Favorite The EU is in the middle of the amendments process for its proposed Cyber Resilience Act (CRA), a law intended to bolster Europe’s defenses against cyber-attacks and improve product security. This law targets a broad swath of products brought to market intended for European consumers, including Internet of Things (IoT) devices, desktop computers, and…
All posts tagged Policy Analysis
From Past Lessons to Future Protections: EFF's Advice to the EU Commission on Extended Reality Governance
Favorite EFF, in partnership with Access Now and the European Center for Not-for-Profit Law (ECNL), has responded to the European Commission’s consultation, “Virtual Worlds (Metaverses) – A Vision for Openness, Safety, and Respect.” This follows our joint statement on International Human Rights Day in 2021, “Virtual Worlds, Real People: Human Rights in the Metaverse,” which…
Smart Locks Endanger Tenants’ Privacy and Should Be Regulated
Favorite The growing deployment of smart locks in apartments, often installed without tenants’ permission, has created a new stream of sensitive location data for law enforcement, landlords, and private companies. Tenants should not be forced to submit to tracking just to enter their home. At minimum, we need privacy laws that require consent to collect…
UN Committee To Begin Negotiating New Cybercrime Treaty Amid Disagreement Among States Over Its Scope
Favorite As a UN-convened committee of government experts from around the world gets ready to begin negotiations to draft a Cybercrime Treaty, there’s a pronounced lack of consensus among UN member states about what constitutes a “cybercrime” and how expansive the treaty will be. After years of discussion, the UN General Assembly voted to begin…
What the Duck? Why an EU Proposal to Require "QWACs" Will Hurt Internet Security
Favorite It’s become easier over the years for websites to improve their security, thanks to tools that allow more people to automate and easily set-up secure measures for web applications and the services they provide. A proposed amendment to Article 45 in the EU’s Digital Identity Framework (eIDAS) would roll back these gains by requiring…
Nearly 130 Public Interest Organizations and Experts Urge the United Nations to Include Human Rights Safeguards in Proposed UN Cybercrime Treaty
Favorite (UPDATE: Due to the ongoing situation concerning the coronavirus disease (COVID-19), the Ad Hoc Committee won’t hold its first session from 17 to 28 January 2022 in New York, as planned. Further information will be provided in due course). EFF and Human Rights Watch, along with nearly 130 organizations and academics working in 56 countries, regions,…
EU's Digital Identity Framework Endangers Browser Security
Favorite If a proposal currently before the European Parliament and Council passes, the security of HTTPS in your browser may get a lot worse. A proposed amendment to Article 45 in the EU’s Digital Identity Framework (eIDAS) would have major, adverse security effects on millions of users browsing the web. The amendment would require browsers…
FPF’s 2020 Student Privacy Pledge: New Pledge, Similar Problems
Favorite EFF legal intern Rob Ferrari was the lead author of this post. A new school year has started, the second one since the pandemic began. With our education system becoming increasingly reliant on the use of technology (“edtech”), especially for remote learning during the pandemic, protecting student privacy is more important than ever. Unfortunately,…
The Cryptocurrency Surveillance Provision Buried in the Infrastructure Bill is a Disaster for Digital Privacy
Favorite The forthcoming Senate draft of Biden’s infrastructure bill—a 2,000+ page bill designed to update the United States’ roads, highways, and digital infrastructure—contains a poorly crafted provision that could create new surveillance requirements for many within the blockchain ecosystem. This could include developers and others who do not control digital assets on behalf of users.…
Why Indian Courts Should Reject Traceability Obligations
Favorite End-to-end encryption is under attack in India. The Indian government’s new and dangerous online intermediary rules forcing messaging applications to track—and be able to identify—the originator of any message, which is fundamentally incompatible with the privacy and security protections of strong encryption, due on May 25th. Three petitions have been filed (Facebook; WhatsApp; Arimbrathodiyil) asking the Indian…