日中韓自由貿易協定(FTA)交渉の第10 回交渉会合(局長/局次長会合)が開催されます
「活力あふれる『ビンテージ・ソサエティ』の実現に向けて」(研究会報告書)をとりまとめました
自動走行との連携が期待される、地図情報に関する国際規格が発行されました
東京電力株式会社の会社分割について、電気事業法に基づき認可しました
"We Want Texans to Know Their Rights": Q&A with Mayday Health on the Impact of Surveillance on Abortion Care
Last May, EFF reported that a sheriff’s office in Texas searched data from more than 83,000 automated license plate reader (ALPR) cameras to track down a woman suspected of self-managing an abortion. ALPRs are promoted as tools for keeping communities safe by finding missing persons and locating stolen vehicles, but this case showed how ALPRS can be weaponized to investigate people’s private healthcare decisions. And these aren’t the only tools in the surveillance arsenal: others include location tracking tools like Locate X, which can show a person’s visit to an abortion clinic, or search histories which might be used as evidence of a person’s interest in obtaining abortion pills. Taken together, these tools create a dangerous surveillance pipeline that threatens everyone’s health privacy.
Too often, though, the public is unaware of the threat, and one nonprofit is working to change that. Following EFF and 404 Media’s report on Texas’s use of Flock cameras, eye-catching billboards popped up in Houston, warning drivers that if they’re pregnant, the state of Texas could be tracking them.
Photo provided by Mayday Health
These billboards came from Mayday Health, a nonprofit dedicated to sharing information about abortion pills, birth control, and gender-affirming care. We spoke with Leo Raisner, Executive Director of Mayday Health, about the billboards to learn more about the campaign and organization and to discuss how surveillance affects reproductive freedom.
***
THOMAS: Why did Mayday Health start this campaign in Texas?
RAISNER: Well, we read the incredible reporting coming from EFF about Texas's surveillance. We want Texans to know their rights, to know their options, and to know that there are organizations and people who have their back. So we decided to put up a few billboards around the Houston area to remind people that they still have options.
Digital advertising in the space, as I know you're well aware of, faces enormous platform restrictions from Meta and Google, whereas billboards reach people in the physical world without algorithmic gatekeeping and without requiring anyone to search for information. So at the very least, if a driver's passing by the billboard, we’re spreading information that they should be careful that they might be surveilled, and also there are different options. There's a website where they can come learn more about those options.
THOMAS: And how have the billboards been received so far? Have you heard anything from folks in the Houston area yet?
RAISNER: Yeah, we've heard some messages of support on social media DMs. We're just thrilled about how many drivers these messages are going to reach. They'll be up for 4 weeks, and are expected to hit over 1,000,000 drivers during that 4-week campaign period.
THOMAS: Are there other ways that Mayday Health has seen surveillance systems impact people seeking healthcare?
RAISNER: You know, we go all over the country and talk to folks who are seeking reproductive healthcare options in states where clinics are banned, and we direct folks to our website where they can learn more about abortion pills. We make privacy very central to how we operate. Privacy is not just an afterthought for us. When people arrive at our website, we direct them to the Digital Defense Fund, which offers people privacy and security resources as they're navigating reproductive healthcare in states where they might be being surveilled. We don't collect cookies, we don't collect identifying information from visitors to our site. We want people to know their options, and we don't have any interest in knowing who they are.
THOMAS: Why do you think the work of the digital rights movement is so important to the work of the reproductive health rights and justice movement?
RAISNER: I mean, those two movements are inextricably linked. The anti-abortion movement is using every tool in their toolbox to prevent people from getting the healthcare access they need, whether that's surveilling people online or closing down brick-and-mortar clinics, but we encourage people to visit Mayday Health and learn that they still have options no matter where they live.
THOMAS: Is there anything else that you would like the readers of our blog to know about Mayday Health?
RAISNER: I'd love for people to know that abortion pills are FDA approved. They're safe, they're effective, and they're available through the mail.
***
EFF has said it time and time again – surveillance and reproductive freedom cannot coexist. Whether the tracking occurs over the internet or through license plate reader systems with over 83,000 cameras, it is an invasion of privacy. Protecting our digital privacy is more critical now than ever. Help EFF fight back against this digital dragnet and protect reproductive freedom for all by making a donation.
The House Passed The KIDS Act—The Senate Should Reject It
Last week, the House voted on the KIDS Act, a disjointed package of legislation that seeks to control Americans’ web browsing and private messaging. The package combines a revised version of the Kids Online Safety Act (KOSA), with several other internet bills, study bills, reporting requirements, and new regulations. Different parts of the bill pressure online services to impose different age-gating schemes, using different standards. EFF opposed this bill, along with many of our members and supporters.
Tell Congress: no internet age-gates
The bill passed the House, 267-117. It now heads to the Senate, where its fate remains uncertain. But this fight is not over. Even if you took our earlier action to contact the House, we need you to reach out to your Senators today.
The KIDS Act Will Lead to Mandatory Age ChecksMany of the bills in the KIDS Act share the same premise: that children and teenagers should have different experiences online than adults. In practice, that requires websites and apps to determine who is under 18—and who isn’t. That’s where the problems with the KIDS Act start.
EFF certainly supports giving all users better privacy and safety tools online. But those protections should not, and do not need to, come at the expense of privacy or free expression. Unfortunately, that’s exactly the tradeoff the KIDS Act makes.
There is no way to determine a user’s age online that is both privacy protective and accurate. Some age verification processes may rely on collecting government-issued ID, while others may use biometric scans. Others will use algorithms to guess a user’s age based on facial images or online behavior. But no matter the method, every system demands users hand over sensitive personal information that links their offline identity to their online activity. And then, once that valuable data is collected, it can be leaked, hacked, or misused. In fact, we’ve already seen several breaches of age verification providers.
The Bill Still Regulates Online SpeechThe revised KOSA language within the KIDS Act still pressures companies to police lawful speech online. Platforms must “establish, implement, maintain, and enforce” policies that address content like gambling or the use of alcohol or cannabis. This encourages platforms to broadly restrict speech on these topics, which could include a teen seeking advice on a parent’s gambling problem or searching for substance abuse recovery resources. When platforms are required to create and enforce content moderation policies that regulators can sue them over, they will often err on the side of deleting speech.
Protect Privacy For EveryoneThere is a better way to protect young people online. Instead of encouraging a complicated system of age checks, more monitoring, and more restrictions on access to information, Congress could finally pass a strong, comprehensive privacy law that benefits all users. A great place to start would be to ban behavioral advertising that tracks us across the web—again, for users of all ages.
We urge the Senate to oppose the KIDS Act and instead focus on a strong, bipartisan privacy package for all users.
European Commission Chooses to Keep EU Users Locked Up Behind Big Tech’s Gates
Users are always seeking more control over their social networking experience to make it better, whether to improve privacy or enhance flexibility. Interoperability between social networking platforms like Facebook and TikTok has so many benefits that solve those issues.
Say you’re on multiple platforms because you have friends you follow on different networks, but you’ve decided to choose one platform with better privacy practices. With interoperability, you could switch and still interact with friends who remain on larger platforms. It could also enable independent apps with better privacy controls and more user choice. These are the untapped possibilities that could benefit users in the European Union under the 2022 Digital Markets Act (DMA).
Yet, the European Commission, in its first review of the DMA, announced in April it had decided not to extend the DMA’s interoperability mandate to social networking and didn’t give a deadline or a timeline for enforcing that part of the Act. The Commission said “there is no clear demand” from users and businesses for social networking interoperability and, in any case, it’s too technically complex at the moment. Meanwhile, the Big Tech platforms that have been slow-walking interoperability over the last two years, erecting a myriad of hurdles for users seeking more freedom to choose other platforms, get a pass.
This is a huge disappointment and a missed opportunity by the Commission. Interoperability dismantles one of the biggest barriers faced by users who want to leave the tech giants’ platforms: the choice between changing to a platform you prefer or staying behind on a platform where all your friends, communities, and customers are.
The DMA, which went into force in 2024, aims to foster more choices for European Union users and encourage competition and innovation by forcing so-called gatekeeper platforms like Meta, Apple, and Google, to open their ecosystems to competitors. The regulation does a great deal to foster the integration of competing services and devices with the ecosystems of very large online platforms that act as gatekeepers. It even requires interoperability for messaging services, despite the significant technical and privacy challenges involved.
So, it’s odd that the Commission is using complexity as a shield against taking on social networking interoperability. The internet already runs on complex interoperable systems. Approaches like ActivityPub, the decentralized networking protocol behind the “Fediverse,” which gave rise to decentralized networks like Mastodon, already exist. The DMA shouldn’t mandate a specific protocol, but it can require meaningful interoperability outcomes.
The argument that there’s no real demand for social networking interoperability also falls flat. Users want the ability to move across platforms, choose the content they’d like to see from platforms, and not be tied down to a single platform. But there’s no way to get there—the platforms are doing little to open their social networking ecosystems. And now you have the DMA’s enforcer saying it’s not going to make them change. Demand for alternatives won’t materialize at scale until users see real progress towards interoperability, something the Commission has the power to do.
Having decided there’s little demand and too much complexity to proceed with mandating social networking interoperability, the Commission said it “will continue to monitor and assess how these services evolve.” This wait-and-see-posture only hurts users and strengthens and further entrenches Big Tech incumbents.
The DMA is supposed to center on the rights of technology users and be the pathway to an internet experience where you decide which software runs on your devices, where it’s easy to find the best products and services, and where you can leave a platform for a better one without forfeiting your social relationships.
Meanwhile, Big Tech is also resisting the DMA’s openness requirements. For example, Apple is supposed to be opening up iOS devices to rival app stores. Yet, the smartphone giant’s plan for opening its App Store levies junk fees and onerous conditions on app makers and is effectively impossible for any competitor to use.
It’s not just Apple pushing back against DMA enforcement. Meta's response is a “pay for privacy “system, in which users who do not consent to Meta’s surveillance will have to pay to use the service, or be blocked from it. Whether their plan complies with the DMA remains under review.
Nowhere in the DMA does it say social networking companies get to install a toll booth for users seeking to benefit from privacy rights the regulation grants them. The future EU Digital Fairness Act is another opportunity to protect users from such practices by declaring them unfair.
The Commission has responded to these developments with investigations, preliminary rulings, and fines. Meanwhile, users are missing out on greater choice and flexibility in how they communicate and connect online.
【沖縄リポート】陸自無人機訓練 住民が止めた=本部町島ぐるみ会議・M
Google's New Remote Attestation Scheme is As Bad As Its Old One
Google owes its existence to the open web, but today, its technological “innovations” have much to do with locking users into a “walled garden.” The latest of these is “reCAPTCHA Mobile Verification,” an experimental initiative that will let companies block users if they are running independent, "de-googled" versions of Android. These “indie Android” versions are favored by people who want to protect their privacy and their attention by blocking trackers and ads. Worse, this is just the latest in a line of similarly user-hostile measures.
Long before “agentic AI,” we had the idea that software would act as your agent on the internet. That's why the old-fashioned technical term for a browser is a “user agent.” Your browser acts on your behalf to retrieve information and then show it to you, in the format you choose. It's your agent.
This is a powerful and profound idea. It is because browsers are our “agents” that we expect them to accept our directives, say, by blocking pop-ups, or by turning off autoplay sound, or by blocking commercial surveillance trackers.
Your browser does all that because your browser works for you. The reason your browser can work for you is that the web is an open, standardized technology. In theory, anyone who follows the standards published by the World Wide Web Consortium (W3C) can make a browser, and that web browser can connect to any web server. Browsers and servers are interoperable. It's the same force that means you can put anyone's gas in your gas-tank, or anyone's shoelaces in your shoes, or anyone's milk on your cereal.
But what if manufacturers could dictate those choices to you? What if your light socket refused to use a lightbulb unless it was officially blessed by the socket's manufacturer? What if your dishwasher refused to wash your dishes unless you bought them from one of the manufacturer's “dish partners?” What if your toaster refused to toast “unauthorized bread?”
It's hard to see how a company could win its market with this strategy. After all, if the dishes are really better than the competition's, you'd buy them voluntarily, without any need for law or technology to force the matter. The only reason to make a dishwasher that refuses a rival's dishes is if the manufacturer's own dishes are ugly, expensive, and/or badly made.
But once a company owns the market—once they've achieved dominance by buying out their rivals; by bribing potential competitors to stay out of their lane; and by engaging in deceptive conduct to trap key suppliers and customers—they can cement their dominance by blocking interoperability, keeping out rival dishes, milk, gas, lightbulbs, shoelaces and bread, capturing their whole market and squeezing it.
That's what Google has done, and that's what Google wants to do more of Google's commercial behavior has been so unethical, deceptive and abusive that the company just lost three federal antitrust cases. This thrice-convicted monopolist paid Apple—more than $20b/year— to stay out of the search market: It cheated app vendors, ripping them off with sky-high junk fees and onerous conditions that raised prices while lowering the share of your spending that went to the companies whose products you were paying for. It cheated advertisers, rigging the ad market to gouge businesses on ad prices and underinvesting to fight rampant ad-fraud, sucking hundreds of billions out of the productive economy for overpriced ads that no one saw.
Google wasn't always this way. The “don't be evil” company owes its very existence to the open web ecosystem. When the company started to index the web in 1998, it was playing on an open field, where any web server could talk to any “user agent,” even one whose user was a startup like Google, that was making a copy of every page on the server.
For years, Google thrived on the open web, and built open technologies. Android—the mobile operating system that Google bought in 2005 —was presented as an “open” alternative to existing mobile offerings, and as the mobile market collapsed into two companies—Google and Apple—Google always presented Android as the open alternative to Apple's “walled garden.” But there were always ways in which Google's “open” Android wasn't exactly open. The company engaged in illegal “tying” arrangements that forced hardware vendors and carriers to lock out versions of Android that were created by Google's competitors.
In other words, even though Google offered a mobile platform that was (mostly) technically open, it found other ways to try to choke off the market oxygen for alternative Android versions that tried to capitalize on that technical openness.
But life finds a way. The existence of an open, modifiable, tinkerer-friendly mobile operating system meant Android hackers could create alternatives to Google's (de facto) walled garden, which thrived in the cracks in that garden wall. Operating systems like CalyxOS, PureOS and Graphene offered a more private, more secure Android experience, one that was largely “de-Googled,” blocking Google's relentless acquisition of your private data.
And Google's data-hunger is relentless. Android exfiltrates a chunk of your personal and behavioral data every five minutes. The “resting heartbeat” of Android surveillance pulses and pulses, irrespective of whether you're using your device, and the instant you unlock your screen, that heartbeat quickens, sending even more data to the company. All that data has proven irresistible to authoritarian governments. Donald Trump's enforcers have seized on Google data as a vital source of information about the identity of protesters and the location of migrants hunted by ICE.
So there are plenty of reasons why users would seek out these de-Googled alternatives to Android, finding them in spite of Google's efforts to block access to competing technologies. The worse it got, the better those alternatives looked.
Perhaps this explains Google's years-long effort to increase the technical barriers to using modified versions of Android, beefing these up to match the commercial restrictions that stand in the way of a de-Googled existence.
Back in 2023, Google floated the idea of “Web Environment Integrity” (WEI), a set of modifications to web standards that would force your computer to disclose its operating environment to the web servers it connected to, even if you objected to this disclosure.
WEI was a form of “remote attestation.” That's when your device uses a sub-processor (sometimes called a “Technical Protection Module” or “TPM”) or a walled off part of its main processor (sometimes called a “secure enclave”) to produce a cryptographically signed description of your device and its configuration: which hardware, software, plug-ins, and settings you're running.
When you connect to a server, it demands that your device send this “attestation” before it handles your request. If your device won't provide this data, or if the server doesn't like (or recognize) your device and its details, it can refuse to deal with you. And because the attestation is prepared by a TPM or a secure enclave that you can't modify or override, you don't get to decide which facts about your device it's allowed to see.
Practically speaking, this means that remote attestation lets a server refuse to deal with you until you turn off your ad-blocker and your tracker-blocker. It means that the server can discriminate against users who block auto-play sound and video, who block pop-ups, who put the tab in the background when it's playing a mandatory pre-roll ad.
WEI was especially disturbing in light of Google's plan to kill ad-blockers and privacy blockers through updates to Chrome, an effort that continues to this day.
These blockers are an important part of the dynamic between web publishers and their users. In the real world, when you get an offer, you can make a counter-offer. That's all an ad-blocker is: a way for users to respond to a server whose opening bid is, “How about you give me all your data and let me take over your computer in exchange for showing you this page?” with “How about 'Nah?'”
We didn't get rid of pop-up ads by making them illegal, or by boycotting advertisers who used them. We got rid of pop-up ads when web users installed pop-up blockers, which made pop-up ads pointless. Take away our ability to block obnoxious digital content and you guarantee that we will be flooded with it.
These kinds of modifications aren't just used to block ads—they're also key to accessibility. People who have photosensitive epilepsy or suffer from low-contrast vision problems use add-ons to reformat pages so they can safely and legibly access them.
WEI's creators said they were only trying to put the web on a level playing field with apps, which routinely disclose facts about your device to the companies whose servers you connect to, without asking you, and even if you don’t want them to. Apps are a source of bottomless enshittification, not least because (unlike the web), they enjoy special, dangerous legal protections that make it very legally risky to modify them. WEI wasn't an effort to level the playing field between apps and the web—it was a race to the bottom, an attempt to make the web as enshittification-friendly as apps.
Public outrage to WEI killed the project, but Google's commitment to augmenting its illegal commercial lockdown efforts with technical lockdowns never ended. Now, Google has rolled out an experimental “reCAPTCHA Mobile Verification” that uses an app, your camera, and your device's TPM or secure enclave to produce an attestation about your Android device.
This will make it much easier for the apps and other services you interact with to block your device if you run an Android alternative, or if you install a mod that overrides the actions of Google's stock Android.
This is a terrible idea—it's every bit as bad as WEI was. In an age in which Big Tech is ever-more tied to authoritarian governments, redesigning our devices to tell strangers things we don't want them to know isn't just shortsighted, it's inexcusable.