Saturday, October 10, 2015

OpenStack 10/10/2015 (p.m.)

  • Tags: surveillance state, encryption, Obama

    • After months of deliberation, the Obama administration has made a long-awaited decision on the thorny issue of how to deal with encrypted communications: It will not — for now — call for legislation requiring companies to decode messages for law enforcement.

      Rather, the administration will continue trying to persuade companies that have moved to encrypt their customers’ data to create a way for the government to still peer into people’s data when needed for criminal or terrorism investigations.

      “The administration has decided not to seek a legislative remedy now, but it makes sense to continue the conversations with industry,” FBI Director James B. Comey said at a Senate hearing Thursday of the Homeland Security and Governmental Affairs Committee.

    • To Amie Stepanovich, the U.S. policy manager for Access, one of the groups signing the petition, the status quo isn’t good enough. “It’s really crucial that even if the government is not pursuing legislation, it’s also not pursuing policies that will weaken security through other methods,” she said.

      The FBI and Justice Department have been talking with tech companies for months. On Thursday, Comey said the conversations have been “increasingly productive.” He added: “People have stripped out a lot of the venom.”

      He said the tech executives “are all people who care about the safety of America and also care about privacy and civil liberties.”

      Comey said the issue afflicts not just federal law enforcement but also state and local agencies investigating child kidnappings and car crashes — “cops and sheriffs . . . [who are] increasingly encountering devices they can’t open with a search warrant.”

    • The decision was made at a Cabinet meeting Oct. 1.

      “As the president has said, the United States will work to ensure that malicious actors can be held to account — without weakening our commitment to strong encryption,” National Security Council spokesman Mark Stroh said. “As part of those efforts, we are actively engaged with private companies to ensure they understand the public safety and national security risks that result from malicious actors’ use of their encrypted products and services.”

      But privacy advocates are concerned that the administration’s definition of strong encryption also could include a system in which a company holds a decryption key or can retrieve unencrypted communications from its servers for law enforcement.

      “The government should not erode the security of our devices or applications, pressure companies to keep and allow government access to our data, mandate implementation of vulnerabilities or backdoors into products, or have disproportionate access to the keys to private data,” said Savecrypto.org, a coalition of industry and privacy groups that has launched a campaign to petition the Obama administration.

    • The decision, which essentially maintains the status quo, underscores the bind the administration is in — balancing competing pressures to help law enforcement and protect consumer privacy.

      The FBI says it is facing an increasing challenge posed by the encryption of communications of criminals, terrorists and spies. A growing number of companies have begun to offer encryption in which the only people who can read a message, for instance, are the person who sent it and the person who received it. Or, in the case of a device, only the device owner has access to the data. In such cases, the companies themselves lack “backdoors” or keys to decrypt the data for government investigators, even when served with search warrants or intercept orders.

    • One senior administration official said the administration thinks it’s making enough progress with companies that seeking legislation now is unnecessary. “We feel optimistic,” said the official, who spoke on the condition of anonymity to describe internal discussions. “We don’t think it’s a lost cause at this point.”

      Legislation, said Rep. Adam Schiff (D-Calif.), is not a realistic option given the current political climate. He said he made a recent trip to Silicon Valley to talk to Twitter, Facebook and Google. “They quite uniformly are opposed to any mandate or pressure — and more than that, they don’t want to be asked to come up with a solution,” Schiff said.

      Law enforcement officials know that legislation is a tough sell now. But, one senior official stressed, “it’s still going to be in the mix.”

      On the other side of the debate, technology, diplomatic and commerce agencies were pressing for an outright statement by Obama to disavow a legislative mandate on companies. But their position did not prevail.

    • Daniel Castro, vice president of the Information Technology & Innovation Foundation, said absent any new laws, either in the United States or abroad, “companies are in the driver’s seat.” He said that if another country tried to require companies to retain an ability to decrypt communications, “I suspect many tech companies would try to pull out.”
  • Tags: economic-warfare, TPP, agreement-texts

    • Offering a first glimpse of the secret 12-nation “trade” deal in its final form—and fodder for its growing ranks of opponents—WikiLeaks on Friday published the final negotiated text for the Trans-Pacific Partnership (TPP)’s Intellectual Property Rights chapter, confirming that the pro-corporate pact would harm freedom of expression by bolstering monopolies while and injure public health by blocking patient access to lifesaving medicines.

      The document is dated October 5, the same day it was announced in Atlanta, Georgia that the member states to the treaty had reached an accord after more than five years of negotiations.

      Aside from the WikiLeaks publication, the vast majority of the mammoth deal’s contents are still being withheld from the public—which a WikiLeaks press statement suggests is a strategic move by world leaders to forestall public criticism until after the Canadian election on October 19.

      Initial analyses suggest that many of the chapter’s more troubling provisions, such as broader patent and data protections that pharmaceutical companies use to delay generic competition, have stayed in place since draft versions were leaked in 2014 and 2015.

      Moreover, it codifies a crackdown on freedom of speech with rules allowing widespread internet censorship.

  • "The zombie cookies will allow AOL to “acquire demographic data on users” while simultaneously using their own advertising network to track user browsing history, use pf apps on smartphones and their geo-location coordinates. Earlier this year, ProPublica released a report regarding the advertising company called Turn and their zombie cookies that are used by large tech firms to “come back to life” even after users have deleted them. In the ProPublica report, it was revealed that Turn is “taking advantage of a hidden undeletable number that Verizon uses to monitor customers’ habits on their smartphones and tablets” by respawning those “tracking cookies that users have deleted.” Called unique identifier headers (UIDHs), or perma-cookies, this sneaky monitoring of customers is used “to help marketers create more targeted ads based on their customers’ unique browsing habits.” In 2012, UIDHs were used by Verizon to provide a way for advertisers with “demographic and third-party interest-based segments” to help them deliver “relevant ads” based on mobile devices’ unique identifiers. Shockingly, more than 100 million Verizon customers were affected by this snooping by the corporation, tracking individual customer usage and reporting the findings to the federal government and advertising corporations."

    Tags: surveillance state, AOL, Verizon, Turn, zombie-cookies

    • America Online (AOL) will be resurrecting Verizon’s zombie cookies because they are fabulous data-trackers that cannot be “killed”.

      AOL wants to boost their ad revenue regardless of the infringement on customer privacy they pose and the enabling of hacker attacks they can facilitate.


Posted from Diigo. The rest of Open Web group favorite links are here.

No comments: