Friday, March 27, 2015

OpenStack 03/27/2015 (p.m.)


Posted from Diigo. The rest of Open Web group favorite links are here.

Wednesday, March 25, 2015

OpenStack 03/25/2015 (p.m.)

  • Free for personal use. I haven't tried this yet, but the need for it has been near the top of my head since I first tried Dropbox and then realized how insecure it was. I tried a lot of sync services, but am now using Wuala, which features end-to-end encryption baked into the client software. But I also use MEGAsync for remote backup so I'[ll probably be trying this out with that service. I hope there's a way to sync the two programs.

    Tags: cloud, security, end-to-end-encryption

  • Tags: automated-propaganda, social-media-bots

    • NATO has announced that it is launching an “information war” against Russia.

      The UK publicly announced a battalion of keyboard warriors to spread disinformation.

      It’s well-documented that the West has long used false propaganda to sway public opinion.

      Western military and intelligence services manipulate social media to counter criticism of Western policies.

      Such manipulation includes flooding social media with comments supporting the government and large corporations, using armies of sock puppets, i.e. fake social media identities. See this, this, this, this and this.

      In 2013, the American Congress repealed the formal ban against the deployment of propaganda against U.S. citizens living on American soil. So there’s even less to constrain propaganda than before.

    • Some of the propaganda is spread by software programs.

      We pointed out 6 years ago that people were writing scripts to censor hard-hitting information from social media.

      One of America’s top cyber-propagandists – former high-level military information officer Joel Harding – wrote in December:

      I was in a discussion today about information being used in social media as a possible weapon.  The people I was talking with have a tool which scrapes social media sites, gauges their sentiment and gives the user the opportunity to automatically generate a persuasive response. Their tool is called a “Social Networking Influence Engine”.

      ***

      The implications seem to be profound for the information environment.

      ***

      The people who own this tool are in the civilian world and don’t even remotely touch the defense sector, so getting approval from the US Department of State might not even occur to them.

    • How Can This Real?

      Gizmodo reported in 2010:

      Software developer Nigel Leck got tired rehashing the same 140-character arguments against climate change deniers, so he programmed a bot that does the work for him. With citations!

      Leck’s bot, @AI_AGW, doesn’t just respond to arguments directed at Leck himself, it goes out and picks fights. Every five minutes it trawls Twitter for terms and phrases that commonly crop up in Tweets that refute human-caused climate change. It then searches its database of hundreds to find a counter-argument best suited for that tweet—usually a quick statement and a link to a scientific source.

      As can be the case with these sorts of things, many of the deniers don’t know they’ve been targeted by a robot and engage AI_AGW in debate. The bot will continue to fire back canned responses that best fit the interlocutor’s line of debate—Leck says this goes on for days, in some cases—and the bot’s been outfitted with a number of responses on the topic of religion, where the arguments unsurprisingly often end up.

      Technology has come a long way in the past 5 years. So if a lone programmer could do this 5 years ago, imagine what he could do now.

      And the big players have a lot more resources at their disposal than a lone climate activist/software developer does.  For example, a government expert told the Washington Post that the government “quite literally can watch your ideas form as you type” (and see this).  So if the lone programmer is doing it, it’s not unreasonable to assume that the big boys are widely doing it.

    • How Effective Are Automated Comments?

      Unfortunately, this is more effective than you might assume …

      Specifically, scientists have shown that name-calling and swearing breaks down people’s ability to think rationally … and intentionally sowing discord and posting junk comments to push down insightful comments  are common propaganda techniques.

      Indeed, an automated program need not even be that sophisticated … it can copy a couple of words from the main post or a comment, and then spew back one or more radioactive labels such as “terrorist”, “commie”, “Russia-lover”, “wimp”, “fascist”, “loser”, “traitor”, “conspiratard”, etc.

      Given that Harding and his compadres consider anyone who questions any U.S. policies as an enemy of the state  – as does the Obama administration (and see this) – many honest, patriotic writers and commenters may be targeted for automated propaganda comments.


Posted from Diigo. The rest of Open Web group favorite links are here.

Tuesday, March 24, 2015

OpenStack 03/25/2015 (a.m.)

  • Tags: surveillance state, PCLOB, comment-request, EO12333

    • As announced at the Privacy and Civil Liberties Oversight Board's (PCLOB) public meeting on July 23, 2014, the PCLOB is examining counterterrorism activities conducted under the Executive Order pertaining to the United States Intelligence Activities and their implications for privacy and civil liberties. As such, the PCLOB seeks public input to inform the Board's examination of activities conducted under the Executive Order.
    • Written comments may be submitted at any time prior to the closing of the comment period at 11:59 p.m. Eastern Standard Time (EST) on June 16, 2015.

Posted from Diigo. The rest of Open Web group favorite links are here.

Monday, March 23, 2015

OpenStack 03/24/2015 (a.m.)

  • I read the legislation. It's as bad for privacy as described in the aritcle. And its drafting is incredibly sloppy.

    Tags: surveillance state, legislation, CISA

    • When the Senate Intelligence Committee passed the Cybersecurity Information Sharing Act by a vote of 14 to 1, committee chairman Senator Richard Burr argued that it successfully balanced security and privacy. Fifteen new amendments to the bill, he said, were designed to protect internet users’ personal information while enabling new ways for companies and federal agencies to coordinate responses to cyberattacks. But critics within the security and privacy communities still have two fundamental problems with the legislation: First, they say, the proposed cybersecurity act won’t actually boost security. And second, the “information sharing” it describes sounds more than ever like a backchannel for surveillance.
    • On Tuesday the bill’s authors released the full, updated text of the CISA legislation passed last week, and critics say the changes have done little to assuage their fears about wanton sharing of Americans’ private data. In fact, legal analysts say the changes actually widen the backdoor leading from private firms to intelligence agencies. “It’s a complete failure to strengthen the privacy protections of the bill,” says Robyn Greene, a policy lawyer for the Open Technology Institute, which joined a coalition of dozens of non-profits and cybersecurity experts criticizing the bill in an open letter earlier this month. “None of the [privacy-related] points we raised in our coalition letter to the committee was effectively addressed.” The central concern of that letter was how the same data sharing meant to bolster cybersecurity for companies and the government opens massive surveillance loopholes. The bill, as worded, lets a private company share with the Department of Homeland Security any information construed as a cybersecurity threat “notwithstanding any other provision of law.” That means CISA trumps privacy laws like the Electronic Communication Privacy Act of 1986 and the Privacy Act of 1974, which restrict eavesdropping and sharing of users’ communications. And once the DHS obtains the information, it would automatically be shared with the NSA, the Department of Defense (including Cyber Command), and the Office of the Director of National Intelligence.
    • In a statement posted to his website yesterday, Senator Burr wrote that “Information sharing is purely voluntary and companies can only share cyber-threat information and the government may only use shared data for cybersecurity purposes.” But in fact, the bill’s data sharing isn’t limited to cybersecurity “threat indicators”—warnings of incoming hacker attacks, which is the central data CISA is meant to disseminate among companies and three-letter agencies. OTI’s Greene says it also gives companies a mandate to share with the government any data related to imminent terrorist attacks, weapons of mass destruction, or even other information related to violent crimes like robbery and carjacking. 
    • The latest update to the bill tacks on yet another kind of information, anything related to impending “serious economic harm.” All of those vague terms, Greene argues, widen the pipe of data that companies can send the government, expanding CISA into a surveillance system for the intelligence community and domestic law enforcement.

      If information-sharing legislation does not include adequate privacy protections, then...It’s a surveillance bill by another name. Senator Ron Wyden

    • “CISA goes far beyond [cybersecurity], and permits law enforcement to use information it receives for investigations and prosecutions of a wide range of crimes involving any level of physical force,” reads the letter from the coalition opposing CISA. “The lack of use limitations creates yet another loophole for law enforcement to conduct backdoor searches on Americans—including searches of digital communications that would otherwise require law enforcement to obtain a warrant based on probable cause. This undermines Fourth Amendment protections and constitutional principles.”

Posted from Diigo. The rest of Open Web group favorite links are here.

Thursday, March 19, 2015

OpenStack 03/20/2015 (a.m.)

  • Tags: censorship-crimes, web-site-blocking, terrorism™, civil liberties, discrimination, War-on-Muslims

    • Forcibly taking down websites deemed to be supportive of terrorism, or criminalizing speech deemed to “advocate” terrorism, is a major trend in both Europe and the West generally. Last month in Brussels, the European Union’s counter-terrorism coordinator issued a memo proclaiming that “Europe is facing an unprecedented, diverse and serious terrorist threat,” and argued that increased state control over the Internet is crucial to combating it.

      The memo noted that “the EU and its Member States have developed several initiatives related to countering radicalisation and terrorism on the Internet,” yet argued that more must be done. It argued that the focus should be on “working with the main players in the Internet industry [a]s the best way to limit the circulation of terrorist material online.” It specifically hailed the tactics of the U.K. Counter-Terrorism Internet Referral Unit (CTIRU), which has succeeded in causing the removal of large amounts of material it deems “extremist”:

    • In addition to recommending the dissemination of “counter-narratives” by governments, the memo also urged EU member states to “examine the legal and technical possibilities to remove illegal content.”

      Exploiting terrorism fears to control speech has been a common practice in the West since 9/11, but it is becoming increasingly popular even in countries that have experienced exceedingly few attacks. A new extremist bill advocated by the right-wing Harper government in Canada (also supported by Liberal Party leader Justin Trudeau even as he recognizes its dangers) would create new crimes for “advocating terrorism”; specifically: “every person who, by communicating statements, knowingly advocates or promotes the commission of terrorism offences in general” would be a guilty and can be sent to prison for five years for each offense.

      In justifying the new proposal, the Canadian government admits that “under the current criminal law, it is [already] a crime to counsel or actively encourage others to commit a specific terrorism offence.” This new proposal is about criminalizing ideas and opinions. In the government’s words, it “prohibits the intentional advocacy or promotion of terrorism, knowing or reckless as to whether it would result in terrorism.”

    • If someone argues that continuous Western violence and interference in the Muslim world for decades justifies violence being returned to the West, or even advocates that governments arm various insurgents considered by some to be “terrorists,” such speech could easily be viewed as constituting a crime.

      To calm concerns, Canadian authorities point out that “the proposed new offence is similar to one recently enacted by Australia, that prohibits advocating a terrorist act or the commission of a terrorism offence-all while being reckless as to whether another person will engage in this kind of activity.” Indeed, Australia enacted a new law late last year that indisputably targets political speech and ideas, as well as criminalizing journalism considered threatening by the government.

      Punishing people for their speech deemed extremist or dangerous has been a vibrant practice in both the U.K. and U.S. for some time now, as I detailed (coincidentally) just a couple days before free speech marches broke out in the West after the Charlie Hebdo attacks. Those criminalization-of-speech attacks overwhelmingly target Muslims, and have resulted in the punishment of such classic free speech activities as posting anti-war commentary on Facebook, tweeting links to “extremist” videos, translating and posting “radicalizing” videos to the Internet, writing scholarly articles in defense of Palestinian groups and expressing harsh criticism of Israel, and even including a Hezbollah channel in a cable package.

    • Beyond the technical issues, trying to legislate ideas out of existence is a fool’s game: those sufficiently determined will always find ways to make themselves heard. Indeed, as U.S. pop star Barbra Streisand famously learned, attempts to suppress ideas usually result in the greatest publicity possible for their advocates and/or elevate them by turning fringe ideas into martyrs for free speech (I have zero doubt that all five of the targeted sites enjoyed among their highest traffic dates ever today as a result of the French targeting).

      But the comical futility of these efforts is exceeded by their profound dangers. Who wants governments to be able to unilaterally block websites? Isn’t the exercise of this website-blocking power what has long been cited as reasons we should regard the Bad Countries — such as China and Iran — as tyrannies (which also usually cite “counterterrorism” to justify their censorship efforts)?

    • s those and countless other examples prove, the concepts of “extremism” and “radicalizing” (like “terrorism” itself) are incredibly vague and elastic, and in the hands of those who wield power, almost always expand far beyond what you think it should mean (plotting to blow up innocent people) to mean: anyone who disseminates ideas that are threatening to the exercise of our power. That’s why powers justified in the name of combating “radicalism” or “extremism” are invariably — not often or usually, but invariably — applied to activists, dissidents, protesters and those who challenge prevailing orthodoxies and power centers.

      My arguments for distrusting governments to exercise powers of censorship are set forth here (in the context of a prior attempt by a different French minister to control the content of Twitter). In sum, far more damage has been inflicted historically by efforts to censor and criminalize political ideas than by the kind of “terrorism” these governments are invoking to justify these censorship powers.

      And whatever else may be true, few things are more inimical to, or threatening of, Internet freedom than allowing functionaries inside governments to unilaterally block websites from functioning on the ground that the ideas those sites advocate are objectionable or “dangerous.” That’s every bit as true when the censors are in Paris, London, and Ottawa, and Washington as when they are in Tehran, Moscow or Beijing.


Posted from Diigo. The rest of Open Web group favorite links are here.

OpenStack 03/19/2015 (p.m.)


Posted from Diigo. The rest of Open Web group favorite links are here.

Tuesday, March 17, 2015

OpenStack 03/18/2015 (a.m.)

  • Tags: U.S.-foreign-policy, trade agreements, TPP, secrecy, Congress

    • US Trade Representative Michael Froman is drawing fire from Congressional Democrats for the Obama adminstration’s continued imposition of secrecy surrounding the Trans-Pacific Parternship. (Photo: AP file)

      Democratic lawmaker says tightly-controlled briefings on Trans-Pacific Partnership deal are aimed at keeping US constituents ignorant about what’s at stake

      Lawmakers in Congress who remain wary of the Trans-Pacific Partnership (TPP) trade agreement are raising further objections this week to the degree of secrecy surrounding briefings on the deal, with some arguing that the main reason at least one meeting has been registered “classified” is to help keep the American public ignorant about giveaways to corporate interests and its long-term implications.

    • Among its other critics, Sen. Elizabeth Warren has slammed the idea of ISDS provisions as a surrender of democratic ideals to corporate interests. According to Warren, ISDS would simply “tilt the playing field in the United States further in favor of big multinational corporations.” By having unchallenged input on secretive TPP talks, Warren argued last month, these large companies and financial interests “are increasingly realizing this is an opportunity to gut U.S. regulations they don’t like.”

      According to Grayson, putting Wednesday’s ISDS briefing in a classified setting “is part of a multi-year campaign of deception and destruction. Why do we classify information? It’s to keep sensitive information out of the hands of foreign governments. In this case, foreign governments already have this information. They’re the people the administration is negotiating with. The only purpose of classifying this information is to keep it from the American people.”

    • “I’m not happy about it,” Rep. Alan Grayson (D-Fla.) told the Huffington Post, referring to the briefing with Froman and Labor Secretary Thomas Perez on Wednesday. The meeting—focused on the section of the TPP that deals with the controversial ‘Investor-State Dispute Settlement’ (ISDS) mechanism—has been labeled “classified,” so that lawmakers and any of their staff who attend will be barred, under threat of punishment, of revealing what they learn with constituents or outside experts.

      According to the Huffington Post:

      ISDS has been part of U.S. free trade agreements since NAFTA was signed into law in 1993, and has become a particularly popular tool for multinational firms over the past few years.

      But while the topic remains controversial, particularly with Democrats, many critics of the administration emphasize that applying national security-style restrictions on such information is an abuse of the classified information system. An additional meeting earlier on Wednesday on currency manipulation with Froman and Treasury Secretary Jack Lew is not classified.

    • As The Hill reports:

      Members will be allowed to attend the briefing on the proposed trade pact with 12 Latin American and Asian countries with one staff member who possesses an “active Secret-level or high clearance” compliant with House security rules. Rep. Rosa DeLauro (D-Conn.) told The Hill that the administration is being “needlessly secretive.”

      “Even now, when they are finally beginning to share details of the proposed deal with members of Congress, they are denying us the ability to consult with our staff or discuss details of the agreement with experts,” DeLauro told The Hill.

      Rep. Lloyd Doggett (D-Texas) condemned the classified briefing.

      “Making it classified further ensures that, even if we accidentally learn something, we cannot share it. What is [Froman]working so hard to hide? What is the specific legal basis for all this senseless secrecy?” Doggett said to The Hill.

      “Open trade should begin with open access,” Doggett said. “Members expected to vote on trade deals should be able to read the unredacted negotiating text.”


Posted from Diigo. The rest of Open Web group favorite links are here.

Sunday, March 15, 2015

OpenStack 03/15/2015 (p.m.)

  • Tags: no_tag

    • The NSA and Britain's GCHQ hacked the world's biggest SIM card maker to harvest the encryption keys needed to silently and effortlessly eavesdrop on potentially millions of people.

      That's according to documents obtained by surveillance whistleblower Edward Snowden and leaked to the web on Thursday.

      "Wow. This is huge – it's one of the most significant findings of the Snowden files so far," computer security guru Bruce Schneier told The Register this afternoon.

      "We always knew that they would occasionally steal SIM keys. But all of them? The odds that they just attacked this one firm are extraordinarily low and we know the NSA does like to steal keys where it can."

      The damning slides, published by Snowden's chums at The Intercept, detail the activities of the as-yet unheard-of Mobile Handset Exploitation Team (MHET), run by the US and UK. The group targeted Gemalto, which churns out about two billion SIM cards each year for use around the world, and targeted it in an operation dubbed DAPINO GAMMA.

    • Gemalto's hacking may also bring into question some of its other security products as well. The company supplies chips for electronic passports issued by the US, Singapore, India, and many European states, and is also involved in the NFC and mobile banking sector.

      It's important to note that this is useful for tracking the phone activity of a target, but the mobile user can still use encryption on the handset itself to ensure that some communications remain private.

      "Ironically one of your best defenses against a hijacked SIM is to use software encryption," Jon Callas, CTO of encrypted chat biz Silent Circle told The Register. "In our case there's a TCP/IP cloud between Alice and Bob and that can deal with compromised routers along the path as well as SIM issues, and the same applies to similar mobile software."

    • On Wednesday the UK government admitted that its intelligence agencies had in fact broken the ECHR when spying on communications between lawyers and those suing the British state, so GCHQ might want to reconsider that statement.
  • If you follow the "November" link you'[l learn that yes, indeed, the UK government lawyers were happily getting the content of their adversaries privileged attorney-client communications. Conspicuously, the promises of reform make no mention of what is surely a disbarment offense in the U.S. I doubt that it's different in the UK. Discovery rules of procedure strictly limit how parties may obtain information from the other side. Wiretapping the other side's lawyers is not a permitted from of discovery. Hopefully, at least the government lawyers in the case in which the misbehavior was discovered have been referred for disciplinary action.  

    Tags: surveillance state, GCHQ, MI5, lawyer-client-communications

    • The British government has admitted that its practice of spying on confidential communications between lawyers and their clients was a breach of the European Convention on Human Rights (ECHR).

      Details of the controversial snooping emerged in November: lawyers suing Blighty over its rendition of two Libyan families to be tortured by the late and unlamented Gaddafi regime claimed Her Majesty's own lawyers seemed to have access to the defense team's emails.

      The families' briefs asked for a probe by the secretive Investigatory Powers Tribunal (IPT), a move that led to Wednesday's admission.

      "The concession the government has made today relates to the agencies' policies and procedures governing the handling of legally privileged communications and whether they are compatible with the ECHR," a government spokesman said in a statement to the media, via the Press Association.

      "In view of recent IPT judgments, we acknowledge that the policies applied since 2010 have not fully met the requirements of the ECHR, specifically Article 8. This includes a requirement that safeguards are made sufficiently public."

    • The guidelines revealed by the investigation showed that MI5 – which handles the UK's domestic security – had free reign to spy on highly private and sensitive lawyer-client conversations between April 2011 and January 2014.

      MI6, which handles foreign intelligence, had no rules on the matter either until 2011, and even those were considered void if "extremists" were involved. Britain's answer to the NSA, GCHQ, had rules against such spying, but they too were relaxed in 2011.

      "By allowing the intelligence agencies free rein to spy on communications between lawyers and their clients, the Government has endangered the fundamental British right to a fair trial," said Cori Crider, a director at the non-profit Reprieve and one of the lawyers for the Libyan families.

      "For too long, the security services have been allowed to snoop on those bringing cases against them when they speak to their lawyers. In doing so, they have violated a right that is centuries old in British common law. Today they have finally admitted they have been acting unlawfully for years."

    • Crider said it now seemed probable that UK snoopers had been listening in on the communications over the Libyan case. The British government hasn't admitted guilt, but it has at least acknowledged that it was doing something wrong – sort of.

      "It does not mean that there was any deliberate wrongdoing on the part of the security and intelligence agencies, which have always taken their obligation to protect legally privileged material extremely seriously," the government spokesman said.

      "Nor does it mean that any of the agencies' activities have prejudiced or in any way resulted in an abuse of process in any civil or criminal proceedings. The agencies will now work with the independent Interception of Communications Commissioner to ensure their policies satisfy all of the UK's human rights obligations."

      So that's all right, then.


Posted from Diigo. The rest of Open Web group favorite links are here.