Electronic Freedom Foundation

EFF does a lot of things, including impact litigation, legislative lobbying, and technology development, all to fight for your civil liberties in the digital age. With litigation, we directly represent clients and also file “amicus” briefs in court cases.

An amicus brief, also called a “friend-of-the-court” brief, is when we don’t represent one of the parties on either side of the “v”—instead, we provide the court with a helpful outside perspective on the case, either on behalf of ourselves or other groups, that can help the court make its decision.

Amicus briefs are a core part of EFF’s legal work. Over the years, courts at all levels have extensively engaged with and cited our amicus briefs, showing that they value our thoughtful legal analysis, technical expertise, and public interest mission.

Unfortunately the Judicial Conference—the body that oversees the federal court system—has proposed changes to the rule governing amicus briefs (Federal Rule of Appellate Procedure 29) that would make it harder to file such briefs in the circuit courts.

EFF filed comments with the Judicial Conference sharing our thoughts on the proposed rule changes (a total of 407 comments were filed). Two proposed changes are particularly concerning.

First, amicus briefs would be “disfavored” if they address issues “already mentioned” by the parties. This language is extremely broad and may significantly reduce the amount and types of amicus briefs that are filed in the circuit courts. As we said in our comments:

We often file amicus briefs that expand upon issues only briefly addressed by the parties, either because of lack of space given other issues that party counsel must also address on appeal, or a lack of deep expertise by party counsel on a specific issue that EFF specializes in. We see this often in criminal appeals when we file in support of the defendant. We also file briefs that address issues mentioned by the parties but additionally explain how the relevant technology works or how the outcome of the case will impact certain other constituencies.

We then shared examples of EFF amicus briefs that may have been disfavored if the “already mentioned” standard had been in effect, even though our briefs provided help to the courts. Just two examples are:

• In United States v. Cano, we filed an amicus brief that addressed the core issue of the case—whether the border search exception to the Fourth Amendment’s warrant requirement applies to cell phones. We provided a detailed explanation of the privacy interests in digital devices, and a thorough Fourth Amendment analysis regarding why a warrant should be required to search digital devices at the border. The Ninth Circuit extensively engaged with our brief to vacate the defendant’s conviction.
• In NetChoice, LLC v. Attorney General of Florida, a First Amendment case about social media content moderation (later considered by the Supreme Court), we filed an amicus brief that elaborated on points only briefly made by the parties about the prevalence of specialized social media services reflecting a wide variety of subject matter focuses and political viewpoints. Several of the examples we provided were used by the 11th Circuit in its opinion.

Second, the proposed rules would require an amicus organization (or person) to file a motion with the court and get formal approval before filing an amicus brief. This would replace the current rule, which also allows an amicus brief to be filed if both parties in the case consent (which is commonly what happens).

As we stated in our comments: “Eliminating the consent provision will dramatically increase motion practice for circuit courts, putting administrative burdens on the courts as well as amicus brief filers.” We also argued that this proposed change “is not in the interests of justice.” We wrote:

Having to write and file a separate motion may disincentivize certain parties from filing amicus briefs, especially people or organizations with limited resources … The circuits should … facilitate the participation by diverse organizations at all stages of the appellate process—where appeals often do not just deal with discrete disputes between parties, but instead deal with matters of constitutional and statutory interpretation that will impact the rights of Americans for years to come.

Amicus briefs are a crucial part of EFF’s work in defending your digital rights, and our briefs provide valuable arguments and expertise that help the courts make informed decisions. That’s why we are calling on the Judicial Conference to reject these changes and preserve our ability to file amicus briefs in the federal appellate courts that make a difference.

Your support is essential in ensuring that we can continue to fight for your digital rights—in and out of court.

DONATE TO EFF

Today, in response to the U.K.’s demands for a backdoor, Apple has stopped offering users in the U.K. Advanced Data Protection, an optional feature in iCloud that turns on end-to-end encryption for files, backups, and more.

Had Apple complied with the U.K.’s original demands, they would have been required to create a backdoor not just for users in the U.K., but for people around the world, regardless of where they were or what citizenship they had. As we’ve said time and time again, any backdoor built for the government puts everyone at greater risk of hacking, identity theft, and fraud.

This blanket, worldwide demand put Apple in an untenable position. Apple has long claimed it wouldn’t create a backdoor, and in filings to the U.K. government in 2023, the company specifically raised the possibility of disabling features like Advanced Data Protection as an alternative. Apple's decision to disable the feature for U.K. users could well be the only reasonable response at this point, but it leaves those people at the mercy of bad actors and deprives them of a key privacy-preserving technology. The U.K. has chosen to make its own citizens less safe and less free.

Although the U.K. Investigatory Powers Act purportedly authorizes orders to compromise security like the one issued to Apple, policymakers in the United States are not entirely powerless. As Senator Ron Wyden and Representative Andy Biggs noted in a letter to the Director of National Intelligence (DNI) last week, the US and U.K. are close allies who have numerous cybersecurity- and intelligence-sharing agreements, but “the U.S. government must not permit what is effectively a foreign cyberattack waged through political means.” They pose a number of key questions, including whether the CLOUD Act—an “encryption-neutral” law that enables special status for the U.K. to request data directly from US companies—actually allows the sort of demands at issue here. We urge Congress and others in the US to pressure the U.K. to back down and to provide support for US companies to resist backdoor demands, regardless of what government issues them.

Meanwhile, Apple is not the only company operating in the U.K. that offers end-to-end encryption backup features. For example, you can optionally enable end-to-end encryption for chat backups in WhatsApp or backups from Samsung Galaxy phones. Many cloud backup services offer similar protections, as do countless chat apps, like Signal, to secure conversations. We do not know if other companies have been approached with similar requests, but we hope they stand their ground as well.

If you’re in the U.K. and have not enabled ADP, you can longer do so. If you have already enabled it, Apple will provide guidance soon about what to do. This change will not affect the end-to-end encryption used in Apple Messages, nor does it alter other data that’s end-to-end encrypted by default, like passwords and health data. But iCloud backups have long been a loophole for law enforcement to gain access to data otherwise not available to them on iPhones with device encryption enabled, including the contents of messages they’ve stored in the backup. Advanced Data Protection is an optional feature to close that loophole. Without it, U.K. users’ files and device backups will be accessible to Apple, and thus shareable with law enforcement.

We appreciate Apple’s stance against the U.K. government’s request. Weakening encryption violates fundamental rights. We all have the right to private spaces, and any backdoor would annihilate that right. The U.K. must back down from these overreaching demands and allow Apple—and others—to provide the option for end-to-end encrypted cloud storage.

EFF is delighted to be attending RightsCon again—this year hosted in Taipei, Taiwan between 24-27 February.

RightsCon provides an opportunity for human rights experts, technologists, activists, and government representatives to discuss pressing human rights challenges and their potential solutions. 

Many EFFers are heading to Taipei and will be actively participating in this year's event. Several members will be leading sessions, speaking on panels, and be available for networking.

Our delegation includes:

• Alexis Hancock, Director of Engineering, Certbot
• Babette Ngene, Public Interest Technology Director
• Christoph Schmon, International Policy Director
• Cindy Cohn, Executive Director
• Daly Barnett, Senior Staff Technologist
• David Greene, Senior Staff Attorney and Civil Liberties Director
• Jillian York, Director of International Freedom of Expression
• Karen Gullo, Senior Writer for Free Speech and Privacy
• Paige Collings, Senior Speech and Privacy Activist
• Svea Windwehr, Assistant Director of EU Policy
• Veridiana Alimonti, Associate Director For Latin American Policy

We hope you’ll have the opportunity to connect with us during the conference, especially at the following sessions: 

Day 0 (Monday 24 February)

Mutual Support: Amplifying the Voices of Digital Rights Defenders in Taiwan and East Asia

09:00 - 12:30, Room 101C
Alexis Hancock, Director of Engineering, Certbot
Host institutions: Open Culture Foundation, Odditysay Labs, Citizen Congress Watch and FLAME

This event aims to present Taiwan and East Asia’s digital rights landscape, highlighting current challenges faced by digital rights defenders and fostering resonance with participants' experiences. Join to engage in insightful discussions, learn from Taiwan’s tech community and civil society, and contribute to the global dialogue on these pressing issues. The form to register is here. 

Platform accountability in crisis? Global perspective on platform accountability frameworks

09:00 - 13:00, Room 202A
Christoph Schmon, International Policy Director; Babette Ngene, Public Interest Technology Director
Host institutions: Electronic Frontier Foundation (EFF), Access Now

This high level panel will reflect on alarming developments in platforms' content policies and their enforcement, and discuss whether existing frameworks offer meaningful tools to counter the current platform accountability crisis. The starting point for the discussion will be Access Now's recently launched report Platform accountability: a rule-of-law checklist for policymakers. The panel will be followed by a workshop, dedicated to the “Draft Viennese Principles for Embedding Global Considerations into Human-Rights-Centred DSA enforcement”. Facilitated by the DSA Human Rights Alliance, the workshop will provide a safe space for civil society organisations to strategize and discuss necessary elements of a human rights based approach to platform governance.

Day 1 (Tuesday 25 February) 

Criminalization of Tor in Ola Bini’s case? Lessons for digital experts in the Global South

09:00 - 10:00 (online)
Veridiana Alimonti, Associate Director For Latin American Policy
Host institutions: Access Now, Centro de Autonomía Digital (CAD), Observation Mission of the Ola Bini Case, Tor Project

This session will analyze how the use of Tor is criminalized in Ola Bini´s case and its implications for digital experts in other contexts of criminalization in the Global South, especially when they defend human rights online. Participants will work through various exercises to: 1- Analyze, from a technical perspective, the judicial criminalization of Tor in Ola Bini´s case, and 2- Collectively analyze how its criminalization can affect (judicially) the work of digital experts from the Global South and discuss possible support alternatives.

The counter-surveillance supply chain

11:30am - 12:30, Room 201F
Babette Ngene, Public Interest Technology Director
Host institution: Meta

The fight against surveillance and other malicious cyber adversaries is a whole-of-society problem, requiring international norms and policies, in-depth research, platform-level defenses, investigation, and detection. This dialogue focuses on the critical first link in this counter-surveillance supply chain; the on the ground organizations around the world who are the first contact for local activists and organizations dealing with targeted malware, and will include an open discussion on how to improve the global response to surveillance and surveillance-for-hire actors through a lens of local contextual knowledge and information sharing.

Day 3 (Wednesday 26 February) 

Derecho a no ser objeto de decisiones automatizadas: desafíos y regulaciones en el sector judicial

16:30 - 17:30, Room 101C
Veridiana Alimonti, Associate Director For Latin American Policy
Host institutions: Hiperderecho, Red en Defensa de los Derechos Digitales, Instituto Panamericano de Derecho y Tecnología

A través de este panel se analizarán casos específicos de México, Perú y Colombia para comprender las implicaciones éticas y jurídicas del uso de la inteligencia artificial en la redacción y motivación de sentencias judiciales. Con este diálogo se busca abordar el derecho a no ser objeto de decisiones automatizadas y las implicaciones éticas y jurídicas sobre la automatización de sentencias judiciales. Algunas herramientas pueden reproducir o amplificar estereotipos discriminatorios, además de posibles violaciones a los derechos de privacidad y protección de datos personales, entre otros.

Prying Open the Age-Gate: Crafting a Human Rights Statement Against Age Verification Mandates

16:30 - 17:30, Room 401 
David Greene, Senior Staff Attorney and Civil Liberties Director
Host institutions: Electronic Frontier Foundation (EFF), Open Net, Software Freedom Law Centre, EDRi

The session will engage participants in considering the issues and seeding the drafting of a global human rights statement on online age verification mandates. After a background presentation on various global legal models to challenge such mandates (with the facilitators representing Asia, Africa, Europe, US), participants will be encouraged to submit written inputs (that will be read during the session) and contribute to a discussion. This will be the start of an ongoing effort that will extend beyond RightsCon with the goal of producing a human rights statement that will be shared and endorsed broadly. 

Day 4 (Thursday 27 February) 

Let's talk about the elephant in the room: transnational policing and human rights

10:15 - 11:15, Room 201B
Veridiana Alimonti, Associate Director For Latin American Policy
Host institutions: Citizen Lab, Munk School of Global Affairs & Public Policy, University of Toronto

This dialogue focuses on growing trends surrounding transnational policing, which pose new and evolving challenges to international human rights. The session will distill emergent themes, with focal points including expanding informal and formal transnational cooperation and data-sharing frameworks at regional and international levels, the evolving role of borders in the development of investigative methods, and the proliferation of new surveillance technologies including mercenary spyware and AI-driven systems. 

Queer over fear: cross-regional strategies and community resistance for LGBTQ+ activists fighting against digital authoritarianism

11:30 - 12:30, Room 101D
Paige Collings, Senior Speech and Privacy Activist
Host institutions: Access Now, Electronic Frontier Foundation (EFF), De|Center, Fight for the Future

The rise of the international anti-gender movement has seen authorities pass anti-LGBTQ+ legislation that has made the stakes of survival even higher for sexual and gender minorities. This workshop will bring together LGBTQ+ activists from Africa, the Middle East, Eastern Europe, Central Asia and the United States to exchange ideas for advocacy and liberation from the policies, practices and directives deployed by states to restrict LGBTQ+ rights, as well as how these actions impact LGBTQ+ people—online and offline—particularly in regards to online organizing, protest and movement building.

A bill headed to the Senate floor in Utah would require officers to disclose if a police report was written by generative AI. The bill, S.B. 180, requires a department to have a policy governing the use of AI. This policy would mandate that police reports created in whole or in part by generative AI have a disclaimer that the report contains content generated by AI and requires officers to legally certify that the report was checked for accuracy.

S.B. 180 is unfortunately a necessary step in the right direction when it comes to regulating the rapid spread of police using generative AI to write their narrative reports for them. EFF will continue to monitor this bill in hopes that it will be part of a larger conversation about more robust regulations. Specifically, Axon, the makers of tasers and the salespeople behind a shocking amount of police and surveillance tech, has recently rolled out a new product, Draft One, which uses body-worn camera audio to generate police reports. This product is spreading quickly in part because it is integrated with other Axon products which are already omnipresent in U.S. society.

But it’s going to take more than a disclaimer to curb the potential harms of AI-generated police reports.

As we’ve previously cautioned, the public should be skeptical of AI’s ability to accurately process and distinguish between the wide range of languages, dialects, vernacular, idioms, and slang people use. As online content moderation has shown, software may have a passable ability to capture words, but it often struggles with content and meaning. In a tense setting such as a traffic stop, AI mistaking a metaphorical statement for a literal claim could fundamentally change the content of a police report.

Moreover, so-called artificial intelligence taking over consequential tasks and decision-making has the power to obscure human agency. Police officers who deliberately exaggerate or lie to shape the narrative available in body camera footage now have even more of a veneer of plausible deniability with AI-generated police reports. If police were to be caught in a lie concerning what’s in the report, an officer might be able to say that they did not lie: the AI simply did not capture what was happening in the chaotic video.

As this technology spreads without much transparency, oversight, or guardrails, we are likely to see more cities, counties, and states push back against its use. Out of fear that AI-generated reports would complicate and compromise cases in the criminal justice system,prosecutors in King County, Washington (which includes Seattle) have instructed officers not to use the technology for now.

The use of AI to write police reports is troubling in ways we are accustomed to, but also in new ways. Not only do we not yet know how widespread use of this technology will affect the criminal justice system, but because of how the product is designed, there is a chance we won’t even know if AI has been used even if we are staring directly at the police report in question. For that reason, it’s no surprise that lawmakers in Utah have introduced this bill to require some semblance of transparency. We will likely see similar regulations and restrictions in other states and local jurisdictions, and possibly even stronger ones. 

You shouldn't need a permission slip to read a webpage–whether you do it with your own eyes, or use software to help. AI is a category of general-purpose tools with myriad beneficial uses. Requiring developers to license the materials needed to create this technology threatens the development of more innovative and inclusive AI models, as well as important uses of AI as a tool for expression and scientific research.  

Threats to Socially Valuable Research and Innovation 

Requiring researchers to license fair uses of AI training data could make socially valuable research based on machine learning (ML) and even text and data mining (TDM) prohibitively complicated and expensive, if not impossible. Researchers have relied on fair use to conduct TDM research for a decade, leading to important advancements in myriad fields. However, licensing the vast quantity of works that high-quality TDM research requires is frequently cost-prohibitive and practically infeasible.  

Fair use protects ML and TDM research for good reason. Without fair use, copyright would hinder important scientific advancements that benefit all of us. Empirical studies back this up: research using TDM methodologies are more common in countries that protect TDM research from copyright control; in countries that don’t, copyright restrictions stymie beneficial research. It’s easy to see why: it would be impossible to identify and negotiate with millions of different copyright owners to analyze, say, text from the internet. 

The stakes are high, because ML is critical to helping us interpret the world around us. It's being used by researchers to understand everything from space nebulae to the proteins in our bodies. When the task requires crunching a huge amount of data, such as the data generated by the world’s telescopes, ML helps rapidly sift through the information to identify features of potential interest to researchers. For example, scientists are using AlphaFold, a deep learning tool, to understand biological processes and develop drugs that target disease-causing malfunctions in those processes. The developers released an open-source version of AlphaFold, making it available to researchers around the world. Other developers have already iterated upon AlphaFold to build transformative new tools.  

Threats to Competition 

Requiring AI developers to get authorization from rightsholders before training models on copyrighted works would limit competition to companies that have their own trove of training data, or the means to strike a deal with such a company. This would result in all the usual harms of limited competition—higher costs, worse service, and heightened security risks—as well as reducing the variety of expression used to train such tools and the expression allowed to users seeking to express themselves with the aid of AI. As the Federal Trade Commission recently explained, if a handful of companies control AI training data, “they may be able to leverage their control to dampen or distort competition in generative AI markets” and “wield outsized influence over a significant swath of economic activity.” 

Legacy gatekeepers have already used copyright to stifle access to information and the creation of new tools for understanding it. Consider, for example, Thomson Reuters v. Ross Intelligence, widely considered to be the first lawsuit over AI training rights ever filed. Ross Intelligence sought to disrupt the legal research duopoly of Westlaw and LexisNexis by offering a new AI-based system. The startup attempted to license the right to train its model on Westlaw’s summaries of public domain judicial opinions and its method for organizing cases. Westlaw refused to grant the license and sued its tiny rival for copyright infringement. Ultimately, the lawsuit forced the startup out of business, eliminating a would-be competitor that might have helped increase access to the law.  

Similarly, shortly after Getty Images—a billion-dollar stock images company that owns hundreds of millions of images—filed a copyright lawsuit asking the court to order the “destruction” of Stable Diffusion over purported copyright violations in the training process, Getty introduced its own AI image generator trained on its own library of images.  

Requiring developers to license AI training materials benefits tech monopolists as well. For giant tech companies that can afford to pay, pricey licensing deals offer a way to lock in their dominant positions in the generative AI market by creating prohibitive barriers to entry. To develop a “foundation model” that can be used to build generative AI systems like ChatGPT and Stable Diffusion, developers need to “train” the model on billions or even trillions of works, often copied from the open internet without permission from copyright holders. There’s no feasible way to identify all of those rightsholders—let alone execute deals with each of them. Even if these deals were possible, licensing that much content at the prices developers are currently paying would be prohibitively expensive for most would-be competitors.  

We should not assume that the same companies who built this world can fix the problems they helped create; if we want AI models that don’t replicate existing social and political biases, we need to make it possible for new players to build them. 

Nor is pro-monopoly regulation through copyright likely to provide any meaningful economic support for vulnerable artists and creators. Notwithstanding the highly publicized demands of musicians, authors, actors, and other creative professionals, imposing a licensing requirement is unlikely to protect the jobs or incomes of the underpaid working artists that media and entertainment behemoths have exploited for decades. Because of the imbalance in bargaining power between creators and publishing gatekeepers, trying to help creators by giving them new rights under copyright law is, as EFF Special Advisor Cory Doctorow has written, like trying to help a bullied kid by giving them more lunch money for the bully to take.  

Entertainment companies’ historical practices bear out this concern. For example, in the late-2000’s to mid-2010’s, music publishers and recording companies struck multimillion-dollar direct licensing deals with music streaming companies and video sharing platforms. Google reportedly paid more than $400 million to a single music label, and Spotify gave the major record labels a combined 18 percent ownership interest in its now-$100 billion company. Yet music labels and publishers frequently fail to share these payments with artists, and artists rarely benefit from these equity arrangements. There is no reason to believe that the same companies will treat their artists more fairly once they control AI. 

Threats to Free Expression 

Generative AI tools like text and image generators are powerful engines of expression. Creating content—particularly images and videos—is time intensive. It frequently requires tools and skills that many internet users lack. Generative AI significantly expedites content creation and reduces the need for artistic ability and expensive photographic or video technology. This facilitates the creation of art that simply would not have existed and allows people to express themselves in ways they couldn’t without AI.  

Some art forms historically practiced within the African American community—such as hip hop and collage—have a rich tradition of remixing to create new artworks that can be more than the sum of their parts. As professor and digital artist Nettrice Gaskins has explained, generative AI is a valuable tool for creating these kinds of art. Limiting the works that may be used to train AI would limit its utility as an artistic tool, and compound the harm that copyright law has already inflicted on historically Black art forms. 

Generative AI has the power to democratize speech and content creation, much like the internet has. Before the internet, a small number of large publishers controlled the channels of speech distribution, controlling which material reached audiences’ ears. The internet changed that by allowing anyone with a laptop and Wi-Fi connection to reach billions of people around the world. Generative AI magnifies those benefits by enabling ordinary internet users to tell stories and express opinions by allowing them to generate text in a matter of seconds and easily create graphics, images, animation, and videos that, just a few years ago, only the most sophisticated studios had the capability to produce. Legacy gatekeepers want to expand copyright so they can reverse this progress. Don’t let them: everyone deserves the right to use technology to express themselves, and AI is no exception.  

Threats to Fair Use 

In all of these situations, fair use—the ability to use copyrighted material without permission or payment in certain circumstances—often provides the best counter to restrictions imposed by rightsholders. But, as we explained in the first post in this series, fair use is under attack by the copyright creep. Publishers’ recent attempts to impose a new licensing regime for AI training rights—despite lacking any recognized legal right to control AI training—threatens to undermine the public’s fair use rights.  

By undermining fair use, the AI copyright creep makes all these other dangers more acute. Fair use is often what researchers and educators rely on to make their academic assessments and to gather data. Fair use allows competitors to build on existing work to offer better alternatives. And fair use lets anyone comment on, or criticize, copyrighted material.  

When gatekeepers make the argument against fair use and in favor of expansive copyright—in court, to lawmakers, and to the public—they are looking to cement their own power, and undermine ours.  

A Better Way Forward 

AI also threatens real harms that demand real solutions.  

Many creators and white-collar professionals increasingly believe that generative AI threatens their jobs. Many people also worry that it enables serious forms of abuse, such as AI-generated nonconsensual intimate imagery, including of children. Privacy concerns abound, as does consternation over misinformation and disinformation. And it’s already harming the environment.  

Expanding copyright will not mitigate these harms, and we shouldn’t forfeit free speech and innovation to chase snake oil “solutions” that won’t work.  

We need solutions that address the roots of these problems, like inadequate protections for labor rights and personal privacy. Targeted, issue-specific policies are far more likely to succeed in resolving the problems society faces. Take competition, for example. Proponents of copyright expansion argue that treating AI development like the fair use that it is would only enrich a handful of tech behemoths. But imposing onerous new copyright licensing requirements to train models would lock in the market advantages enjoyed by Big Tech and Big Media—the only companies that own large content libraries or can afford to license enough material to build a deep learning model—profiting entrenched incumbents at the public’s expense. What neither Big Tech nor Big Media will say is that stronger antitrust rules and enforcement would be a much better solution. 

What’s more, looking beyond copyright future-proofs the protections. Stronger environmental protections, comprehensive privacy laws, worker protections, and media literacy will create an ecosystem where we will have defenses against any new technology that might cause harm in those areas, not just generative AI. 

Expanding copyright, on the other hand, threatens socially beneficial uses of AI—for example, to conduct scientific research and generate new creative expression—without meaningfully addressing the harms.  

This post is part of our AI and Copyright series. For more information about the state of play in this evolving area, see our first post. 

The launch of ChatGPT and other deep learning quickly led to a flurry of lawsuits against model developers. Legal theories vary, but most are rooted in copyright: plaintiffs argue that use of their works to train the models was infringement; developers counter that their training is fair use. Meanwhile developers are making as many licensing deals as possible to stave off future litigation, and it’s a sound bet that the existing litigation is an elaborate scramble for leverage in settlement negotiations.  

These cases can end one of three ways: rightsholders win, everybody settles, or developers win. As we’ve noted before, we think the developers have the better argument. But that’s not the only reason they should win these cases: while creators have a legitimate gripe, expanding copyright won’t protect jobs from automation. A win for rightsholders or even a settlement could also lead to significant harm, especially if it undermines fair use protections for research uses or artistic protections for creators.  In this post and a follow-up, we’ll explain why. 

State of Play 

First, we need some context, so here’s the state of play: 

DMCA Claims  

Multiple courts have dismissed claims under Section 1202(b) of the Digital Millennium Copyright Act, stemming from allegations that developers removed or altered attribution information during the training process. In Raw Story Media v. OpenAI, Inc., the Southern District of New York dismissed these claims because the plaintiff had not “plausibly alleged” that training ChatGPT on their works had actually harmed them, and there was no “substantial risk” that ChatGPT would output their news articles. Because ChatGPT was trained on “massive amount of information from unnumerable sources on almost any given subject…the likelihood that ChatGPT would output plagiarized content from one of Plaintiffs’ articles seems remote.” Courts granted motions to dismiss similar DMCA claims in Andersen v. Stability AI, Ltd., , The Intercept Media, Inc. v. OpenAI, Inc., Kadrey v. Meta Platforms, Inc., and Tremblay v. OpenAI.  

Another such case, Doe v. GitHub, Inc. will soon be argued in the Ninth Circuit.  

Copyright Infringement Claims  

Rightsholders also assert ordinary copyright infringement, and the initial holdings are a mixed bag. In Kadrey v. Meta Platforms, Inc., for example, the court dismissed “nonsensical” claims that Meta’s LLaMA models are themselves infringing derivative works. In Andersen v. Stability AI Ltd., however, the court held that copyright claims based on the assumption that the plaintiff’s works were included in a training data set could go forward, where the use of plaintiffs’ names as prompts generated outputted images that were “similar to plaintiffs’ artistic works.” The court also held that the plaintiffs plausibly alleged that the model was designed to “promote infringement” for similar reasons.    

It's early in the case—the court was merely deciding if the plaintiffs had alleged enough to justify further proceedings—but it’s a dangerous precedent. Crucially, copyright protection extends only to the actual expression of the author—the underlying facts and ideas in a creative work are not themselves protected. That means that, while a model cannot output an identical or near-identical copy of a training image without running afoul of copyright, it is free to generate stylistically “similar” images. Training alone is insufficient to give rise to a claim of infringement, and the court impermissibly conflated permissible “similar” outputs with the copying of protectable expression.  

Fair Use  

In most of the AI cases, courts have yet to consider—let alone decide—whether fair use applies. In one unusual case, however, the judge has flip-flopped, previously finding that the defendant’s use was fair and changing his mind. This case, Thomson Reuters Enterprise Centre GMBH v. Ross Intelligence, Inc., concerns legal research technology. Thomson Reuters provides search tools to locate relevant legal opinions and prepares annotations describing the opinions’ holdings. Ross Intelligence hired lawyers to look at those annotations and rewrite them in their own words. Their output was used to train Ross’s search tool, ultimately providing users with relevant legal opinions based on their queries. Originally, the court got it right, holding that if the AI developer used copyrighted works only “as a step in the process of trying to develop a ‘wholly new,’ albeit competing, product,” that’s “transformative intermediate copying,” i.e. fair use.  
 
After reconsidering, however, the judge changed his mind in several respects, essentially disagreeing with prior case law regarding search engines. We think it’s unlikely that an appeals court would uphold this divergence from precedent. But if it did, it would present legal problems for AI developers—and anyone creating search tools. 

Copyright law favors the creation of new technology to learn and locate information, even when developing the tool required copying books and web pages in order to index them. Here, the search tool is providing links to legal opinions, not presenting users with any Thomson Reuters original material. The tool is concerned with noncopyrightable legal holdings and principles, not with supplanting any creative expression embodied in the annotations prepared by Thomson Reuters.  

Thomson Reuters has often pushed the limits of copyright in an attempt to profit off of the public’s need to access and refer to the law, for instance by claiming a proprietary interest in its page numbering of legal opinions. Unfortunately, the judge in this case enabled them to do so in a new way. We hope the appeals court reverses the decision. 

The Side Deals 

While all of this is going on, developers that can afford it—OpenAI, Google, and other tech behemoths—have inked multimillion-dollar licensing deals with Reddit, the Wall Street Journal, and myriad other corporate copyright owners. There’s suddenly a $2.5 billion licensing market for training data—even though the use of that data is almost certainly fair use. 

What’s Missing

This litigation is getting plenty of attention. And it should because the stakes are high. Unfortunately, the real stakes are getting lost. These cases are not just about who will get the most financial benefits from generative AI. The outcomes will decide whether a small group of corporations that can afford big licensing fees will determine the future of AI for all of us. More on that tomorrow. 

This post is part of our AI and Copyright series. Check out our other post in this series. 

Campaign Aims to Ensure that People Can Access Reproductive Rights Information Through Social Media

SAN FRANCISCO—The Electronic Frontier Foundation (EFF) and the Repro Uncensored coalition on Wednesday launched the #StopCensoringAbortion campaign to ensure that people who need reproductive health and abortion information can find and share it. 

Censorship of this information by social media companies appears to be increasing, so the campaign will collect information to track such incidents.  

“This censorship is alarming, and we’re seeing it take place across popular social media platforms like Facebook, Instagram, and TikTok, where abortion-related content is often flagged or removed under vague ‘community guideline’ violations, despite the content being legal and factual,” said EFF Legislative Activist Rindala Alajaji. “This lack of transparency leaves organizations, influencers, and individuals in the dark, fueling a wider culture of online censorship that jeopardizes public access to vital healthcare information.” 

Initially, the campaign is collecting stories from people and organizations who have faced censorship on these platforms. This will help the public and the companies understand how often this is happening, who is affected, and with what consequences. EFF will use that information to demand that censorship stop and that the companies create greater transparency in their practices, which are often obscure and difficult to track. Tech companies must not silence critical conversations about reproductive rights.  

"We are not simply raising awareness—we are taking action to hold tech companies accountable for their role in censoring free speech around reproductive health. The stories we collect will be instrumental in presenting to the platforms the breadth of this problem, drawing a picture of its impact, and demanding more transparent policies,” Alajaji said. “If you or someone you know has had abortion-related content taken down or shadowbanned by a social media platform, your voice is crucial in this fight. By sharing your experience, you’ll be contributing to a larger movement to end censorship and demand that social media platforms stop restricting access to critical reproductive health information.” 

In addition to a portal for reporting incidents of online abortion censorship, the campaign’s landing page provides links to reporting and research on this censorship. Additionally, the page includes digital privacy and security guides for abortion activists, medical personnel, and patients. 

With reproductive rights under fire across the U.S. and around the world, access to accurate abortion information has never been more critical. Reproductive health and rights organizations have turned to online platforms to share essential, sometimes life-saving guidance and resources. Whether they provide the latest updates on abortion laws, where to find clinics, or education about abortion medication, online spaces have become a lifeline particularly for those in regions where reproductive freedoms are under siege.  

But a troubling trend is making it harder for people to access vital abortion information: Social media platforms are censoring or removing abortion-related content, often without a clear justification or policy basis. A recent example surfaced last month when Instagram posts by Aid Access, an online abortion services provider, were either blurred out or prevented from loading entirely. This sparked concerns in the press about how recent content moderation policy changes by Meta, the parent company of Instagram and Facebook, would affect availability of reproductive health information. 

For the campaign landing page: https://www.eff.org/pages/stop-censoring-abortion  

Contact:  RindalaAlajajiLegislative Activistrin@eff.org

This post is part three in a series of posts about EFF’s work in Europe. Read about how and why we work in Europe here. 

EFF’s mission is to ensure that technology supports freedom, justice, and innovation for all people of the world. While our work has taken us to far corners of the globe, in recent years we have worked to expand our efforts in Europe, building up a policy team with key expertise in the region, and bringing our experience in advocacy and technology to the European fight for digital rights.  

In this blog post series, we will introduce you to the various players involved in that fight, share how we work in Europe, and discuss how what happens in Europe can affect digital rights across the globe. 

Implementing a Privacy First Approach to Fighting Online Harms

Infringements on privacy are commonplace across the world, and Europe is no exemption. Governments and regulators across the region are increasingly focused on a range of risks associated with the design and use of online platforms, such as addictive design, the effects of social media consumption on children’s and teenagers’ mental health, and dark patterns limiting consumer choices. Many of these issues share a common root: the excessive collection and processing of our most private and sensitive information by corporations for their own financial gain. 

One necessary approach to solving this pervasive problem is to reduce the amount of data that these entities can collect, analyze, and sell. The European General Data Protection Regulation (GDPR) is central to protecting users’ data protection rights in Europe, but the impact of the GDPR ultimately depends on how well it is enforced. Strengthening the enforcement of the GDPR in areas where data can be used to target, discriminate, and undermine fundamental rights is therefore a cornerstone in our work. 

Beyond the GDPR, we also bring our privacy first approach to fighting online harms to discussions on online safety and digital fairness. The Digital Services Act (DSA) makes some important steps to limit the use of some data categories to target users with ads, and bans targeteds ads for minors completely. This is the right approach, which we will build on as we contribute to the debate around the upcoming Digital Fairness Act. 

Age Verification Tools Are No Silver Bullet

As in many other jurisdictions around the world, age verification has become a hotly debated topic in the EU, with governments across Europe seeking to introduce them. In the United Kingdom, legislation like the Online Safety Act (OSA) was introduced to make the UK “the safest place” in the world to be online. The OSA requires platforms to prevent individuals from encountering certain illegal content, which will likely mandate the use of intrusive scanning systems. Even worse, it empowers the British government, in certain situations, to demand that online platforms use government-approved software to scan for illegal content. And they are not alone in seeking to do so. Last year, France banned social media access for children under 15 without parental consent, and Norway also pledged to follow a similar ban. 

Children’s safety is important, but there is little evidence that online age verification tools can help achieve this goal. EFF has long fought against mandatory age verification laws, from the U.S. to Australia, and we’ll continue to stand up against these types of laws in Europe. Not just for the sake of free expression, but to protect the free flow of information that is essential to a free society. 

Challenging Creeping Surveillance Powers

For years, we’ve observed a worrying tendency of technologies designed to protect people's privacy and data being re-framed as security concerns. And recent developments in Europe, like Germany’s rush to introduce biometric surveillance, signal a dangerous move towards expanding surveillance powers, justified by narratives framing complex digital policy issues as primarily security concerns. These approaches invite tradeoffs that risk undermining the privacy and free expression of individuals in the EU and beyond.

Even though their access to data has never been broader, law enforcement authorities across Europe continue to peddle the tale of the world “going dark.” With EDRi, we criticized the EU high level group “going dark” and sent a joint letter warning against granting law enforcement unfettered capacities that may lead to mass surveillance and violate fundamental rights. We have also been involved in Pegasus spyware investigations, with EFF’s Executive Director Cindy Cohn participating in an expert hearing on the matter. The issue of spyware is pervasive and intersects with many components of EU law, such as the anti-spyware provisions contained within the EU Media Freedom Act. Intrusive surveillance has a global dimension, and our work has combined advocacy at the UN with the EU, for example, by urging the EU Parliament to reject the UN Cybercrime Treaty.

Rather than increasing surveillance, countries across Europe must also make use of their prerogatives to ban biometric surveillance, ensuring that the use of this technology is not permitted in sensitive contexts such as Europe’s borders. Face recognition, for example, presents an inherent threat to individual privacy, free expression, information security, and social justice. In the UK, we’ve been working with national groups to ban government use of face recognition technology, which is currently administered by local police forces. Given the proliferation of state surveillance across Europe, government use of this technology must be banned.

Protecting the Right to Secure and Private Communications

EFF works closely on issues like encryption to defend the right to private communications in Europe. For years, EFF fought hard against an EU proposal that, if it became law, would have pressured online services to abandon end-to-end encryption. We joined together with EU allies and urged people to sign the “Don’t Scan Me” petition. We lobbied EU lawmakers and urged them to protect their constituents’ human right to have a private conversation—backed up by strong encryption. Our message broke through, and a key EU committee adopted a position that bars the mass scanning of messages and protects end-to-end encryption. It also bars mandatory age verification whereby users would have had to show ID to get online. As Member States are still debating their position on the proposal, this fight is not over yet. But we are encouraged by the recent European Court of Human Rights ruling which confirmed that undermining encryption violates fundamental rights to privacy. EFF will continue to advocate for this to governments, and the corporations providing our messaging services.

As we’ve said many times, both in Europe and the U.S., there is no middle ground to content scanning and no “safe backdoor” if the internet is to remain free and private. Either all content is scanned and all actors—including authoritarian governments and rogue criminals—have access, or no one does. EFF will continue to advocate for the right to a private conversation, and hold the EU accountable to the international and European human rights protections that they are signatories to. 

Looking Forward

EU legislation and international treaties should contain concrete human rights safeguards, robust data privacy standards, and sharp limits on intrusive surveillance powers, including in the context of global cooperation. 

Much work remains to be done. And we are ready for it. Late last year, we put forward comprehensive policy recommendations to European lawmakers and we will continue fighting for an internet where everyone can make their voice heard. In the next—and final—post in this series, you will learn more about how we work in Europe to ensure that digital markets are fair, offer users choice and respect fundamental rights.

Early in January 2025 it seemed like TikTok was on the verge of being banned by the U.S. government. In reaction to this imminent ban, several million people in the United States signed up for a different China-based social network known in the U.S. as RedNote, and in China as Xianghongshu (小红书/ 小紅書; which translates to Little Red Book). 

RedNote is an application and social network created in 2013 that currently has over 300 million users. Feature-wise, it is most comparable to Instagram and is primarily used for sharing pictures, videos, and shopping. The vast majority of its users live in China, are born after 1990, and are women. Even before the influx of new users in January, RedNote has historically had many users outside of China, primarily people from the Chinese diaspora who have friends and relatives on the network. RedNote is largely funded by two major Chinese tech corporations: Tencent and Alibaba. 

When millions of U.S. based users started flocking to the application, the traditional rounds of pearl clutching and concern trolling began. Many people raised the alarm about U.S. users entrusting their data with a Chinese company, and it is implied, the Chinese Communist Party. The reaction from U.S. users was an understandable, if unfortunate, bit of privacy nihilism. People responded that they, “didn’t care if someone in China was getting their data since US companies such as Meta and Google had already stolen their data anyway.” “What is the difference,” people argued, “between Meta having my data and someone in China? How does this affect me in any way?”

Even if you don’t care about giving China your data, it is not safe to use any application that doesn’t use encryption by default. 

Last week, The Citizen Lab at The Munk School Of Global Affairs, University of Toronto, released a report authored by Mona Wang, Jeffrey Knockel, and Irene Poetranto which highlights three serious security issues in the RedNote app. The most concerning finding from Citizen Lab is a revelation that RedNote retrieves uploaded user content over plaintext http. This means that anyone else on your network, at your internet service provider, or organizations like the NSA, can see everything you look at and upload to RedNote. Moreover someone could intercept that request and replace it with their own media or even an exploit to install malware on your device. 

In light of this report the EFF Threat Lab decided to confirm the CItizen Lab findings and do some additional privacy investigation of RedNote. We used static analysis techniques for our investigation, including manual static analysis of decompiled source code, and automated scanners including MobSF and Exodus Privacy. We only analyzed Version 8.59.5 of RedNote for Android downloaded from the website APK Pure.

EFF has independently confirmed the finding that Red Note retrieves posted content over plaintext http. Due to this lack of even basic transport layer encryption we don’t think this application is safe for anyone to use. Even if you don’t care about giving China your data, it is not safe to use any application that doesn’t use encryption by default. 

Citizen Lab researchers also found that users’ file contents are readable by network attackers. We were able to confirm that RedNote encrypts several sensitive files with static keys which are present in the app and the same across all installations of the app, meaning anyone who was able to retrieve those keys from a decompiled version of the app could decrypt these sensitive files for any user of the application. The Citizen Lab report also found a vulnerability where an attacker could identify the contents of any file readable by the application. This was out of scope for us to test but we find no reason to doubt this claim. 

The third major finding by Citizen Lab was that RedNote transmits device metadata in a way that can be eavesdropped on by network attackers, sometimes without encryption at all, and sometimes in a way vulnerable to a machine-in-the middle attack. We can confirm that RedNote does not validate HTTPS certificates properly. Testing this vulnerability was out of scope for EFF, but we find no reason to doubt this claim. 

Permissions and Trackers

EFF performed further analysis of the permissions and trackers requested by RedNote. Our findings indicate two other potential privacy issues with the application. 

RedNote requests some very sensitive permissions, including location information, even when the app is not running in the foreground. This permission is not requested by other similar apps such as TikTok, Facebook, or Instagram. 

We also found, using an online scanner for tracking software called Exodus Privacy, that RedNote is not a platform which will protect its users from U.S.-based surveillance capitalism. In addition to sharing userdata with the Chinese companies Tencent and ByteDance, it also shares user data with Facebook and Google. 

Other Issues 

RedNote contains functionality to update its own code after it’s downloaded from the Google Play store using an open source library called APK Patch. This could be used to inject malicious code into the application after it has been downloaded without such code being revealed in automated scans meant to protect against malicious applications being uploaded to official stores, like Google Play. 

Recommendations

Due to the lack of encryption we do not consider it safe for anyone to run this app. If you are going to use RedNote, we recommend doing so with the absolute minimum set of permissions necessary for the app to function (see our guides for iPhone and Android.) At least a part of this blame falls on Google. Android needs to stop allowing apps to make unencrypted requests at all. 

Due to the lack of encryption we do not consider it safe for anyone to run this app.

RedNote should immediately take steps to encrypt all traffic from their application and remove the permission for background location information. 

Users should also keep in mind that RedNote is not a platform which values free speech. It’s a heavily censored application where topics such as political speech, drugs and addiction, and sexuality are more tightly controlled than similar social networks. 

Since it shares data with Facebook and Google ad networks, RedNote users should also keep in mind that it’s not a platform that protects you from U.S.-based surveillance capitalism.

The willingness of users to so quickly move to RedNote also highlights the fact that people are hungry for platforms that aren't controlled by the same few American tech oligarchs. People will happily jump to another platform even if it presents new, unknown risks; or is controlled by foreign tech oligarchs such as Tencent and Alibaba.

However, federal bans of such applications are not the correct answer. When bans are targeted at specific platforms such as TikTok, Deepseek, and RedNote rather than privacy-invasive practices such as sharing sensitive details with surveillance advertising platforms, users who cannot participate on the banned platform may still have their privacy violated when they flock to other platforms. The real solution to the potential privacy harms of apps like RedNote is to ensure (through technology, regulation, and law) that people’s sensitive information isn’t entered into the surveillance capitalist data stream in the first place.

We need a federal, comprehensive, consumer-focused privacy law. Our government is failing to address the fundamental harms of privacy-invading social media. Implementing xenophobic, free-speech infringing policy is having the unintended consequence of driving folks to platforms with even more aggressive censorship. This outcome was foreseeable. Rather than a knee-jerk reaction banning the latest perceived threat, these issues could have been avoided by addressing privacy harms at the source and enacting strong consumer-protection laws. 

Figure 1. Permissions requested by RedNote

Permission

Description

android.permission.ACCESS_BACKGROUND_LOCATION

This app can access location at any time, even while the app is not in use.

android.permission.ACCESS_COARSE_LOCATION

This app can get your approximate location from location services while the app is in use. Location services for your device must be turned on for the app to get location.

android.permission.ACCESS_FINE_LOCATION

This app can get your precise location from location services while the app is in use. Location services for your device must be turned on for the app to get location. This may increase battery usage.

android.permission.ACCESS_MEDIA_LOCATION

Allows the app to read locations from your media collection.

android.permission.ACCESS_NETWORK_STATE

Allows the app to view information about network connections such as which networks exist and are connected.

android.permission.ACCESS_WIFI_STATE

Allows the app to view information about Wi-Fi networking, such as whether Wi-Fi is enabled and name of connected Wi-Fi devices.

android.permission.AUTHENTICATE_ACCOUNTS

Allows the app to use the account authenticator capabilities of the AccountManager, including creating accounts and getting and setting their passwords.

android.permission.BLUETOOTH

Allows the app to view the configuration of the Bluetooth on the phone, and to make and accept connections with paired devices.

android.permission.BLUETOOTH_ADMIN

Allows the app to configure the local Bluetooth phone, and to discover and pair with remote devices.

android.permission.BLUETOOTH_CONNECT

Allows the app to connect to paired Bluetooth devices

android.permission.CAMERA

This app can take pictures and record videos using the camera while the app is in use.

android.permission.CHANGE_NETWORK_STATE

Allows the app to change the state of network connectivity.

android.permission.CHANGE_WIFI_STATE

Allows the app to connect to and disconnect from Wi-Fi access points and to make changes to device configuration for Wi-Fi networks.

android.permission.EXPAND_STATUS_BAR

Allows the app to expand or collapse the status bar.

android.permission.FLASHLIGHT

Allows the app to control the flashlight.

android.permission.FOREGROUND_SERVICE

Allows the app to make use of foreground services.

android.permission.FOREGROUND_SERVICE_DATA_SYNC

Allows the app to make use of foreground services with the type dataSync

android.permission.FOREGROUND_SERVICE_LOCATION

Allows the app to make use of foreground services with the type location

android.permission.FOREGROUND_SERVICE_MEDIA_PLAYBACK

Allows the app to make use of foreground services with the type mediaPlayback

android.permission.FOREGROUND_SERVICE_MEDIA_PROJECTION

Allows the app to make use of foreground services with the type mediaProjection

android.permission.FOREGROUND_SERVICE_MICROPHONE

Allows the app to make use of foreground services with the type microphone

android.permission.GET_ACCOUNTS

Allows the app to get the list of accounts known by the phone. This may include any accounts created by applications you have installed.

android.permission.INTERNET

Allows the app to create network sockets and use custom network protocols. The browser and other applications provide means to send data to the internet, so this permission is not required to send data to the internet.

android.permission.MANAGE_ACCOUNTS

Allows the app to perform operations like adding and removing accounts, and deleting their password.

android.permission.MANAGE_MEDIA_PROJECTION

Allows an application to manage media projection sessions. These sessions can provide applications the ability to capture display and audio contents. Should never be needed by normal apps.

android.permission.MODIFY_AUDIO_SETTINGS

Allows the app to modify global audio settings such as volume and which speaker is used for output.

android.permission.POST_NOTIFICATIONS

Allows the app to show notifications

android.permission.READ_CALENDAR

This app can read all calendar events stored on your phone and share or save your calendar data.

android.permission.READ_CONTACTS

Allows the app to read data about your contacts stored on your phone. Apps will also have access to the accounts on your phone that have created contacts. This may include accounts created by apps you have installed. This permission allows apps to save your contact data, and malicious apps may share contact data without your knowledge.

android.permission.READ_EXTERNAL_STORAGE

Allows the app to read the contents of your shared storage.

android.permission.READ_MEDIA_AUDIO

Allows the app to read audio files from your shared storage.

android.permission.READ_MEDIA_IMAGES

Allows the app to read image files from your shared storage.

android.permission.READ_MEDIA_VIDEO

Allows the app to read video files from your shared storage.

android.permission.READ_PHONE_STATE

Allows the app to access the phone features of the device. This permission allows the app to determine the phone number and device IDs, whether a call is active, and the remote number connected by a call.

android.permission.READ_SYNC_SETTINGS

Allows the app to read the sync settings for an account. For example, this can determine whether the People app is synced with an account.

android.permission.RECEIVE_BOOT_COMPLETED

Allows the app to have itself started as soon as the system has finished booting. This can make it take longer to start the phone and allow the app to slow down the overall phone by always running.

android.permission.RECEIVE_USER_PRESENT

Unknown permission from android reference

android.permission.RECORD_AUDIO

This app can record audio using the microphone while the app is in use.

android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS

Allows an app to ask for permission to ignore battery optimizations for that app.

android.permission.REQUEST_INSTALL_PACKAGES

Allows an application to request installation of packages.

android.permission.SCHEDULE_EXACT_ALARM

This app can schedule work to happen at a desired time in the future. This also means that the app can run when youu2019re not actively using the device.

android.permission.SYSTEM_ALERT_WINDOW

This app can appear on top of other apps or other parts of the screen. This may interfere with normal app usage and change the way that other apps appear.

android.permission.USE_CREDENTIALS

Allows the app to request authentication tokens.

android.permission.VIBRATE

Allows the app to control the vibrator.

android.permission.WAKE_LOCK

Allows the app to prevent the phone from going to sleep.

android.permission.WRITE_CALENDAR

This app can add, remove, or change calendar events on your phone. This app can send messages that may appear to come from calendar owners, or change events without notifying their owners.

android.permission.WRITE_CLIPBOARD_SERVICE

Unknown permission from android reference

android.permission.WRITE_EXTERNAL_STORAGE

Allows the app to write the contents of your shared storage.

android.permission.WRITE_SETTINGS

Allows the app to modify the system's settings data. Malicious apps may corrupt your system's configuration.

android.permission.WRITE_SYNC_SETTINGS

Allows an app to modify the sync settings for an account. For example, this can be used to enable sync of the People app with an account.

cn.org.ifaa.permission.USE_IFAA_MANAGER

Unknown permission from android reference

com.android.launcher.permission.INSTALL_SHORTCUT

Allows an application to add Homescreen shortcuts without user intervention.

com.android.launcher.permission.READ_SETTINGS

Unknown permission from android reference

com.asus.msa.SupplementaryDID.ACCESS

Unknown permission from android reference

com.coloros.mcs.permission.RECIEVE_MCS_MESSAGE

Unknown permission from android reference

com.google.android.gms.permission.AD_ID

Unknown permission from android reference

com.hihonor.push.permission.READ_PUSH_NOTIFICATION_INFO

Unknown permission from android reference

com.hihonor.security.permission.ACCESS_THREAT_DETECTION

Unknown permission from android reference

com.huawei.android.launcher.permission.CHANGE_BADGE

Unknown permission from android reference

com.huawei.android.launcher.permission.READ_SETTINGS

Unknown permission from android reference

com.huawei.android.launcher.permission.WRITE_SETTINGS

Unknown permission from android reference

com.huawei.appmarket.service.commondata.permission.GET_COMMON_DATA

Unknown permission from android reference

com.huawei.meetime.CAAS_SHARE_SERVICE

Unknown permission from android reference

com.meizu.c2dm.permission.RECEIVE

Unknown permission from android reference

com.meizu.flyme.push.permission.RECEIVE

Unknown permission from android reference

com.miui.home.launcher.permission.INSTALL_WIDGET

Unknown permission from android reference

com.open.gallery.smart.Provider

Unknown permission from android reference

com.oplus.metis.factdata.permission.DATABASE

Unknown permission from android reference

com.oplus.permission.safe.AI_APP

Unknown permission from android reference

com.vivo.identifier.permission.OAID_STATE_DIALOG

Unknown permission from android reference

com.vivo.notification.permission.BADGE_ICON

Unknown permission from android reference

com.xiaomi.dist.permission.ACCESS_APP_HANDOFF

Unknown permission from android reference

com.xiaomi.dist.permission.ACCESS_APP_META

Unknown permission from android reference

com.xiaomi.security.permission.ACCESS_XSOF

Unknown permission from android reference

com.xingin.xhs.permission.C2D_MESSAGE

Unknown permission from android reference

com.xingin.xhs.permission.JOPERATE_MESSAGE

Unknown permission from android reference

com.xingin.xhs.permission.JPUSH_MESSAGE

Unknown permission from android reference

com.xingin.xhs.permission.MIPUSH_RECEIVE

Unknown permission from android reference

com.xingin.xhs.permission.PROCESS_PUSH_MSG

Unknown permission from android reference

com.xingin.xhs.permission.PUSH_PROVIDER

Unknown permission from android reference

com.xingin.xhs.push.permission.MESSAGE

Unknown permission from android reference

freemme.permission.msa

Unknown permission from android reference

freemme.permission.msa.SECURITY_ACCESS

Unknown permission from android reference

getui.permission.GetuiService.com.xingin.xhs

Unknown permission from android reference

ohos.permission.ACCESS_SEARCH_SERVICE

Unknown permission from android reference

oplus.permission.settings.LAUNCH_FOR_EXPORT

Unknown permission from android reference

As calls by UK’s top leaders for the release of British-Egyptian blogger, coder, and activist Alaa Abd El-Fattah from prison in Cairo continue, Alaa’s mother, math professor Laila Soueif, grows weaker four months into a hunger strike she began in September to keep attention focused on her son and protest the lack of progress in obtaining his release.  

She has consumed only water, coffee, tea and rehydration salts for more than 135 days. She is 68 years old, and her condition is becoming dire. 

It's a shocking and unacceptable situation for Alaa’s family and his many supporters around the world. They continue to get the runaround from the British government about its efforts to get him released. The prime minister and foreign secretary, the key players in the drive to secure Alaa’s release, have expressed support for Alaa and dealt directly with Egypt’s highest authorities on his behalf. But Alaa’s family has received scant information about those discussions.  

What we do know is that Prime Minister Keir Starmer spoke directly to Egyptian President Abdel Fattah al-Sisi about Alaa during a phone call last summer and in December, but did not raise the issue when the two met at the G20 summit in November. Starmer told  Soueif in a January 29 letter (he has so far declined to meet with her) that he is committed to pushing Egypt to release him. “I believe progress is possible, but it will take time,” he said. 

"I don't have time, Soueif told Agence France-Presse.

Likewise, Foreign Secretary David Lammy said in January that he met with Egypt’s foreign minister in Saudi Arabia and has made securing Alaa’s release his number one priority. He spoke to his Egyptian counterpart, Badr Abdel Aty, again while in Cairo. Meanwhile, the government sent a strong message in its periodic review of Egypt before the UN Human Rights Council, saying freeing Alaa was its foremost recommendation and calling his detention “unacceptable.” 

Yet, there have been no signs that the Egyptian government will free Alaa. He remains in a maximum-security prison outside of Cairo. He has spent the better part of the last 10 years behind bars, unjustly charged for supporting online free speech and privacy for Egyptians and people across the Middle East and North Africa. The Egyptian government’s treatment of Alaa, a prominent global voice during the Arab Spring, is a travesty. 

“I don’t have time,” Soueif told Agence France-Presse.  

“We’ve been in this endless loop of imprisonment for almost 10 years,” Soueif told Middle East Eye in explaining why she went on a hunger strike. “I couldn't allow this to go on any further, and there was no reason to believe that if we waited a bit more, he'd come out.” 

Alaa should have been released on September 29, after serving his five-year sentence for sharing a Facebook post about a death in police custody, but Egyptian authorities have continued his imprisonment in contravention of the country’s own Criminal Procedure Code.  

Journalism and former foreign correspondent Peter Greste, who befriended Alaa 11 years ago when the two were locked up in the same prison—Greste on terrorism charges for his reporting—joined Soueif in a 21-day hunger strike to show his solidarity. “This injustice has gone on far too long,” he said.  

Others continue to press for Alaa’s release. This week a group of prominent Egyptian public figures called on President al-Sisi to release Alaa, citing among other things Soueif’s declining health. Allowing Alaa to get out of prison would not merely be a humanitarian response, but “a strategic decision that would foster a more conciliatory political climate,” they said.  

EFF and six international partner organizations in December called on Starmer to take immediate action to secure Alaa’s release. We told him that Alaa’s case is a litmus test of the UK’s commitment to human rights. Soueif’s future, and Alaa’s, rests in the UK government’s hands, and it must act now. Starmer needs to pick up the phone and call al-Sisi.  

If you’re based in the UK, here are some actions you can take to support the calls for Alaa’s release:

1. Write to your MP (external link): https://freealaa.net/message-mp  

1. Join Laila Soueif outside the Foreign Office in London daily between 10-11am 

1. Share Alaa’s plight on social media using the hashtag #freealaa 

 

 

 

As President Donald Trump issued an Executive Order in 2020 to retaliate against online services that fact-checked him, a team within the Department of Justice (DOJ) was finalizing a proposal to substantially weaken a key law that protects internet users’ speech.

Documents released to EFF as part of a Freedom of Information Act (FOIA) suit reveal that the DOJ officials—a self-described “Tiger Team”—were caught off guard by Trump’s retaliatory effort, which was aimed at the same online social services they wanted to regulate further by amending 47 U.S.C. § 230 (Section 230).

Section 230 protects users’ online speech by protecting the online intermediaries we all rely on to communicate on blogs, social media platforms, and educational and cultural platforms like Wikipedia and the Internet Archive. Section 230 embodies that principle that we should all be responsible for our own actions and statements online, but generally not those of others. The law prevents most civil suits against users or services that are based on what others say.

The correspondence among DOJ officials shows that the group delayed unveiling the agency’s official plans to amend Section 230 in light of Trump’s executive order, which was challenged on First Amendment grounds and later rescinded by President Joe Biden. EFF represented the groups who challenged Trump’s Executive Order and filed two FOIA suits for records about the administration’s implementation of the order.

In the most recent FOIA case, the DOJ has been slowly releasing records detailing its work to propose amendments to Section 230, which predated Trump’s Executive Order. The DOJ released the text of its proposed amendments to Section 230 in September 2020, and the proposal would have substantially narrowed the law’s protections.

For example, the DOJ’s proposal would have allowed federal civil suits and state and federal criminal prosecutions against online services if they learned that users’ content broke the law. It also would have established notice-and-takedown liability for user-generated content that was deemed to be illegal. Together, these provisions would likely result in online services screening and removing a host of legal content, based on a fear that any questionable material might trigger liability later.

The DOJ’s proposal had a distinct emphasis on imposing liability on services should they have hosted illegal content posted by their users. That focus was likely the result of the team DOJ assembled to work on the proposal, which included officials from the agency’s cybercrime division and the FBI.

The documents also show that DOJ officials met with attorneys who brought lawsuits against online services to get their perspective on Section 230. This is not surprising, as the DOJ had been meeting with multiple groups throughout 2020 while it prepared a report about Section 230.

EFF’s FOIA suit is ongoing, as the DOJ has said that it still has thousands of potential pages to review and possibly release. Although these documents reflect DOJ’s activity from Trump’s first term, they are increasingly relevant as the administration appoints officials who have previously threatened online intermediaries for exercising their own First Amendment rights. EFF will continue to publish all documents released in this FOIA suit and push back on attempts to undermine internet users’ rights to speak online.

Google continues to show us why it chose to abandon its old motto of “Don’t Be Evil,” as it becomes more and more enmeshed with the military-industrial complex. Most recently, Google has removed four key points from its AI principles. Specifically, it previously read that the company would not pursue AI applications involving (1) weapons, (2) surveillance, (3) technologies that “cause or are likely to cause overall harm,” and (4) technologies whose purpose contravenes widely accepted principles of international law and  human rights.

Those principles are gone now.

In its place, the company has written that “democracies” should lead in AI development and companies should work together with governments “to create AI that protects people, promotes global growth, and supports national security.” This could mean that the provider of the world’s largest search engine–the tool most people use to uncover the best apple pie recipes and to find out what time their favorite coffee shop closes–could be in the business of creating AI-based weapons systems and leveraging its considerable computing power for surveillance.

This troubling decision to potentially profit from high-tech warfare, which could have serious consequences for real lives and real people comes after criticism from EFF, human rights activists, and other international groups. Despite its pledges and vocal commitment to human rights, Google has faced criticism for its involvement in Project Nimbus, which provides advanced cloud and AI capabilities to the Israeli government, tools that an increasing number of credible reports suggest are being used to target civilians under pervasive surveillance in the Occupied Palestinian Territories. EFF said in 2024, “When a company makes a promise, the public should be able to rely on it.” Rather than fully living up to its previous human rights commitments, it seems Google has shifted its priorities.

Google is a company valued at $2.343 trillion that has global infrastructure and a massive legal department and appears to be leaning into the current anti-humanitarian moment. The fifth largest company in the world seems to have chosen to make the few extra bucks (relative to the company’s earnings and net worth) that will come from mass surveillance tools and AI-enhanced weapons systems.

And of course we can tell why. With government money flying out the door toward defense contractors, surveillance technology companies, and other national security and policing related vendors, the legacy companies who swallow up all of that data don’t want to miss out on the feeding frenzy. With $1 billion contracts on the table even for smaller companies promising AI-enhanced tech, it looks like Google is willing to throw its lot in with the herd.

In addition to Google and Amazon’s involvement with Project Nimbus, which involved both cloud storage for the large amounts of data collected from mass surveillance and analysis of that data, there are many other scenarios and products on the market that could raise concerns. AI could be used to power autonomous weapons systems which decide when and if to pull the trigger or drop a bomb. Targeting software can mean physically aiming weapons at people identified by geolocation or by other types of machine learning like face recognition or other biometric technology. AI could also be used to sift through massive amounts of intelligence, including intercepted communications or publicly available information from social media and the internet in order to assemble lists of people to be targeted by militaries.

Whether autonomous AI-based weapons systems and surveillance are controlled by totalitarian states or states that meet Google’s definition of “democracy”, is of little comfort to the people who could be targeted, spied on, or killed in error by AI technology which is prone to mistakes. AI cannot be accountable for its actions. If we, the public, are able to navigate the corporate, government, and national security secrecy to learn of these flaws, companies will fall on a playbook we’ve seen before: tinkering with the algorithms and declaring the problem solved.

We urge Google, and all of the companies that will follow in its wake, to reverse course. In the meantime, users will have to decide who deserves their business. As the company’s most successful product, its search engine, is faltering, that decision gets easier and easier.

Across the United States, Immigration and Customs Enforcement (ICE) has already begun increasing enforcement operations, including highly publicized raids. As immigrant communities, families, allies, and activists think about what can be done to shift policy and protect people, one thing is certain: similar to filming the police as they operate, you have the right to film ICE, as long as you are not obstructing official duties.

Filming ICE agents making an arrest or amassing in your town helps promote transparency and accountability for a system that often relies on intimidation and secrecy and obscures abuse and law-breaking. 

While it is crucial for people to help aid in transparency and accountability, there are considerations and precautions you should take. For an in-depth guide by organizations on the frontlines of informing people who wish to record ICE’s interactions with the public, review these handy resources from the hard-working folks at WITNESS and NYCLU. 

At EFF, here are our general guidelines when it comes to filming law enforcement, including ICE: 

What to Know When Recording Law Enforcement

• You have the right to record law enforcement officers exercising their official duties in public.
• Stay calm and courteous.
• Do not interfere with law enforcement. If you are a bystander, stand at a safe distance from the scene that you are recording.
• You may take photos or record video and/or audio.
• Law enforcement cannot order you to move because you are recording, but they may order you to move for public safety reasons even if you are recording.
• Law enforcement may not search your cell phone or other device without a warrant based on probable cause from a judge, even if you are under arrest. Thus, you may refuse a request from an officer to review or delete what you recorded. You also may refuse to unlock your phone or provide your passcode.
• Despite reasonably exercising your First Amendment rights, law enforcement officers may illegally retaliate against you in a number of ways including with arrest, destruction of your device, and bodily harm. They may also try to retaliate by harming the person being arrested. We urge you to remain alert and mindful about this possibility.
• Consider the sensitive nature of recording in the context of an ICE arrest. The person being arrested or their loved ones may be concerned about exposing their immigration status, so think about obtaining consent or blurring out faces in any version you publish to focus on ICE’s conduct (while still retaining the original video).

Your First Amendment Right to Record Law Enforcement Officers Exercising Their Official Duties in Public

You have a First Amendment right to record law enforcement, which federal courts and the Justice Department have recognized and affirmed. Although the Supreme Court has not squarely ruled on the issue, there is a long line of First Amendment case law from the high court that supports the right to record law enforcement. And federal appellate courts in the First, Third, Fourth, Fifth, Seventh, Eighth, Ninth, Tenth, and Eleventh Circuits have directly upheld this right. EFF has advocated for this right in many amicus briefs.

Federal appellate courts typically frame the right to record law enforcement as the right to record officers exercising their official duties in public. This right extends to private places, too, where the recorder has a legal right to be, such as in their own home. However, if the law enforcement officer is off-duty or is in a private space that you don’t have a right to be in, your right to record the officer may be limited. 

Special Considerations for Recording Audio

The right to record law enforcement unequivocally includes the right to take pictures and record video. There is an added legal wrinkle when recording audio—whether with or without video. Some law enforcement officers have argued that recording audio without their consent violates wiretap laws. Courts have generally rejected this argument. The Seventh Circuit, for example, held that the Illinois wiretap statute violated the First Amendment as applied to audio recording on-duty police.

There are two kinds of wiretaps laws: those that require “all parties” to a conversation to consent to audio recording (12 states), and those that only require “one party” to consent (38 states, the District of Columbia, and the federal statute). Thus, if you’re in a one-party consent state, and you’re involved in an incident with law enforcement (that is, you’re a party to the conversation) and you want to record audio of that interaction, you are the one party consenting to the recording and you don’t also need the law enforcement officer’s consent. If you’re in an all-party consent state, and your cell phone or recording device is in plain view, your open audio recording puts the officer on notice and thus their consent might be implied.

Additionally, wiretap laws in both all-party consent states and one-party consent states typically only prohibit audio recording of private conversations—that is, when the parties to the conversation have a reasonable expectation of privacy. Law enforcement officers exercising their official duties, particularly in public, do not have a reasonable expectation of privacy. Neither do civilians in public places who speak to law enforcement in a manner audible to passersby. Thus, if you’re a bystander, you may legally audio record an officer’s interaction with another person, regardless of whether you’re in a state with an all-party or one-party consent wiretap statute. However, you should take into consideration that ICE arrests may expose the immigration status of the person being arrested or their loved ones. As WITNESS puts it: “[I]t’s important to keep in mind the privacy and dignity of the person being targeted by law enforcement. They may not want to be recorded or have the video shared publicly. When possible, make eye contact or communicate with the person being detained to let them know that you are there to observe and document the cops’ behavior. Always respect their wishes if they ask you to stop filming.” You may also want to consider blurring faces to focus on ICE’s conduct if you publish the video online (while still retaining the original version)

Moreover, whether you may secretly record law enforcement (whether with photos, video or audio) is important to understand, given that officers may retaliate against individuals who openly record them. At least one federal appellate court, the First Circuit, has affirmed the First Amendment right to secretly audio record law enforcement performing their official duties in public. On the other hand, the Ninth Circuit recently upheld Oregon’s law that generally bans secret recordings of in-person conversations without all participants’ consent, and only allows recordings of conversations where police officers are participants if “[t]he recording is made openly and in plain view of the participants in the conversation.” Unless you are within the jurisdiction of the First Circuit (Maine, Massachusetts, New Hampshire, Puerto Rico and Rhode Island), it’s probably best to have your recording device in plain view of police officers.

Do Not Interfere With Law Enforcement

While the weight of legal authority provides that individuals have a First Amendment right to record law enforcement, courts have also stated one important caveat: you may not interfere with officers doing their jobs.

The Seventh Circuit, for example, said, “Nothing we have said here immunizes behavior that obstructs or interferes with effective law enforcement or the protection of public safety.” The court further stated, “While an officer surely cannot issue a ‘move on’ order to a person because he is recording, the police may order bystanders to disperse for reasons related to public safety and order and other legitimate law enforcement needs.”

Transparency is Vital

While a large number of deportations is a constant in the U.S. regardless of who is president or which party is in power, the current administration appears to be intentionally making ICE visible in cities and carrying out flashy raids to sow fear within immigrant communities. Specifically, there are concerns that this administration is targeting people already under government supervision while awaiting their day in court. Bearing witness and documenting the presence and actions of ICE in your communities and neighborhoods is important. You have rights, and one of them is your First Amendment-protected right to film law enforcement officers, including ICE agents.

Just because you have the right, however, does not mean law enforcement will always acknowledge and uphold your right in that moment. Be safe and be alert. If you have reason to think your devices might be seized or you may run the risk of putting yourself under surveillance, make sure to check out our Surveillance Self-Defense guides and our field guide to identifying and understanding the surveillance tools law enforcement may employ.

With reproductive rights under fire across the U.S. and globally, access to accurate abortion information has never been more critical—especially online. 

That’s why reproductive health and rights organizations have turned to online platforms to share essential, sometimes life-saving, guidance and resources. Whether it's how to access information about abortion medication, where to find clinics, or the latest updates on abortion laws, these online spaces have become a lifeline, particularly for those in regions where reproductive freedoms are under siege. But there's a troubling trend making it harder for people to access vital abortion information: social media platforms are increasingly censoring or removing abortion-related content—often without clear justification or policy basis. 

A recent example surfaced last month when a number of Instagram posts by Aid Access, an online abortion services provider, were either blurred out or unable to load entirely. This sparked concerns in the press about how recent content moderation policy changes by Meta, the parent company of Instagram and Facebook, would affect the availability of reproductive health information. The result? Crucial healthcare information gets erased, free expression is stifled, and people are left in the dark about their rights and healthcare options.

This censorship is alarming, and we’re seeing it take place across popular social media platforms like Facebook, Instagram, and TikTok, where abortion-related content is often flagged or removed under vague "community guideline" violations, despite the content being perfectly legal and factual. This lack of transparency leaves organizations, influencers, and individuals in the dark, fueling a wider culture of online censorship that jeopardizes public access to vital healthcare information.

#StopCensoringAbortion: An EFF and Repro Uncensored Collaboration

In response to this growing issue, EFF has partnered with the Repro Uncensored coalition to call attention to instances of reproductive health and abortion content being removed or suppressed by social media platforms. 

We are collecting stories from individuals and organizations who have faced censorship on these platforms to expose the true scale of the issue. Our goal is to demand greater transparency in tech companies' moderation practices and ensure that their actions do not silence critical conversations about reproductive rights. 

We are not simply raising awareness—we are taking action to hold tech companies accountable for their role in censoring free speech around reproductive health. 

Share Your Story

If you or someone you know has had abortion-related content taken down or shadowbanned by a social media platform, your voice is crucial in this fight. By sharing your experience, you’ll be contributing to a larger movement to end censorship and demand that social media platforms stop restricting access to critical reproductive health information. These stories will be instrumental in presenting to the platforms the breadth of this problem, drawing a picture of its impact, and demanding more transparent policies.

If you’re able to spend five minutes reporting your experience, EFF and the rest of the Repro Uncensored coalition will do our best to help: https://www.reprouncensored.org/report-incident 

Even If You Haven’t Been Censored, You Can Still Help!

Not everyone has experienced censorship, but that doesn’t mean you can’t contribute to the cause. You can still help by spreading the word. 

Share the #StopCensoringAbortion campaign on your social media platforms and visit our landing page for more resources and actions. 

Follow Repro Uncensored and EFF on Instagram, and sign up for email updates about this campaign. The more people who are involved, the stronger our collective voice will be.

Together, we can amplify the message that information about reproductive health and rights should never be silenced—whether in the real world or online.

For years now, there has been some concern about the coziness between technology companies and the government. Whether a company complies with casual government requests for data, requires a warrant, or even fights overly-broad warrants has been a canary in the digital coal mine during an era where companies may know more about you than your best friends and families. For example, in 2022, law enforcement served a warrant to Facebook for the messages of a 17-year-old girl—messages that were later used as evidence in a criminal trial that the teenager had received an abortion. In 2023, after a four year wait since announcing its plans, Facebook encrypted its messaging system so that the company no longer had access to the content of those communications.

The privacy of messages and the relationship between companies and the government have real-world consequences. That is why a new era of symbiosis between big tech companies and the U.S. government bodes poorly for both, our hopes that companies will be critical of requests for data, and any chance of tech regulations and consumer privacy legislation. But, this chumminess should also come with a heightened awareness for users: as companies and the government become more entwined through CEO friendships, bureaucratic entanglements, and ideological harmony, we should all be asking what online data is private and what is sitting on a company's servers and accessible to corporate leadership at the drop of hat.

Over many years, EFF has been pushing for users to switch to platforms that understand the value of encrypting data. We have also been pushing platforms to make end-to-end encryption for online communications and for your stored sensitive data the norm. This type of encryption helps ensure that a conversation is private between you and the recipient, and not accessible to the platform that runs it or any other third-parties. Thanks to the combined efforts of our organization and dozens of other concerned groups, tech users, and public officials, we now have a lot of options for applications and platforms that take our privacy more seriously than in previous generations. But, in light of recent political developments it’s time for a refresher course: which platforms and applications have encrypted DMs, and which have access to your sensitive personal communications.

The existence of what a platform calls “end-to-end encryption” is not foolproof. It may be poorly implemented, lack widespread adoption to attract the attention of security researchers, lack the funding to pay for security audits, or use a less well-established encryption protocol that doesn’t have much public scrutiny. It also can’t protect against other sorts of threats, like someone gaining access to your device or screenshotting a conversation. Being caught using certain apps can itself be dangerous in some cases. And it takes more than just a basic implementation to resist a targeted active attack, as opposed to later collection. But it’s still the best way we currently have to ensure our digital conversations are as private as possible. And more than anything, it needs to be something you and the people you speak with will actually use, so features can be an important consideration.

No platform provides a perfect mix of security features for everyone, but understanding the options can help you start figuring out the right choices. When it comes to popular social media platforms, Facebook Messenger uses end-to-end encryption on private chats by default (this feature is optional in group chats on Messenger, and on some of the company’s other offerings, like Instagram). Other companies, like X, offer optional end-to-end encryption, with caveats, such as only being available to users who pay for verification. Then there’s platforms like Snapchat, which have given talks about their end-to-end encryption in the past, but don’t provide further details about its current implementations. Other platforms, like Bluesky, Mastodon, and TikTok, do not offer end-to-end encryption in direct messages, which means those conversations could be accessible to the companies that run the platforms or made available to law enforcement upon request.

As for apps more specifically designed around chat, there are more examples. Signal offers end-to-end encryption for text messages and voice calls by default with no extra setup on your part, and collects less metadata than other options. Metadata can reveal information such as who you are talking with and when, or your location, which in some cases may be all law enforcement needs. WhatsApp is also end-to-end encrypted. Apple’s Messages app is end-to-end encrypted, but only if everyone in the chat has an iPhone (blue bubbles). The same goes for Google Messages, which is end-to-end encrypted as long as everyone has set it up properly, which sometimes happens automatically.

Of course, we have a number of other communication tools at our disposal, like Zoom, Slack, Discord, Telegram, and more. Here, things continue to get complicated, with end-to-end encryption being an optional feature sometimes, like on Zoom or Telegram; available only for specific types of communication, like video and voice calls on Discord but not text conversations; or not being available at all, like with Slack. Many other options exist with varying feature-sets, so it’s always worth doing some research if you find something new. This does not mean you need to avoid these tools entirely, but knowing that your chats may be available to the platform, law enforcement, or an administrator is an important thing to consider when choosing what to say and when to say it. 

And for high-risk users, the story becomes even more complicated. Even on an encrypted platform, users can be subject to targeted machine-in-the middle attacks (also known as man-in-the middle attacks) unless everyone verifies each others’ keys. Most encrypted apps will let you do this manually, but some have started to implement automatic key verification, which is a security win. And encryption doesn’t matter if message backups are uploaded to the company’s servers unencrypted, so it’s important to either choose to not backup messages, or carefully set up encrypted backups on platforms that allow it. This is all before getting into the intricacies of how apps handle deleted and disappearing messages, or whether there’s a risk of being found with an encrypted app in the first place.

CEOs are not the beginning and the end of a company’s culture and concerns—but we should take their commitments and signaled priorities seriously. At a time when some companies may be cozying up to the parts of government with the power to surveil and marginalize, it might be an important choice to move our data and sensitive communications to different platforms. After all, even if you are not at specific risk of being targeted by the government, your removed participation on a platform sends a clear political message about what you value in a company. 

Lawsuit Argues Defendants Violated the Privacy Act by Disclosing Sensitive Data

NEW YORK—EFF and a coalition of privacy defenders led by Lex Lumina filed a lawsuit today asking a federal court to stop the U.S. Office of Personnel Management (OPM) from disclosing millions of Americans’ private, sensitive information to Elon Musk and his “Department of Government Efficiency” (DOGE).

The complaint on behalf of two labor unions and individual current and former government workers across the country, filed in the U.S. District Court for the Southern District of New York, also asks that any data disclosed by OPM to DOGE so far be deleted.

The complaint by EFF, Lex Lumina LLP, State Democracy Defenders Fund, and The Chandra Law Firm argues that OPM and OPM Acting Director Charles Ezell illegally disclosed personnel records to Musk’s DOGE in violation of the federal Privacy Act of 1974. Last week, a federal judge temporarily blocked DOGE from accessing a critical Treasury payment system under a similar lawsuit.

This lawsuit’s plaintiffs are the American Federation of Government Employees AFL-CIO; the Association of Administrative Law Judges, International Federation of Professional and Technical Engineers Judicial Council 1 AFL-CIO; Vanessa Barrow, an employee of the Brooklyn Veterans Affairs Medical Center; George Jones, President of AFGE Local 2094 and a former employee of VA New York Harbor Healthcare; Deborah Toussant, a former federal employee; and Does 1-100, representing additional current or former federal workers or contractors.

As the federal government is the nation’s largest employer, the records held by OPM represent one of the largest collections of sensitive personal data in the country. In addition to personally identifiable information such as names, social security numbers, and demographic data, these records include work information like salaries and union activities; personal health records and information regarding life insurance and health benefits; financial information like death benefit designations and savings programs; and nondisclosure agreements; and information concerning family members and other third parties referenced in background checks and health records. OPM holds these records for tens of millions Americans, including current and former federal workers and those who have applied for federal jobs. OPM has a history of privacy violations—an OPM breach in 2015 exposed the personal information of 22.1 million people—and its recent actions make its systems less secure. 

With few exceptions, the Privacy Act limits the disclosure of federally maintained sensitive records on individuals without the consent of the individuals whose data is being shared. It protects all Americans from harms caused by government stockpiling of our personal data. This law was enacted in 1974, the last time Congress acted to limit the data collection and surveillance powers of an out-of-control President.

“The Privacy Act makes it unlawful for OPM Defendants to hand over access to OPM’s millions of personnel records to DOGE Defendants, who lack a lawful and legitimate need for such access,” the complaint says. “No exception to the Privacy Act covers DOGE Defendants’ access to records held by OPM. OPM Defendants’ action granting DOGE Defendants full, continuing, and ongoing access to OPM’s systems and files for an unspecified period means that tens of millions of federal-government employees, retirees, contractors, job applicants, and impacted family members and other third parties have no assurance that their information will receive the protection that federal law affords.” 

For more than 30 years, EFF has been a fierce advocate for digital privacy rights. In that time, EFF has been at the forefront of exposing government surveillance and invasions of privacy—such as forcing the release of hundreds of pages of documents about domestic surveillance under the Patriot Act—and enforcing existing privacy laws to protect ordinary Americans—such as in its ongoing lawsuit against Sacramento's public utility company for sharing customer data with police. 

For the complaint: https://www.eff.org/document/afge-v-opm-complaint

For more about the litigation: https://www.eff.org/deeplinks/2025/02/eff-sues-doge-and-office-personnel-management-halt-ransacking-federal-data

Contacts:
Electronic Frontier Foundation: press@eff.org
Lex Lumina LLP: Managing Partner Rhett Millsaps, rhett@lex-lumina.com

Congress has begun debating the TAKE IT DOWN Act (S. 146), a bill that seeks to speed up the removal of a troubling type of online content: non-consensual intimate imagery, or NCII. In recent years, concerns have also grown about the use of digital tools to alter or create such images, sometimes called deepfakes.

While protecting victims of these heinous privacy invasions is a legitimate goal, good intentions alone are not enough to make good policy. As currently drafted, the TAKE IT DOWN Act mandates a notice-and-takedown system that threatens free expression, user privacy, and due process, without addressing the problem it claims to solve.

The Bill Will Lead To Overreach and Censorship

TAKE IT DOWN mandates that websites and other online services remove flagged content within 48 hours and requires “reasonable efforts” to identify and remove known copies. Although this provision is designed to allow NCII victims to remove this harmful content, its broad definitions and lack of safeguards will likely lead to people misusing the notice-and-takedown system to remove lawful speech.

The takedown provision applies to a much broader category of content—potentially any images involving intimate or sexual content—than the narrower NCII definitions found elsewhere in the bill. The takedown provision also lacks critical safeguards against frivolous or bad-faith takedown requests. Lawful content—including satire, journalism, and political speech—could be wrongly censored. The legislation’s tight time frame requires that apps and websites remove content within 48 hours, meaning that online service providers, particularly smaller ones, will have to comply so quickly to avoid legal risk that they won’t be able to verify claims. Instead, automated filters will be used to catch duplicates, but these systems are infamous for flagging legal content, from fair-use commentary to news reporting.

TAKE IT DOWN creates a far broader internet censorship regime than the Digital Millennium Copyright Act (DMCA), which has been widely abused to censor legitimate speech. But at least the DMCA has an anti-abuse provision and protects services from copyright claims should they comply. TAKE IT DOWN contains none of those minimal speech protections and essentially greenlights misuse of its takedown regime.

TAKE IT DOWN Threatens Encrypted Services

The online services that do the best job of protecting user privacy could also be under threat from Take It Down. While the bill exempts email services, it does not provide clear exemptions for private messaging apps, cloud storage, and other end-to-end encrypted (E2EE) services. Services that use end-to-end encryption, by design, are not able to access or view unencrypted user content.

How could such services comply with the takedown requests mandated in this bill? Platforms may respond by abandoning encryption entirely in order to be able to monitor content—turning private conversations into surveilled spaces.

In fact, victims of NCII often rely on encryption for safety—to communicate with advocates they trust, store evidence, or escape abusive situations. The bill’s failure to protect encrypted communications could harm the very people it claims to help.

Victims Of NCII Have Legal Options Under Existing Law

An array of criminal and civil laws already exist to address NCII. In addition to 48 states that have specific laws criminalizing the distribution of non-consensual pornography, there are defamation, harassment, and extortion statutes that can all be wielded against people abusing NCII. Since 2022, NCII victims have also been able to bring federal civil lawsuits against those who spread this harmful content.

As we explained in 2018:

If a deepfake is used for criminal purposes, then criminal laws will apply. If a deepfake is used to pressure someone to pay money to have it suppressed or destroyed, extortion laws would apply. For any situations in which deepfakes were used to harass, harassment laws apply. There is no need to make new, specific laws about deepfakes in either of these situations.

In many cases, civil claims could also be brought against those distributing the images under causes of action like False Light invasion of privacy. False light claims commonly address photo manipulation, embellishment, and distortion, as well as deceptive uses of non-manipulated photos for illustrative purposes.

A false light plaintiff (such as a person harmed by NCII) must prove that a defendant (such as a person who uploaded NCII) published something that gives a false or misleading impression of the plaintiff in such a way to damage the plaintiff’s reputation or cause them great offense

Congress should focus on enforcing and improving these existing protections, rather than opting for a broad takedown regime that is bound to be abused. Private platforms can play a part as well, improving reporting and evidence collection systems. 

EFF and a coalition of privacy defenders have filed a lawsuit today asking a federal court to block Elon Musk’s Department of Government Efficiency (DOGE) from accessing the private information of millions of Americans that is stored by the Office of Personnel Management (OPM), and to delete any data that has been collected or removed from databases thus far. The lawsuit also names OPM, and asks the court to block OPM from sharing further data with DOGE.

The Plaintiffs who have stepped forward to bring this lawsuit include individual federal employees as well as multiple employee unions, including the American Federation of Government Employees and the Association of Administrative Law Judges.

This brazen ransacking of Americans’ sensitive data is unheard of in scale. With our co-counsel Lex Lumina, State Democracy Defenders Fund, and the Chandra Law Firm, we represent current and former federal employees whose privacy has been violated. We are asking the court for a temporary restraining order to immediately cease this dangerous and illegal intrusion. This massive trove of information includes private demographic data and work histories of essentially all current and former federal employees and contractors as well as federal job applicants. Access is restricted by the federal Privacy Act of 1974. Last week, a federal judge temporarily blocked DOGE from accessing a critical Treasury payment system under a similar lawsuit. 

The mishandling of this information could lead to such significant and varied abuses that they are impossible to detail. 

What’s in OPM’s Databases?

The data housed by OPM is extraordinarily sensitive for several reasons. The federal government is the nation’s largest employer, and OPM’s records are one of the largest, if not the largest, collection of employee data in the country. In addition to personally identifiable information such as names, social security numbers, and demographics, it includes work experience, union activities, salaries, performance, and demotions; health information like life insurance and health benefits; financial information like death benefit designations and savings programs; and classified information nondisclosure agreements. It holds records for millions of federal workers and millions more Americans who have applied for federal jobs. 

The mishandling of this information could lead to such significant and varied abuses that they are impossible to detail. On its own, DOGE’s unchecked access puts the safety of all federal employees at risk of everything from privacy violations to political pressure to blackmail to targeted attacks. Last year, Elon Musk publicly disclosed the names of specific government employees whose jobs he claimed he would cut before he had access to the system. He has also targeted at least one former employee of Twitter. With unrestricted access to OPM data, and with his ownership of the social media platform X, federal employees are at serious risk.

And that’s just the danger from disclosure of the data on individuals. OPM’s records could give an overview of various functions of entire government agencies and branches. Regardless of intention, the law makes it clear that this data is carefully protected and cannot be shared indiscriminately.

In late January, OPM reportedly sent about two million federal employees its "Fork in the Road" form email introducing a “deferred resignation” program. This is a visible way in which the data could be used; OPMs databases contain the email addresses for every federal employee. 

How the Privacy Act Protects Americans’ Data

Under the Privacy Act of 1974, disclosure of government records about individuals generally requires the written consent of the individual whose data is being shared, with few exceptions. 

Congress passed the Privacy Act in response to a crisis of confidence in the government as a result of scandals including Watergate and the FBI’s Counter Intelligence Program (COINTELPRO). The Privacy Act, like the Foreign Intelligence Surveillance Act of 1978, was  created at a time when the government was compiling massive databases of records on ordinary citizens and had minimal restrictions on sharing them, often with erroneous  information and in some cases for retaliatory purposes. 

These protections were created the last time Congress rose to the occasion of limiting the surveillance powers of an out-of-control President.

Congress was also concerned with the potential for abuse presented by the increasing use of electronic records and the use of identifiers such as social security numbers, both of which made it easier to combine individual records housed by various agencies and to share that information. In addition to protecting our private data from disclosure to others, the Privacy Act, along with the Freedom of Information Act, also allows us to find out what information is stored about us by the government. The Privacy Act includes a private right of action, giving ordinary people the right to decide for themselves whether to bring a lawsuit to enforce their statutory privacy rights, rather than relying on government agencies or officials.

It is no coincidence that these protections were created the last time Congress rose to the occasion of limiting the surveillance powers of an out-of-control President. That was fifty years ago; the potential impact of leaking this government information, representing the private lives of millions, is now even more serious. DOGE and OPM are violating Americans’ most fundamental privacy rights at an almost unheard-of scale. 

OPM’s Data Has Been Under Assault Before

Ten years ago, OPM announced that it had been the target of two data breaches. Over twenty-million security clearance records—information on anyone who had undergone a federal employment background check, including their relatives and references—were reportedly stolen by state-sponsored attackers working for the Chinese government. At the time, it was considered one of the most potentially damaging breaches in government history. 

DOGE employees likely have access to significantly more data than this. Just as an example, the OPM databases also include personal information for anyone who applied to a federal job through USAJobs.gov—24.5 million people last year. Make no mistake: this is, in many ways, a worse breach than what occurred in 2014. DOGE has access to ten more years of data; it likely includes what was breached before, as well as significantly more sensitive data. (This is not to mention that while DOGE has access to these databases, they reportedly have the ability to not only export records, but to add them, modify them, or delete them.) Every day that DOGE maintains its current level of access, more risks mount. 

EFF Fights for Privacy

EFF has fought to protect privacy for nearly thirty-five years at the local, state, and federal level, as well as around the world. 

We have been at the forefront of exposing government surveillance and invasions of privacy: In 2006, we sued AT&T on behalf of its customers for violating privacy law by collaborating with the NSA in the massive, illegal program to wiretap and data-mine Americans’ communications. We also filed suit against the NSA in 2008; both cases arose from surveillance that the U.S. government initiated in the aftermath of 9/11. In addition to leading or serving as co-counsel in lawsuits, such as in our ongoing case against Sacramento's public utility company for sharing customer data with police, EFF has filed amicus briefs in hundreds of cases to protect privacy, free speech, and creativity.

EFF’s fight for privacy spans advocacy and technology, as well: Our free browser extension, Privacy Badger, protects millions of individuals from invasive spying by third-party advertisers. Another browser extension, HTTPS Everywhere, alongside Certbot, a tool that makes it easy to install free HTTPS certificates for websites, helped secure the web, which has now largely switched from non-secure HTTP to the more secure HTTPS protocol. 

EFF is glad to join the brigade of lawsuits to protect this critical information. 

EFF also fights to improve privacy protections by advancing strong laws, such as the California Electronic Communications Privacy Act (CalECPA) in 2015, which requires state law enforcement to get a warrant before they can access electronic information about who we are, where we go, who we know, and what we do. We also have a long, successful history of pushing companies, as well, to protect user privacy, from Apple to Amazon. 

What’s Next

The question is not “what happens if this data falls into the wrong hands.” The data has already fallen into the wrong hands, according to the law, and it must be safeguarded immediately. Violations of Americans’ privacy have played out across multiple agencies, without oversight or safeguards, and EFF is glad to join the brigade of lawsuits to protect this critical information. Our case is fairly simple: OPM’s data is extraordinarily sensitive, OPM gave it to DOGE, and this violates the Privacy Act. We are asking the court to block any further data sharing and to demand that DOGE immediately destroy any and all copies of downloaded material. 

You can view the press release for this case here.

Related Cases: American Federation of Government Employees v. U.S. Office of Personnel Management

Digital security training can feel overwhelming, and not everyone will have access to new apps, new devices, and new tools. There also isn't one single system of digital security training, and we can't know the security plans of everyone we communicate with—some people might have concerns about payment processors preventing them from obtaining fees for their online work, whilst others might be concerned about doxxing or safely communicating sensitive medical information. 

This is why good privacy decisions begin with proper knowledge about your situation and a community-oriented approach. To start, explore the following questions together with your friends and family, organizing groups, and others:

1. What do we want to protect? This might include sensitive messages, intimate images, or information about where protests are organized.
2. Who do we want to protect it from? For example, law enforcement or stalkers. 
3. How much trouble are we willing to go through to try to prevent potential consequences? After all, convincing everyone to pivot to a different app when they like their current service might be tricky! 
4. Who are our allies? Besides those who are collaborating with you throughout this process, it’s a good idea to identify others who are on your side. Because they’re likely to share the same threats you do, they can be a part of your protection plans. 

This might seem like a big task, so here are a few essentials:

Use Secure Messaging Services for Every Communication 

Private communication is a fundamental human right. In the online world, the best tool we have to defend this right is end-to-end encryption, ensuring that only the sender and recipient of any communication have access to the content. But this protection does not reach its full potential without others joining you in communicating on these platforms. 

Of the most common messaging apps, Signal provides the most extensive privacy protections through its use of end-to-end encryption, and is available for download across the globe. But we know it might not always be possible to encourage everyone in your network to transition away from their current services. There are alternatives, though. WhatsApp, one of the most popular communication platforms in the world, uses end-to-end encryption, but collects more metadata than Signal. Facebook Messenger now also provides end-to-end encryption by default in one-on-one direct messages. 

Specific privacy concerns remain with group chats. Facebook Messenger has not enabled end-to-end encryption for chats that include more than two people, and popular platforms like Slack and Discord similarly do not provide these protections. These services may appear more user-friendly in accommodating large numbers, but in the absence of real privacy protections, make sure you consider what is being communicated on these sites and use alternative messaging services when talking about sensitive topics.

As a service's user base gets larger and more diverse, it's less likely that simply downloading and using it will indicate anything about a particular user's activities. For example, the more people use Signal, the less those seeking reproductive health care or coordinating a protest would stand out by downloading it. So beyond protecting just your communications, you’re building up a user base that can protect others who use encrypted, secure services and give them the shield of a crowd. 

It also protects your messages from being available for law enforcement should they request it from the platforms you use. In choosing a platform that protects our privacy, we create a space from safety and authenticity away from government and corporate surveillance.  

For example, prosecutors in Nebraska used messages sent via Facebook Messenger (prior to the platform enabling end-to-end encryption by default) as evidence to charge a mother with three felonies and two misdemeanors for assisting her daughter with an abortion. Given that someone known to the family reported the incident to law enforcement, it’s unlikely using an end-to-end encrypted service would have prevented the arrest entirely, but it would have prevented the contents of personal messages turned over by Meta from being used as evidence in the case. 

Beyond this, it's important to know the privacy limitations of the platforms you communicate on. For example, while a secure messaging app might prevent government and corporate eavesdroppers from snooping on conversations, that doesn't stop someone you're communicating with from taking screenshots, or the government from attempting to compel you (or your contact) to turn over your messages yourselves. Secure messaging apps also don't protect when someone gets physical access to an unlocked phone with all those messages on it, which is why you may want to consider enabling disappearing message features for certain conversations.

Consider The Content You Post On Social Media 

We’re all interconnected in this digital age. Even without everyone having access to their own personal device or the internet, it is pretty difficult to completely opt out of the online. One person’s decision to upload a picture to a social media platform may impact another person without the second even knowing it, such as an association with a movement or a topic that you don’t want to be public knowledge. 

Talk with your friends about the potentially sensitive data you reveal about each other online. Even if you don’t have a social media account, or if you untag yourself from posts, friends can still unintentionally identify you, report your location, and make their connections to you public. This works in the offline world too, such as sharing precautions with organizers and fellow protesters when going to a demonstration, and discussing ahead of time how you can safely document and post the event online without exposing those in attendance to harm.

It’s important to carefully consider the tradeoffs between publicity and privacy when it comes to social media. If you’re promoting something important that needs greater reach, it may be more worth posting to the more popular platforms that undermine user privacy. To do so, it’s vital that you compartmentalize your personal information (registration credentials, post attribution, friends list, etc) away from these accounts.

If you are organising online or conversing on potentially sensitive issues, choose platforms that limit the amount of information collected and tracking undertaken. We know this is not always possible—perhaps people cannot access different applications, or might not have interest in downloading or using a different service. In this scenario, think about how you can protect your community on the platform you currently engage on. For example, if you currently use Facebook for organizing, work with others to keep your Facebook groups as private and secure as Facebook allows.

Think About Cloud Servers as Other People’s Computers  

For our online world to function, corporations use online servers (often referred to as the cloud) to store the mass amounts of data collected from our devices. When we back up our content to these cloud services, corporations may run automated tools to check the content being stored, including scanning all our messages, pictures, and videos. The best case scenario in the event of a false flag is that your account is temporarily blocked, but worst case could see your entire account deleted and/or legal action initiated for perceivably illegal content. 

For example, in 2021 a father took pictures of son’s groin area and sent these to a health care provider’s messaging service. Days later, his Google account was disabled because the photos constituted a “a severe violation of Google’s policies and might be illegal,” with an attached link flagging “child sexual abuse and exploitation” as one of the possible reasons. Despite the photos being taken for medical purposes, Google refused to reinstate the account, meaning that the father lost access to years of emails, pictures, account login details, and more. In a similar case, a father in Houston took photos of his child’s infected intimate parts to send to his wife via Google’s chat feature. Google refused to reinstate this account, too.

The adage goes, “there are no clouds, just other peoples’ computers.” It’s true! As countless discoveries over the years have revealed, the information you share on Slack at work is on Slack's computers and made accessible to your employer. So why not take extra care to choose whose computers you’re trusting with sensitive information? 

If it makes sense to back up your data onto encrypted thumb drives or limited cloud services that provide options for end-to-end encryption, then so be it. What’s most important is that you follow through with backing it up. And regularly!

Assign Team Roles

Adopting all of these best practices can be daunting, we get it. Every community is made up of people with different strengths, so with some consideration you can make smart decisions about who does what for the collective privacy and security. Once these tasks are broken down into smaller, more easily done tasks, it’s easier for a group to accomplish together. As familiarity with these tasks grows, you’ll realize you’re developing a team of experts, and after some time, you can teach each other.

Create Incident Response Plans

Developing a plan for if or when something bad happens is a good practice for anyone, but especially a community of people who face increased risk. Since many threats are social in nature, such as doxxing or networked harassment, it’s important to strategize with your allies around what to do in the event of such things happening. Doing so before an incident occurs is much easier than when you’re presently facing a crisis.

Only you and your allies can decide what belongs on such a plan, but some strategies might be: 

• Isolating the impacted areas, such as shutting down social media accounts and turning off affected devices
• Notifying others who may be affected
• Switching communications to a predetermined more secure alternative
• Noting behaviors of suspected threats and documenting these 
• Outsourcing tasks to someone further from the affected circle who is already aware of this potential responsibility.

Everyone's security plans and situations will always be different, which is why we often say that security and privacy are a state of mind, not a purchase. But the first step is always taking a look at your community and figuring out what's needed and how to get everyone else on board.

Most of the internet’s blessings—the opportunities for communities to connect despite physical borders and oppressive controls, the avenues to hold the powerful accountable without immediate censorship, the sharing of our hopes and frustrations with loved ones and strangers alike—tend to come at a price. Governments, corporations, and bad actors too often use our content for surveillance, exploitation, discrimination, and harm.

It’s easy to dismiss these issues because you don’t think they concern you. It might also feel like the whole system is too pervasive to actively opt-out of. But we can take small steps to better protect our own privacy, as well as to build an online space that feels as free and safe as speaking with those closest to us in the offline world.

This is why a community-oriented approach helps. In speaking with your friends and family, organizing groups, and others to discuss your specific needs and interests, you can build out digital security practices that work for you. This makes it more likely that your privacy practices will become second nature to you and your contacts.  

Good privacy decisions begin with proper knowledge about your situation—and we’ve got you covered. To learn more about building a community privacy plan, read our ‘how to’ guide here, where we talk you through the topics below in more detail: 

Using Secure Messaging Services For Every Communication 

At some point, we all need to send a message that’s safe from prying eyes, so the chances of these apps becoming the default for sensitive communications is much higher if we use these platforms for all communications. On an even simpler level, it also means that messages and images sent to family and friends in group chats will be safe from being viewed by automated and human scans on services like Telegram and Facebook Messenger. 

Consider The Content You Post On Social Media 

Our decision to send messages, take pictures, and interact with online content has a real offline impact, and whilst we cannot control for every circumstance, we can think about how our social media behaviour impacts those closest to us, as well as those in our proximity. 

Think About Cloud Servers as Other People’s Computers  

When we backup our content to online cloud services, corporations may run automated tools to check the content being stored, including scanning all our messages, pictures, and videos. Whilst we might think we don't have anything to hide, these tools scan without context, and what might be an innocent picture to you may be flagged as harmful or illegal by a corporation's service. So why not take extra care to choose whose computers you’re entrusting with sensitive information. 

Assign Team Roles

Once these privacy tasks are broken down into smaller, more easily done projects, it’s much easier for a group to accomplish together. 

Create Incident Response Plans

Since many threats are social in nature, such as doxxing or networked harassment, it’s important to strategize with your allies what to do in such circumstances. Doing so before an incident occurs is much easier than on the fly when you’re already facing a crisis.

To dig in deeper, continue reading in our blog post Building a Community Privacy Plan here.