Kafka wrote in his parable The Problem of Our Laws, “It is an extremely painful thing to be ruled by laws that one does not know.”

Books checked out from a library and terms searched on library computers can reveal a teenager’s questions about sexual orientation, a neighbor’s religious leanings, or a student’s political interests. Libraries across the country, particularly public libraries, make it part of their mission to serve the most vulnerable and underserved user groups, including users who are homeless, unemployed, or recent migrants or refugees. And when government agents come looking, these library users need librarians to have their back.

The federal government just got new hacking powers with virtually no debate, including in Congress. But the fight isn’t over.

It’s not too late to debate—or even reverse—the update to federal rules governing search warrants, which now lets investigators use one warrant to search an untold number of computers across the world.

The Supreme Court issued an important ruling today in the long-running patent battle between Apple and Samsung. The appeal involved some of Apple’s infamous design patents on rounded corners. The Federal Circuit had ruled that Apple was entitled to all of Samsung’s profits from the infringing phones. Samsung appealed, arguing that the law did not require such a steep penalty. As Samsung explained, if the Federal Circuit’s rule were allowed to stand, then a car company sued for infringing a design patent on a cup holder could be liable for the total profits from sales of the car.

Uber has rolled out a new update to its iPhone App—Version 3.222.4—which removed the option to limit location tracking to “While Using,” a privacy setting in the iOS that provides users control of when their information is shared with the app.

You might not have noticed right away. The November 23 update was described simply as, “This update fixes an issue affecting some riders who weren’t able to request a ride,” with no mention of the sharp change in privacy practices.

In recent months, U.S. Customs and Border Protection agents have sought access to private data on the cell phones of two journalists. Such incidents are offensive because they threaten the independence of the press and pose specific risks to confidential sources. This government overreach also highlights how weak legal protections at the border for digital devices threatens the privacy of all travelers to and from the U.S., including Americans.   

For the first few days of the 12 Days of 2FA, we’ll focus on two-factor authentication for email. When you forget or lose your password, services will often email you to confirm your identity and reset it. This makes email the golden key to all of your other online accounts. If your email password is compromised with no second layer of authentication to back it up, an attacker can easily access your other accounts in a domino effect.

News Media Alliance’s Call to Weaken Protections Is Dangerous

When copyright law and the First Amendment come into conflict, the First Amendment must win. The fair use doctrine—the idea that there are certain ways that you can use a piece of copyrighted work regardless of whether you have the rightsholder’s permission—was written into copyright law to help ensure that copyright holders’ wishes are never elevated above free speech. As such, it’s been an essential tool for defending a free press: without fair use protections, people and companies in the public eye could use copyright law to ban coverage that’s critical of them. It’s alarming, then, to see an association that represents news companies asking the Trump transition team (and presumably Congress) to change the law and weaken fair use.

Technology company leaders are reportedly meeting with President-elect Donald Trump and members of his transition team tomorrow in New York. Mr. Trump’s relationship with technology companies has been frosty, and his statements during the campaign and recent cabinet picks raise serious concerns about the new administration’s commitment to protecting the digital rights of all Americans and fostering innovation. They also point to the deep need for Mr.

The last email service we’ll cover in the 12 Days of 2FA is Outlook.com. If we haven’t covered your email service here, check twofactorauth.org’s more extensive list of email platforms that offer two-factor authentication. If you only enable 2FA for one account, email is a good choice for most users. Email is often a golden key to all of your other online accounts. When you forget or lose your password, services will often email you to confirm your identity and reset it. If your email password is compromised with no second layer of authentication to back it up, an attacker can use it to access your other accounts.

Red en Defensa de los Derechos Digitales (R3D)—the leading Mexican digital rights organization—has released the 2016 ¿Quién defiende mis datos? report, which evaluates how well Mexican telecommunications companies protect their customers’ privacy. R3D’s second annual report examines publicly-available policies from eight of the biggest telecommunications companies: AT&T,  Axtel, Izzi,  Megacable, Movistar, Telcel,  Telmex, and TotalPlay.

Should IP rights be enforced via shadow regulations that aren’t vetted or endorsed by users? According to a just-released report, the U.S. Intellectual Property Enforcement Coordinator (IPEC) thinks they should. We disagree.

We’ve written here about the danger posed by Internet regulation done through private agreements. These agreements, sometimes called codes, standards, or “best practices,” have a tendency to become shadow regulations, which can limit individual freedom. They’re also a way for governments to control the behavior of Internet users, or to favor some users over others by quietly coercing Internet companies to disguise government policy as “voluntary” private agreements.

New Law Will Help Preserve Net Neutrality and Privacy at the Local Level

San Francisco EFFers: you did it! Thanks in part to your phone calls and tweets to the Board of Supervisors, the Board unanimously passed an ordinance last night that will address the problem of landlords unfairly restricting their tenants’ choice of Internet service providers.

Under the ordinance, landlords of multi-unit buildings (four units or more) will be required to honor reasonable requests to allow service by any state-accredited ISP a tenant chooses.

Imagine being convicted for logging into your spouse’s bank account to pay a bill, a roommate’s broadband account after service has gone down, or a sick friend’s Facebook page. In these cases, if you happen to receive an individualized message or popup banner stating that only legitimate account holders are permitted to access the relevant computer systems, the Ninth Circuit has just refused to draw a clear line to remove you from risk. We’re worried about these decisions; password sharing is so common that popular password managers have sharing functions. But we hope that future courts will take to heart the Ninth Circuit’s attempt to limit these cases to their “stark” facts.

Background

For the sixth day of the 12 Days of 2FA, we turn to Twitter. Twitter calls its two-factor authentication system “Login Verification,” but the idea is exactly the same: signing in from a new browser will require something you have (like your phone) as well as something you know (your password), giving your account an added layer of protection.

As one of the only social media platforms that does not require your real name, Twitter brings up some trade-offs when it comes to enabling 2FA.

Apple CEO Tim Cook, Alphabet CEO Larry Page, and 10 other technology company leaders trooped to Trump Tower in New York this week, where the President-elect told them they were “amazing” and said, “I’m here to make you folks do well.” He pledged to do “anything we can do to help.”  We’re glad to hear it, and we have a few ideas for steps the new administration can take to fulfill that commitment.

Today, together with the Thomas Jefferson Center for the Protection of Freedom of Expression, EFF submitted an amicus brief in Lee v. Tam. Our brief discusses an unusual but important question: are registered trademarks government expression? It is important to get the dividing line between government and private speech correct. This is because, while the government doesn’t get to control what you say, it does get to control what it says. As we argue in our brief, categorizing registered trademarks as government expression would threaten speech in many other areas.

Through the combined efforts of EFF and a coalition of public interest groups -- and four million of you who wrote in to the FCC -- we won carefully tailored and essential net neutrality protections in 2015 and defended them in court in 2016. But how will the incoming Trump administration impact net neutrality in 2017? We’ve collected a range of statements on the positions of Trump, his transition team, and those who are likely to guide the new administration on this issue.

Where will the incoming Trump administration come down on issues like surveillance, encryption, and cybersecurity? While it is impossible to know the future, we have collected everything we could find about the stated positions of Trump and those likely to be in his administration on these crucial digital privacy issues. If you are aware of any additional statements that we have not included, please email [email protected] with a link to your source material, and we will consider it for inclusion.

For the last five years, EFF has greeted the holiday season by publishing a list of things we'd like to see happen in the coming year. Sometimes these are actions we'd like to see taken by companies, and sometimes our wishes are aimed at governments, but we also include actions everyday people can take to advance our digital civil liberties. This year has seen a few victories, including the fact that more and more websites are using HTTPS by default and using Let's Encrypt (and our Certbot client for it), but there's always more to do. In 2017, we're narrowing our focus to technology companies and challenging them to step up and protect their users in what's likely to be a difficult year.

Here are some of the things EFF would like to see technology companies do in 2017:

John Deere is at it again, trying to strip customers of the right to open up and repair their own property. In the new License Agreement for John Deere Embedded Software [PDF], customers are forbidden to exercise their repair rights or to even look at the software running the tractor or the signals it generates.

Hoping once again to rewrite copyright law in its own interest, the copyright establishment—specifically music and publishing—is calling on President-elect Donald Trump to support “strong protections for intellectual property rights,” and to push search engines, hosting companies, and domain name registrars and registries to become copyright cops.

Among the ways in which the Electronic Frontier Alliance supports the digital rights movement is amplifying creative grassroots tactics that concerned individuals around the country are using to promote digital civil liberties. By finding ways to demonstrate these principles within their community, even small groups can help shift cultural norms, as well as public policy.

The Free Culture Club, a student organization at California Polytechnic State University in San Luis Obispo, is supporting creativity and access to knowledge by providing a repository of openly licensed intellectual works in a common campus space.

Thailand’s National Legislative Assembly voted unanimously last week to pass an amendment to that country’s Computer Crime Act (CCA), delivering a heavy blow to digital rights in Thailand. Instead of offering citizens protection against fraud, data breaches, theft, or other true cybercrimes, the amendments only worsen the ambiguity and potential for abuse that have marred the CCA since it was first enacted in 2007.