The EFF does not blindly take the stance that "anything should be allowed as long as you do it with a computer". Their input here is very reasonable, and in standing with their principles.
The EFF does not blindly take the stance that "anything should be allowed as long as you do it with a computer". Their input here is very reasonable, and in standing with their principles.
The novel thing for EFF here, as I see it, isn't the idea that some uses of computers are illegal. Rather, it's the suggestion that tech companies have a duty to police or restrict users' use of their technology.
When I worked at EFF we argued in about 20 different contexts that tech companies are not responsible for user activity even if they know that some of it is unlawful in some way, and that tech companies do not have a duty to restrict users in order to deter some kind of unlawful behavior.
We said that about copyright infringement (again and again and again, including before the Supreme Court in MGM v. Grokster), about counterfeiting, about housing discrimination, about distribution of existing child porn, about manufacture of weapons, about evading law enforcement surveillance, and about every kind of tort in content moderation (the intermediaries do not have a duty to prevent people from publishing content that civilly harms others). Oh, also money laundering with cryptocurrency mixer code. And prostitution.
In every case EFF's position was that there might be unlawful ways to use technology but the technology developer or operator didn't have a duty to prevent or discourage it, or to design the technology to prevent or discourage it, or to help the government or private parties catch people doing something unlawful.
I know there are several different legal doctrines in play there and some of them may have limitations in terms of actual knowledge (although EFF usually also argued for defining this narrowly!), so maybe one could argue that if Grok obtains actual knowledge of some improper use that it might have a duty to prevent that use in that case. But it would have been historically exceptional for EFF to say that there was a general duty to design technology to deter or detect any form of unlawful use.
There may also be a distinction in several of the relevant legal doctrines between inventing a technology (or making it available to others to use themselves on their own devices) versus hosting it on a cloud service, where the operator has more knowledge and more control than in other settings. EFF still historically preferred in basically every case to try to minimize the technology creator's or operator's liability for what users did.
How is EFF asking to police or restrict users use of technology? The only thing they seem to be asking here is for X to continue to generate reports in how they use (or misuse) PII.
The concerns on Grok seem pretty specific: to not take for granted that it doesn’t introduce problems with how Twitter handles user data, not what users can do with it.
From the article:
“These sweeping assurances that corporate restructuring led to a fundamental change in X’s policy and practices around user data should be met with a healthy dose of skepticism, given evidence to the contrary. For example, the company’s quiet rollout integrated its AI model Grok with the platform in 2024, trained (without meaningful consent) on X user data. The company was also subject to a massive data breach in 2025.”
Nothing about groks capabilities or what users are allowed to ask it.
There is some clear disapproval of Grok's capabilities in the end of the second section:
> X Corp.’s flagship product since its identity change—a generative AI model called Grok—has created shocking amounts of child sexual abuse material (“CSAM”) and other nonconsensual sexual imagery. X Corp.’s generation of CSAM and other nonconsensual imagery was so egregious that it sparked several investigations and lawsuits, including by a bipartisan coalition of 35 state attorneys general and international law enforcement.
I guess it is complicated by the context that the letter goes on to claim that these capabilities were partly enabled by misuse of personal data (the underlying issue before the FTC here), which leaves open some possibility that EFF would agree that X should not be liable for users' use of Grok if it had been created by some other means.
EFF has, on multiple occasions, specifically defended Kiwifarms, a site which unabashedly exists to turn people into hate-celebrities, with some members having kept "kill counts" of harrassed targets who committed suicide. The site is also known for spreading absurd false accusations, which has at least as much negative impact as AI revenge porn.
The EFF is not consistent in its principles. It has partisan bias. However, it can still be worth situationally supporting for certain causes.
When they oppose AB1043 (California parental controls act) it seems like they are taking that stance, that the government must not regulate computers because they are computers. What's different about the Grok situation?