Group items tagged

Harris Corp.’s Stingray surveillance device has been one of the most closely guarded secrets in law enforcement for more than 15 years. The company and its police clients across the United States have fought to keep information about the mobile phone-monitoring boxes from the public against which they are used. The Intercept has obtained several Harris instruction manuals spanning roughly 200 pages and meticulously detailing how to create a cellular surveillance dragnet. Harris has fought to keep its surveillance equipment, which carries price tags in the low six figures, hidden from both privacy activists and the general public, arguing that information about the gear could help criminals. Accordingly, an older Stingray manual released under the Freedom of Information Act to news website TheBlot.com last year was almost completely redacted. So too have law enforcement agencies at every level, across the country, evaded almost all attempts to learn how and why these extremely powerful tools are being used — though court battles have made it clear Stingrays are often deployed without any warrant. The San Bernardino Sheriff’s Department alone has snooped via Stingray, sans warrant, over 300 times.

The documents described and linked below, instruction manuals for the software used by Stingray operators, were provided to The Intercept as part of a larger cache believed to have originated with the Florida Department of Law Enforcement. Two of them contain a “distribution warning” saying they contain “Proprietary Information and the release of this document and the information contained herein is prohibited to the fullest extent allowable by law.”  Although “Stingray” has become a catch-all name for devices of its kind, often referred to as “IMSI catchers,” the manuals include instructions for a range of other Harris surveillance boxes, including the Hailstorm, ArrowHead, AmberJack, and KingFish. They make clear the capability of those devices and the Stingray II to spy on cellphones by, at minimum, tracking their connection to the simulated tower, information about their location, and certain “over the air” electronic messages sent to and from them. Wessler added that parts of the manuals make specific reference to permanently storing this data, something that American law enforcement has denied doing in the past.

One piece of Windows software used to control Harris’s spy boxes, software that appears to be sold under the name “Gemini,” allows police to track phones across 2G, 3G, and LTE networks. Another Harris app, “iDen Controller,” provides a litany of fine-grained options for tracking phones. A law enforcement agent using these pieces of software along with Harris hardware could not only track a large number of phones as they moved throughout a city but could also apply nicknames to certain phones to keep track of them in the future. The manual describing how to operate iDEN, the lengthiest document of the four at 156 pages, uses an example of a target (called a “subscriber”) tagged alternately as Green Boy and Green Ben:

The Intercept published an expose on the NSA's XKeyscore program. Along with information on the breadth and scale of the NSA's metadata collection, The Intercept revealed how the NSA relies on unencrypted cookie data to identify users. As The Intercept says: "The NSA’s ability to piggyback off of private companies’ tracking of their own users is a vital instrument that allows the agency to trace the data it collects to individual users. It makes no difference if visitors switch to public Wi-Fi networks or connect to VPNs to change their IP addresses: the tracking cookie will follow them around as long as they are using the same web browser and fail to clear their cookies." The NSA slides released by The Intercept give detailed guides to understanding the data transmitted by these cookies, as well as how to find unique machine identifiers that analysts can use to differentiate between multiple machines using the same IP address. We've written before about how spy agencies piggyback on social media account data to find Internet users' names or other identifying info, and these slides drive home the point that HTTP cookies leave users vulnerable to government surveillance, since any intermediary (or spy agency) can read the sensitive data they contain.

Worse yet, most of the time these identifying cookies come from third-party sources on webpages, and users have no meaningful way to opt out of receiving them (short of blocking all third party cookies) since advertisers (the main server of these types of cookies) refuse to honor the Do Not Track header.  Browser makers could help address this sort of non-consensual tracking by both advertisers and the NSA with some simple technical changes—changes that have been shown to reduce the number of third party cookies received by 67%. So far, though, they've been unwilling to build privacy protecting features in by default. Until they do, the best way for users to protect themselves is by installing a privacy protecting app like Privacy Badger, which is designed to block these types of uniquely identifying tracking cookies, or HTTPS Everywhere to block the transmission of HTTP cookies.

Journalist Glenn Greenwald just dropped a pile of new secret National Security Agency documents onto the Internet. But this isn’t just some haphazard WikiLeaks-style dump. These documents, leaked to Greenwald last year by former NSA contractor Edward Snowden, are key supplemental reading material for his new book, No Place to Hide, which went on sale Tuesday. Now, you could just go buy the book in hardcover and read it like you would any other nonfiction tome. Thanks to all the additional source material, however, if any work should be read on an e-reader or computer, this is it. Here are all the links and instructions for getting the most out of No Place to Hide.

Greenwald has released two versions of the accompanying NSA docs: a compressed version and an uncompressed version. The only difference between these two is the quality of the PDFs. The uncompressed version clocks in at over 91MB, while the compressed version is just under 13MB. For simple reading purposes, just go with the compressed version and save yourself some storage space. Greenwald also released additional “notes” for the book, which are just citations. Unless you’re doing some scholarly research, you can skip this download.

No Place to Hide is, of course, available on a wide variety of ebook formats—all of which are a few dollars cheaper than the hardcover version, I might add. Pick your e-poison: Amazon, Nook, Kobo, iBooks. Flipping back and forth Each page of the documents includes a corresponding page number for the book, to allow readers to easily flip between the book text and the supporting documents. If you use the Amazon Kindle version, you also have the option of reading Greenwald’s book directly on your computer using the Kindle for PC app or directly in your browser. Yes, that may be the worst way to read a book. In this case, however, it may be the easiest way to flip back and forth between the book text and the notes and supporting documents. Of course, you can do the same on your e-reader—though it can be a bit of a pain. Those of you who own a tablet are in luck, as they provide the best way to read both ebooks and PDF files. Simply download the book using the e-reader app of your choice, download the PDFs from Greenwald’s website, and dig in. If you own a Kindle, Nook, or other ereader, you may have to convert the PDFs into a format that works well with your device. The Internet is full of tools and how-to guides for how to do this. Here’s one:

In the absence of real reform, people and institutions at home and abroad are taking matters into their own hands. In America, the NSA’s overreach is changing the way we communicate with and relate to each other. In order to evade government surveillance, more and more Americans are employing encryption technology.  The veritable explosion of new secure messaging apps like Surespot, OpenWhisper’s collaboration with WhatsApp, the development and deployment of open source anti-surveillance tools like Detekt, the creation of organizationally-sponsored “surveillance self-defense” guides, the push to universalize the https protocol, anti-surveillance book events featuring free encryption workshops— are manifestations of the rise of the personal encryption and pro-privacy digital resistance movement. Its political implications are clear: Americans, along with people around the world, increasingly see the United States government’s overreaching surveillance activities as a threat to be blocked.

The federal government’s vacuum-cleaner approach to surveillance—manifested in Title II of the PATRIOT Act, the FISA Amendments Act, and EO 12333—has backfired in these respects, and the emergence of this digital resistance movement is one result. Indeed, the existence and proliferation of social networks hold the potential to help this movement spread faster and to more of the general public than would have been possible in decades past. This is evidenced by the growing concern worldwide about governments’ ability to access reams of information about people’s lives with relative ease. As one measure, compared to a year ago, 41% of online users in North America now avoid certain Internet sites and applications, 16% change who they communicate with, and 24% censor what they say online. Those numbers, if anywhere close to accurate, are a major concern for democratic society.

Even if commercially available privacy technology proves capable of providing a genuine shield against warrantless or otherwise illegal surveillance by the United States government, it will remain a treatment for the symptom, not a cure for the underlying legal and constitutional malady. In April 2014, a Harris poll of US adults showed that in response to the Snowden revelations, “Almost half of respondents (47%) said that they have changed their online behavior and think more carefully about where they go, what they say, and what they do online.” Set aside for a moment that just the federal government’s collection of the data of innocent Americans is itself likely a violation of the Fourth Amendment. The Harris poll is just one of numerous studies highlighting the collateral damage to American society and politics from NSA’s excesses: segments of our population are now fearful of even associating with individuals or organizations executive branch officials deem controversial or suspicious. Nearly half of Americans say they have changed their online behavior out of a fear of what the federal government might do with their personal information. The Constitution’s free association guarantee has been damaged by the Surveillance State’s very operation.

Reporters Without Borders (RSF) released its annual “Enemies of the Internet” index this week—a ranking first launched in 2006 intended to track countries that repress online speech, intimidate and arrest bloggers, and conduct surveillance of their citizens.  Some countries have been mainstays on the annual index, while others have been able to work their way off the list.  Two countries particularly deserving of praise in this area are Tunisia and Myanmar (Burma), both of which have stopped censoring the Internet in recent years and are headed in the right direction toward Internet freedom. In the former category are some of the world’s worst offenders: Cuba, North Korea, China, Iran, Saudi Arabia, Vietnam, Belarus, Bahrain, Turkmenistan, Syria.  Nearly every one of these countries has amped up their online repression in recent years, from implementing sophisticated surveillance (Syria) to utilizing targeted surveillance tools (Vietnam) to increasing crackdowns on online speech (Saudi Arabia).  These are countries where, despite advocacy efforts by local and international groups, no progress has been made. The newcomers  A third, perhaps even more disheartening category, is the list of countries new to this year's index.  A motley crew, these nations have all taken new, harsh approaches to restricting speech or monitoring citizens:

United States: This is the first time the US has made it onto RSF’s list.  While the US government doesn’t censor online content, and pours money into promoting Internet freedom worldwide, the National Security Agency’s unapologetic dragnet surveillance and the government’s treatment of whistleblowers have earned it a spot on the index. United Kingdom: The European nation has been dubbed by RSF as the “world champion of surveillance” for its recently-revealed depraved strategies for spying on individuals worldwide.  The UK also joins countries like Ethiopia and Morocco in using terrorism laws to go after journalists.  Not noted by RSF, but also important, is the fact that the UK is also cracking down on legal pornography, forcing Internet users to opt-in with their ISP if they wish to view it and creating a slippery slope toward overblocking.  This is in addition to the government’s use of an opaque, shadowy NGO to identify child sexual abuse images, sometimes resulting instead in censorship of legitimate speech.

On Feb. 19, the European Commission released a White Paper on Artificial Intelligence outlining its wide-ranging plan to develop artificial intelligence (AI) in Europe. The commission also released a companion European data strategy, aiming to make more data sets available for business and government to promote AI development, along with a report on the safety of AI systems proposing some reforms of the commission’s product liability regime. Initial press reports about the white paper focused on how the commission had stepped back from a proposal in its initial draft for a three- to five-year moratorium on facial recognition technology. But the proposed framework is much more than that: It represents a sensible and thoughtful basis to guide the EU’s consideration of legislation to help direct the development of AI applications, and an important contribution to similar debates going on around the world. The key takeaways are that the EU plans to: Pursue a uniform approach to AI across the EU in order to avoid divergent member state requirements forming barriers to its single market. Take a risk-based, sector-specific approach to regulating AI. Identify in advance high-risk sectors and applications—including facial recognition software. Impose new regulatory requirements and prior assessments to ensure that high-risk AI systems conform to requirements for safety, fairness and data protection before they are released onto the market. Use access to the huge European market as a lever to spread the EU’s approach to AI regulation across the globe.

Chief among the groups seeking to clamp down on independent media has been Google, the massive technology company with deep connections to the U.S. intelligence community, as well as to U.S. government and business elites.

Since 2015, Google has worked to become the Internet’s “Ministry of Truth,” first through its creation of the First Draft Coalition and more recently via major changes made to its search engine that curtail public access to new sites independent of the corporate media.

Google has now stepped up its war on free speech and the freedom of the press through its popular subsidiary, YouTube. On Tuesday, YouTube announced online that it is set to begin censoring content deemed “controversial,” even if that content does not break any laws or violate YouTube’s user agreement. Misleadingly dubbed as an effort “to fight terror content online,” the new program will flag content for review through a mix of machine algorithms and “human review,” guided by standards set up by “expert NGOs and institutions” that are part of YouTube’s “Trusted Flagger” program. YouTube stated that such organizations “bring expert knowledge of complex issues like hate speech, radicalization, and terrorism.” One of the leading institutions directing the course of the Trusted Flagger program is the Anti-Defamation League (ADL). The ADL was initially founded to “stop the defamation of the Jewish people and to secure justice and fair treatment to all” but has gained a reputation over the years for labeling any critic of Israel’s government as an “anti-Semite.” For instance, characterizing Israeli policies towards the Palestinians as “racist” or “apartheid-like” is considered “hate speech” by the ADL, as is accusing Israel of war crimes or attempted ethnic cleansing. The ADL has even described explicitly Jewish organizations who are critical of Israel’s government as being “anti-Semitic.”

The White House on Tuesday ended two years of ignoring a hugely popular whitehouse.gov petition calling for NSA whistleblower Edward Snowden to be “immediately issued a full, free, and absolute pardon,” saying thanks for signing, but no. “We live in a dangerous world,” Lisa Monaco, President Obama’s adviser on homeland security and terrorism, said in a statement. More than 167,000 people signed the petition, which surpassed the 100,000 signatures that the White House’s “We the People” website said would garner a guaranteed response on June 24, 2013. In Tuesday’s response, the White House acknowledged that “This is an issue that many Americans feel strongly about.”

Monaco then explained her position: “Instead of constructively addressing these issues, Mr. Snowden’s dangerous decision to steal and disclose classified information had severe consequences for the security of our country and the people who work day in and day out to protect it.” Snowden didn’t actually disclose any classified information — news organizations including the Guardian, Washington Post, New York Times and The Intercept did the disclosing. And the Obama administration has yet to specify any “severe consequences” that can be independently confirmed.

The White House on Tuesday ended two years of ignoring a hugely popular whitehouse.gov petition calling for NSA whistleblower Edward Snowden to be “immediately issued a full, free, and absolute pardon,” saying thanks for signing, but no. “We live in a dangerous world,” Lisa Monaco, President Obama’s adviser on homeland security and terrorism, said in a statement. More than 167,000 people signed the petition, which surpassed the 100,000 signatures that the White House’s “We the People” website said would garner a guaranteed response on June 24, 2013. In Tuesday’s response, the White House acknowledged that “This is an issue that many Americans feel strongly about.”

Laugh all you want, fuzzball, but Google is changing how YouTube uploaders manage comments on their videos. The new system, which began rolling out to a limited number of uploaders on Tuesday, favors relevancy over recency and introduces enhanced moderation tools. The new commenting system, which is powered by Google+ and was developed in collaboration between the YouTube and Google+ teams, provides several new tools for moderation, said Nundu Janakiram, product manager at YouTube. It will default to showing YouTube viewers the most relevant comments first, such as those by the video uploader or channel owner. "Currently, you see comments from the last random person to stop by," Janakiram said. "The new system tries to surface the most meaningful conversation to you. We're trying to shift from comments to meaningful conversations," he said.

He explained that three main factors determine which comments are more relevant: community engagement by the commenter, up-votes for a particular comment, and commenter reputation. If you've been flagged for spam or abuse, don't be surprised to find your comments buried, but that also means that celebrities who have strong Google+ reputations will be boosted above others. There's more to the system than just relevancy, though. Because the system is powered by Google+, comments made on posts with YouTube links in the social network will show up on YouTube itself. So, you'll see comments from people in your Google+ Circles higher up, too. Just because it's powered by Google+ doesn't mean that you'll lose your YouTube identity, though. "You are still allowed to use pseudonyms," said Janakiram, whether you're "a Syrian dissident or SoulPancake". Another feature, and one that speaks directly to YouTube's goal of fostering conversations, is that you'll be able to comment publicly or privately to people in your Circles. Replies will be threaded like Gmail. The hope is that new moderation tools will make it easier for video owners to guide the conversation, Janakiram explained. "There have been challenges in the past with certain comments and what's been shown there."