFF supports The Delete Act, or SB 362, by state Sen. Josh Becker, who represents the Peninsula. "I want to be able to hit that delete button and delete my personal information, delete the ability of these data brokers to collect and track me," said Becker, of his second attempt to pass such a bill. "These data brokers are out there analyzing, selling personal information. You know, this is a way to put a stop to it."

Tracy Rosenberg, a data privacy advocate with Media Alliance and Oakland Privacy, said she anticipates a lot of pushback from tech companies, because "making [the Delete Act] workable probably destroys their businesses as most of us, by now, don't really see the value in the aggregating and sale of our data on the open market by third parties... "It is a pretty basic-level philosophical battle about whether your personal information is, in fact, yours to share as you see appropriate and when it is personally beneficial to you, or whether it is property to be bought and sold," Rosenberg said.

In March U.S. President Joe Biden "signed an executive order that limits U.S. government agencies from using commercially available spyware," writes EFF senior policy analyst Matthew Guariglia.

"But that doesn't mean there will be no government use of spyware in the United States...." The executive order arrived only days before revelations that the United States, which was previously thought to have steered clear of some of the most infamous foreign spyware products, actually had a contract to test and deploy the notorious Pegasus created by Israeli company NSO Group. The contract was signed under a fake name on November 8, 2021 between an organization that acts as a front for the U.S. government and an American affiliate of NSO group. Only five days before, on November 3, 2021, the U.S. Commerce Department added NSO Group and other foreign spyware companies to a blacklist — the "Entity List for engaging in activities that are contrary to the national security or foreign policy interests of the United States." So the signing of this straw contract was in apparent breach of this ban. NSO Group is just one of the companies that should be covered by the new executive order....

Though the NSO Group's Pegasus spyware has garnered particular attention for its widespread use against human rights advocates, journalists, and politicians, the executive order did not name any company specifically, keeping the policy broad. This may lead some government agencies to think that their purchase of foreign spyware might fly under the radar if it comes from another, smaller vendor, or the vendor can plausibly deny that it is really spyware that they are selling. We urge the Biden administration to publish a non-exhaustive list of spyware companies included as part of this ban. That would send a clear message to agencies who wish to exploit any ambiguity in order to skirt the law.
The EFF applauds the U.S. order for specyfing ways in which spyware is not to be used — including a ban on its use against journalists, activists, political figures, and any U.S. person "without proper legal authorization, safeguards, and oversight." And the EFF also notes positive signs of progress towards stopping government misuse of spyware:
Building upon the U.S. executive order, a global coalition of eleven countries, including Australia, Canada, Costa Rica, Denmark, France, New Zealand, Norway, Sweden, Switzerland, the United Kingdom, and the United States, are working towards a common goal of countering the misuse of commercial spyware. This alliance is committed to establishing robust guardrails and procedures that uphold fundamental human rights, civil liberties, and the rule of law, within each of their respective systems.
But the EFF also points out the biggest concern of the U.S. government appears to be with the dangers in spyware that's foreign made. "While this signals discomfort with foreign-made spyware, no one should take this as an indication that the U.S. government is averse to using similar technologies developed internally, or indeed acquiring foreign spyware companies for domestic use.

"Given the government's long history of using and abusing incredibly invasive techniques, people in the United States should push for robust human rights safeguards to ensure the government won't proceed with only the minor restrictions of this executive order to rein them in."

The recently introduced RESTRICT Act, otherwise known as the "TikTok ban," is a dangerous substitute for comprehensive data privacy legislation, writes the Electronic Frontier Foundation in a blog post. From the post: As we wrote in our initial review of the bill, the RESTRICT Act would authorize the executive branch to block 'transactions' and 'holdings' of 'foreign adversaries' that involve 'information and communication technology' and create 'undue or unacceptable risk' to national security and more. We've explained our opposition to the RESTRICT Act and urged everyone who agrees to take action against it. But we've also been asked to address some of the concerns raised by others. We do that here in this post. At its core, RESTRICT would exempt certain information services from the federal statute, known as the Berman Amendments, which protects the free flow of information in and out of the United States and supports the fundamental freedom of expression and human rights concerns. RESTRICT would give more power to the executive branch and remove many of the commonsense restrictions that exist under the Foreign Intelligence Services Act (FISA) and the aforementioned Berman Amendments. But S. 686 also would do a lot more.

EFF opposes the bill, and encourages you to reach out to your representatives to ask them not to pass it. Our reasons for opposition are primarily that this bill is being used as a cudgel to protect data from foreign adversaries, but under our current data privacy laws, there are many domestic adversaries engaged in manipulative and invasive data collection as well. Separately, handing relatively unchecked power over to the executive branch to make determinations about what sort of information technologies and technology services are allowed to enter the U.S. is dangerous. If Congress is concerned about foreign powers collecting our data, it should focus on comprehensive consumer data privacy legislation that will have a real impact, and protect our data no matter what platform it's on -- TikTok, Facebook, Twitter, or anywhere else that profits from our private information. That's why EFF supports such consumer data privacy legislation. Foreign adversaries won't be able to get our data from social media companies if the social media companies aren't allowed to collect, retain, and sell it in the first place. EFF says it's not clear if the RESTRICT Act will even result in a "ban" on TikTok. It does, however, have potential to punish people for using a VPN to access TikTok if it is restricted. In conclusion, the group says the bill is similar to a surveillance bill and is "far too broad in the power it gives to investigate potential user data."

The Verge reports: A federal judge has ruled against the Internet Archive in Hachette v. Internet Archive, a lawsuit brought against it by four book publishers, deciding that the website does not have the right to scan books and lend them out like a library. Judge John G. Koeltl decided that the Internet Archive had done nothing more than create "derivative works," and so would have needed authorization from the books' copyright holders — the publishers — before lending them out through its National Emergency Library program. The Internet Archive says it will appeal.
The decision was "a blow to all libraries and the communities we serve," argued Chris Freeland, the director of Open Libraries at the Internet Archive. In a blog post he argued the decision "impacts libraries across the U.S. who rely on controlled digital lending to connect their patrons with books online. It hurts authors by saying that unfair licensing models are the only way their books can be read online. And it holds back access to information in the digital age, harming all readers, everywhere.
The Verge adds that the judge rejected "fair use" arguments which had previously protected a 2014 digital book preservation project by Google Books and HathiTrust: Koetl wrote that any "alleged benefits" from the Internet Archive's library "cannot outweigh the market harm to the publishers," declaring that "there is nothing transformative about [Internet Archive's] copying and unauthorized lending," and that copying these books doesn't provide "criticism, commentary, or information about them." He notes that the Google Books use was found "transformative" because it created a searchable database instead of simply publishing copies of books on the internet.

Koetl also dismissed arguments that the Internet Archive might theoretically have helped publishers sell more copies of their books, saying there was no direct evidence, and that it was "irrelevant" that the Internet Archive had purchased its own copies of the books before making copies for its online audience. According to data obtained during the trial, the Internet Archive currently hosts around 70,000 e-book "borrows" a day.
Thanks to long-time Slashdot reader esme for sharing the news.

GitHub and digital rights group EFF have filed briefs supporting stream-ripping site Yout.com in its legal battle with the RIAA. GitHub warns that the lower court's decision threatens to criminalize the work of many other developers. The EFF, meanwhile, stresses that an incorrect interpretation of the DMCA harms people who use stream-rippers lawfully. TorrentFreak reports: In 2020, YouTube ripper Yout.com sued the RIAA, asking a Connecticut district court to declare that the site does not violate the DMCA's anti-circumvention provision. The music group had previously used DMCA takedown notices to remove many of Yout's appearances in Google's search results. This had a significant impact on revenues, the site argued, adding that it always believed it wasn't breaking any laws and hoped the court would agree. Last October, the Connecticut district court concluded that Yout had failed to show that it doesn't circumvent YouTube's technological protection measures. As such, it could be breaking the law. Yout operator Johnathan Nader opted to appeal the decision. Nader's attorneys filed their opening brief (PDF) last week at the Court of Appeals for the Second Circuit, asking it to reverse the lower court's decision. The YouTube ripper is not the only party calling for a reversal. Yesterday, Microsoft-owned developer platform GitHub submitted an amicus brief that argues for the same. And in a separate filing, the EFF also agrees that the lower court's decision should be overturned.

GitHub's brief starts by pointing out that the company takes no position on the ultimate resolution of this appeal, nor does it side with all of Yout's arguments. However, it does believe that the lower court's interpretation of the DMCA is dangerous. The district court held that stream rippers can violate the DMCA's anti-circumvention provision. The court noted that these tools allow people to download video and audio from YouTube, despite the streaming platform's lack of a download button. According to GitHub, this conclusion is premature, dangerous, and places other software types at risk. In the present lawsuit, GitHub reiterates that stream-ripping tools should not be outlawed. The fact that YouTube doesn't have a download button doesn't mean that tools that enable people to download videos circumvent technological access restrictions. "YouTube's decision not to provide its own 'download' button, however, is not a restriction on access to works. It merely affects how users experience them," GitHub writes. If the court order is allowed to stand, GitHub warns that a broad group of developers could be exposed to criminal liability, effectively chilling technological innovation. YouTube download tools are not the only types of software at risk, according to GitHub. There are many others that affect 'how users experience' online websites. These could also be seen as problematic, based on the district court's expansive interpretation of the DMCA. These widely accepted tools could put their creators at risk if the DMCA is interpreted too strictly, GitHub warns.

The Electronic Frontier Foundation (EFF) also submitted an amicus curiae brief (PDF) yesterday. The digital rights group takes interest in copyright cases, particularly when they get in the way of people's ability to freely use technology. In this instance, EFF points out that stream-rippers such as Yout.com provide a neutral technology with plenty of legal uses. They can be used for infringing purposes, but that's also true for existing technologies -- the printing press, for example. "Like every reproduction technology -- from the printing press to the smartphone -- these programs, colloquially called 'streamrippers,' have important lawful uses as well as infringing ones. "Video creators, educators, journalists, and human rights organizations all depend on the ability to make copies of user-uploaded videos," EFF adds. In common with GitHub, EFF notes that the absence of a download button on YouTube doesn't imply that download tools automatically violate the DMCA, especially when there are no effective download restrictions on the platform. [...] According to EFF, Yout and similar tools provide the same functions as video cassette recorders once did. They allow people to make copies of videos that are posted publicly by their creators. In addition, these tools are vital for some reporters and useful to creatives who use them for future work.