TL; DR: As our use of technology grows, the Electronic Frontier Foundation works to ensure people’s digital rights and freedoms are protected. The donor-funded, non-profit organization boasts more than 25,000 dues-paying members and acts on issues affecting all corners of online privacy, transparency, and innovation. Beyond taking legal action and empowering activists, the EFF creates powerful tools, such as HTTPS Everywhere, Let’s Encrypt, Certbot, and Privacy Badger, to enable individual users to protect themselves online.
After more than 15 years as a web developer and environmental and human rights activist, Bill Budington kept noticing the same problems. Whether it was unpatched hosts or outdated and expired software, many of the non-profits he worked with were highly vulnerable to cyber attacks.
Making matters worse, Bill noticed that many of the organizations weren’t able to invest the resources to follow the best practices for security.
“As much as they’d like to move from some outdated platform to something better, they wouldn’t be able to,” Bill said. “Part of my job was to let them know what some of the larger holes in their security might be and how they can actually protect themselves.”
Bill now combines those passions for activism and technology in his current role as Staff Technologist at the Electronic Frontier Foundation, a non-profit organization that champions and defends people’s rights to privacy and expression online.
Founded in 1990, the EFF influences policies and their enforcement through activism, litigation, development, and education.
Technologists and Lawyers Work Together to Fight for Digital Rights
As new issues arise, teams within the EFF discuss which projects to pursue. The organization employs about 70 people, split fairly equally among lawyers, technologists, and activists, Bill said.
If there is a major concern or a case that might set legal precedence, EFF lawyers will file an amicus (or friend-of-the-court) brief to provide the judge with information or arguments to potentially consider in the ruling.
The EFF and 46 technology experts filed one such brief earlier in 2016 after a federal judge ordered Apple to disable security features of an iPhone connected to the suspect of the 2015 San Bernardino shootings.
“People can be remarkably uninformed or unsure about technology and privacy, so we want to contribute our expertise,” Bill said, adding that EFF technologists commonly advise lawyers on the more nuanced technologies at play.
Within the EFF’s legal team is a civil liberties team that protects citizens from the worst offenses and intrusions.
“Those are the folks that really make sure that when there are abuses happening, either with governments or new products, that something happens,” Bill said. “We may run an activist campaign, or we might take legal action.”
When Edward Snowden revealed the NSA’s surveillance program, the EFF sued the federal agency on multiple constitutional violations. The EFF often files joint litigation with organizations such as the American Civil Liberties Union “when the worst abuses happen,” Bill said.
Beyond private citizens, the EFF’s actions protect coders and researchers who might be sued or pressured by companies that don’t want them to release evidence of a security hole or privacy invasion, for example.
“We have an expert legal team that makes sure that these kinds of abuses are addressed,” Bill said. “We fight for the rights of those doing research or coding tools that will help maintain and build up the security of the Internet at large.”
More than half of the $16 million income the EFF saw in 2015 came from individual donations and matching employer donations, with other revenue coming from legal settlements and an arrangement with charity-focused online store Humble Bundle.
The EFF has a 4-star rating — the highest possible — from the watchdog organization Charity Navigator. More than 75% of the EFF’s expenses are spent on their program, with the remaining going toward fundraising and administrative costs.
Protecting Individual Privacy and Security With a Slew of Software
Think you’re browsing the Internet safely and anonymously? Most people do, according to Bill — and most people are wrong. Panopticlick, which the EFF launched in 2010, is a site that shows users how unique and trackable their browsers are.
To date, more than 84% of browsers tested are uniquely identifiable. If Flash is installed, that number soars to 94%.
“This really drives home the point that users need to take concrete steps to protect their privacy online,” Bill said. “We raise the red flag with Panopticlick to show people, ‘Look how easy it is to track you as you browse the web,’ and then we provide solutions to help you protect yourself.”
Privacy Badger: Block Data-Mining Trackers with Browser Add-On
One such tool is Privacy Badger, a browser add-on that stops advertisers and third-parties from tracking your moves around the Internet.
Privacy Badger aims to give you maximum control over what advertisers can learn about your online behavior. Instead of starting with a list of known targets to block, Privacy Badger adapts as you browse by noting third-party domains that embed images, scripts, and advertising in the pages you visit.
HTTPS Everywhere and Let’s Encrypt: Find and Secure Sites More Often and Easily
The EFF started the push for encrypting web traffic in 2009 with two major programs. Bill helps maintain HTTPS Everywhere, a browser extension used by more than five million people that automatically loads the more secure HTTPS version of websites when one is available.
“Users can be assured they’re using the best security available for that website,” Bill said.
Working with Mozilla, Cisco, Akamai, and the Internet Security Research Group, the EFF also helped create the widely used Let’s Encrypt program that offers free and automated SSL certificates. In only a year of existence, Let’s Encrypt has issued more than 10 million certificates.
Certbot: Automatically Configure HTTPS on Your Server
As if Let’s Encrypt didn’t make SSL certificates easy enough, the EFF developed Certbot to automatically fetch and deploy certificates while configuring your server for HTTPS encryption.
“We’ve really helped the web with this issue of HTTPS being notoriously hard to deploy,” Bill said. “We’ve seen larger sites deploy it, but we’d like to make it easy for smaller sites to have HTTPS. We want HTTPS to be the default across the entire Internet, not the exception.”
EFF Technologists Feel the Love from Developer Community
The technologists appreciate the overwhelmingly positive feedback and gratitude they hear when traveling to conferences. As active developers themselves, Bill said they enjoy engaging with other devs around the world who report bugs or suggest new ideas.
By involving a larger group of people in the fight for Internet security, the EFF looks to grow their voice in global debates about online rights.
“It’s really great to have that feedback and feel the love,” he said. “That relationship with our members, our supporters, and the broader community at large is great when they see new issues pop up.”