Skip to main content

Home/ Future of the Web/ Group items tagged lots

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
Paul Merrell

Page 2 - The Woman Behind the Microsoft Cloud - 0 views

www.eweek.com/...1

cloud computing container data center microsoft

shared by Paul Merrell on 30 Oct 08 - Cached
  • One Microsoft data center that is not getting a lot of attention is one the company is building in Chicago, which is the Microsoft's first container-based facility, Chrapaty said, showing a mock-up of a data center container on an 18-wheeler that could be unloaded and added to an existing facility to add capacity.
  • Moreover, Chrapaty said the Chicago data center is the first Microsoft data center to use shipping containers as a primary server packaging and deployment unit. When both phases of the data center are complete, it will total more than 707,000 square feet on a 16-acre site. It will hold hundreds of thousands of servers to deliver on the Microsoft software-plus-services initiative.  The company claims the Chicago facility will be one of the largest data centers in the world and the largest deployment of the use of containers to date.
Paul Merrell

Standards, or Why Cloud Computing Isn't Ready Yet | eigenmagic.com - 0 views

www.eigenmagic.com/...cloud-computing-isnt-ready-yet

cloud computing complexity standards

shared by Paul Merrell on 25 Oct 08 - Cached
  • How does this relate to cloud computing? Well, there aren’t few enough standard interfaces… yet. We have at least 5 major operating systems, 4+ database types and 3 or so browsers. We have Flash, and JavaScript, and Silverlight. Incompatibilities between them reduce the working combinations slightly, but what about the different versions, and their incompatibilities? Taking just these simple, core technologies, that’s 5 x 4 x 3 x 3 = 180 different technology combinations! That’s a lot of complexity to mask over if you want to provide the same general kind of service to everyone. Look at the number of variables you have to cater for when all you’re supplying is electrons-per-second! But it is possible.
Paul Merrell

Offline Web Apps, Dumb Idea or Really Dumb Idea? - 0 views

www.25hoursaday.com/...sDumbIdeaOrReallyDumbIdea.aspx

google gears livemesh offline enabling online enabling

shared by Paul Merrell on 30 May 08 - Cached
  • The amount of work it takes to "offline enable" a Web application is roughly similar to the amount of work it takes to "online enable" a desktop application.
  • I suspect this is the bitter truth that answers the questions asked in articles like  The Frustratingly Unfulfilled Promise of Google Gears where the author laments the lack of proliferation of offline Web applications built on Google Gears. When it first shipped I was looking forward to a platform like Google Gears but after I thought about the problem for a while, I realized that such a platform would be just as useful for "online enabling" desktop applications as it would be for "offline enabling" Web applications. Additionally, I came to the conclusion that the former is a lot more enabling to users than the latter. This is when I started becoming interested in Live Mesh as a Platform, this is one area where I think Microsoft's hearts and minds are in the right place. I want to see more applications like Outlook + RPC over HTTP  not "offline enabled" versions of Outlook Web Access.
  • anonymous on 23 Sep 13
     
    Like this http://www.hdfilmsaati.net Film,dvd,download,free download,product... ppc,adword,adsense,amazon,clickbank,osell,bookmark,dofollow,edu,gov,ads,linkwell,traffic,scor,serp,goggle,bing,yahoo.ads,ads network,ads goggle,bing,quality links,link best,ptr,cpa,bpa
Paul Merrell

Open letter to Google: free VP8, and use it on YouTube - Free Software Foundation - 0 views

www.fsf.org/...oogle-free-on2-vp8-for-youtube

Google FSF Flash DRM VP8 open codecs

shared by Paul Merrell on 20 Feb 10 - Cached
  • Paul Merrell on 20 Feb 10
     
    With your purchase of On2, you now own both the world's largest video site (YouTube) and all the patents behind a new high performance video codec -- VP8. Just think what you can achieve by releasing the VP8 codec under an irrevocable royalty-free license and pushing it out to users on YouTube? You can end the web's dependence on patent-encumbered video formats and proprietary software (Flash). This ability to offer a free format on YouTube, however, is only a tiny fraction of your real leverage. The real party starts when you begin to encourage users' browsers to support free formats. There are lots of ways to do this. Our favorite would be for YouTube to switch from Flash to free formats and HTML, offering users with obsolete browsers a plugin or a new browser (free software, of course). Apple has had the mettle to ditch Flash on the iPhone and the iPad -- albeit for suspect reasons and using abhorrent methods (DRM) -- and this has pushed web developers to make Flash-free alternatives of their pages. You could do the same with YouTube, for better reasons, and it would be a death-blow to Flash's dominance in web video. If you care about free software and the free web (a movement and medium to which you owe your success) you must take bold action to replace Flash with free standards and free formats. Patented video codecs have already done untold harm to the web and its users, and this will continue until we stop it. Because patent-encumbered formats were costly to incorporate into browsers, a bloated, ill-suited piece of proprietary software (Flash) became the de facto standard for online video. Until we move to free formats, the threat of patent lawsuits and licensing fees hangs over every software developer, video creator, hardware maker, web site and corporation -- including you. You can use your purchase of On2 merely as a bargaining chip to achieve your own private solution to the problem, but that's both a cop-out and a strategic mistake. Without making VP
Paul Merrell

Web video accessibility from EmbedPlus on 2011-08-11 (w3c-wai-ig@w3.org from July to Se... - 0 views

lists.w3.org/...0103.html

W3C accessibility youtube web apps

shared by Paul Merrell on 14 Aug 11 - No Cached
  • Paul Merrell on 14 Aug 11
     
    For those who care about Web accessibility, here is an opportunity to provide feedback on some accessibility tools for one of the most widely-used web services. The message deserves wide distribution. The contact email address is on the linked page.  The linked tool set should also be of interest to those doing mashups or embedding YouTube videos in web pages. Hi all, I'm the co-developer a YouTube third-party tool called EmbedPlus. It enhances the standard YouTube player with many features that aren't inherently supported. We've been getting lots of feedback regarding the accessibility benefits of some of these features like movable zoom, slow motion, and even third-party annotations. As the tool continues to grow in popularity, the importance of its accessibility rises. I decided to do some research and found the WAI Interest group to be a major proponent of accessibility on the web. If anyone has time to take a look at EmbedPlus and share feedback that could help improve the tool, please do. Here's the link: http://www.embedplus.com/ Thank you in advance, Tay
Paul Merrell

FCC Chairman: Spectrum deficit could set wireless data back 50 years | Wireless News - ... - 0 views

www.betanews.com/...1255023656

FCC mobile devices spectrum bandwidth

shared by Paul Merrell on 09 Oct 09 - Cached
  • "We are fast entering a world where mass-market mobile devices consume thousands of megabytes each month," FCC Chairman Julius Genachowski warned at CTIA Wireless yesterday. "So we must ask: what happens when every mobile user has an iPhone, a Palm Pre, a BlackBerry Tour, or whatever the next device is? What happens when we quadruple the number of subscribers with mobile broadband on their laptops or netbooks?"The short answer: We will need a lot more spectrum."
Paul Merrell

Memo to Potential Whistleblowers: If You See Something, Say Something | Global Research - 0 views

www.globalresearch.ca/...5385860

transparency whistle-blowers resources ExposeFacts.org

shared by Paul Merrell on 07 Jun 14 - No Cached
  • Blowing the whistle on wrongdoing creates a moral frequency that vast numbers of people are eager to hear. We don’t want our lives, communities, country and world continually damaged by the deadening silences of fear and conformity. I’ve met many whistleblowers over the years, and they’ve been extraordinarily ordinary. None were applying for halos or sainthood. All experienced anguish before deciding that continuous inaction had a price that was too high. All suffered negative consequences as well as relief after they spoke up and took action. All made the world better with their courage. Whistleblowers don’t sign up to be whistleblowers. Almost always, they begin their work as true believers in the system that conscience later compels them to challenge. “It took years of involvement with a mendacious war policy, evidence of which was apparent to me as early as 2003, before I found the courage to follow my conscience,” Matthew Hoh recalled this week.“It is not an easy or light decision for anyone to make, but we need members of our military, development, diplomatic and intelligence community to speak out if we are ever to have a just and sound foreign policy.”
  • Hoh describes his record this way: “After over 11 continuous years of service with the U.S. military and U.S. government, nearly six of those years overseas, including service in Iraq and Afghanistan, as well as positions within the Secretary of the Navy’s Office as a White House Liaison, and as a consultant for the State Department’s Iraq Desk, I resigned from my position with the State Department in Afghanistan in protest of the escalation of war in 2009.” Another former Department of State official, the ex-diplomat and retired Army colonel Ann Wright, who resigned in protest of the Iraq invasion in March 2003, is crossing paths with Hoh on Friday as they do the honors at a ribbon-cutting — half a block from the State Department headquarters in Washington — for a billboard with a picture of Pentagon Papers whistleblower Daniel Ellsberg. Big-lettered words begin by referring to the years he waited before releasing the Pentagon Papers in 1971. “Don’t do what I did,” Ellsberg says on the billboard.  “Don’t wait until a new war has started, don’t wait until thousands more have died, before you tell the truth with documents that reveal lies or crimes or internal projections of costs and dangers. You might save a war’s worth of lives.
  • The billboard – sponsored by the ExposeFacts organization, which launched this week — will spread to other prominent locations in Washington and beyond. As an organizer for ExposeFacts, I’m glad to report that outreach to potential whistleblowers is just getting started. (For details, visit ExposeFacts.org.) We’re propelled by the kind of hopeful determination that Hoh expressed the day before the billboard ribbon-cutting when he said: “I trust ExposeFacts and its efforts will encourage others to follow their conscience and do what is right.” The journalist Kevin Gosztola, who has astutely covered a range of whistleblower issues for years, pointed this week to the imperative of opening up news media. “There is an important role for ExposeFacts to play in not only forcing more transparency, but also inspiring more media organizations to engage in adversarial journalism,” he wrote. “Such journalism is called for in the face of wars, environmental destruction, escalating poverty, egregious abuses in the justice system, corporate control of government, and national security state secrecy. Perhaps a truly successful organization could inspire U.S. media organizations to play much more of a watchdog role than a lapdog role when covering powerful institutions in government.”
  • ...2 more annotations...
  • Overall, we desperately need to nurture and propagate a steadfast culture of outspoken whistleblowing. A central motto of the AIDS activist movement dating back to the 1980s – Silence = Death – remains urgently relevant in a vast array of realms. Whether the problems involve perpetual war, corporate malfeasance, climate change, institutionalized racism, patterns of sexual assault, toxic pollution or countless other ills, none can be alleviated without bringing grim realities into the light. “All governments lie,” Ellsberg says in a video statement released for the launch of ExposeFacts, “and they all like to work in the dark as far as the public is concerned, in terms of their own decision-making, their planning — and to be able to allege, falsely, unanimity in addressing their problems, as if no one who had knowledge of the full facts inside could disagree with the policy the president or the leader of the state is announcing.” Ellsberg adds: “A country that wants to be a democracy has to be able to penetrate that secrecy, with the help of conscientious individuals who understand in this country that their duty to the Constitution and to the civil liberties and to the welfare of this country definitely surmount their obligation to their bosses, to a given administration, or in some cases to their promise of secrecy.”
  • Right now, our potential for democracy owes a lot to people like NSA whistleblowers William Binney and Kirk Wiebe, and EPA whistleblower Marsha Coleman-Adebayo. When they spoke at the June 4 news conference in Washington that launched ExposeFacts, their brave clarity was inspiring. Antidotes to the poisons of cynicism and passive despair can emerge from organizing to help create a better world. The process requires applying a single standard to the real actions of institutions and individuals, no matter how big their budgets or grand their power. What cannot withstand the light of day should not be suffered in silence. If you see something, say something.
  • Paul Merrell on 07 Jun 14
     
    While some governments -- my own included -- attempt to impose an Orwellian Dark State of ubiquitous secret surveillance, secret wars, the rule of oligarchs, and public ignorance, the Edward Snowden leaks fanned the flames of the countering War on Ignorance that had been kept alive by civil libertarians. Only days after the U.S. Supreme Court denied review in a case where a reporter had been ordered to reveal his source of information for a book on the Dark State under the penalties for contempt of court (a long stretch in jail), a new web site is launched for communications between sources and journalists where the source's names never need to be revealed. This article is part of the publicity for that new weapon fielded by the civil libertarian side in the War Against Ignorance.  Hurrah!
Paul Merrell

NSA Spying Inspires ProtonMail 'End-to-End' Encrypted Email Service | NDTV Gadgets - 0 views

gadgets.ndtv.com/...encrypted-email-service-526769

surveillance state secure-email ProtonMail

shared by Paul Merrell on 20 May 14 - No Cached
  • ne new email service promising "end-to-end" encryption launched on Friday, and others are being developed while major services such as Google Gmail and Yahoo Mail have stepped up security measures.A major catalyst for email encryption were revelations about widespread online surveillance in documents leaked by Edward Snowden, the former National Security Agency contractor."A lot of people were upset with those revelations, and that coalesced into this effort," said Jason Stockman, a co-developer of ProtonMail, a new encrypted email service which launched Friday with collaboration of scientists from Harvard, the Massachusetts Institute of Technology and the European research lab CERN.Stockman said ProtonMail aims to be as user-friendly as the major commercial services, but with extra security, and with its servers located in Switzerland to make it more difficult for US law enforcement to access.
  • "Our vision is to make encryption and privacy mainstream by making it easy to use," Stockman told AFP. "There's no installation. Everything happens behind the scenes automatically."Even though email encryption using special codes or keys, a system known as PGP, has been around for two decades, "it was so complicated," and did not gain widespread adoption, Stockman said.After testing over the past few months, ProtonMail went public Friday using a "freemium" model a basic account will be free with some added features for a paid account.
  • As our users from China, Iran, Russia, and other countries around the world have shown us in the past months, ProtonMail is an important tool for freedom of speech and we are happy to finally be able to provide this to the whole world," the company said in a blog post.Google and Yahoo recently announced efforts to encrypt their email communications, but some specialists say the effort falls short."These big companies don't want to encrypt your stuff because they spy on you, too," said Bruce Schneier, a well-known cryptographer and author who is chief technology officer for CO3 Systems."Hopefully, the NSA debate is creating incentives for people to build more encryption."Stockman said that with services like Gmail, even if data is encrypted, "they have the key right next to it if you have the key and lock next to each other, so it's pretty much useless."
  • ...3 more annotations...
  • By locating in Switzerland, ProtonMail hopes to avoid the legal woes of services like Lavabit widely believed to be used by Snowden which shut down rather than hand over data to the US government, and which now faces a contempt of court order.Even if a Swiss court ordered data to be turned over, Stockman said, "we would hand over piles of encrypted data. We don't have a key. We never see the password."
  • Lavabit founder Ladar Levison meanwhile hopes to launch a new service with other developers in a coalition known as the "Dark Mail Alliance."Levison told AFP he hopes to have a new encrypted email system in testing within a few months and widely available later this year."The goal is to make it ubiquitous, so people don't have to turn it on," he said.But he added that the technical hurdles are formidable, because the more user-friendly the system becomes, "the more susceptible it is to a sophisticated attacker with fake or spoofed key information."Levison said he hopes Dark Mail will become a new open standard that can be adopted by other email services.
  • on Callas, a cryptographer who developed the PGP standard and later co-founded the secure communications firm Silent Circle, cited challenges in making a system that is both secure and ubiquitous."If you are a bank you have to have an email system that complies with banking regulations," Callas told AFP, which could allow, for example, certain emails to be subject to regulatory or court review."Many of the services on the Internet started with zero security. We want to start with a system that is totally secure and let people dial it down."The new email system would complement Silent Circle's existing secure messaging system and encrypted mobile phone, which was launched earlier this year."If we start competing for customers on the basis of maximum privacy, that's good for everybody," Callas said.
  • Paul Merrell on 20 May 14
     
    They're already so swamped that you have to reserve your user name and wait for an invite. They say they have to add servers. Web site is at https://protonmail.ch/ "ProtonMail works on all devices, including desktops, laptops, tablets, and smartphones. It's as simple as visiting our site and logging in. There are no plugins or apps to install - simply use your favorite web browser." "ProtonMail works on all devices, including desktops, laptops, tablets, and smartphones.
Paul Merrell

F.B.I. Director to Call 'Dark' Devices a Hindrance to Crime Solving in a Policy Speech ... - 0 views

www.nytimes.com/...indrance-to-crime-solving.html

surveillance state FBI Comey encryption

shared by Paul Merrell on 16 Oct 14 - No Cached
  • In his first major policy speech as director of the F.B.I., James B. Comey on Thursday plans to wade deeper into the debate between law enforcement agencies and technology companies about new programs intended to protect personal information on communication devices.Mr. Comey will say that encryption technologies used on these devices, like the new iPhone, have become so sophisticated that crimes will go unsolved because law enforcement officers will not be able to get information from them, according to a senior F.B.I. official who provided a preview of the speech.The speech was prompted, in part, by the new encryption technology on the iPhone 6, which was released last month. The phone encrypts emails, photos and contacts, thwarting intelligence and law enforcement agencies, like the National Security Agency and F.B.I., from gaining access to it, even if they have court approval.
  • The F.B.I. has long had concerns about devices “going dark” — when technology becomes so sophisticated that the authorities cannot gain access. But now, Mr. Comey said he believes that the new encryption technology has evolved to the point that it will adversely affect crime solving.He will say in the speech that these new programs will most severely affect state and local law enforcement agencies, because they are the ones who most often investigate crimes like kidnappings and robberies in which getting information from electronic devices in a timely manner is essential to solving the crime.
  • They also do not have the resources that are available to the F.B.I. and other federal intelligence and law enforcement authorities in order to get around the programs.Mr. Comey will cite examples of crimes that the authorities were able to solve because they gained access to a phone.“He is going to call for a discussion on this issue and ask whether this is the path we want to go down,” said the senior F.B.I. official. “He is not going to accuse the companies of designing the technologies to prevent the F.B.I. from accessing them. But, he will say that this is a negative byproduct and we need to work together to fix it.”
  • ...2 more annotations...
  • Mr. Comey is scheduled to give the speech — titled “Going Dark: Are Technology, Privacy and Public Safety on a Collision Course?” — at the Brookings Institution in Washington.
  • In the interview that aired on “60 Minutes” on Sunday, Mr. Comey said that “the notion that we would market devices that would allow someone to place themselves beyond the law troubles me a lot.”He said that it was the equivalent of selling cars with trunks that could never be opened, even with a court order.“The notion that people have devices, again, that with court orders, based on a showing of probable cause in a case involving kidnapping or child exploitation or terrorism, we could never open that phone?” he said. “My sense is that we've gone too far when we've gone there.”
  • Paul Merrell on 16 Oct 14
     
    I'm informed that Comey will also call for legislation outlawing communication by whispering because of technical difficulties in law enforcement monitoring of such communications. 
Paul Merrell

Cell Phone Guide For US Protesters, Updated 2014 Edition | Electronic Frontier Foundation - 0 views

www.eff.org/...rotesters-updated-2014-edition

surveillance state cellphones cellphone-security EFF

shared by Paul Merrell on 28 Aug 14 - No Cached
  • With major protests in the news again, we decided it's time to update our cell phone guide for protestors. A lot has changed since we last published this report in 2011, for better and for worse. On the one hand, we've learned more about the massive volume of law enforcement requests for cell phone—ranging from location information to actual content—and widespread use of dedicated cell phone surveillance technologies. On the other hand, strong Supreme Court opinions have eliminated any ambiguity about the unconstitutionality of warrantless searches of phones incident to arrest, and a growing national consensus says location data, too, is private. Protesters want to be able to communicate, to document the protests, and to share photos and video with the world. So they'll be carrying phones, and they'll face a complex set of considerations about the privacy of the data those phones hold. We hope this guide can help answer some questions about how to best protect that data, and what rights protesters have in the face of police demands.
Paul Merrell

U.S. Says It Spied on 89,000 Targets Last Year, But the Number Is Deceptive | Threat Le... - 0 views

www.wired.com/...foreigners-targeted-for-spying

surveillance-state NSA FBI stats 2013

shared by Paul Merrell on 29 Jun 14 - No Cached
  • About 89,000 foreigners or organizations were targeted for spying under a U.S. surveillance order last year, according to a new transparency report. The report was released for the first time Friday by the Office of the Director of Intelligence, upon order of the president, in the wake of surveillance leaks by NSA whistleblower Edward Snowden. But the report, which covers only surveillance orders issued in 2013, doesn’t tell the whole story about how many individuals the spying targeted or how many Americans were caught in the surveillance that targeted foreigners. Civil liberties groups say the real number is likely “orders of magnitude” larger than this. “Even if it was an honest definition of ‘target’—that is, an individual instead of a group—that also is not encompassing those who are ancillary to a target and are caught up in the dragnet,” says Kurt Opsahl, deputy general counsel of the Electronic Frontier Foundation.
  • The report, remarkably, shows that the government obtained just one order last year under Section 702 of FISA—which allows for bulk collection of data on foreigners—and that this one order covered 89,138 targets. But, as the report notes, “target” can refer to “an individual person, a group, an organization composed of multiple individuals or a foreign power that possesses or is likely to communicate foreign intelligence information.” Furthermore, Section 702 orders are actually certificates issued by the FISA Court that can cover surveillance of an entire facility. And since, as the government points out in its report, the government cannot know how many people use a facility, the figure only “reflects an estimate of the number of known users of particular facilities (sometimes referred to as selectors) subject to intelligence collection under those Certifications,” the report notes.
  • “If you’re actually trying to get a sense of the number of human beings affected or the number of Americans affected, the number of people affected is vastly, vastly larger,” says Julian Sanchez, senior fellow at the Cato Institute. “And how many of those are Americans is impossible to say. But [although] you may not think you are routinely communicating with foreign persons, [this] is not any kind of assurance that your communications are not part of the traffic subject to interception.” Sanchez points out that each individual targeted is likely communicating with dozens or hundred of others, whose communications will be picked up in the surveillance. “And probably a lot of these targets are not individuals but entire web sites or companies. While [a company like the Chinese firm] Huawei might be a target, thousands of emails used by thousands of employees will be swept up.” How many of those employees might be American or communicating with Americans is unknown.
  • ...5 more annotations...
  • Also revealed in today’s report is the number of times the government has queried the controversial phone records database it created by collecting the phone records of every subscriber from U.S. providers. According to the report, the government used 423 “selectors” to search its massive phone records database, which includes records going back to at least 2006 when the program began. A search involves querying a specific phone number or device ID that appears in the database. The government has long maintained that its collection of phone records isn’t a violation of its authority, since it only views the records of specific individuals targeted in an investigation. But such searches, even if targeted at phone numbers used by foreigners, would include calls made to and from Americans as well as calls exchanged with people two or three hops out from the targeted number.
  • In its report, the government indicated that the 423 selectors involved just 248 “known or presumed” Americans whose information was collected by the agency in the database. But Opsahl says that both of these numbers are deceptive given what we know about the database and how it’s been used. “We know it’s affecting millions of people,” he points out. But “then we have estimated numbers of affected people [that are just] in the three digits. That requires some effort [on the government's part] to find a way to do the definition of the number [in such a way] to make it as small as possible.”
  • One additional figure today’s report covers is the number of National Security Letters the government issued last year to businesses to obtain data on accountholders and users—19,212. NSLs are written demands from the FBI that compel internet service providers, credit companies, financial institutions and others to hand over confidential records about their customers, such as subscriber information, phone numbers and e-mail addresses, websites visited, and more. These letters are a powerful tool because they do not require court approval, and they come with a built-in gag order, preventing recipients from disclosing to anyone that they have received an NSL. An FBI agent looking into a possible anti-terrorism case can self-issue an NSL to a credit bureau, ISP, or phone company with only the sign-off of the Special Agent in Charge of their office. The FBI has merely to assert that the information is “relevant” to an investigation into international terrorism or clandestine intelligence activities.
  • The FBI has issued hundreds of thousands of NSLs over the years and has been reprimanded for abusing them. Last year a federal judge ruled that the use of NSLs is unconstitutional, due to the gag order that accompanies them, and ordered the government to stop using them. Her ruling, however, was stayed pending the government’s appeal.
  • According to the government’s report today, the 19,000 NSLs issued last year involved more than 38,000 requests for information.
Paul Merrell

Google Says Website Encryption Will Now Influence Search Rankings - 0 views

techcrunch.com/...-now-influence-search-rankings

surveillance state NSA-reform NSA-blowback Google

shared by Paul Merrell on 08 Aug 14 - No Cached
  • Google will begin using website encryption, or HTTPS, as a ranking signal – a move which should prompt website developers who have dragged their heels on increased security measures, or who debated whether their website was “important” enough to require encryption, to make a change. Initially, HTTPS will only be a lightweight signal, affecting fewer than 1% of global queries, says Google. That means that the new signal won’t carry as much weight as other factors, including the quality of the content, the search giant noted, as Google means to give webmasters time to make the switch to HTTPS. Over time, however, encryption’s effect on search ranking make strengthen, as the company places more importance on website security. Google also promises to publish a series of best practices around TLS (HTTPS, is also known as HTTP over TLS, or Transport Layer Security) so website developers can better understand what they need to do in order to implement the technology and what mistakes they should avoid. These tips will include things like what certificate type is needed, how to use relative URLs for resources on the same secure domain, best practices around allowing for site indexing, and more.
  • In addition, website developers can test their current HTTPS-enabled website using the Qualys Lab tool, says Google, and can direct further questions to Google’s Webmaster Help Forums where the company is already in active discussions with the broader community. The announcement has drawn a lot of feedback from website developers and those in the SEO industry – for instance, Google’s own blog post on the matter, shared in the early morning hours on Thursday, is already nearing 1,000 comments. For the most part, the community seems to support the change, or at least acknowledge that they felt that something like this was in the works and are not surprised. Google itself has been making moves to better securing its own traffic in recent months, which have included encrypting traffic between its own servers. Gmail now always uses an encrypted HTTPS connection which keeps mail from being snooped on as it moves from a consumer’s machine to Google’s data centers.
  • While HTTPS and site encryption have been a best practice in the security community for years, the revelation that the NSA has been tapping the cables, so to speak, to mine user information directly has prompted many technology companies to consider increasing their own security measures, too. Yahoo, for example, also announced in November its plans to encrypt its data center traffic. Now Google is helping to push the rest of the web to do the same.
  • Paul Merrell on 08 Aug 14
     
    The Internet continues to harden in the wake of the NSA revelations. This is a nice nudge by Google.
Gary Edwards

Box, Dropbox rethink future in midst of price war - San Jose Mercury News - 0 views

www.mercurynews.com/...rethink-future-midst-price-war

wordSDK Office-365

shared by Gary Edwards on 12 Sep 14 - No Cached
  • "Right now there is a huge arms race between Apple, Google, Microsoft, and now Amazon has thrown their hat in the ring," said Vineet Jain, co-founder and CEO of Egnyte, a Mountain View company that sells software that allows companies to store data both in the cloud and on premise. "These four guys are capable of making it free or nearly free, and the price points that you're seeing from these vendors such as Box will have to come down, or they will have a shrinking user base. You cannot out-compete Microsoft and Google on price -- you just can't."
  • For Box and Dropbox -- and the investors who have poured millions of dollars into them -- there's a lot of money on the line. In 2013, cloud storage companies raised $1.2 billion from venture capitalists, compared to $427 million in 2010 and $185 million in 2009, according to the Dow Jones. Silicon Valley cloud storage companies accounted for 14 of the top 20 venture-backed deals, with Box leading with more than $350 million in funds raised; Dropbox raised $250 million.
  • "The problem is pricing on storage has just been collapsing," said Randy Chou, CEO and co-founder of Panzura, which sells hardware and software that allows businesses to collaborate on massive documents, and counts Electronic Arts and the U.S. Department of Justice among its customers. "Whatever anyone is paying today, they'll pay half next year, and half the year after that."
  • Gary Edwards on 12 Sep 14
     
    Commentary on the expected Box and Dropbox IPO, which are being delayed. The author explains the delay, but misses the incredibl eimpact Office 365 is having on the mobile Cloud Productivity platform. And this is the platform war of all wars. It is the race to dominate the 3rd Wave of computing. "It wasn't long ago that cloud storage companies such as Box and Dropbox were among the hottest startups in Silicon Valley, blessed with vast amounts of venture capital and poised to go public in blockbuster IPOs. But now, thanks to a price war launched by Google, Amazon and other tech giants, almost anyone with a laptop or tablet can get cloud storage for less than the price of a latte. That means Box and Dropbox, which sell software for businesses and consumers to store and use files on the Internet rather than a machine, are confronting a precarious future: They must figure out how to go head-to-head with the world's most powerful tech companies. The jockeying has forced both startups to rethink their plans to go public -- Box filed for an IPO in March, but has delayed trading, and Dropbox, once poised to be one of the biggest tech IPOs of the year, may not have a public offering in its immediate future."
Paul Merrell

European Lawmakers Demand Answers on Phone Key Theft - The Intercept - 0 views

firstlook.org/...gemalto-heist-shocks-europe

surveillance state Gemalto SIM-card-keys

shared by Paul Merrell on 24 Feb 15 - No Cached
  • European officials are demanding answers and investigations into a joint U.S. and U.K. hack of the world’s largest manufacturer of mobile SIM cards, following a report published by The Intercept Thursday. The report, based on leaked documents provided by NSA whistleblower Edward Snowden, revealed the U.S. spy agency and its British counterpart Government Communications Headquarters, GCHQ, hacked the Franco-Dutch digital security giant Gemalto in a sophisticated heist of encrypted cell-phone keys. The European Parliament’s chief negotiator on the European Union’s data protection law, Jan Philipp Albrecht, said the hack was “obviously based on some illegal activities.” “Member states like the U.K. are frankly not respecting the [law of the] Netherlands and partner states,” Albrecht told the Wall Street Journal. Sophie in ’t Veld, an EU parliamentarian with D66, the Netherlands’ largest opposition party, added, “Year after year we have heard about cowboy practices of secret services, but governments did nothing and kept quiet […] In fact, those very same governments push for ever-more surveillance capabilities, while it remains unclear how effective these practices are.”
  • “If the average IT whizzkid breaks into a company system, he’ll end up behind bars,” In ’t Veld added in a tweet Friday. The EU itself is barred from undertaking such investigations, leaving individual countries responsible for looking into cases that impact their national security matters. “We even get letters from the U.K. government saying we shouldn’t deal with these issues because it’s their own issue of national security,” Albrecht said. Still, lawmakers in the Netherlands are seeking investigations. Gerard Schouw, a Dutch member of parliament, also with the D66 party, has called on Ronald Plasterk, the Dutch minister of the interior, to answer questions before parliament. On Tuesday, the Dutch parliament will debate Schouw’s request. Additionally, European legal experts tell The Intercept, public prosecutors in EU member states that are both party to the Cybercrime Convention, which prohibits computer hacking, and home to Gemalto subsidiaries could pursue investigations into the breach of the company’s systems.
  • According to secret documents from 2010 and 2011, a joint NSA-GCHQ unit penetrated Gemalto’s internal networks and infiltrated the private communications of its employees in order to steal encryption keys, embedded on tiny SIM cards, which are used to protect the privacy of cellphone communications across the world. Gemalto produces some 2 billion SIM cards a year. The company’s clients include AT&T, T-Mobile, Verizon, Sprint and some 450 wireless network providers. “[We] believe we have their entire network,” GCHQ boasted in a leaked slide, referring to the Gemalto heist.
  • ...4 more annotations...
  • While Gemalto was indeed another casualty in Western governments’ sweeping effort to gather as much global intelligence advantage as possible, the leaked documents make clear that the company was specifically targeted. According to the materials published Thursday, GCHQ used a specific codename — DAPINO GAMMA — to refer to the operations against Gemalto. The spies also actively penetrated the email and social media accounts of Gemalto employees across the world in an effort to steal the company’s encryption keys. Evidence of the Gemalto breach rattled the digital security community. “Almost everyone in the world carries cell phones and this is an unprecedented mass attack on the privacy of citizens worldwide,” said Greg Nojeim, senior counsel at the Center for Democracy & Technology, a non-profit that advocates for digital privacy and free online expression. “While there is certainly value in targeted surveillance of cell phone communications, this coordinated subversion of the trusted technical security infrastructure of cell phones means the US and British governments now have easy access to our mobile communications.”
  • For Gemalto, evidence that their vaunted security systems and the privacy of customers had been compromised by the world’s top spy agencies made an immediate financial impact. The company’s shares took a dive on the Paris bourse Friday, falling $500 million. In the U.S., Gemalto’s shares fell as much 10 percent Friday morning. They had recovered somewhat — down 4 percent — by the close of trading on the Euronext stock exchange. Analysts at Dutch financial services company Rabobank speculated in a research note that Gemalto could be forced to recall “a large number” of SIM cards. The French daily L’Express noted today that Gemalto board member Alex Mandl was a founding trustee of the CIA-funded venture capital firm In-Q-Tel. Mandl resigned from In-Q-Tel’s board in 2002, when he was appointed CEO of Gemplus, which later merged with another company to become Gemalto. But the CIA connection still dogged Mandl, with the French press regularly insinuating that American spies could infiltrate the company. In 2003, a group of French lawmakers tried unsuccessfully to create a commission to investigate Gemplus’s ties to the CIA and its implications for the security of SIM cards. Mandl, an Austrian-American businessman who was once a top executive at AT&T, has denied that he had any relationship with the CIA beyond In-Q-Tel. In 2002, he said he did not even have a security clearance.
  • AT&T, T-Mobile and Verizon could not be reached for comment Friday. Sprint declined to comment. Vodafone, the world’s second largest telecom provider by subscribers and a customer of Gemalto, said in a statement, “[W]e have no further details of these allegations which are industrywide in nature and are not focused on any one mobile operator. We will support industry bodies and Gemalto in their investigations.” Deutsche Telekom AG, a German company, said it has changed encryption algorithms in its Gemalto SIM cards. “We currently have no knowledge that this additional protection mechanism has been compromised,” the company said in a statement. “However, we cannot rule out this completely.”
  • Update: Asked about the SIM card heist, White House press secretary Josh Earnest said he did not expect the news would hurt relations with the tech industry: “It’s hard for me to imagine that there are a lot of technology executives that are out there that are in a position of saying that they hope that people who wish harm to this country will be able to use their technology to do so. So, I do think in fact that there are opportunities for the private sector and the federal government to coordinate and to cooperate on these efforts, both to keep the country safe, but also to protect our civil liberties.”
  • Paul Merrell on 24 Feb 15
     
    Watch for massive class action product defect litigation to be filed against the phone companies.and mobile device manufacturers.  In most U.S. jurisdictions, proof that the vendors/manufacturers  knew of the product defect is not required, only proof of the defect. Also, this is a golden opportunity for anyone who wants to get out of a pricey cellphone contract, since providing a compromised cellphone is a material breach of warranty, whether explicit or implied..   
Paul Merrell

FBI Flouts Obama Directive to Limit Gag Orders on National Security Letters - The Inter... - 0 views

firstlook.org/...ders-national-security-letters

surveillance state FBI NSLs litigation 1st Amendment civil-liberties

shared by Paul Merrell on 24 Feb 15 - No Cached
  • Despite the post-Snowden spotlight on mass surveillance, the intelligence community’s easiest end-run around the Fourth Amendment since 2001 has been something called a National Security Letter. FBI agents can demand that an Internet service provider, telephone company or financial institution turn over its records on any number of people — without any judicial review whatsoever — simply by writing a letter that says the information is needed for national security purposes. The FBI at one point was cranking out over 50,000 such letters a year; by the latest count, it still issues about 60 a day. The letters look like this:
  • Recipients are legally required to comply — but it doesn’t stop there. They also aren’t allowed to mention the order to anyone, least of all the person whose data is being searched. Ever. That’s because National Security Letters almost always come with eternal gag orders. Here’s that part:
  • That means the NSL process utterly disregards the First Amendment as well. More than a year ago, President Obama announced that he was ordering the Justice Department to terminate gag orders “within a fixed time unless the government demonstrates a real need for further secrecy.” And on Feb. 3, when the Office of the Director of National Intelligence announced a handful of baby steps resulting from its “comprehensive effort to examine and enhance [its] privacy and civil liberty protections” one of the most concrete was — finally — to cap the gag orders: In response to the President’s new direction, the FBI will now presumptively terminate National Security Letter nondisclosure orders at the earlier of three years after the opening of a fully predicated investigation or the investigation’s close. Continued nondisclosures orders beyond this period are permitted only if a Special Agent in Charge or a Deputy Assistant Director determines that the statutory standards for nondisclosure continue to be satisfied and that the case agent has justified, in writing, why continued nondisclosure is appropriate.
  • ...6 more annotations...
  • Despite the use of the word “now” in that first sentence, however, the FBI has yet to do any such thing. It has not announced any such change, nor explained how it will implement it, or when. Media inquiries were greeted with stalling and, finally, a no comment — ostensibly on advice of legal counsel. “There is pending litigation that deals with a lot of the same questions you’re asking, out of the Ninth Circuit,” FBI spokesman Chris Allen told me. “So for now, we’ll just have to decline to comment.” FBI lawyers are working on a court filing for that case, and “it will address” the new policy, he said. He would not say when to expect it.
  • There is indeed a significant case currently before the federal appeals court in San Francisco. Oral arguments were in October. A decision could come any time. But in that case, the Electronic Frontier Foundation (EFF), which is representing two unnamed communications companies that received NSLs, is calling for the entire NSL statute to be thrown out as unconstitutional — not for a tweak to the gag. And it has a March 2013 district court ruling in its favor. “The gag is a prior restraint under the First Amendment, and prior restraints have to meet an extremely high burden,” said Andrew Crocker, a legal fellow at EFF. That means going to court and meeting the burden of proof — not just signing a letter. Or as the Cato Institute’s Julian Sanchez put it, “To have such a low bar for denying persons or companies the right to speak about government orders they have been served with is anathema. And it is not very good for accountability.”
  • In a separate case, a wide range of media companies (including First Look Media, the non-profit digital media venture that produces The Intercept) are supporting a lawsuit filed by Twitter, demanding the right to say specifically how many NSLs it has received. But simply releasing companies from a gag doesn’t assure the kind of accountability that privacy advocates are saying is required by the Constitution. “What the public has to remember is a NSL is asking for your information, but it’s not asking it from you,” said Michael German, a former FBI agent who is now a fellow with the Brennan Center for Justice. “The vast majority of these things go to the very large telecommunications and financial companies who have a large stake in maintaining a good relationship with the government because they’re heavily regulated entities.”
  • So, German said, “the number of NSLs that would be exposed as a result of the release of the gag order is probably very few. The person whose records are being obtained is the one who should receive some notification.” A time limit on gags going forward also raises the question of whether past gag orders will now be withdrawn. “Obviously there are at this point literally hundreds of thousands of National Security Letters that are more than three years old,” said Sanchez. Individual review is therefore unlikely, but there ought to be some recourse, he said. And the further back you go, “it becomes increasingly implausible that a significant percentage of those are going to entail some dire national security risk.” The NSL program has a troubled history. The absolute secrecy of the program and resulting lack of accountability led to systemic abuse as documented by repeated inspector-general investigations, including improperly authorized NSLs, factual misstatements in the NSLs, improper requests under NSL statutes, requests for information based on First Amendment protected activity, “after-the-fact” blanket NSLs to “cover” illegal requests, and hundreds of NSLs for “community of interest” or “calling circle” information without any determination that the telephone numbers were relevant to authorized national security investigations.
  • Obama’s own hand-selected “Review Group on Intelligence and Communications Technologies” recommended in December 2013 that NSLs should only be issued after judicial review — just like warrants — and that any gag should end within 180 days barring judicial re-approval. But FBI director James Comey objected to the idea, calling NSLs “a very important tool that is essential to the work we do.” His argument evidently prevailed with Obama.
  • NSLs have managed to stay largely under the American public’s radar. But, Crocker says, “pretty much every time I bring it up and give the thumbnail, people are shocked. Then you go into how many are issued every year, and they go crazy.” Want to send me your old NSL and see if we can set a new precedent? Here’s how to reach me. And here’s how to leak to me.
Paul Merrell

Information Warfare: Automated Propaganda and Social Media Bots | Global Research - 0 views

www.globalresearch.ca/...5438304

automated-propaganda social-media-bots

shared by Paul Merrell on 25 Mar 15 - No Cached
  • NATO has announced that it is launching an “information war” against Russia. The UK publicly announced a battalion of keyboard warriors to spread disinformation. It’s well-documented that the West has long used false propaganda to sway public opinion. Western military and intelligence services manipulate social media to counter criticism of Western policies. Such manipulation includes flooding social media with comments supporting the government and large corporations, using armies of sock puppets, i.e. fake social media identities. See this, this, this, this and this. In 2013, the American Congress repealed the formal ban against the deployment of propaganda against U.S. citizens living on American soil. So there’s even less to constrain propaganda than before.
  • Information warfare for propaganda purposes also includes: The Pentagon, Federal Reserve and other government entities using software to track discussion of political issues … to try to nip dissent in the bud before it goes viral “Controlling, infiltrating, manipulating and warping” online discourse Use of artificial intelligence programs to try to predict how people will react to propaganda
  • Some of the propaganda is spread by software programs. We pointed out 6 years ago that people were writing scripts to censor hard-hitting information from social media. One of America’s top cyber-propagandists – former high-level military information officer Joel Harding – wrote in December: I was in a discussion today about information being used in social media as a possible weapon.  The people I was talking with have a tool which scrapes social media sites, gauges their sentiment and gives the user the opportunity to automatically generate a persuasive response. Their tool is called a “Social Networking Influence Engine”. *** The implications seem to be profound for the information environment. *** The people who own this tool are in the civilian world and don’t even remotely touch the defense sector, so getting approval from the US Department of State might not even occur to them.
  • ...2 more annotations...
  • How Can This Real? Gizmodo reported in 2010: Software developer Nigel Leck got tired rehashing the same 140-character arguments against climate change deniers, so he programmed a bot that does the work for him. With citations! Leck’s bot, @AI_AGW, doesn’t just respond to arguments directed at Leck himself, it goes out and picks fights. Every five minutes it trawls Twitter for terms and phrases that commonly crop up in Tweets that refute human-caused climate change. It then searches its database of hundreds to find a counter-argument best suited for that tweet—usually a quick statement and a link to a scientific source. As can be the case with these sorts of things, many of the deniers don’t know they’ve been targeted by a robot and engage AI_AGW in debate. The bot will continue to fire back canned responses that best fit the interlocutor’s line of debate—Leck says this goes on for days, in some cases—and the bot’s been outfitted with a number of responses on the topic of religion, where the arguments unsurprisingly often end up. Technology has come a long way in the past 5 years. So if a lone programmer could do this 5 years ago, imagine what he could do now. And the big players have a lot more resources at their disposal than a lone climate activist/software developer does.  For example, a government expert told the Washington Post that the government “quite literally can watch your ideas form as you type” (and see this).  So if the lone programmer is doing it, it’s not unreasonable to assume that the big boys are widely doing it.
  • How Effective Are Automated Comments? Unfortunately, this is more effective than you might assume … Specifically, scientists have shown that name-calling and swearing breaks down people’s ability to think rationally … and intentionally sowing discord and posting junk comments to push down insightful comments  are common propaganda techniques. Indeed, an automated program need not even be that sophisticated … it can copy a couple of words from the main post or a comment, and then spew back one or more radioactive labels such as “terrorist”, “commie”, “Russia-lover”, “wimp”, “fascist”, “loser”, “traitor”, “conspiratard”, etc. Given that Harding and his compadres consider anyone who questions any U.S. policies as an enemy of the state  – as does the Obama administration (and see this) – many honest, patriotic writers and commenters may be targeted for automated propaganda comments.
Gonzalo San Gil, PhD.

The Linux desktop battle (and why it matters) - TechRepublic - 2 views

www.techrepublic.com/...ktop-battle-and-why-it-matters

linux desktop battle party why IT matters strong community despite proprietary press pamphlets

shared by Gonzalo San Gil, PhD. on 30 Mar 15 - No Cached
  • Gonzalo San Gil, PhD. on 30 Mar 15
     
    Jack Wallen ponders the problem with the ever-lagging acceptance of the Linux desktop and poses a radical solution.
  • Gonzalo San Gil, PhD. on 30 Mar 15
     
    "Jack Wallen ponders the problem with the ever-lagging acceptance of the Linux desktop and poses a radical solution. Linux desktop I have been using Ubuntu Unity for a very long time. In fact, I would say that this is, by far, the longest I've stuck with a single desktop interface. Period. That doesn't mean I don't stop to smell the desktop roses along the Linux path. In fact, I've often considered other desktops as a drop-in replacement for Unity. GNOME and Budgie have vied for my attention of late. Both are solid takes on the desktop that offer a minimalistic, modern look and feel (something I prefer) and help me get my work done with an efficiency other desktops can't match. What I see across the Linux landscape, however, often takes me by surprise. While Microsoft and Apple continue to push the idea of the user interface forward, a good amount of the Linux community seems bent on holding us in a perpetual state of "90s computing." Consider Xfce, Mate, and Cinnamon -- three very popular Linux desktop interfaces that work with one very common thread... not changing for the sake of change. Now, this can be considered a very admirable cause when it's put in place to ensure that user experience (UX) is as positive as possible. What this idea does, however, is deny the idea that change can affect an even more efficient and positive UX. When I spin up a distribution that makes use of Xfce, Mate, or Cinnamon, I find the environments work well and get the job done. At the same time, I feel as if the design of the desktops is trapped in the wrong era. At this point, you're certainly questioning the validity and path of this post. If the desktops work well and help you get the job done, what's wrong? It's all about perception. Let me offer you up a bit of perspective. The only reason Apple managed to rise from the ashes and become one of the single most powerful forces in technology is because they understood the concept of perception. They re-invented th
  • Gonzalo San Gil, PhD. on 30 Mar 15
     
    Jack Wallen ponders the problem with the ever-lagging acceptance of the Linux desktop and poses a radical solution.
Paul Merrell

Section 215 and "Fruitless" (?!?) Constitutional Adjudication | Just Security - 0 views

www.justsecurity.org/...ss-constitutional-adjudication

surveillance state 215 ACLU Clapper litigation 2nd-Circuit constitutional law

shared by Paul Merrell on 02 Nov 15 - No Cached
  • This morning, the Second Circuit issued a follow-on ruling to its May decision in ACLU v. Clapper (which had held that the NSA’s bulk telephone records program was unlawful insofar as it had not properly been authorized by Congress). In a nutshell, today’s ruling rejects the ACLU’s request for an injunction against the continued operation of the program for the duration of the 180-day transitional period (which ends on November 29) from the old program to the quite different collection regime authorized by the USA Freedom Act. As the Second Circuit (in my view, quite correctly) concluded, “Regardless of whether the bulk telephone metadata program was illegal prior to May, as we have held, and whether it would be illegal after November 29, as Congress has now explicitly provided, it is clear that Congress intended to authorize it during the transitionary period.” So far, so good. But remember that the ACLU’s challenge to bulk collection was mounted on both statutory and constitutional grounds, the latter of which the Second Circuit was able to avoid in its earlier ruling because of its conclusion that, prior to the enactment of the USA Freedom Act, bulk collection was unauthorized by Congress. Now that it has held that it is authorized during the transitional period, that therefore tees up, quite unavoidably, whether bulk collection violates the Fourth Amendment. But rather than decide that (momentous) question, the Second Circuit ducked:
  • We agree with the government that we ought not meddle with Congress’s considered decision regarding the transition away from bulk telephone metadata collection, and also find that addressing these issues at this time would not be a prudent use of judicial authority. We need not, and should not, decide such momentous constitutional issues based on a request for such narrow and temporary relief. To do so would take more time than the brief transition period remaining for the telephone metadata program, at which point, any ruling on the constitutionality of the demised program would be fruitless. In other words, because any constitutional violation is short-lived, and because it results from the “considered decision” of Congress, it would be fruitless to actually resolve the constitutionality of bulk collection during the transitional period.
  • Hopefully, it won’t take a lot of convincing for folks to understand just how wrong-headed this is. For starters, if the plaintiffs are correct, they are currently being subjected to unconstitutional government surveillance for which they are entitled to a remedy. The fact that this surveillance has a limited shelf-life (and/or that Congress was complicit in it) doesn’t in any way ameliorate the constitutional violation — which is exactly why the Supreme Court has, for generations, recognized an exception to mootness doctrine for constitutional violations that, owing to their short duration, are “capable of repetition, yet evading review.” Indeed, in this very same opinion, the Second Circuit first held that the ACLU’s challenge isn’t moot, only to then invokes mootness-like principles to justify not resolving the constitutional claim. It can’t be both; either the constitutional challenge is moot, or it isn’t. But more generally, the notion that constitutional adjudication of a claim with a short shelf-life is “fruitless” utterly misses the significance of the establishment of forward-looking judicial precedent, especially in a day and age in which courts are allowed to (and routinely do) avoid resolving the merits of constitutional claims in cases in which the relevant precedent is not “clearly established.” Maybe, if this were the kind of constitutional question that was unlikely to recur, there’d be more to the Second Circuit’s avoidance of the issue in this case. But whether and to what extent the Fourth Amendment applies to information we voluntarily provide to third parties is hardly that kind of question, and the Second Circuit’s unconvincing refusal to answer that question in a context in which it is quite squarely presented is nothing short of feckless.
Paul Merrell

NSA Director Finally Admits Encryption Is Needed to Protect Public's Privacy - 0 views

www.mintpressnews.com/...213028

surveillance state encryption NSA Comey

shared by Paul Merrell on 25 Jan 16 - No Cached
  • NSA Director Finally Admits Encryption Is Needed to Protect Public’s Privacy The new stance denotes a growing awareness within the government that Americans are not comfortable with the State’s grip on their data. By Carey Wedler | AntiMedia | January 22, 2016 Share this article! https://mail.google.com/mail/?view=cm&fs=1&to&su=NSA%20Director%20Finally%20Admits%20Encryption%20Is%20Needed%20to%20Protect%20Public%E2%80%99s%20Privacy&body=http%3A%2F%2Fwww.mintpress
  • Rogers cited the recent Office of Personnel Management hack of over 20 million users as a reason to increase encryption rather than scale it back. “What you saw at OPM, you’re going to see a whole lot more of,” he said, referring to the massive hack that compromised the personal data about 20 million people who obtained background checks. Rogers’ comments, while forward-thinking, signify an about face in his stance on encryption. In February 2015, he said he “shares [FBI] Director [James] Comey’s concern” about cell phone companies’ decision to add encryption features to their products. Comey has been one loudest critics of encryption. However, Rogers’ comments on Thursday now directly conflict with Comey’s stated position. The FBI director has publicly chastised encryption, as well as the companies that provide it. In 2014, he claimed Apple’s then-new encryption feature could lead the world to “a very dark place.” At a Department of Justice hearing in November, Comey testified that “Increasingly, the shadow that is ‘going dark’ is falling across more and more of our work.” Though he claimed, “We support encryption,” he insisted “we have a problem that encryption is crashing into public safety and we have to figure out, as people who care about both, to resolve it. So, I think the conversation’s in a healthier place.”
  • At the same hearing, Comey and Attorney General Loretta Lynch declined to comment on whether they had proof the Paris attackers used encryption. Even so, Comey recently lobbied for tech companies to do away with end-to-end encryption. However, his crusade has fallen on unsympathetic ears, both from the private companies he seeks to control — and from the NSA. Prior to Rogers’ statements in support of encryption Thursday, former NSA chief Michael Hayden said, “I disagree with Jim Comey. I actually think end-to-end encryption is good for America.” Still another former NSA chair has criticized calls for backdoor access to information. In October, Mike McConnell told a panel at an encryption summit that the United States is “better served by stronger encryption, rather than baking in weaker encryption.” Former Department of Homeland Security chief, Michael Chertoff, has also spoken out against government being able to bypass encryption.
  • ...2 more annotations...
  • Regardless of these individual defenses of encryption, the Intercept explained why these statements may be irrelevant: “Left unsaid is the fact that the FBI and NSA have the ability to circumvent encryption and get to the content too — by hacking. Hacking allows law enforcement to plant malicious code on someone’s computer in order to gain access to the photos, messages, and text before they were ever encrypted in the first place, and after they’ve been decrypted. The NSA has an entire team of advanced hackers, possibly as many as 600, camped out at Fort Meade.”
  • Rogers statements, of course, are not a full-fledged endorsement of privacy, nor can the NSA be expected to make it a priority. Even so, his new stance denotes a growing awareness within the government that Americans are not comfortable with the State’s grip on their data. “So spending time arguing about ‘hey, encryption is bad and we ought to do away with it’ … that’s a waste of time to me,” Rogers said Thursday. “So what we’ve got to ask ourselves is, with that foundation, what’s the best way for us to deal with it? And how do we meet those very legitimate concerns from multiple perspectives?”
Paul Merrell

From Radio to Porn, British Spies Track Web Users' Online Identities - 1 views

theintercept.com/...ck-web-users-online-identities

surveillance state GCHQ Black-Hole

shared by Paul Merrell on 27 Sep 15 - No Cached
  • HERE WAS A SIMPLE AIM at the heart of the top-secret program: Record the website browsing habits of “every visible user on the Internet.” Before long, billions of digital records about ordinary people’s online activities were being stored every day. Among them were details cataloging visits to porn, social media and news websites, search engines, chat forums, and blogs. The mass surveillance operation — code-named KARMA POLICE — was launched by British spies about seven years ago without any public debate or scrutiny. It was just one part of a giant global Internet spying apparatus built by the United Kingdom’s electronic eavesdropping agency, Government Communications Headquarters, or GCHQ. The revelations about the scope of the British agency’s surveillance are contained in documents obtained by The Intercept from National Security Agency whistleblower Edward Snowden. Previous reports based on the leaked files have exposed how GCHQ taps into Internet cables to monitor communications on a vast scale, but many details about what happens to the data after it has been vacuumed up have remained unclear.
  • Amid a renewed push from the U.K. government for more surveillance powers, more than two dozen documents being disclosed today by The Intercept reveal for the first time several major strands of GCHQ’s existing electronic eavesdropping capabilities.
  • The surveillance is underpinned by an opaque legal regime that has authorized GCHQ to sift through huge archives of metadata about the private phone calls, emails and Internet browsing logs of Brits, Americans, and any other citizens — all without a court order or judicial warrant
  • ...17 more annotations...
  • A huge volume of the Internet data GCHQ collects flows directly into a massive repository named Black Hole, which is at the core of the agency’s online spying operations, storing raw logs of intercepted material before it has been subject to analysis. Black Hole contains data collected by GCHQ as part of bulk “unselected” surveillance, meaning it is not focused on particular “selected” targets and instead includes troves of data indiscriminately swept up about ordinary people’s online activities. Between August 2007 and March 2009, GCHQ documents say that Black Hole was used to store more than 1.1 trillion “events” — a term the agency uses to refer to metadata records — with about 10 billion new entries added every day. As of March 2009, the largest slice of data Black Hole held — 41 percent — was about people’s Internet browsing histories. The rest included a combination of email and instant messenger records, details about search engine queries, information about social media activity, logs related to hacking operations, and data on people’s use of tools to browse the Internet anonymously.
  • Throughout this period, as smartphone sales started to boom, the frequency of people’s Internet use was steadily increasing. In tandem, British spies were working frantically to bolster their spying capabilities, with plans afoot to expand the size of Black Hole and other repositories to handle an avalanche of new data. By 2010, according to the documents, GCHQ was logging 30 billion metadata records per day. By 2012, collection had increased to 50 billion per day, and work was underway to double capacity to 100 billion. The agency was developing “unprecedented” techniques to perform what it called “population-scale” data mining, monitoring all communications across entire countries in an effort to detect patterns or behaviors deemed suspicious. It was creating what it said would be, by 2013, “the world’s biggest” surveillance engine “to run cyber operations and to access better, more valued data for customers to make a real world difference.”
  • A document from the GCHQ target analysis center (GTAC) shows the Black Hole repository’s structure.
  • The data is searched by GCHQ analysts in a hunt for behavior online that could be connected to terrorism or other criminal activity. But it has also served a broader and more controversial purpose — helping the agency hack into European companies’ computer networks. In the lead up to its secret mission targeting Netherlands-based Gemalto, the largest SIM card manufacturer in the world, GCHQ used MUTANT BROTH in an effort to identify the company’s employees so it could hack into their computers. The system helped the agency analyze intercepted Facebook cookies it believed were associated with Gemalto staff located at offices in France and Poland. GCHQ later successfully infiltrated Gemalto’s internal networks, stealing encryption keys produced by the company that protect the privacy of cell phone communications.
  • Similarly, MUTANT BROTH proved integral to GCHQ’s hack of Belgian telecommunications provider Belgacom. The agency entered IP addresses associated with Belgacom into MUTANT BROTH to uncover information about the company’s employees. Cookies associated with the IPs revealed the Google, Yahoo, and LinkedIn accounts of three Belgacom engineers, whose computers were then targeted by the agency and infected with malware. The hacking operation resulted in GCHQ gaining deep access into the most sensitive parts of Belgacom’s internal systems, granting British spies the ability to intercept communications passing through the company’s networks.
  • In March, a U.K. parliamentary committee published the findings of an 18-month review of GCHQ’s operations and called for an overhaul of the laws that regulate the spying. The committee raised concerns about the agency gathering what it described as “bulk personal datasets” being held about “a wide range of people.” However, it censored the section of the report describing what these “datasets” contained, despite acknowledging that they “may be highly intrusive.” The Snowden documents shine light on some of the core GCHQ bulk data-gathering programs that the committee was likely referring to — pulling back the veil of secrecy that has shielded some of the agency’s most controversial surveillance operations from public scrutiny. KARMA POLICE and MUTANT BROTH are among the key bulk collection systems. But they do not operate in isolation — and the scope of GCHQ’s spying extends far beyond them.
  • The agency operates a bewildering array of other eavesdropping systems, each serving its own specific purpose and designated a unique code name, such as: SOCIAL ANTHROPOID, which is used to analyze metadata on emails, instant messenger chats, social media connections and conversations, plus “telephony” metadata about phone calls, cell phone locations, text and multimedia messages; MEMORY HOLE, which logs queries entered into search engines and associates each search with an IP address; MARBLED GECKO, which sifts through details about searches people have entered into Google Maps and Google Earth; and INFINITE MONKEYS, which analyzes data about the usage of online bulletin boards and forums. GCHQ has other programs that it uses to analyze the content of intercepted communications, such as the full written body of emails and the audio of phone calls. One of the most important content collection capabilities is TEMPORA, which mines vast amounts of emails, instant messages, voice calls and other communications and makes them accessible through a Google-style search tool named XKEYSCORE.
  • As of September 2012, TEMPORA was collecting “more than 40 billion pieces of content a day” and it was being used to spy on people across Europe, the Middle East, and North Africa, according to a top-secret memo outlining the scope of the program. The existence of TEMPORA was first revealed by The Guardian in June 2013. To analyze all of the communications it intercepts and to build a profile of the individuals it is monitoring, GCHQ uses a variety of different tools that can pull together all of the relevant information and make it accessible through a single interface. SAMUEL PEPYS is one such tool, built by the British spies to analyze both the content and metadata of emails, browsing sessions, and instant messages as they are being intercepted in real time. One screenshot of SAMUEL PEPYS in action shows the agency using it to monitor an individual in Sweden who visited a page about GCHQ on the U.S.-based anti-secrecy website Cryptome.
  • Partly due to the U.K.’s geographic location — situated between the United States and the western edge of continental Europe — a large amount of the world’s Internet traffic passes through its territory across international data cables. In 2010, GCHQ noted that what amounted to “25 percent of all Internet traffic” was transiting the U.K. through some 1,600 different cables. The agency said that it could “survey the majority of the 1,600” and “select the most valuable to switch into our processing systems.”
  • According to Joss Wright, a research fellow at the University of Oxford’s Internet Institute, tapping into the cables allows GCHQ to monitor a large portion of foreign communications. But the cables also transport masses of wholly domestic British emails and online chats, because when anyone in the U.K. sends an email or visits a website, their computer will routinely send and receive data from servers that are located overseas. “I could send a message from my computer here [in England] to my wife’s computer in the next room and on its way it could go through the U.S., France, and other countries,” Wright says. “That’s just the way the Internet is designed.” In other words, Wright adds, that means “a lot” of British data and communications transit across international cables daily, and are liable to be swept into GCHQ’s databases.
  • A map from a classified GCHQ presentation about intercepting communications from undersea cables. GCHQ is authorized to conduct dragnet surveillance of the international data cables through so-called external warrants that are signed off by a government minister. The external warrants permit the agency to monitor communications in foreign countries as well as British citizens’ international calls and emails — for example, a call from Islamabad to London. They prohibit GCHQ from reading or listening to the content of “internal” U.K. to U.K. emails and phone calls, which are supposed to be filtered out from GCHQ’s systems if they are inadvertently intercepted unless additional authorization is granted to scrutinize them. However, the same rules do not apply to metadata. A little-known loophole in the law allows GCHQ to use external warrants to collect and analyze bulk metadata about the emails, phone calls, and Internet browsing activities of British people, citizens of closely allied countries, and others, regardless of whether the data is derived from domestic U.K. to U.K. communications and browsing sessions or otherwise. In March, the existence of this loophole was quietly acknowledged by the U.K. parliamentary committee’s surveillance review, which stated in a section of its report that “special protection and additional safeguards” did not apply to metadata swept up using external warrants and that domestic British metadata could therefore be lawfully “returned as a result of searches” conducted by GCHQ.
  • Perhaps unsurprisingly, GCHQ appears to have readily exploited this obscure legal technicality. Secret policy guidance papers issued to the agency’s analysts instruct them that they can sift through huge troves of indiscriminately collected metadata records to spy on anyone regardless of their nationality. The guidance makes clear that there is no exemption or extra privacy protection for British people or citizens from countries that are members of the Five Eyes, a surveillance alliance that the U.K. is part of alongside the U.S., Canada, Australia, and New Zealand. “If you are searching a purely Events only database such as MUTANT BROTH, the issue of location does not occur,” states one internal GCHQ policy document, which is marked with a “last modified” date of July 2012. The document adds that analysts are free to search the databases for British metadata “without further authorization” by inputing a U.K. “selector,” meaning a unique identifier such as a person’s email or IP address, username, or phone number. Authorization is “not needed for individuals in the U.K.,” another GCHQ document explains, because metadata has been judged “less intrusive than communications content.” All the spies are required to do to mine the metadata troves is write a short “justification” or “reason” for each search they conduct and then click a button on their computer screen.
  • Intelligence GCHQ collects on British persons of interest is shared with domestic security agency MI5, which usually takes the lead on spying operations within the U.K. MI5 conducts its own extensive domestic surveillance as part of a program called DIGINT (digital intelligence).
  • GCHQ’s documents suggest that it typically retains metadata for periods of between 30 days to six months. It stores the content of communications for a shorter period of time, varying between three to 30 days. The retention periods can be extended if deemed necessary for “cyber defense.” One secret policy paper dated from January 2010 lists the wide range of information the agency classes as metadata — including location data that could be used to track your movements, your email, instant messenger, and social networking “buddy lists,” logs showing who you have communicated with by phone or email, the passwords you use to access “communications services” (such as an email account), and information about websites you have viewed.
  • Records showing the full website addresses you have visited — for instance, www.gchq.gov.uk/what_we_do — are treated as content. But the first part of an address you have visited — for instance, www.gchq.gov.uk — is treated as metadata. In isolation, a single metadata record of a phone call, email, or website visit may not reveal much about a person’s private life, according to Ethan Zuckerman, director of Massachusetts Institute of Technology’s Center for Civic Media. But if accumulated and analyzed over a period of weeks or months, these details would be “extremely personal,” he told The Intercept, because they could reveal a person’s movements, habits, religious beliefs, political views, relationships, and even sexual preferences. For Zuckerman, who has studied the social and political ramifications of surveillance, the most concerning aspect of large-scale government data collection is that it can be “corrosive towards democracy” — leading to a chilling effect on freedom of expression and communication. “Once we know there’s a reasonable chance that we are being watched in one fashion or another it’s hard for that not to have a ‘panopticon effect,’” he said, “where we think and behave differently based on the assumption that people may be watching and paying attention to what we are doing.”
  • When compared to surveillance rules in place in the U.S., GCHQ notes in one document that the U.K. has “a light oversight regime.” The more lax British spying regulations are reflected in secret internal rules that highlight greater restrictions on how NSA databases can be accessed. The NSA’s troves can be searched for data on British citizens, one document states, but they cannot be mined for information about Americans or other citizens from countries in the Five Eyes alliance. No such constraints are placed on GCHQ’s own databases, which can be sifted for records on the phone calls, emails, and Internet usage of Brits, Americans, and citizens from any other country. The scope of GCHQ’s surveillance powers explain in part why Snowden told The Guardian in June 2013 that U.K. surveillance is “worse than the U.S.” In an interview with Der Spiegel in July 2013, Snowden added that British Internet cables were “radioactive” and joked: “Even the Queen’s selfies to the pool boy get logged.”
  • In recent years, the biggest barrier to GCHQ’s mass collection of data does not appear to have come in the form of legal or policy restrictions. Rather, it is the increased use of encryption technology that protects the privacy of communications that has posed the biggest potential hindrance to the agency’s activities. “The spread of encryption … threatens our ability to do effective target discovery/development,” says a top-secret report co-authored by an official from the British agency and an NSA employee in 2011. “Pertinent metadata events will be locked within the encrypted channels and difficult, if not impossible, to prise out,” the report says, adding that the agencies were working on a plan that would “(hopefully) allow our Internet Exploitation strategy to prevail.”
« First ‹ Previous 101 - 120 of 125 Next ›
Showing 20 items per page