EFF staffers will spread the online freedom message at 2600 Magazine's biennial Hackers on Planet Earth (HOPE) conference from July 22 to July 24. The Eleventh HOPE will take place at the historic Hotel Pennsylvania in New York and host numerous presentations on such diverse topics as automobile software hacking, pervasive surveillance, the blockchain, and fostering community.

Representatives from multiple teams at EFF will lead a flurry of activities over the long weekend in New York. HOPE attendees will have the opportunity to hear our talks about online freedom issues, participate in EFF's "capture the flag" hacking contest all weekend, and speak directly to EFF staffers at our vendor hall booth. Additionally, all New York area EFF members are invited to a Speakeasy meetup on Friday evening. Read on for more details.

One of our most valuable tools for protecting freedom of expression and innovation on the Internet—a law that shields websites and other Internet service providers from being held responsible for content that comes from users or third parties—has been under fire in recent years. The law, 47 U.S.C. § 230, a provision of the Communication Decency Act, was designed to encourage the development of new communication technologies and to protect free speech and the open exchange of ideas online. Just like you can’t hold a library liable for defamation for a statement written in a book you check out, or for hacking after someone breaks into a computer after learning how to do so from a library book, under Section 230, you can't hold a website liable for the speech of others.

Last week, the Ninth Circuit Court of Appeals, in a case called United States v. Nosal, held 2-1 that using someone else’s password, even with their knowledge and permission, is a federal criminal offense. This dangerous ruling threatens to upend a good decision that the Ninth Circuit sitting en banc—i.e., with 11 judges, not just 3—made in 2012 in the same case. EFF filed an amicus brief in the case and our arguments were echoed by the strong dissent, authored by Judge Stephen Reinhardt.

EFF’s headline-making research earlier this year showed that T-Mobile’s Binge On program wasn’t exactly working as advertised. Now, researchers at Northeastern University and the University of Southern California have published a paper confirming EFF’s findings in detail—even revealing a major weakness in the program that would allow T-Mobile customers to trick the system.

The Affordable Care Act (ACA) provisions for employee wellness programs give employers the power to reward or penalize their employees based on whether they complete health screenings and participate in fitness programs. While wellness programs are often welcomed, they put most employees in a bind: give your employer access to extensive, private health data, or give up potentially thousands of dollars a year.

Sadly, the Equal Employment Opportunity Commission’s (EEOC) new regulations, which go into effect in January 2017, rubber stamp the ACA’s wellness programs with insufficient privacy safeguards. Because of these misguided regulations, employers can still ask for private health information if it is part of a loosely defined wellness program with large incentives for employees.  

Update July 14, 2016: Last week, the federal appeals court for the Ninth Circuit ruled in favor of Chaker. The court held that Chaker's blog posts did not violate his supervised release conditions because they were not harassment or defamation. Because the court ruled in favor of Chaker on these grounds, it did not need to reach the constitutional arguments presented by amici including EFF. Still, we are pleased that Chaker will not be punished for engaging in political speech on the Internet, and we hope that this decision will encourage government officials to respect the First Amendment rights of people on supervised release from prison.

Original post of December 17, 2015:

Randomly-generated passphrases offer a major security upgrade over user-chosen passwords. Estimating the difficulty of guessing or cracking a human-chosen password is very difficult. It was the primary topic of my own PhD thesis and remains an active area of research. (One of many difficulties when people choose passwords themselves is that people aren't very good at making random, unpredictable choices.)

Wednesday, July 20 is the final day of EFF's Summer Security Reboot, a two-week membership drive that focuses on taking stock of our digital security practices and bolstering the larger movement to protect digital civil liberties. Besides a reduced donation amount for the Silicon level membership, the Reboot features sets of random number generators: EFF dice with instructions on how to generate stronger and more memorable random passphrases.

Section 1201 of the Digital Millennium Copyright Act forbids a wide range of speech, from remix videos that rely upon circumvention, to academic security research, to publication of software that can help repair your car or back up your favorite show. It potentially implicates the entire range of speech that relies on access to copyrighted works or describes flaws in access controls—even where that speech is clearly noninfringing.

Nos alegra anunciar que Onlinecensorship.org, un proyecto conjunto del EEF y Visualizing Impact, ya está disponible en español. Onlinecensorship.org busca exponer cómo las redes sociales moderan el contenido generado por el usuario. Con el lanzamiento de la plataforma en la segunda lengua más hablada en el mundo esperamos llegar a varios millones de personas que han experimentado la censura en las redes sociales. Ahora, existen más usuarios que nunca que pueden informar sobre contenido eliminado en Facebook, Google+, Twitter, Instagram, Flickr y YouTube y usar Onlinecensorship.org como un recurso para reclamar por el contenido eliminado injustamente.

We’ve written many times about the need for comprehensive patent reform to stop innovation-killing trolls. While we continue to push for reform in Congress, there are a number of steps that companies and inventors can take to keep from contributing to the patent troll problem. These steps include pledges and defensive patent licenses. In recent years, companies like Twitter and Tesla have promised not to use their patents offensively.

On matters implicating privacy, such as mass surveillance or the powers of investigatory agencies, Congress has too often failed to fulfill its responsibilities. By neglecting to examine basic facts, and deferring to executive agencies whose secrets preclude meaningful debate, the body has allowed proposals that undermine constitutional rights to repeatedly become enshrined in law. In last week’s launch of a new bipartisan Fourth Amendment Caucus in the House, however, the Constitution has gained a formidable ally.

Why is it so hard to see our local TV stations these days? Even as more and more people watch TV via the Internet, streaming local TV stations to our Internet-enabled devices is next to impossible in most places. Companies that try to bring local TV to the Internet have faced relentless legal challenges from major media companies and the broadcast stations they own. The latest is FilmOn (formerly called Aereokiller), which is fighting in multiple lawsuits around the U.S. for the right to capture local TV broadcasts and stream them to paying subscribers, much as a traditional cable company does.