In an era where political and corporate leaders are attacking the free press as “the enemy of the people,” it’s crucial that we recognize the truth: journalists every day are uncovering stories that protect our rights and hold those in power accountable. Meanwhile, as the media landscape shrinks, non-profits are also stepping in to carry the load. Here are some of the investigative bombshells that we read, re-read, and shared this year. (And a big thank you to our friends and supporters on Twitter who helped us remember all the great scoops from 2018.)

Give Me My Data

Engadget reporters undertook a massive task to find out who controls your online data:

A team of nine Engadget reporters in London, Paris, New York and San Francisco filed more than 150 subject access requests—in other words, requests for personal data—to more than 30 popular tech companies, ranging from social networks to dating apps to streaming services. We reached out before May 25th—when previous laws for data access existed in the EU—as well as after, to see how procedures might have changed.

The result was one of the most comprehensive examinations of the state of play of consumer privacy across the major platforms.

Georgia On My Fender

One of the nation's most ubiquitous surveillance technologies—automated license plate readers (ALPR)—proliferate in the Peach State. Following in the footsteps of EFF’s research in California, reporters from different Atlanta media outlets teamed up to generate the first comprehensive portrait of ALPR data collection across the state. They filed numerous public records requests with jurisdictions deploying the technology, including obtaining two days worth of data from the Georgia Department of Public Safety. They created maps of how and where this data was collected and generated a visualization showing how one car can be tracked in near real-time over the course of a single data.

Fake Friends on Facebook

EFF has long raised concerns with the practice of law enforcement officials creating fake profiles to infiltrate private groups on social media sites such as Facebook. This year saw incredible reporting on this epidemic, most notable from The Appeal, which revealed how Memphis Police Department created a “Bob Smith” profile to spy on Black Lives Matter activists. This lead EFF to successfully pressure Facebook to send MPD a cease and desist letter and update its online guidelines for law enforcement. Meanwhile, NBC News also probed the issue nationwide, while Gizmodo filed public records requests around the country to gauge how departments are writing policies for these types of covert investigations.

Propaganda Bonanza

Visit EFF’s offices and you’ll be amused to find printouts of vintage National Security Agency posters taped to the walls (particularly in the restroom). These propaganda artifacts were obtained and released by GovernmentAttic.org, a transparency organization that does incredible work.

The NSA Just Released 136 Historical Propaganda Posters - Motherboard

Facing Down Amazon

The American Civil Liberties Union kicked off multiple national and local news cycles—and energized an internal worker resistance—when it revealed through public records that Amazon was providing real-time face recognition (“Rekognition”) technology to local police departments. Documents obtained by the ACLU detailed how the program "can identify, track, and analyze people in real time and recognize up to 100 people in a single image" and "quickly scan information it collects against databases featuring tens of millions of faces."

EFF called for Amazon to stop providing its technology to law enforcement to power surveillance. We also called on technology companies to adopt a "Know Your Customer" program and for employees as those companies to advocate for implementing these programs to protect against future corporate involvement in these sorts of government efforts.

Scooping the Messenger

In August, Reuters published a bombshell in the battle over encryption: the U.S. Department of Justice was trying to force Facebook to break its Messenger encryption in a sealed court case. As Dan Levine and Joseph Menn reported:

The potential impact of the judge’s coming ruling is unclear. If the government prevails in the Facebook Messenger case, it could make similar arguments to force companies to rewrite other popular encrypted services such as Signal and Facebook’s billion-user WhatsApp, which include both voice and text functions, some legal experts said.

In November, EFF, the ACLU, and Riana Pfefferkorn of Stanford Law School’s Center for Internet and Society teamed up to file a petition asking the court to release all court orders and related materials in the case.

FBI Exaggerations

Speaking of encryption: for years, FBI and Justice Department officials have pursued backdoors into the crucial technology that keeps our communications safe. They complain about the problem of “Going Dark,” the idea that encryption prevents them from investigating communications and devices. But it turns out that the FBI egregiously exaggerated in Congressional testimony. As The Washington Post’s Devlin Barrett reported:

The FBI has repeatedly provided grossly inflated statistics to Congress and the public about the extent of problems posed by encrypted cellphones, claiming investigators were locked out of nearly 7,800 devices connected to crimes last year when the correct number was much smaller, probably between 1,000 and 2,000, The Washington Post has learned… The FBI first became aware of the miscount about a month ago and still does not have an accurate count of how many encrypted phones they received as part of criminal investigations last year, officials said. Last week, one internal estimate put the correct number of locked phones at 1,200, though officials expect that number to change as they launch a new audit, which could take weeks to complete, according to people familiar with the work.

In May, EFF filed a Freedom of Information Act request with the FBI to get to the bottom of this misinformation, and we currently working our way through the tedious FOIA process.

FBI Repeatedly Overstated Encryption Threat Figures to Congress, Public - The Washington Post

Silicon Valley Scandals

It’s been a year of huge scoops revealing how Facebook, Google, and other Silicon Valley companies have routinely failed to protect the privacy of their users (or actively violated it). In fact, we’ve had so many tabs open that we can’t adequately capture them all. However, here are a few that really stuck out:

Other Excellent Pieces from 2018

Still looking for more to read? Here are a few more pieces that we highly recommend:

This article is part of our Year in Review series. Read other articles about the fight for digital rights in 2018.

DONATE TO EFF

Like what you're reading? Support digital freedom defense today!