Thursday, February 12, 2015

OpenStack 02/13/2015 (a.m.)

  • Tags: cybersecurity, alternative-media

    • Facebook teamed up with several corporate “friends” to adapt Facebook’s in-house software to identify cyber threats and their source with other corporations. Countering cyber threats sounds positive while there are serious questions about transparency when smaller, independent media fall victim to major corporation’s unwillingness to reveal the source of attacks resulted in websites being closed for hours or days. Transparency, yes, but for whom?

      Among the companies Facebook is teaming up with are Printerest, Tumblr, Twitter, Yahoo, Drpbox and Bit.ly, reports Susanne Posel at Occupy Corporatism. The stated goal of “Threat Exchange” is to locate malware, the source domains, the IP addresses which are involved as well as the nature of the malware itself.

    • While the platform may be useful for major corporations, who can afford buying the privilege to join the club, the initiative does little to nothing to protect smaller, independent media from being targeted with impunity.

      The development prompts the question “Cyber security for whom?” The question is especially pertinent because identifying a site as containing malware, whether it is correct or not, will result in the site being added to Google’s so-called “Safe Browsing List”.

    • An article written by nsnbc editor-in-chief Christof Lehmann entitled “Censorship Alert: The Alternative Media are getting harassed by the NSA” provides several examples which raise serious questions about the lack of transparency when independent media demand information about either real or alleged malware content on their media’s websites.

      An alleged malware content in a java script that had been inserted via the third-party advertising company MadAdsMedia resulted in the nsnbc website being closed down and added to Google’s Safe Browsing list. The response to nsnbc’s request to send detailed information about the alleged malware and most importantly, about the source, was rejected.

      MadAdsMedia’s response to a renewed request was to stop serving advertisements to nsnbc from one day to the other, stating that nsnbc could contact another company, YieldSelect, which is run by the same company. Shell Games?

      SiteLock, who partners with most western-based web hosting providers, including BlueHost, Hostgator and many others contacted nsnbc warning about an alleged malware threat. SiteLock refused to provide detailed information.

    • BlueHost refused to help the International Middle East Media Center (IMEMC)  during a Denial of Service DoS attack. Asked for help, BlueHost reportedly said that they should deal with the issue themselves, which was impossible without BlueHost’s cooperation.

      The news agency’s website was down for days because BlueHost reportedly just shut down IMEMC’s server and told the editor-in-chief, Saed Bannoura to “go somewhere else”.

      The question is whether “transparency” can be the privilege of major corporations or whether there is need for legislation that forces all corporations to provide detailed information that enables media and other internet users to pursue real or alleged malware threats, cyber attacks and so forth, criminally and legally. That is, also when the alleged or real threat involves major corporations.

  • The article should have mentioned that the decision was on cross-motions for *partial* summary judgment. The Jewel case will proceed on other plaintiff claims. 

    Tags: surveillance state, NSA, litigation, Jewel

    • A district court in California has issued a ruling in favor of the National Security Agency in a long-running case over the spy agency’s collection of Internet records.

      The challenge against the controversial Upstream program was tossed out because additional defense from the government would have required “impermissible disclosure of state secret information,” Judge Jeffrey White wrote in his decision.

      ADVERTISEMENT
      Under the program — details of which were revealed through leaks from Edward Snowden and others — the NSA taps into the fiber cables that make up the backbone of the Internet and gathers information about people's online and phone communications. The agency then filters out communications of U.S. citizens, whose data is protected with legal defenses not extended to foreigners, and searches for “selectors” tied to a terrorist or other target.

      In 2008, the Electronic Frontier Foundation (EFF) sued the government over the program on behalf of five AT&T customers, who said that the collection violated the constitutional protections to privacy and free speech.

    • But “substantial details” about the program still remain classified, White, an appointee under former President George W. Bush, wrote in his decision. Moving forward with the merits of a trial would risk “exceptionally grave damage to national security,” he added.

      The government has been “persuasive” in using its state secrets privilege, he continued, which allows it to withhold evidence from a case that could severely jeopardize national security.   

      In addition to saying that the program appeared constitutional, the judge also found that the AT&T customers did not even have the standing to sue the NSA over its data gathering.

      While they may be AT&T customers, White wrote that the evidence presented to the court was “insufficient to establish that the Upstream collection process operates in the manner” that they say it does, which makes it impossible to tell if their information was indeed collected in the NSA program.  

      The decision is a stinging rebuke to critics of the NSA, who have seen public interest in their cause slowly fade in the months since Snowden’s revelations.

    • The EFF on Tuesday evening said that it was considering next steps and noted that the court focused on just one program, not the totality of the NSA’s controversial operations.

      “It would be a travesty of justice if our clients are denied their day in court over the ‘secrecy’ of a program that has been front-page news for nearly a decade,” the group said in a statement.

      “We will continue to fight to end NSA mass surveillance.”

      The name of the case is Jewel v. NSA. 


Posted from Diigo. The rest of Open Web group favorite links are here.

No comments: