Thursday, July 31, 2014

OpenStack 08/01/2014 (a.m.)


Posted from Diigo. The rest of Open Web group favorite links are here.

Thursday, July 24, 2014

OpenStack 07/25/2014 (a.m.)

  • INFORMATION FOR THE WORLD FROM OUTER SPACE Unrestricted, globally accessible, broadcast data. Quality content from all over the Internet. Available to all of humanity. For free. Through satellite data broadcasting, Outernet is able to bypass censorship, ensure privacy, and offer a universally-accessible information service at no cost to global citizens. It's the modern version of shortwave radio, or BitTorrent from space.

    Tags: ISP, satellite broadband, free, no-censorship

    • Right now, only 40% of humanity can connect to the Internet. Even less than that have access to truly free, uncensored Internet. What this represents is an enormous gap in access to information. While the Internet is an amazing communication tool, it is also the largest library ever constructed. It grants access to anything from books, videos, courseware, news, and weather, to open source farm equipment or instructions on how to treat infection or prevent HIV from spreading. #ImagineIf everyone could have that information for free?

      On August 11, 2014, Outernet will make that library available from space for free for the first time. Help us tell the world.

      #ImagineIf everyone had any information they wanted - what would that world look like? What new inventions would be created or diseases cured? What would people read about if their governments no longer deprived them of their right to free information? 

      Soon, we won't have to imagine.
    • Right now, only 40% of humanity can connect to the Internet. Even less than that have access to truly free, uncensored Internet. What this represents is an enormous gap in access to information. While the Internet is an amazing communication tool, it is also the largest library ever constructed. It grants access to anything from books, videos, courseware, news, and weather, to open source farm equipment or instructions on how to treat infection or prevent HIV from spreading. #ImagineIf everyone could have that information for free?

      On August 11, 2014, Outernet will make that library available from space for free for the first time. Help us tell the world.

      #ImagineIf everyone had any information they wanted - what would that world look like? What new inventions would be created or diseases cured? What would people read about if their governments no longer deprived them of their right to free information? 

Posted from Diigo. The rest of Open Web group favorite links are here.

Friday, July 18, 2014

OpenStack 07/18/2014 (p.m.)

  • Tags: surveillance state, NSA, nude-photos, LOVEINT, Snowden

    • Edward Snowden has revealed that he witnessed “numerous instances” of National Security Agency (NSA) employees passing around nude photos that were intercepted “in the course of their daily work.”

      In a 17-minute interview with The Guardian filmed at a Moscow hotel and published on Thursday, the NSA whistleblower addressed numerous points, noting that he could “live with” being sent to the US prison facility at Guantanamo Bay, Cuba. He also again dismissed any notion that he was a Russian spy or agent—calling those allegations “bullshit.”

      If Snowden’s allegations of sexual photo distribution are true, they would be consistent with what the NSA has already reported. In September 2013, in a letter from the NSA’s Inspector General Dr. George Ellard to Sen. Chuck Grassley (R-IA), the agency outlined a handful of instances during which NSA agents admitted that they had spied on their former love interests. This even spawned a nickname within the agency, LOVEINT—a riff on HUMINT (human intelligence) or SIGINT (signals intelligence).

    • “You've got young enlisted guys, 18 to 22 years old,” Snowden said. “They've suddenly been thrust into a position of extraordinary responsibility where they now have access to all of your private records. In the course of their daily work they stumble across something that is completely unrelated to their work in any sort of necessary sense. For example, an intimate nude photo of someone in a sexually compromising position. But they're extremely attractive.

      “So what do they do? They turn around in their chair and show their co-worker. The co-worker says: ‘Hey that's great. Send that to Bill down the way.’ And then Bill sends it to George and George sends it to Tom. And sooner or later this person's whole life has been seen by all of these other people. It's never reported. Nobody ever knows about it because the auditing of these systems is incredibly weak. The fact that your private images, records of your private lives, records of your intimate moments have been taken from your private communications stream from the intended recipient and given to the government without any specific authorization without any specific need is itself a violation of your rights. Why is that in a government database?”

      Then Alan Rusbridger, The Guardian’s editor-in-chief, asked: “You saw instances of that happening?”

      “Yeah,” Snowden responded.

      “Numerous?”

      “It's routine enough, depending on the company that you keep, it could be more or less frequent. These are seen as the fringe benefits of surveillance positions."


Posted from Diigo. The rest of Open Web group favorite links are here.

Thursday, July 17, 2014

OpenStack 07/18/2014 (a.m.)

  • Tags: surveillance state, NSA, blowback, NSA-reform

    • Makes email “scary” in order to disrupt NSA surveillance

      Install

      Visit the Install ScareMail page to setup ScareMail on your preferred browser.

      Introduction

      ScareMail is a web browser extension that makes email “scary” in order to disrupt NSA surveillance. Extending Google’s Gmail, the work adds to every new email’s signature an algorithmically generated narrative containing a collection of probable NSA search terms. This “story” acts as a trap for NSA programs like PRISM and XKeyscore, forcing them to look at nonsense. Each email’s story is unique in an attempt to avoid automated filtering by NSA search systems.

      Demonstration Video

    • Want to grab some ScareMail text without using the browser extension? Use the ScareMail Generator to get all the scary text you want.

Posted from Diigo. The rest of Open Web group favorite links are here.

Wednesday, July 16, 2014

OpenStack 07/16/2014 (p.m.)

  • Tags: surveillance state, GCHQ, dirty-tricks

    • The secretive British spy agency GCHQ has developed covert tools to seed the internet with false information, including the ability to manipulate the results of online polls, artificially inflate pageview counts on web sites, “amplif[y]” sanctioned messages on YouTube, and censor video content judged to be “extremist.” The capabilities, detailed in documents provided by NSA whistleblower Edward Snowden, even include an old standby for pre-adolescent prank callers everywhere: A way to connect two unsuspecting phone users together in a call.
    • he “tools” have been assigned boastful code names. They include invasive methods for online surveillance, as well as some of the very techniques that the U.S. and U.K. have harshly prosecuted young online activists for employing, including “distributed denial of service” attacks and “call bombing.” But they also describe previously unknown tactics for manipulating and distorting online political discourse and disseminating state propaganda, as well as the apparent ability to actively monitor Skype users in real-time—raising further questions about the extent of Microsoft’s cooperation with spy agencies or potential vulnerabilities in its Skype’s encryption. Here’s a list of how JTRIG describes its capabilities:

      • “Change outcome of online polls” (UNDERPASS)

      • “Mass delivery of email messaging to support an Information Operations campaign” (BADGER) and “mass delivery of SMS messages to support an Information Operations campaign” (WARPARTH)

      • “Disruption of video-based websites hosting extremist content through concerted target discovery and content removal.” (SILVERLORD)

    • • “Active skype capability. Provision of real time call records (SkypeOut and SkypetoSkype) and bidirectional instant messaging. Also contact lists.” (MINIATURE HERO)

      • “Find private photographs of targets on Facebook” (SPRING BISHOP)

      • “A tool that will permanently disable a target’s account on their computer” (ANGRY PIRATE)

      • “Ability to artificially increase traffic to a website” (GATEWAY) and “ability to inflate page views on websites” (SLIPSTREAM)

      • “Amplification of a given message, normally video, on popular multimedia websites (Youtube)” (GESTATOR)

      • “Targeted Denial Of Service against Web Servers” (PREDATORS FACE) and “Distributed denial of service using P2P. Built by ICTR, deployed by JTRIG” (ROLLING THUNDER)

    • • “A suite of tools for monitoring target use of the UK auction site eBay (www.ebay.co.uk)” (ELATE)

      • “Ability to spoof any email address and send email under that identity” (CHANGELING)

      • “For connecting two target phone together in a call” (IMPERIAL BARGE)

      While some of the tactics are described as “in development,” JTRIG touts “most” of them as “fully operational, tested and reliable.” It adds: “We only advertise tools here that are either ready to fire or very close to being ready.”


Posted from Diigo. The rest of Open Web group favorite links are here.

Sunday, July 13, 2014

The US Supreme Court delivers some major whup-ass

Marbux has has been following closely the adventures of Über patriot Edward Snowden and his quest to free us from dark NSA overlords.  His latest analysis of Supreme Court rulings is cause for celebration.  First that the nations highest court has stood up for individual liberty and the Constitution.  And second, that it's great to have at the ready a legal beagle expert the likes of Marbux. Thank you Paul.

..................
Hi, Gary,

Riley v. California, 2014 U.S. LEXIS 4497, 59-60 (U.S. June 25, 2014),
<http://www.supremecourt.gov/opinions/13pdf/13-132_8l9c.pdf

>; also at
<http://scholar.google.com/scholar_case?case=8269519941912537264>.

I suggest that you read pages 17-22, subsections 1. and 2. This is the most significant Supreme Court ruling from a civil liberty standpoint in several decades. But they got it right this time. I'd put this one above 8.6 on the Richter Scale, with utter devastation left in wide swaths of Washington, D.C. and surrounding suburbs. Undoubtedly there is a severe shortage of toilet paper in our nation's capitol.

The Riley decision has far more ramifications than searches of cellphones, which as a result of this decision now generally requires a judge-issued warrant based on particularized probable cause, absent exigent circumstances.

It's a straightforward civil libertarian's wet dream by a *unanimous* Supreme Court. The NSA's big case that all of its metadata search activities, the decades-old pen register case of Smith v. Maryland, has been construed narrowly in a way that confines it to the particular facts of its case. Any user-generated metadata in the mix, and it now requires a warrant. The so-called third-party doctrine is no longer with us in the digital age. (I called that one right; Smith would not control our privacy rights in the digital future.)

In subsection 2, they even took care of cloud computing, forcing a concession from the DoJ that a judge-issued warrant is necessary to files stored in the cloud.

And digital data of U.S. residents on computers is now for all practical purposes off-limits to law enforcement and (very likely to NSA) without a warrant or court order.

Digital data is now protected under the Fourth Amendment *because* cellphones are recognized as "minicomputers"(!!) with [i] very high data  storage capacity (defined as 16-64 GB); [ii] that commonly include nearly every private fact of a person's life, complete with history; and [iii] a complete record of a person's communications, photos, videos, contacts, etc. They came very close to saying that if it can be imagined, "there's an app for that". But closed by saying,
"Our answer to the question of what police must do before searching a cell phone seized incident to an arrest is accordingly simple—get a warrant."

This decision does not completely tie the knot to subject NSA to the same restrictions as law enforcement. But the decision is clearly worded as a building block for such a holding in a later case. Two cases are now pending appeal in the Second and D.C. Circuits Courts of Appeals involving NSA telephone metadata. In the D.C. Circuit (Klayman case), the district court had declined to follow Smith v. Maryland and held that the NSA's FISA orders were no good; that the metadata collection required a judicial warrant. In the other case (ACLU case) the district court had held the precise opposite, that Smith v. Maryland was controlling and no warrant was required. My guess is that both of those appeals courts are now in a footrace to see who can publish their opinion first, relying on this new Supreme Court opinion and tying the knot around NSA's neck.

They also signaled that cellphone geolocation data is going to be subject to the warrant requirement by quoting a bit of Justice Sotomayor's concurrence in their U.S. v. Jones decision of 2012 (involved geolocation data), although they could not squarely hold that because no geolocation data was known to be at issue in this decision.

There was a concurrence by Justice Alito, writing to say that he would not have gone so far as the rest of them did on a minor point, then closed by saying:

"In light of these developments, it would  be very unfortunate if privacy protection in the 21st century were left primarily to the federal courts using the blunt instrument of the Fourth Amendment.  Legislatures, elected by the people, are in a better position than we are to assess and respond to the changes that have already occurred and those that almost certainly will take place in the future."

Significantly, no other justices joined in his concurrence, which I read as the rest of them saying, "we'll take care of this problem using the Fourth Amendment; Congress can do what it wants but we're taking care of this problem as a matter of constitutional law, so anything Congress does had better be more protective of privacy rights that what we say."

Perhaps most significantly, although his name is never mentioned, there is no doubt in my mind; Edward Snowden is the hero here. He created the necessary political climate by letting the Justices know that they too were being surveilled by NSA. Thankfully, the justices *all* rose to the occasion, signaling a new direction in U.S. constitutional law governing digital privacy rights (and relieving my fears that they would succumb to blackmail.)

The decision has already been followed by five district courts, with one being an epic opinion telling law enforcement precisely how many hoops they are going to have to jump through to get him to sign a warrant for the search of a cellphone. (Cluestick: it's more paperwork than anyone wants to do except in the rarest of vitally important cases, playing back all the procedures that have been developed by major corporate law firms to defend corporate computers from searches that have been implemented by the courts. So look out for cops asking
for consent to search your cellphone. Tell them that you object to any search of your cellphone; don't wait for them to ask.)

The decision was passed down on June 25. I apologize for not finding the time to read it until tonight. By now, they should be past the panic point at NSA and DoJ and moving on toward acceptance that a lot of their present intelligence and law enforcement practices are on the way out the door. Expect legislation in Congress very soon *after* the fall election.

This is the greatest defeat that America's Dark Government has yet encountered. The Supreme Court has just informed all judges in the U.S. that they are civil libertarians when it comes to government trespass upon Americans' digital privacy.

OpenStack 07/13/2014 (p.m.)


Posted from Diigo. The rest of Open Web group favorite links are here.

Sunday, July 06, 2014

OpenStack 07/07/2014 (a.m.)

  • Tags: internet-balkanization, Russia, internet-censorship

    • (Reuters) - Russia's parliament passed a law on Friday to force Internet sites that store the personal data of Russian citizens to do so inside the country, a move the Kremlin says is for data protection but which critics see an attack on social networks.

      The law will mean that from 2016, all Internet companies will have to move Russian data onto servers based in Russia or face being blocked from the web. That would likely affect U.S.-based social networks such as Facebook, analysts say.

    • Putin, an ex-KGB officer who has called the Internet a "CIA project", denied he was restricting web freedoms, saying his main concern was protecting children from indecent content.

Posted from Diigo. The rest of Open Web group favorite links are here.

Friday, July 04, 2014

OpenStack 07/04/2014 (p.m.)

  • Tags: surveillance state, NSA-targets, Tor, Tails

      • Alleged leaked documents about the NSA's XKeyscore snooping software appear to show the paranoid agency is targeting Tor and Tails users, Linux Journal readers – and anyone else interested in online privacy.

        Apparently, this configuration file for XKeyscore is in the divulged data, which was obtained and studied by members of the Tor project and security specialists for German broadcasters NDR and WDR.

        In their analysis of the alleged top-secret documents, they claim the NSA is, among other things:

        • Specifically targeting Tor directory servers
        • Reading email contents for mentions of Tor bridges
        • Logging IP addresses used to search for privacy-focused websites and software
        • And possibly breaking international law in doing so.

        We already know from leaked Snowden documents that Western intelligence agents hate Tor for its anonymizing abilities. But what the aforementioned leaked source code, written in a rather strange custom language, shows is that not only is the NSA targeting the anonymizing network Tor specifically, it is also taking digital fingerprints of any netizens who are remotely interested in privacy.

    • These include readers of the Linux Journal site, anyone visiting the website for the Tor-powered Linux operating system Tails – described by the NSA as "a comsec mechanism advocated by extremists on extremist forums" – and anyone looking into combining Tails with the encryption tool Truecrypt.

      If something as innocuous as Linux Journal is on the NSA's hit list, it's a distinct possibility that El Reg is too, particularly in light of our recent exclusive report on GCHQ – which led to a Ministry of Defence advisor coming round our London office for a chat.

    • If you take even the slightest interest in online privacy or have Googled a Linux Journal article about a broken package, you are earmarked in an NSA database for further surveillance, according to these latest leaks.

      This is assuming the leaked file is genuine, of course.

      Other monitored sites, we're told, include HotSpotShield, FreeNet, Centurian, FreeProxies.org, MegaProxy, privacy.li and an anonymous email service called MixMinion. The IP address of computer users even looking at these sites is recorded and stored on the NSA's servers for further analysis, and it's up to the agency how long it keeps that data.

      The XKeyscore code, we're told, includes microplugins that target Tor servers in Germany, at MIT in the United States, in Sweden, in Austria, and in the Netherlands. In doing so it may not only fall foul of German law but also the US's Fourth Amendment.

    • The nine Tor directory servers receive especially close monitoring from the NSA's spying software, which states the "goal is to find potential Tor clients connecting to the Tor directory servers." Tor clients linking into the directory servers are also logged.

      "This shows that Tor is working well enough that Tor has become a target for the intelligence services," said Sebastian Hahn, who runs one of the key Tor servers. "For me this means that I will definitely go ahead with the project.”

    • While the German reporting team has published part of the XKeyscore scripting code, it doesn't say where it comes from. NSA whistleblower Edward Snowden would be a logical pick, but security experts are not so sure.

      "I do not believe that this came from the Snowden documents," said security guru Bruce Schneier. "I also don't believe the TAO catalog came from the Snowden documents. I think there's a second leaker out there."

      If so, the NSA is in for much more scrutiny than it ever expected.


Posted from Diigo. The rest of Open Web group favorite links are here.

Wednesday, July 02, 2014

OpenStack 07/03/2014 (a.m.)

  • Can't happen soon enough. 

    Tags: surveillance state, Snoden-docs, bulk-release, Cryptome

    • All the remaining Snowden documents will be released next month, according t‪o‬ whistle-blowing site ‪Cryptome, which said in a tweet that the release of the info by unnamed third parties would be necessary to head off an unnamed "war".‬

      ‪Cryptome‬ said it would "aid and abet" the release of "57K to 1.7M" new documents that had been "withheld for national security-public debate [sic]".

      The site clarified that will not be publishing the documents itself.

      Transparency activists would welcome such a release but such a move would be heavily criticised by inteligence agencies and military officials, who argue that Snowden's dump of secret documents has set US and allied (especially British) intelligence efforts back by years.

    • As things stand, the flow of Snowden disclosures is controlled by those who have access to the Sn‪o‬wden archive, which might possibly include Snowden confidants such as Glenn Greenwald and Laura Poitras. In some cases, even when these people release information to mainstream media organisations, it is then suppressed by these organisations after negotiation with the authorities. (In one such case, some key facts were later revealed by the Register.)

      "July is when war begins unless headed off by Snowden full release of crippling intel. After war begins not a chance of release," Cryptome tweeted on its official feed.

      "Warmongerers are on a rampage. So, yes, citizens holding Snowden docs will do the right thing," it said.

    • "For more on Snowden docs release in July watch for Ellsberg, special guest and others at HOPE, July 18-20: http://www.hope.net/schedule.html," it added.

      HOPE (Hackers On Planet Earth) is a well-regarded and long-running hacking conference organised by 2600 magazine. Previous speakers at the event have included Kevin Mitnick, Steve Wozniak and Jello Biafra.

      In other developments, ‪Cryptome‬ has started a Kickstarter fund to release its entire archive in the form of a USB stick archive. It wants t‪o‬ raise $100,000 to help it achieve its goal. More than $14,000 has already been raised.

      The funding drive follows a dispute between ‪Cryptome‬ and its host Network Solutions, which is owned by web.com. Access to the site was bl‪o‬cked f‪o‬ll‪o‬wing a malware infection last week. ‪Cryptome‬ f‪o‬under J‪o‬hn Y‪o‬ung criticised the host, claiming it had ‪o‬ver-reacted and had been sl‪o‬w t‪o‬ rest‪o‬re access t‪o‬ the site, which ‪Cryptome‬ criticised as a form of cens‪o‬rship.

      In resp‪o‬nse, ‪Cryptome‬ plans to more widely distribute its content across multiple sites as well as releasing the planned USB stick archive. ®

  • Tags: surveillance state, U.S., E.U., litigation

    • The EU has slammed the US for its demand that Microsoft surrender overseas data – emails held on Irish servers – saying that the move could contravene international law.

      The US attempt to make Microsoft provide the emails prompted Viviane Reding, vice-president of the European Commission, to offer support to Microsoft and openly criticize the loss of personal information it could potentially involve.

      “The commission’s concern is that the extraterritorial application of foreign laws [and orders to companies based thereon] may be in breach of international law,” Reding wrote last week in a letter responding to questions from Dutch MEP Sophia in't Veld, reported the Financial Times on Monday.

      The move would “hurt the competitiveness of US cloud providers in general,” Microsoft said, adding that: “Microsoft and US technology companies have faced growing mistrust and concern about their ability to protect the privacy of personal information located outside the US.”

    • Reding added that the US “may impede the attainment of the protection of individuals guaranteed” under EU law. Her statement further echoes arguments laid out by Apple, Cisco, AT&T, and Verizon, which supported Microsoft against the US warrant.

      At the beginning of June, Microsoft compared the warrant to an authorization for federal agents ‘to break down the doors’ of its Dublin facility.

      Reding said the US should have leaned away from coercion and instead depended on mutual legal assistance treaties that facilitate law enforcement agency cooperation.

    • “Companies bound by EU data protection law who receive such a court order are caught in the middle of such situations where there is, as you say in your letter, a conflict of laws,” Reding wrote.
  • Tags: surveillance state, GCHQ, litigation, ISPs, NSA-blowback

    • Internet service providers from around the world are lodging formal complaints against the UK government's monitoring service, GCHQ, alleging that it uses "malicious software" to break into their networks.

      The claims from seven organisations based in six countries – the UK, Netherlands, US, South Korea, Germany and Zimbabwe – will add to international pressure on the British government following Edward Snowden's revelations about mass surveillance of the internet by UK and US intelligence agencies.

      The claims are being filed with the investigatory powers tribunal (IPT), the court in London that assesses complaints about the agencies' activities and misuse of surveillance by government organisations. Most of its hearings are held at least partially in secret.

    • The IPT is already considering a number of related submissions. Later this month it will investigate complaints by human rights groups about the way social media sites have been targeted by GCHQ.

      The government has defended the security services, pointing out that online searches are often routed overseas and those deemed "external communications" can be monitored without the need for an individual warrant. Critics say that such a legal interpretation sidesteps the need for traditional intercept safeguards.

      The latest claim is against both GCHQ, located near Cheltenham, and the Foreign Office. It is based on articles published earlier this year in the German magazine Der Spiegel. That report alleged that GCHQ had carried out an attack, codenamed Operation Socialist, on the Belgian telecoms group, Belgacom, targeting individual employees with "malware (malicious software)".

      One of the techniques was a "man in the middle" attack, which, according to the documents filed at the IPT, bypasses modern encryption software and "operates by interposing the attacker [GCHQ] between two computers that believe that they are securely communicating with each other. In fact, each is communicating with GCHQ, who collect the communications, as well as relaying them in the hope that the interference will be undetected."

      The complaint alleges that the attacks were a breach of the Computer Misuse Act 1990 and an interference with the privacy rights of the employees under the European convention of human rights.

    • The organisations targeted, the submission states, were all "responsible and professional internet service providers". The claimants are: GreenNet Ltd, based in the UK, Riseup Networks in Seattle, Mango Email Service in Zimbabwe, Jinbonet in South Korea, Greenhost in the Netherlands, May First/People Link in New York and the Chaos Computer Club in Hamburg.
    • Among the programs said to have been operating were Turbine, which automates the injection of data and can infect millions of machines and Warrior Pride, which enables microphones on iPhones and Android devices to be remotely activated.
  • Tags: T-Mobile, fraud, litigation, FTC, FCC

    • (AP) -- Federal regulators are urging consumers to go through their phone bills line by line after they accused T-Mobile US of wrongly charging customers for premium services, like horoscope texts and quirky ringtones, the customers never authorized.

      The Federal Trade Commission announced Tuesday that it is suing T-Mobile in a federal court in Seattle with the goal of making sure every unfairly charged customer sees a full refund. The lawsuit, the first of its kind against a mobile provider, is the result of months of stalled negotiations with T-Mobile, which says it is already offering refunds.

      "It's wrong for a company like T-Mobile to profit from scams against its customers when there were clear warning signs the charges it was imposing were fraudulent," FTC Chair Edith Ramirez in a statement.

    • The practice is called "cramming": A third party stuffs a customer's bill with bogus charges such as $10-per-month horoscopes or updates on celebrity gossip. In this case, the FTC said, T-Mobile was working with third-party vendors being investigated by regulators and known to be the subject of numerous customer complaints. T-Mobile then made it difficult for customers to notice the added charge to their bill and pocketed up to 40 percent of the total, according to the FTC.
    • The FTC told reporters in a conference call Tuesday that it had been in negotiations with T-Mobile for months in an attempt to guarantee refunds would be provided to customers but that the two sides couldn't reach an agreement.

      T-Mobile appears to have been laying the groundwork to head off the federal complaint. Last November, the company announced that it would no longer allow premium text services because they were waning in popularity and not all vendors had acted responsibly. In June, it announced it would reach out to consumers to provide refunds. But the FTC says that in many cases, the refunds are only partial and T-Mobile often refers customer complaints to the third-party vendors.


Posted from Diigo. The rest of Open Web group favorite links are here.

Tuesday, July 01, 2014

OpenStack 07/01/2014 (p.m.)

  • Tags: surveillance-state, foreign-intelligence, NSA-targets, NSA-backdoors

    • Virtually no foreign government is off-limits for the National Security Agency, which has been authorized to intercept information “concerning” all but four countries, according to top-secret documents.

      The United States has long had broad no-spying arrangements with those four countries — Britain, Canada, Australia and New Zealand — in a group known collectively with the United States as the Five Eyes. But a classified 2010 legal certification and other documents indicate the NSA has been given a far more elastic authority than previously known, one that allows it to intercept through U.S. companies not just the communications of its overseas targets but any communications about its targets as well.

    • The certification — approved by the Foreign Intelligence Surveillance Court and included among a set of documents leaked by former NSA contractor Edward Snowdenlists 193 countries that would be of valid interest for U.S. intelligence. The certification also permitted the agency to gather intelligence about entities including the World Bank, the International Monetary Fund, the European Union and the International Atomic Energy Agency.

      The NSA is not necessarily targeting all the countries or organizations identified in the certification, the affidavits and an accompanying exhibit; it has only been given authority to do so. Still, the privacy implications are far-reaching, civil liberties advocates say, because of the wide spectrum of people who might be engaged in communication about foreign governments and entities and whose communications might be of interest to the United States.

    • That language could allow for surveillance of academics, journalists and human rights researchers. A Swiss academic who has information on the German government’s position in the run-up to an international trade negotiation, for instance, could be targeted if the government has determined there is a foreign-
      intelligence need for that information. If a U.S. college professor e-mails the Swiss professor’s e-mail address or phone number to a colleague, the American’s e-mail could be collected as well, under the program’s court-approved rules
    • On Friday, the Office of the Director of National Intelligence released a transparency report stating that in 2013 the government targeted nearly 90,000 foreign individuals or organizations for foreign surveillance under the program. Some tech-
      industry lawyers say the number is relatively low, considering that several billion people use U.S. e-mail services.
    • Still, some lawmakers are concerned that the potential for intrusions on Americans’ privacy has grown under the 2008 law because the government is intercepting not just communications of its targets but communications about its targets as well. The expansiveness of the foreign-powers certification increases that concern.
    • In a 2011 FISA court opinion, a judge using an NSA-provided sample estimated that the agency could be collecting as many as 46,000 wholly domestic e-mails a year that mentioned a particular target’s e-mail address or phone number, in what is referred to as “about” collection.

      “When Congress passed Section 702 back in 2008, most members of Congress had no idea that the government was collecting Americans’ communications simply because they contained a particular individual’s contact information,” Sen. Ron Wyden (D-Ore.), who has co-sponsored ­legislation to narrow “about” collection authority, said in an e-mail to The Washington Post. “If ‘about the target’ collection were limited to genuine national security threats, there would be very little privacy impact. In fact, this collection is much broader than that, and it is scooping up huge amounts of Americans’ wholly domestic communications.”

    • The only reason the court has oversight of the NSA program is that Congress in 2008 gave the government a new authority to gather intelligence from U.S. companies that own the Internet cables running through the United States, former officials noted.

      Edgar, the former privacy officer at the Office of the Director of National Intelligence, said ultimately he believes the authority should be narrowed. “There are valid privacy concerns with leaving these collection decisions entirely in the executive branch,” he said. “There shouldn’t be broad collection, using this authority, of foreign government information without any meaningful judicial role that defines the limits of what can be collected.”

  • Text of the bill is on Sen. Diane Feinstein's site, http://goo.gl/2cdsSA It is truly a bummer.

    Tags: surveillance state, legislation, ACLU, cybersecurity

    • A new cybersecurity bill poses serious threats to our privacy, gives the government extraordinary powers to silence potential whistleblowers, and exempts these dangerous new powers from transparency laws.

      The Cybersecurity Information Sharing Act of 2014 ("CISA") was scheduled to be marked up by the Senate Intelligence Committee yesterday but has been delayed until after next week's congressional recess. The response to the proposed legislation from the privacy, civil liberties, tech, and open government communities was quick and unequivocal – this bill must not go through.

      The bill would create a massive loophole in our existing privacy laws by allowing the government to ask companies for "voluntary" cooperation in sharing information, including the content of our communications, for cybersecurity purposes. But the definition they are using for the so-called "cybersecurity information" is so broad it could sweep up huge amounts of innocent Americans' personal data.

      The Fourth Amendment protects Americans' personal data and communications from undue government access and monitoring without suspicion of criminal activity. The point of a warrant is to guard that protection. CISA would circumvent the warrant requirement by allowing the government to approach companies directly to collect personal information, including telephonic or internet communications, based on the new broadly drawn definition of "cybersecurity information."

    • While we hope many companies would jealously guard their customers' information, there is a provision in the bill that would excuse sharers from any liability if they act in "good faith" that the sharing was lawful.

      Collected information could then be used in criminal proceedings, creating a dangerous end-run around laws like the Electronic Communications Privacy Act, which contain warrant requirements.

      In addition to the threats to every American's privacy, the bill clearly targets potential government whistleblowers. Instead of limiting the use of data collection to protect against actual cybersecurity threats, the bill allows the government to use the data in the investigation and prosecution of people for economic espionage and trade secret violations, and under various provisions of the Espionage Act.

      It's clear that the law is an attempt to give the government more power to crack down on whistleblowers, or "insider threats," in popular bureaucratic parlance. The Obama Administration has brought more "leaks" prosecutions against government whistleblowers and members of the press than all previous administrations combined. If misused by this or future administrations, CISA could eliminate due process protections for such investigations, which already favor the prosecution.

    • While actively stripping Americans' privacy protections, the bill also cloaks "cybersecurity"-sharing in secrecy by exempting it from critical government transparency protections. It unnecessarily and dangerously provides exemptions from state and local sunshine laws as well as the federal Freedom of Information Act. These are both powerful tools that allow citizens to check government activities and guard against abuse.

      Edward Snowden's revelations from the past year, of invasive spying programs like PRSIM and Stellar Wind, have left Americans shocked and demanding more transparency by government agencies. CISA, however, flies in the face of what the public clearly wants.

      (Two coalition letters, here and here, sent to key members of the Senate yesterday detail the concerns of a broad coalition of organizations, including the ACLU.)

  • Tags: surveillance state, smart-lights, cloud computing

    • Smart Lights: New LEDS Allow NSA To Spy On Your Every Mo

Posted from Diigo. The rest of Open Web group favorite links are here.