For the last three years, EFF has greeted the holiday season by publishing a list of things we'd like to see happen in the coming year. Sometimes these are actions we'd like to see taken by companies, and sometimes our wishes are aimed at governments, but we also include actions everyday people can take to advance our digital civil liberties. This year has seen great progress in areas such as transparency reports and encrypting digital communications. We want to build on that progress in 2015.
Here are some of the things we're wishing for this holiday:
- News organizations and individual journalists should make it easy to securely accept documents from anonymous sources by setting up their own instances of SecureDrop.
- President Obama should stand up for the privacy rights of people all over the world and amend Executive Order 12333 to prohibit mass surveillance. Most people have never heard of it, but Executive Order 12333 is "the primary authority under which the country’s intelligence agencies conduct the majority of their operations." So while the U.S. Congress is considering bills to curtail mass telephone surveillance, the NSA’s primary surveillance authority will be left unchallenged. Let's change that in 2015.
- Congress should pass meaningful reform to the Computer Fraud and Abuse Act and the Electronic Communications Privacy Act.
- Companies that provide digital communications services should enable real end-to-end encryption for users, without backdoors for law enforcement--we're looking at you Verizon! There have been some great steps in this direction already, but we want to see a race to the top.
- Websites should honor Do Not Track.
- Facebook should follow the lead of Google+ and drop its harmful "real names" policy.
- Congress should defend users and refuse to put secret trade agreements, like the Trans-Pacific Partnership (TPP) agreement, on the fast track to ratification. Deals like TPP include provisions that threaten digital rights for Internet users everywhere in the name of intellectual property protection.
- US policymakers should strongly advocate for the benefits of a flexible fair use system. When they are involved in international policymaking, they should propose safeguards for users to counteract extreme copyright restrictions. They should start by supporting a legally binding treaty for copyright exceptions and limitations for libraries and archives.
- All Internet sites should adopt cryptographic best practices for every connection, every time, including PFS, STARTTLS, HSTS, and encrypted traffic between data centers.
- Companies should offer clear guidelines and a path for the disclosure of vulnerabilities that will not get security researchers sued.
- The NSA and the Office of the Director of National Intelligence should disclose its Vulnerability Equities Process. All that they've told us so far is that this process is used to determine whether to disclose software security flaws known as "zero days" or to keep them secret for their own use, but we've had to file a FOIA lawsuit to get the details.