Innocent Customers Potentially Dragged Into Legal Battle Over Satellite TV

EFF Urges Court to Protect Customers' Privacy

San Francisco - The Electronic Frontier Foundation (EFF) asked a federal court Friday to reject efforts by Echostar to get the names and addresses of every customer that purchased a free-to-air satellite receiver. Echostar claims that the receiver can be modified to pirate DISH satellite TV programming. EFF argues that Echostar's demand, which seeks all purchasers regardless of whether they actually pirated DISH TV, would violate user privacy and leave innocent purchasers vulnerable to bogus legal threats.

The demand for customer records came up in a lawsuit between Echostar, the company behind the DISH satellite TV service, and Freetech, Inc., the manufacturer of Coolsat free-to-air satellite receivers. As part of the suit, Echostar subpoenaed 17 distributors of Coolsat receivers, demanding the names, addresses, phone numbers, email addresses, and other information of every person who purchased a Coolsat receiver over the last five years.

"Innocent customers should not be dragged into federal litigation just because they bought a product that other, less scrupulous purchasers may be hacking for unlawful purposes," said EFF Senior Intellectual Property Attorney Fred von Lohmann. "The court should recognize the privacy interests of these customers, especially since Echostar does not need these customer lists in order to have its day in court against Freetech."

In recent years, satellite TV companies, record labels, and movie studios have all engaged in dragnet litigation tactics that threaten individuals with costly lawsuits unless they pay significant financial sums to "settle" the dispute. These mass litigation campaigns leave innocent consumers trapped between paying a "settlement" for something they did not do or facing even higher legal costs to prove their innocence. Satellite TV provider DirecTV pioneered this approach in 2001, threatening more than 120,000 individuals with legal action and commencing more than 24,000 federal lawsuits, often with no evidence other than the fact that the individual purchased multi-purpose devices that could be used for piracy.

"Once the names of Freetech customers are disclosed to Echostar, there may be little that any court can do to protect these people from harassment, settlement demands, and legal expenses," said EFF Senior Staff Attorney Matt Zimmerman. "This may be the last chance the court has to protect the privacy of these individuals."

For the full amicus brief:
http://www.eff.org/files/filenode/echostar_v_freet/EFFamicusEchostarvFre...

For more on Echostar v. Freetech:
http://www.eff.org/cases/echostar-v-freetech

Contacts:

Fred von Lohmann
Senior Intellectual Property Attorney
Electronic Frontier Foundation
fred@eff.org

Matt Zimmerman
Senior Staff Attorney
Electronic Frontier Foundation
mattz@eff.org

[Permalink]

EFF Battles Dangerous Attempts to Circumvent Electronic Privacy Law

Email and Cell Phone Privacy Threatened in Two Separate Court Cases

San Francisco - The Electronic Frontier Foundation (EFF) has filed friend-of-the-court briefs in two key electronic privacy cases that threaten to expand the government's spying authority.

In the first case, Bunnell v. Motion Picture Association of America (MPAA), EFF filed a brief with the 9th U.S. Circuit Court of Appeals arguing that federal wiretapping law protects emails from unauthorized interception while they are temporarily stored on the email servers that transmit them. This case was brought against the MPAA by the owners and operators of TorrentSpy, a search engine that let Internet users locate files on the BitTorrent peer-to-peer network. After a business dispute, one of TorrentSpy's independent contractors hacked into the company email server and configured it to copy and forward all incoming and outgoing email to his personal account and then sold the information to the MPAA. However, the federal district court ruled that because the emails were stored on the mail server for several milliseconds during transmission, they were not technically "intercepted" under the federal Wiretap Act. In its amicus brief filed Friday, EFF argues that this dangerous ruling is incorrect as a matter of law and must be overturned in order to prevent the government from engaging in similar surveillance without a court order.

"The district court's decision, if upheld, would have dangerous repercussions far beyond this single case," said EFF Senior Staff Attorney Kevin Bankston. "That court opinion -- holding that the secret and unauthorized copying and forwarding of emails while they pass through an email server is not an illegal interception of those emails -- threatens to wholly eviscerate federal privacy protections against Internet wiretapping and to authorize the government to conduct similar email surveillance without getting a wiretapping order from a judge."

The second case concerns a request by the Department of Justice (DOJ) to a federal magistrate judge in Pennsylvania for authorization to obtain cell phone location tracking information from a mobile phone provider without probable cause. The magistrate instead demanded that the DOJ obtain a search warrant based on probable cause, and the DOJ appealed that decision to the federal district court in the Western District of Pennsylvania. In an amicus brief filed Thursday, EFF urged the district court to uphold the magistrate's ruling and protect cell phone users' location privacy.

"Location information collected by cell phone companies can provide an extraordinarily invasive glimpse into the private lives of cell phone users. Courts have the right under statute -- and the duty under the Fourth Amendment -- to demand that the government obtain a search warrant based on probable cause before seizing such sensitive information," said Bankston. "This is only the latest of many cases where EFF has been invited to brief judges considering secret surveillance requests that aren't supported by probable cause. We hope this court recognizes the serious Fourth Amendment questions that are raised by warrantless access to cell phone location information and affirms the magistrate's denial of the government's surveillance request."

The American Civil Liberties Union (ACLU), the ACLU-Foundation of Pennsylvania, and the Center for Democracy and Technology (CDT) also joined EFF's brief.

For the full amicus brief in Bunnell v. MPAA:
http://www.eff.org/files/filenode/Bunnell_v_MPAA/BunnellAmicus.pdf

For the full amicus brief in the cell phone records case:
http://www.eff.org/files/filenode/celltracking/LenihanAmicus.pdf

For more on cell phone tracking:
http://www.eff.org/issues/cell-tracking

Contacts:

Kevin Bankston
Senior Staff Attorney
Electronic Frontier Foundation
bankston@eff.org

Marcia Hofmann
Staff Attorney
Electronic Frontier Foundation
marcia@eff.org

Matt Zimmerman
Senior Staff Attorney
Electronic Frontier Foundation
mattz@eff.org

[Permalink]

Judges Urged to Curtail Random Searches of Travelers' Laptops

EFF Asks for Review of Flawed Appeals Court Ruling

San Francisco - The Electronic Frontier Foundation (EFF) and the Association of Corporate Travel Executives (ACTE) urged an appeals court today to review a flawed decision allowing random and invasive searches of travelers' computers at the U.S. border.

The news media has reported extensively on these searches as well as the surprise and anger felt by American travelers when they are singled out for inspection. In a typical search, U.S. border officials will turn on the computer and then open and review files. If agents see something of interest, they may confiscate the computer, copy its contents, and sometimes provide a copy to the Department of Justice -- even when the traveler is not suspected of criminal activity. In some cases, travelers have never gotten their computers back from the government.

In an amicus brief filed today, EFF and ACTE asked the full 9th U.S. Circuit Court of Appeals to rehear and reverse an appeals panel decision in United States v. Arnold, which upheld this blanket search and seizure power. While the U.S. Supreme Court has ruled that customs and border agents can perform "routine" searches at the border without a warrant or even reasonable suspicion, these ongoing baseless searches of electronic devices at America's borders are unconstitutionally invasive.

"Searching a laptop is very different from searching a briefcase. Your computer contains a vast amount of information about your private life, including details about your family, your finances, and your health," said EFF Senior Staff Attorney Lee Tien. "All that information can be easily copied, transferred, and stored in government databases, just because you were chosen for a random inspection."

These suspicionless laptop searches and data seizures violate the Fourth Amendment's prohibition against unreasonable search and seizure. The unique nature of electronic information stored on computers and other portable devices requires the courts to recognize a standard that protects the privacy of Americans in the Information Age.

"The implications of unfettered data collection are staggering," said ACTE Executive Director Susan Gurley. "Border authorities may now systematically collect all information on every laptop computer, BlackBerry, or other device carried across our border. The government can then store and search all that data without any justification or oversight by any court. This simply does not square with the Fourth Amendment."

The EFF-ACTE amicus brief was prepared by Arent Fox LLP.

For the full amicus brief:
http://www.eff.org/files/filenode/US_v_arnold/amicusjune08.pdf

For more on US v. Arnold:
http://www.eff.org/cases/us-v-arnold

Contacts:

Lee Tien
Senior Staff Attorney
Electronic Frontier Foundation
tien@eff.org

Susan Gurley
Executive Director
Association of Corporate Travel Executives
susan@acte.org

[Permalink]

FBI Withdraws Unconstitutional National Security Letter After ACLU and EFF Challenge

Gag Order Lifted on Internet Archive, Allowing Founder to Speak Out for First Time

San Francisco - The FBI has withdrawn an unconstitutional national security letter (NSL) issued to the Internet Archive after a legal challenge from the American Civil Liberties Union (ACLU) and the Electronic Frontier Foundation (EFF). As the result of a settlement agreement, the FBI withdrew the NSL and agreed to the unsealing of the case, finally allowing the Archive's founder to speak out for the first time about his battle against the record demand.

"The free flow of information is at the heart of every library's work. That's why Congress passed a law limiting the FBI's power to issue NSLs to America's libraries," said Brewster Kahle, founder and Digital Librarian of the Internet Archive. "While it's never easy standing up to the government -- particularly when I was barred from discussing it with anyone -- I knew I had to challenge something that was clearly wrong. I'm grateful that I am able now to talk about what happened to me, so that other libraries can learn how they can fight back from these overreaching demands."

The NSL was served on the Archive -- a digital library recognized by the state of California -- and its attorneys in November of 2007. The letter asked for personal information about one of the Archive's users, including the individual's name, address, and any electronic communication transactional records pertaining to the user. Kahle, who is also a member of EFF's Board of Directors, decided to fight the NSL because it exceeded the FBI's limited authority to issue such demands to libraries.

The Archive responded to the letter by handing over only publicly available documents and simultaneously filing a lawsuit challenging the letter. This lawsuit is the first known challenge to an NSL served on a library since Congress amended the national security letter provision in 2006 to limit the FBI's power to demand records from libraries.

The NSL included a gag order, prohibiting Kahle from discussing the letter and the legal issues it presented with the rest of the Archive's Board of Directors or anyone else except his attorneys, who were also gagged. The gag also prevented the ACLU and EFF from discussing the NSL with members of Congress, even though an ACLU lawyer who represents the Archive recently testified at a congressional hearing about the FBI's misuse of NSLs.

"This is a great victory for the Archive and also the Constitution," said Melissa Goodman, staff attorney with the ACLU. "It appears that every time a national security letter recipient has challenged an NSL in court and forced the government to justify it, the government has ultimately withdrawn its demand for records. In the absence of much needed judicial oversight – and with recipients silenced and the public in the dark – there is nothing to stop the FBI from abusing its NSL power."

"A miscarriage of justice was prevented here because the Archive decided to fight the unlawful demand for information and unconstitutional gag," said EFF Staff Attorney Marcia Hofmann. "The big question is, how many other improper NSLs have been issued by the FBI and never challenged?"

NSLs are secretly issued by the government to obtain access to personal customer records from Internet Service Providers, financial institutions, and credit reporting agencies. In almost all cases, recipients of the NSLs are forbidden, or "gagged," from disclosing that they have received the letters. The ACLU has challenged this Patriot Act statute in federal court in two other cases where the judges found the gags unconstitutional: one involving an Internet Service Provider (ISP); the second a group of librarians. In the ISP case, the district court invalidated the entire NSL statute. The U.S. Court of Appeals for the Second Circuit is expected to hear oral arguments in the government's appeal of that case next month.

Since the Patriot Act was passed in 2001, relaxing restrictions on the FBI's use of the power, the number of NSLs issued has seen an astronomical increase, to nearly 200,000 between 2003 and 2006. EFF's investigations have uncovered multiple NSL misuses, including an improper NSL issued to North Carolina State University.

Last year Representative Jerrold Nadler (D-NY) introduced H.R. 3189, the "National Security Letters Reform Act of 2007." Senator Russell Feingold (D-WI) introduced a Senate bill of the same name (S. 2088). Both bills are aimed at narrowing the statute by enacting limits on when and how NSLs can be used and bringing the gag order provision in line with the Constitution.

In addition to Goodman and Hofmann, attorneys on the case are Jameel Jaffer and Danielle Tully of the ACLU National Security Project, Ann Brick of the ACLU of Northern California, and Kurt Opsahl of EFF.

For the newly unsealed documents (still partially redacted):
http://www.eff.org/cases/archive-v-mukasey?docs

For more information about this case:
http://www.eff.org/cases/archive-v-mukasey

For more information on NSLs:
http://www.eff.org/issues/foia/07656JDB

Contacts:

For Brewster Kahle:
Paul Hickman
Internet Archive
info@archive.org

Rebecca Jeschke
Media Coordinator
Electronic Frontier Foundation
press@eff.org

James Freedland or Rachel Myers
Media Relations
American Civil Liberties Union
media@aclu.org

[Permalink]

Congress Must Investigate Electronic Searches at U.S. Borders

Broad Coalition Urges Hearings on Intrusive Search and Seizure of Electronic Devices

San Francisco - The Electronic Frontier Foundation (EFF) and a broad coalition, including civil rights groups, professional associations and technologists, called on Congress today to hold oversight hearings on the Department of Homeland Security's search and seizure of electronic devices at American borders.

The press has widely reported disturbing stories about U.S. citizens subject to intrusive searches of their laptops and cell phones. But a recent court decision found that customs officials can search travelers' computers at the border without suspicion or cause. In a letter sent to the House and Senate Homeland Security and Judiciary committees today, the coalition urges lawmakers to consider passing legislation to prevent abusive search practices by border agents and to protect all Americans from suspicionless digital border inspections.

"Our computers, cell phones, and other electronic devices hold a vast amount of personal information like financial data, health histories, and personal emails and letters," said EFF Staff Attorney Marcia Hofmann. "In a free country, the government cannot have unlimited power to read, seize, and store this information without any oversight."

So far, the Department of Homeland Security has refused to release its policies and procedures for conducting these intrusive searches. EFF and the Asian Law Caucus have filed suit against the Department of Homeland Security to obtain the information through the Freedom of Information Act.

"Your privacy could be at risk even if you don't travel yourself. Your financial institution, your insurer, and other enterprises hold extensive personal data about you and your family," said EFF Senior Staff Attorney Lee Tien. "If agents of those groups travel internationally, your information could be exposed to officials at the border or potentially copied and stored in government databases. Americans should know how and why electronic data is seized and kept by the government, and who is able to access it at the border and in the years afterwards."

In addition to EFF, the coalition signing today's letter includes more than 40 organizations and individuals, including the Association for Corporate Travel Executives, the American Civil Liberties Union, the National Association of Criminal Defense Lawyers, the Rutherford Institute, and prominent technologists such as Bruce Schneier and Whitfield Diffie.

For the full letter to Congress:
http://www.eff.org/press/archives/2008/05/01/border-search-open-letter

For more on EFF's suit on border searches:
http://www.eff.org/cases/foia-litigation-border-searches

Contacts:

Marcia Hofmann
Staff Attorney
Electronic Frontier Foundation
marcia@eff.org

Lee Tien
Senior Staff Attorney
Electronic Frontier Foundation
tien@eff.org

[Permalink]

EFF Report: FBI Slowed Terror Investigation with Improper NSL Request

Improper NSL Issued Upon the 'Advice and Direction of FBIHQ'

San Francisco - The Electronic Frontier Foundation (EFF) has found that the Federal Bureau of Investigation (FBI), which claims that National Security Letters (NSLs) take too long and that it needs the authority to conduct surveillance without judicial oversight, delayed its own investigation of a student suspected of links to terrorism by employing an improper NSL to seek information on the suspect, at the direction of FBI Headquarters. The FBI failed to report the misuse for almost two years.

EFF's report comes as the House Judiciary Committee prepares for a Tuesday hearing on the misuse of NSLs. The Senate Judiciary Committee will hold another hearing on Wednesday.

"This report raises important questions about the FBI's use of these very powerful investigative tools," said EFF Senior Staff Attorney Kurt Opsahl. "Congress should determine why FBI headquarters insisted on an improper NSL instead of using the appropriate tools, and why the FBI failed to report the misuse for almost two years."

In the report, EFF used documents obtained through a Freedom of Information Act (FOIA) request coupled with public information to detail the bizarre turns in the FBI's investigation of a former North Carolina State University student. Over the span of three days in July of 2005, FBI documents show that the bureau first obtained the educational records of the suspect with a grand jury subpoena. However, at the direction of FBI headquarters, agents returned the records and then requested them again through an improper NSL.

As expanded by the PATRIOT Act, the FBI can use NSLs to get private records about anyone's domestic phone calls, e-mails and financial transactions without any court approval -- as long as it claims the information could be relevant to a terrorism or espionage investigation. However, NSL authority does not allow the government to seek educational records, and the university refused the request. The FBI finally obtained the documents again through a second grand jury subpoena. Later in July of 2005, FBI Director Robert Mueller used the delay in gathering the records as an example of why the FBI needed administrative subpoena power instead of NSLs so investigations could move faster.

"The FBI consistently asks for more power and less outside supervision," said Opsahl. "Yet here the NSL power was misused at the direction of FBI headquarters, and only after review by FBI lawyers. Oversight and legislative reforms are necessary to ensure that these powerful tools are not abused."

Report on the Improper Use of an NSL to NC State University:
http://www.eff.org/issues/foia/report-nsl-ncstate

Key FBI documents:
http://www.eff.org/files/filenode/07656JDB/charlotte.pdf

For more on National Security Letters:
http://www.eff.org/issues/foia/07656JDB

Contact:

Kurt Opsahl
Senior Staff Attorney
Electronic Frontier Foundation
kurt@eff.org

[Permalink]

New Telecom Whistleblower Describes Possible Gateway for Massive Surveillance of Wireless Communications

Trio of Commerce Chairmen Call for Further Investigation Based on Latest Spying Allegations

Washington D.C. - Three powerful House Commerce Committee Chairmen strongly urged their colleagues Thursday to defer acting on requests for retroactive immunity and to demand more information from the White House and the telecommunications companies in the wake of disclosures by another whistleblower that the government apparently has been granted an open gateway to wireless communications by a major telecommunications company.

Babak Pasdar, a computer security consultant, has gone public about his discovery of a mysterious "Quantico Circuit" while working for an unnamed major wireless carrier. Pasdar believes that this circuit gives the U.S. government direct, unfettered access to customers voice calls and data packets. These claims echo the disclosures from retired AT&T technician Mark Klein, who has described a "secret room" in an AT&T facility.

The White House is putting heavy pressure on lawmakers to grant the telecoms immunity from lawsuits over the spying as part of Foreign Intelligence Surveillance Act (FISA) legislation pending in Congress. But in today's letter -- written by John Dingell, Chairman of the House Committee on Energy and Commerce; Ed Markey, Chairman of the House Subcommittee on Telecommunications and the Internet; and Bart Stupak, Chairman of the Subcommittee on Oversight and Investigations -- the congressmen argue lawmakers must not "vote in the dark" on the immunity issue when "profound privacy and security risks" are involved.

"When you put Mr. Pasdar's information together with that of AT&T whistleblower Mark Klein, there is troubling evidence of telecom misconduct in massive domestic surveillance of ordinary Americans," said Cindy Cohn, Legal Director of the Electronic Frontier Foundation (EFF). "Congress needs to have hearings and get some answers about whether American telecommunications companies are helping the government to illegally spy on millions of us. Retroactive immunity for telecom companies now ought to be off the table in the ongoing FISA debate."

EFF represents the plaintiffs in Hepting v. AT&T, a class-action lawsuit brought by AT&T customers accusing the telecommunications company of violating their rights by illegally assisting the National Security Agency in widespread domestic surveillance. The Hepting case is just one of many suits aimed at holding telecoms responsible for knowingly violating federal privacy laws with warrantless wiretapping and the illegal transfer of vast amounts of personal data to the government.

For the full letter:
http://www.eff.org/files/newwhistleblower.pdf

For more on the telecoms' role in warrantless spying:
http://www.eff.org/issues/nsa-spying

Contacts:

Cindy Cohn
Legal Director
Electronic Frontier Foundation
cindy@eff.org

Kurt Opsahl
Senior Staff Attorney
Electronic Frontier Foundation
kurt@eff.org

[Permalink]

EFF Lawsuit Demands Records of Contacts Between Former Justice Department Official and Google

DOJ's Top Privacy Lawyer Left Government Post for Job with Online Giant

Washington, D.C. - The Electronic Frontier Foundation (EFF) filed suit against the Department of Justice (DOJ) today, demanding information about communications between the DOJ's former top privacy official and Google, the official's current employer.

Jane C. Horvath was named the DOJ's first Chief Privacy and Civil Liberties Officer in February of 2006. At that time, Google was fighting a massive DOJ subpoena asking for the text of every query entered into the search engine over a one-week period. The DOJ request -- part of a court battle over the constitutionality of a law regulating adult materials on the Internet -- ignited a national debate about Internet privacy.

The DOJ later scaled back its request, and a judge eventually allowed access to only 5000 random Google search queries. In a subsequent news article, Horvath was publicly critical of the DOJ's initial subpoena, saying she had privacy concerns about the massive request for information. Horvath's new job as Google's Senior Privacy Counsel was announced in August of 2007.

EFF asked the DOJ for information about communications between Horvath and Google with a Freedom of Information Act (FOIA) request as Horvath prepared to leave the agency, but the DOJ has not responded to the request more than six months after it was submitted.

"Google has an unprecedented ability to collect and retain very personal information about millions of Americans, and the DOJ and other law enforcement agencies have developed a huge appetite for that information," said EFF Senior Counsel David Sobel. "We want to know what discussions DOJ's top privacy lawyer had with Google before leaving her government position to join the company."

EFF's suit demands records of all correspondence, email, or other communications between Horvath and Google, and asks the court to order the DOJ to immediately process the documents for release.

This FOIA lawsuit is part of EFF's FLAG Project, which uses FOIA requests and litigation to expose the government's expanding use of technologies to invade privacy. Previous EFF FOIA requests have uncovered misuse of National Security Letters (NSLs) by the FBI, as well as improper FBI access to email from an entire computer network.

For the full complaint against the DOJ:
http://www.eff.org/files/filenode/doj_google/foia_complaint_filed.pdf

For more on EFF's FLAG Project:
http://www.eff.org/issues/foia

Contact:

David Sobel
Senior Counsel
Electronic Frontier Foundation
sobel@eff.org

[Permalink]

Research Team Finds Security Flaw in Popular Disk Encryption Technologies

Laptops in "Sleep" or "Hibernation" Mode Most Vulnerable to Attack

San Francisco - A team including the Electronic Frontier Foundation (EFF), Princeton University, and other researchers have found a major security flaw in several popular disk encryption technologies that leaves encrypted data vulnerable to attack and exposure.

"People trust encryption to protect sensitive data when their computer is out of their immediate control," said EFF Staff Technologist Seth Schoen, a member of the research team. "But this new class of vulnerabilities shows it is not a sure thing. Whether your laptop is stolen, or you simply lose track of it for a few minutes at airport security, the information inside can still be read by a clever attacker."

The researchers cracked several widely used disk encryption technologies, including Microsoft's BitLocker, Apple's FileVault, TrueCrypt, and dm-crypt. These "secure" disk encryption systems are supposed to protect sensitive information if a computer is stolen or otherwise accessed. However, in a paper and video published on the Internet today, the researchers show that data is vulnerable because encryption keys and passwords stored in a computer's temporary memory -- or RAM -- do not disappear immediately after losing power.

"These types of attacks were often thought to be in the realm of the NSA," said Jacob Appelbaum, an independent computer security researcher and member of the research team. "But we discovered that on most computers, even without power applied for several seconds, data stored in RAM seemed to remain when power was reapplied, We then wrote programs to collect the contents of memory after the computers were rebooted."

Laptops are particularly vulnerable to this attack, especially when they are turned on but locked, or in a "sleep" or "hibernation" mode entered when the laptop's cover is shut. Even though the machines require a password to unlock the screen, the encryption keys are already located in the RAM, which provides an opportunity for attackers with malicious intent.

The research released today shows that these attacks are likely to be effective against many other disk encryption systems because these technologies have many architectural features in common. Servers with encrypted hard drives are also vulnerable.

"We've broken disk encryption products in exactly the case when they seem to be most important these days: laptops that contain sensitive corporate data or personal information about business customers," said J. Alex Halderman, a Ph.D. candidate in Princeton's computer science department. "Unlike many security problems, this isn't a minor flaw; it is a fundamental limitation in the way these systems were designed."

In addition to Schoen, Appelbaum, and Halderman, the research team included William Paul of Wind River Systems, and Princeton graduate students Nadia Heninger, William Clarkson, Joseph Calandrino, Ariel Feldman as well as Princeton Professor Edward Felten, the director of the Center for Information Technology Policy and a member of EFF's Board of Directors.

The researchers have submitted the paper for publication and it is currently undergoing review. In the meantime, the researchers have contacted the developers of BitLocker, which is included in some versions of Windows Vista, Apple's FileVault, and the open source TrueCrypt and dm-crypt products, to make them aware of the vulnerability. One effective countermeasure is to turn a computer off entirely, though in some cases even this does not provide protection.

For the full paper "Lest We Remember: Cold Boot Attacks on Encryption Keys," a demonstration video, and other background information:
http://citp.princeton.edu/memory/

Contacts:

Seth Schoen
Staff Technologist
Electronic Frontier Foundation
seth@eff.org

Jacob Appelbaum
Computer Security Researcher
jacob@appelbaum.net

J. Alex Halderman
Princeton University
jhalderm@cs.princeton.edu

[Permalink]

Judge Orders Telecommunications Companies to Preserve Evidence in Government Surveillance Cases

Ruling Advances EFF's Class-action Lawsuit Against AT&T

San Francisco - A federal judge today ruled on a preservation motion filed by the Electronic Frontier Foundation (EFF), ordering that telecommunications companies must preserve any evidence of collaborating with the government in illegal spying on ordinary Americans.

In his ruling, U.S. District Court Judge Vaughn Walker ordered the telecommunications companies to halt any routine destruction of documents or to arrange for the preservation of accurate copies. On December 14, each party must provide the court with confirmation that the court's order has been carried out. The court order did not require the government or the carriers to reveal whether or not they had any relevant evidence.

The government and the carriers had opposed the preservation motion, claiming that the government's invocation of the state secrets privilege made it impossible to proceed with a preservation order. In litigation, parties are typically required to preserve all relevant evidence.

For the judge's order:
http://www.eff.org/files/filenode/att/393%20order.pdf

For more on the class-action lawsuit against AT&T:
http://www.eff.org/cases/att

Contacts:

Kurt Opsahl
Senior Staff Attorney
Electronic Frontier Foundation
kurt@eff.org

[Permalink]