Skip to main content

Home/ Future of the Web/ Group items tagged messages

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
Paul Merrell

US pushing local cops to stay mum on surveillance - Yahoo News - 0 views

news.yahoo.com/;_ylt=AwrBJR4e65lTwmEAb7zQtDMD

surveillance state location-data public-records-acts litigation stingrays

shared by Paul Merrell on 13 Jun 14 - No Cached
  • WASHINGTON (AP) -- The Obama administration has been quietly advising local police not to disclose details about surveillance technology they are using to sweep up basic cellphone data from entire neighborhoods, The Associated Press has learned. Citing security reasons, the U.S. has intervened in routine state public records cases and criminal trials regarding use of the technology. This has resulted in police departments withholding materials or heavily censoring documents in rare instances when they disclose any about the purchase and use of such powerful surveillance equipment. Federal involvement in local open records proceedings is unusual. It comes at a time when President Barack Obama has said he welcomes a debate on government surveillance and called for more transparency about spying in the wake of disclosures about classified federal surveillance programs.
  • One well-known type of this surveillance equipment is known as a Stingray, an innovative way for law enforcement to track cellphones used by suspects and gather evidence. The equipment tricks cellphones into identifying some of their owners' account information, like a unique subscriber number, and transmitting data to police as if it were a phone company's tower. That allows police to obtain cellphone information without having to ask for help from service providers, such as Verizon or AT&T, and can locate a phone without the user even making a call or sending a text message. But without more details about how the technology works and under what circumstances it's used, it's unclear whether the technology might violate a person's constitutional rights or whether it's a good investment of taxpayer dollars. Interviews, court records and public-records requests show the Obama administration is asking agencies to withhold common information about the equipment, such as how the technology is used and how to turn it on. That pushback has come in the form of FBI affidavits and consultation in local criminal cases.
  • "These extreme secrecy efforts are in relation to very controversial, local government surveillance practices using highly invasive technology," said Nathan Freed Wessler, a staff attorney with the American Civil Liberties Union, which has fought for the release of these types of records. "If public participation means anything, people should have the facts about what the government is doing to them." Harris Corp., a key manufacturer of this equipment, built a secrecy element into its authorization agreement with the Federal Communications Commission in 2011. That authorization has an unusual requirement: that local law enforcement "coordinate with the FBI the acquisition and use of the equipment." Companies like Harris need FCC authorization in order to sell wireless equipment that could interfere with radio frequencies. A spokesman from Harris Corp. said the company will not discuss its products for the Defense Department and law enforcement agencies, although public filings showed government sales of communications systems such as the Stingray accounted for nearly one-third of its $5 billion in revenue. "As a government contractor, our solutions are regulated and their use is restricted," spokesman Jim Burke said.
  • ...4 more annotations...
  • Local police agencies have been denying access to records about this surveillance equipment under state public records laws. Agencies in San Diego, Chicago and Oakland County, Michigan, for instance, declined to tell the AP what devices they purchased, how much they cost and with whom they shared information. San Diego police released a heavily censored purchasing document. Oakland officials said police-secrecy exemptions and attorney-client privilege keep their hands tied. It was unclear whether the Obama administration interfered in the AP requests. "It's troubling to think the FBI can just trump the state's open records law," said Ginger McCall, director of the open government project at the Electronic Privacy Information Center. McCall suspects the surveillance would not pass constitutional muster. "The vast amount of information it sweeps in is totally irrelevant to the investigation," she said.
  • A court case challenging the public release of information from the Tucson Police Department includes an affidavit from an FBI special agent, Bradley Morrison, who said the disclosure would "result in the FBI's inability to protect the public from terrorism and other criminal activity because through public disclosures, this technology has been rendered essentially useless for future investigations." Morrison said revealing any information about the technology would violate a federal homeland security law about information-sharing and arms-control laws — legal arguments that that outside lawyers and transparency experts said are specious and don't comport with court cases on the U.S. Freedom of Information Act. The FBI did not answer questions about its role in states' open records proceedings.
  • But a former Justice Department official said the federal government should be making this argument in federal court, not a state level where different public records laws apply. "The federal government appears to be attempting to assert a federal interest in the information being sought, but it's going about it the wrong way," said Dan Metcalfe, the former director of the Justice Department's office of information and privacy. Currently Metcalfe is the executive director of American University's law school Collaboration on Government Secrecy project. A criminal case in Tallahassee cites the same homeland security laws in Morrison's affidavit, court records show, and prosecutors told the court they consulted with the FBI to keep portions of a transcript sealed. That transcript, released earlier this month, revealed that Stingrays "force" cellphones to register their location and identifying information with the police device and enables officers to track calls whenever the phone is on.
  • One law enforcement official familiar with the Tucson lawsuit, who spoke on condition of anonymity because the official was not authorized to speak about internal discussions, said federal lawyers told Tucson police they couldn't hand over a PowerPoint presentation made by local officers about how to operate the Stingray device. Federal officials forwarded Morrison's affidavit for use in the Tucson police department's reply to the lawsuit, rather than requesting the case be moved to federal court. In Sarasota, Florida, the U.S. Marshals Service confiscated local records on the use of the surveillance equipment, removing the documents from the reach of Florida's expansive open-records law after the ACLU asked under Florida law to see the documents. The ACLU has asked a judge to intervene. The Marshals Service said it deputized the officer as a federal agent and therefore the records weren't accessible under Florida law.
  • Paul Merrell on 13 Jun 14
     
    The Florida case is particularly interesting because Florida is within the jurisdiction of the U.S. Eleventh Circuit Court of Appeals, which has just ruled that law enforcement must obtain a search warrant from a court before using equipment to determine a cell phone's location.  
Paul Merrell

Profiled From Radio to Porn, British Spies Track Web Users' Online Identities | Global ... - 0 views

www.globalresearch.ca/...5478246

surveillance state GCHQ Black-Hole Karma-Police

shared by Paul Merrell on 27 Sep 15 - No Cached
  • One system builds profiles showing people’s web browsing histories. Another analyzes instant messenger communications, emails, Skype calls, text messages, cell phone locations, and social media interactions. Separate programs were built to keep tabs on “suspicious” Google searches and usage of Google Maps. The surveillance is underpinned by an opaque legal regime that has authorized GCHQ to sift through huge archives of metadata about the private phone calls, emails and Internet browsing logs of Brits, Americans, and any other citizens  all without a court order or judicial warrant.
  • The power of KARMA POLICE was illustrated in 2009, when GCHQ launched a top-secret operation to collect intelligence about people using the Internet to listen to radio shows. The agency used a sample of nearly 7 million metadata records, gathered over a period of three months, to observe the listening habits of more than 200,000 people across 185 countries, including the U.S., the U.K., Ireland, Canada, Mexico, Spain, the Netherlands, France, and Germany.
  • GCHQ’s documents indicate that the plans for KARMA POLICE were drawn up between 2007 and 2008. The system was designed to provide the agency with “either (a) a web browsing profile for every visible user on the Internet, or (b) a user profile for every visible website on the Internet.” The origin of the surveillance system’s name is not discussed in the documents. But KARMA POLICE is also the name of a popular song released in 1997 by the Grammy Award-winning British band Radiohead, suggesting the spies may have been fans. A verse repeated throughout the hit song includes the lyric, “This is what you’ll get, when you mess with us.”
  • ...3 more annotations...
  • GCHQ vacuums up the website browsing histories using “probes” that tap into the international fiber-optic cables that transport Internet traffic across the world. A huge volume of the Internet data GCHQ collects flows directly into a massive repository named Black Hole, which is at the core of the agency’s online spying operations, storing raw logs of intercepted material before it has been subject to analysis. Black Hole contains data collected by GCHQ as part of bulk “unselected” surveillance, meaning it is not focused on particular “selected” targets and instead includes troves of data indiscriminately swept up about ordinary people’s online activities. Between August 2007 and March 2009, GCHQ documents say that Black Hole was used to store more than 1.1 trillion “events”  a term the agency uses to refer to metadata records  with about 10 billion new entries added every day. As of March 2009, the largest slice of data Black Hole held  41 percent  was about people’s Internet browsing histories. The rest included a combination of email and instant messenger records, details about search engine queries, information about social media activity, logs related to hacking operations, and data on people’s use of tools to browse the Internet anonymously.
  • Throughout this period, as smartphone sales started to boom, the frequency of people’s Internet use was steadily increasing. In tandem, British spies were working frantically to bolster their spying capabilities, with plans afoot to expand the size of Black Hole and other repositories to handle an avalanche of new data. By 2010, according to the documents, GCHQ was logging 30 billion metadata records per day. By 2012, collection had increased to 50 billion per day, and work was underway to double capacity to 100 billion. The agency was developing “unprecedented” techniques to perform what it called “population-scale” data mining, monitoring all communications across entire countries in an effort to detect patterns or behaviors deemed suspicious. It was creating what it saidwould be, by 2013, “the world’s biggest” surveillance engine “to run cyber operations and to access better, more valued data for customers to make a real world difference.” HERE WAS A SIMPLE AIM at the heart of the top-secret program: Record the website browsing habits of “every visible user on the Internet.” Before long, billions of digital records about ordinary people’s online activities were being stored every day. Among them were details cataloging visits to porn, social media and news websites, search engines, chat forums, and blogs.
  • The mass surveillance operation — code-named KARMA POLICE — was launched by British spies about seven years ago without any public debate or scrutiny. It was just one part of a giant global Internet spying apparatus built by the United Kingdom’s electronic eavesdropping agency, Government Communications Headquarters, or GCHQ. The revelations about the scope of the British agency’s surveillance are contained in documents obtained by The Intercept from National Security Agency whistleblower Edward Snowden. Previous reports based on the leaked files have exposed how GCHQ taps into Internet cables to monitor communications on a vast scale, but many details about what happens to the data after it has been vacuumed up have remained unclear.
Paul Merrell

High Court Rules UK's Surveillance Powers Violate Human Rights - 0 views

www.tomshardware.com/...ourt-dripa-unlawful,29615.html

surveillance state GCHQ UK litigation

shared by Paul Merrell on 20 Jul 15 - No Cached
  • UK's High Court found the rushed Data Retention and Investigatory Powers Act (DRIPA) to be illegal under the European Convention on Human Rights and EU Charter of Fundamental Rights, both of which require respect for private and family life, as well as protection of personal data in the case of the latter. DRIPA was challenged by two members of Parliament (MPs), Labor's Tom Watson and the Conservative David Davis, who argued that the surveillance of communications wasn't limited to serious crimes, that individual notices for data collection were kept secret, and that no provision existed to protect those who need professional confidentiality, such as lawyers and journalists. DRIPA was pushed through in three days last year after the European Court of Justice ruled that the EU data retention powers were disproportionate, which invalidated the previous data retention law in the UK. The UK High Court also ruled that sections 1 and 2 of DRIPA were unlawful based on the fact that they fail to provide precise policies to ensure that data is only accessed for the purpose of investigating serious crimes. Another major point against DRIPA was that it didn't require judicial approval, which could limit access to only the data that is strictly necessary for investigations.
  • DRIPA passed in only three days, but the Court allowed it to continue for another nine months, to give the UK government enough time to draft new legislation. Although this almost doubles the time in which this law will exist, it might be better in the long term, as it gives the members of Parliament enough time to debate its successor, without having to rush yet another law fearing that the government's surveillance powers will expire. This court ruling arrived at the right time, as the UK government is currently preparing the draft for the Investigative Powers Bill (also called Snooper's Charter by many), which further expands the government's surveillance powers and may even request encryption backdoors. It also joins other recent reviews of the government's surveillance laws that called for much stricter oversight done by judges rather than the government's own members. "Campaigners, MPs across the political spectrum, the Government's own reviewer of terrorism legislation are all calling for judicial oversight and clearer safeguards," said James Welch, Legal Director for Liberty, a human rights organization.
  • Paul Merrell on 20 Jul 15
     
    The Dark State takes another hit.
Paul Merrell

EXCLUSIVE: Edward Snowden Explains Why Apple Should Continue To Fight the Government on... - 0 views

firstlook.org/...ryption-just-doesnt-make-sense

surveillance state encryption Apple Google Snowden Comey back-door-debate

shared by Paul Merrell on 03 Aug 15 - No Cached
  • As the Obama administration campaign to stop the commercialization of strong encryption heats up, National Security Agency whistleblower Edward Snowden is firing back on behalf of the companies like Apple and Google that are finding themselves under attack. “Technologists and companies working to protect ordinary citizens should be applauded, not sued or prosecuted,” Snowden wrote in an email through his lawyer. Snowden was asked by The Intercept to respond to the contentious suggestion — made Thursday on a blog that frequently promotes the interests of the national security establishment — that companies like Apple and Google might in certain cases be found legally liable for providing material aid to a terrorist organization because they provide encryption services to their users.
  • In his email, Snowden explained how law enforcement officials who are demanding that U.S. companies build some sort of window into unbreakable end-to-end encryption — he calls that an “insecurity mandate” — haven’t thought things through. “The central problem with insecurity mandates has never been addressed by its proponents: if one government can demand access to private communications, all governments can,” Snowden wrote. “No matter how good the reason, if the U.S. sets the precedent that Apple has to compromise the security of a customer in response to a piece of government paper, what can they do when the government is China and the customer is the Dalai Lama?”
  • Weakened encryption would only drive people away from the American technology industry, Snowden wrote. “Putting the most important driver of our economy in a position where they have to deal with the devil or lose access to international markets is public policy that makes us less competitive and less safe.”
  • ...1 more annotation...
  • FBI Director James Comey and others have repeatedly stated that law enforcement is “going dark” when it comes to the ability to track bad actors’ communications because of end-to-end encrypted messages, which can only be deciphered by the sender and the receiver. They have never provided evidence for that, however, and have put forth no technologically realistic alternative. Meanwhile, Apple and Google are currently rolling out user-friendly end-to-end encryption for their customers, many of whom have demanded greater privacy protections — especially following Snowden’s disclosures.
Paul Merrell

Security Experts Oppose Government Access to Encrypted Communication - The New York Times - 0 views

www.nytimes.com/...o-encrypted-communication.html

encryption government-backdoors expert-report

shared by Paul Merrell on 08 Jul 15 - No Cached
  • An elite group of security technologists has concluded that the American and British governments cannot demand special access to encrypted communications without putting the world’s most confidential data and critical infrastructure in danger.A new paper from the group, made up of 14 of the world’s pre-eminent cryptographers and computer scientists, is a formidable salvo in a skirmish between intelligence and law enforcement leaders, and technologists and privacy advocates. After Edward J. Snowden’s revelations — with security breaches and awareness of nation-state surveillance at a record high and data moving online at breakneck speeds — encryption has emerged as a major issue in the debate over privacy rights.
  • That has put Silicon Valley at the center of a tug of war. Technology companies including Apple, Microsoft and Google have been moving to encrypt more of their corporate and customer data after learning that the National Security Agency and its counterparts were siphoning off digital communications and hacking into corporate data centers.
  • Yet law enforcement and intelligence agency leaders argue that such efforts thwart their ability to monitor kidnappers, terrorists and other adversaries. In Britain, Prime Minister David Cameron threatened to ban encrypted messages altogether. In the United States, Michael S. Rogers, the director of the N.S.A., proposed that technology companies be required to create a digital key to unlock encrypted data, but to divide the key into pieces and secure it so that no one person or government agency could use it alone.The encryption debate has left both sides bitterly divided and in fighting mode. The group of cryptographers deliberately issued its report a day before James B. Comey Jr., the director of the Federal Bureau of Investigation, and Sally Quillian Yates, the deputy attorney general at the Justice Department, are scheduled to testify before the Senate Judiciary Committee on the concerns that they and other government agencies have that encryption technologies will prevent them from effectively doing their jobs.
  • ...2 more annotations...
  • The new paper is the first in-depth technical analysis of government proposals by leading cryptographers and security thinkers, including Whitfield Diffie, a pioneer of public key cryptography, and Ronald L. Rivest, the “R” in the widely used RSA public cryptography algorithm. In the report, the group said any effort to give the government “exceptional access” to encrypted communications was technically unfeasible and would leave confidential data and critical infrastructure like banks and the power grid at risk. Handing governments a key to encrypted communications would also require an extraordinary degree of trust. With government agency breaches now the norm — most recently at the United States Office of Personnel Management, the State Department and the White House — the security specialists said authorities could not be trusted to keep such keys safe from hackers and criminals. They added that if the United States and Britain mandated backdoor keys to communications, China and other governments in foreign markets would be spurred to do the same.
  • “Such access will open doors through which criminals and malicious nation-states can attack the very individuals law enforcement seeks to defend,” the report said. “The costs would be substantial, the damage to innovation severe and the consequences to economic growth hard to predict. The costs to the developed countries’ soft power and to our moral authority would also be considerable.”
  • Paul Merrell on 08 Jul 15
     
    Our system of government does not expect that every criminal will be apprehended and convicted. There are numerous values our society believes are more important. Some examples: [i] a presumption of innocence unless guilt is established beyond any reasonable doubt; [ii] the requirement that government officials convince a neutral magistrate that they have probable cause to believe that a search or seizure will produce evidence of a crime; [iii] many communications cannot be compelled to be disclosed and used in evidence, such as attorney-client communications, spousal communications, and priest-penitent communications; and [iv] etc. Moral of my story: the government needs a much stronger reason to justify interception of communications than saying, "some crooks will escape prosecution if we can't do that." We have a right to whisper to each other, concealing our communicatons from all others. Why does the right to whisper privately disappear if our whisperings are done electronically? The Supreme Court took its first step on a very slippery slope when it permitted wiretapping in Olmstead v. United States, 277 U.S. 438, 48 S. Ct. 564, 72 L. Ed. 944 (1928). https://goo.gl/LaZGHt It's been a long slide ever since. It's past time to revisit Olmstead and recognize that American citizens have the absolute right to communicate privately. "The President … recognizes that U.S. citizens and institutions should have a reasonable expectation of privacy from foreign or domestic intercept when using the public telephone system." - Brent Scowcroft, U.S. National Security Advisor, National Security Decision Memorandum 338 (1 September 1976) (Nixon administration), http://www.fas.org/irp/offdocs/nsdm-ford/nsdm-338.pdf   
Paul Merrell

Revealed: How DOJ Gagged Google over Surveillance of WikiLeaks Volunteer - The Intercept - 0 views

firstlook.org/...appelbaum-google-investigation

surveillance state DoJ Appelbaum-email Wikileaks

shared by Paul Merrell on 21 Jun 15 - No Cached
  • The Obama administration fought a legal battle against Google to secretly obtain the email records of a security researcher and journalist associated with WikiLeaks. Newly unsealed court documents obtained by The Intercept reveal the Justice Department won an order forcing Google to turn over more than one year’s worth of data from the Gmail account of Jacob Appelbaum (pictured above), a developer for the Tor online anonymity project who has worked with WikiLeaks as a volunteer. The order also gagged Google, preventing it from notifying Appelbaum that his records had been provided to the government. The surveillance of Appelbaum’s Gmail account was tied to the Justice Department’s long-running criminal investigation of WikiLeaks, which began in 2010 following the transparency group’s publication of a large cache of U.S. government diplomatic cables. According to the unsealed documents, the Justice Department first sought details from Google about a Gmail account operated by Appelbaum in January 2011, triggering a three-month dispute between the government and the tech giant. Government investigators demanded metadata records from the account showing email addresses of those with whom Appelbaum had corresponded between the period of November 2009 and early 2011; they also wanted to obtain information showing the unique IP addresses of the computers he had used to log in to the account.
  • The Justice Department argued in the case that Appelbaum had “no reasonable expectation of privacy” over his email records under the Fourth Amendment, which protects against unreasonable searches and seizures. Rather than seeking a search warrant that would require it to show probable cause that he had committed a crime, the government instead sought and received an order to obtain the data under a lesser standard, requiring only “reasonable grounds” to believe that the records were “relevant and material” to an ongoing criminal investigation. Google repeatedly attempted to challenge the demand, and wanted to immediately notify Appelbaum that his records were being sought so he could have an opportunity to launch his own legal defense. Attorneys for the tech giant argued in a series of court filings that the government’s case raised “serious First Amendment concerns.” They noted that Appelbaum’s records “may implicate journalistic and academic freedom” because they could “reveal confidential sources or information about WikiLeaks’ purported journalistic or academic activities.” However, the Justice Department asserted that “journalists have no special privilege to resist compelled disclosure of their records, absent evidence that the government is acting in bad faith,” and refused to concede Appelbaum was in fact a journalist. It claimed it had acted in “good faith throughout this criminal investigation, and there is no evidence that either the investigation or the order is intended to harass the … subscriber or anyone else.” Google’s attempts to fight the surveillance gag order angered the government, with the Justice Department stating that the company’s “resistance to providing the records” had “frustrated the government’s ability to efficiently conduct a lawful criminal investigation.”
  • Google accused the government of hyperbole and argued that the backlash over the Twitter order did not justify secrecy related to the Gmail surveillance. “Rather than demonstrating how unsealing the order will harm its well-publicized investigation, the government lists a parade of horribles that have allegedly occurred since it unsealed the Twitter order, yet fails to establish how any of these developments could be further exacerbated by unsealing this order,” wrote Google’s attorneys. “The proverbial toothpaste is out of the tube, and continuing to seal a materially identical order will not change it.” But Google’s attempt to overturn the gag order was denied by magistrate judge Ivan D. Davis in February 2011. The company launched an appeal against that decision, but this too was rebuffed, in March 2011, by District Court judge Thomas Selby Ellis, III.
  • ...4 more annotations...
  • The Justice Department wanted to keep the surveillance secret largely because of an earlier public backlash over its WikiLeaks investigation. In January 2011, Appelbaum and other WikiLeaks volunteers’ – including Icelandic parlimentarian Birgitta Jonsdottir – were notified by Twitter that the Justice Department had obtained data about their accounts. This disclosure generated widepread news coverage and controversy; the government says in the unsealed court records that it “failed to anticipate the degree of  damage that would be caused” by the Twitter disclosure and did not want to “exacerbate this problem” when it went after Appelbaum’s Gmail data. The court documents show the Justice Department said the disclosure of its Twitter data grab “seriously jeopardized the [WikiLeaks] investigation” because it resulted in efforts to “conceal evidence” and put public pressure on other companies to resist similar surveillance orders. It also claimed that officials named in the subpeona ordering Twitter to turn over information were “harassed” after a copy was published by Intercept co-founder Glenn Greenwald at Salon in 2011. (The only specific evidence of the alleged harassment cited by the government is an email that was sent to an employee of the U.S. Attorney’s office that purportedly said: “You guys are fucking nazis trying to controll [sic] the whole fucking world. Well guess what. WE DO NOT FORGIVE. WE DO NOT FORGET. EXPECT US.”)
  • The government agreed to unseal some of the court records on Apr. 1 this year, and they were apparently turned over to Appelbaum on May 14 through a notification sent to his Gmail account. The files were released on condition that they would contain some redactions, which are bizarre and inconsistent, in some cases censoring the name of “WikiLeaks” from cited public news reports. Not all of the documents in the case – such as the original surveillance orders contested by Google – were released as part of the latest disclosure. Some contain “specific and sensitive details of the investigation” and “remain properly sealed while the grand jury investigation continues,” according to the court records from April this year. Appelbaum, an American citizen who is based in Berlin, called the case “a travesty that continues at a slow pace” and said he felt it was important to highlight “the absolute madness in these documents.”
  • He told The Intercept: “After five years, receiving such legal documents is neither a shock nor a needed confirmation. … Will we ever see the full documents about our respective cases? Will we even learn the names of those signing so-called legal orders against us in secret sealed documents? Certainly not in a timely manner and certainly not in a transparent, just manner.” The 32-year-old, who has recently collaborated with Intercept co-founder Laura Poitras to report revelations about National Security Agency surveillance for German news magazine Der Spiegel, said he plans to remain in Germany “in exile, rather than returning to the U.S. to experience more harassment of a less than legal kind.”
  • “My presence in Berlin ensures that the cost of physically harassing me or politically harassing me is much higher than when I last lived on U.S. soil,” Appelbaum said. “This allows me to work as a journalist freely from daily U.S. government interference. It also ensures that any further attempts to continue this will be forced into the open through [a Mutal Legal Assistance Treaty] and other international processes. The German goverment is less likely to allow the FBI to behave in Germany as they do on U.S. soil.” The Justice Department’s WikiLeaks investigaton is headed by prosecutors in the Eastern District of Virginia. Since 2010, the secretive probe has seen activists affiliated with WikiLeaks compelled to appear before a grand jury and the FBI attempting to infiltrate the group with an informant. Earlier this year, it was revealed that the government had obtained the contents of three core WikiLeaks staffers’ Gmail accounts as part of the investigation.
Paul Merrell

Popular Security Software Came Under Relentless NSA and GCHQ Attacks - The Intercept - 0 views

firstlook.org/...nsa-gchq-targeted-kaspersky

surveillance state NSA GCHQ anti-virus-software

shared by Paul Merrell on 23 Jun 15 - No Cached
  • The National Security Agency and its British counterpart, Government Communications Headquarters, have worked to subvert anti-virus and other security software in order to track users and infiltrate networks, according to documents from NSA whistleblower Edward Snowden. The spy agencies have reverse engineered software products, sometimes under questionable legal authority, and monitored web and email traffic in order to discreetly thwart anti-virus software and obtain intelligence from companies about security software and users of such software. One security software maker repeatedly singled out in the documents is Moscow-based Kaspersky Lab, which has a holding registered in the U.K., claims more than 270,000 corporate clients, and says it protects more than 400 million people with its products. British spies aimed to thwart Kaspersky software in part through a technique known as software reverse engineering, or SRE, according to a top-secret warrant renewal request. The NSA has also studied Kaspersky Lab’s software for weaknesses, obtaining sensitive customer information by monitoring communications between the software and Kaspersky servers, according to a draft top-secret report. The U.S. spy agency also appears to have examined emails inbound to security software companies flagging new viruses and vulnerabilities.
  • The efforts to compromise security software were of particular importance because such software is relied upon to defend against an array of digital threats and is typically more trusted by the operating system than other applications, running with elevated privileges that allow more vectors for surveillance and attack. Spy agencies seem to be engaged in a digital game of cat and mouse with anti-virus software companies; the U.S. and U.K. have aggressively probed for weaknesses in software deployed by the companies, which have themselves exposed sophisticated state-sponsored malware.
  • The requested warrant, provided under Section 5 of the U.K.’s 1994 Intelligence Services Act, must be renewed by a government minister every six months. The document published today is a renewal request for a warrant valid from July 7, 2008 until January 7, 2009. The request seeks authorization for GCHQ activities that “involve modifying commercially available software to enable interception, decryption and other related tasks, or ‘reverse engineering’ software.”
  • ...9 more annotations...
  • The NSA, like GCHQ, has studied Kaspersky Lab’s software for weaknesses. In 2008, an NSA research team discovered that Kaspersky software was transmitting sensitive user information back to the company’s servers, which could easily be intercepted and employed to track users, according to a draft of a top-secret report. The information was embedded in “User-Agent” strings included in the headers of Hypertext Transfer Protocol, or HTTP, requests. Such headers are typically sent at the beginning of a web request to identify the type of software and computer issuing the request.
  • According to the draft report, NSA researchers found that the strings could be used to uniquely identify the computing devices belonging to Kaspersky customers. They determined that “Kaspersky User-Agent strings contain encoded versions of the Kaspersky serial numbers and that part of the User-Agent string can be used as a machine identifier.” They also noted that the “User-Agent” strings may contain “information about services contracted for or configurations.” Such data could be used to passively track a computer to determine if a target is running Kaspersky software and thus potentially susceptible to a particular attack without risking detection.
  • Another way the NSA targets foreign anti-virus companies appears to be to monitor their email traffic for reports of new vulnerabilities and malware. A 2010 presentation on “Project CAMBERDADA” shows the content of an email flagging a malware file, which was sent to various anti-virus companies by François Picard of the Montréal-based consulting and web hosting company NewRoma. The presentation of the email suggests that the NSA is reading such messages to discover new flaws in anti-virus software. Picard, contacted by The Intercept, was unaware his email had fallen into the hands of the NSA. He said that he regularly sends out notification of new viruses and malware to anti-virus companies, and that he likely sent the email in question to at least two dozen such outfits. He also said he never sends such notifications to government agencies. “It is strange the NSA would show an email like mine in a presentation,” he added.
  • The NSA presentation goes on to state that its signals intelligence yields about 10 new “potentially malicious files per day for malware triage.” This is a tiny fraction of the hostile software that is processed. Kaspersky says it detects 325,000 new malicious files every day, and an internal GCHQ document indicates that its own system “collect[s] around 100,000,000 malware events per day.” After obtaining the files, the NSA analysts “[c]heck Kaspersky AV to see if they continue to let any of these virus files through their Anti-Virus product.” The NSA’s Tailored Access Operations unit “can repurpose the malware,” presumably before the anti-virus software has been updated to defend against the threat.
  • The Project CAMBERDADA presentation lists 23 additional AV companies from all over the world under “More Targets!” Those companies include Check Point software, a pioneering maker of corporate firewalls based Israel, whose government is a U.S. ally. Notably omitted are the American anti-virus brands McAfee and Symantec and the British company Sophos.
  • As government spies have sought to evade anti-virus software, the anti-virus firms themselves have exposed malware created by government spies. Among them, Kaspersky appears to be the sharpest thorn in the side of government hackers. In the past few years, the company has proven to be a prolific hunter of state-sponsored malware, playing a role in the discovery and/or analysis of various pieces of malware reportedly linked to government hackers, including the superviruses Flame, which Kaspersky flagged in 2012; Gauss, also detected in 2012; Stuxnet, discovered by another company in 2010; and Regin, revealed by Symantec. In February, the Russian firm announced its biggest find yet: the “Equation Group,” an organization that has deployed espionage tools widely believed to have been created by the NSA and hidden on hard drives from leading brands, according to Kaspersky. In a report, the company called it “the most advanced threat actor we have seen” and “probably one of the most sophisticated cyber attack groups in the world.”
  • Hacks deployed by the Equation Group operated undetected for as long as 14 to 19 years, burrowing into the hard drive firmware of sensitive computer systems around the world, according to Kaspersky. Governments, militaries, technology companies, nuclear research centers, media outlets and financial institutions in 30 countries were among those reportedly infected. Kaspersky estimates that the Equation Group could have implants in tens of thousands of computers, but documents published last year by The Intercept suggest the NSA was scaling up their implant capabilities to potentially infect millions of computers with malware. Kaspersky’s adversarial relationship with Western intelligence services is sometimes framed in more sinister terms; the firm has been accused of working too closely with the Russian intelligence service FSB. That accusation is partly due to the company’s apparent success in uncovering NSA malware, and partly due to the fact that its founder, Eugene Kaspersky, was educated by a KGB-backed school in the 1980s before working for the Russian military.
  • Kaspersky has repeatedly denied the insinuations and accusations. In a recent blog post, responding to a Bloomberg article, he complained that his company was being subjected to “sensationalist … conspiracy theories,” sarcastically noting that “for some reason they forgot our reports” on an array of malware that trace back to Russian developers. He continued, “It’s very hard for a company with Russian roots to become successful in the U.S., European and other markets. Nobody trusts us — by default.”
  • Documents published with this article: Kaspersky User-Agent Strings — NSA Project CAMBERDADA — NSA NDIST — GCHQ’s Developing Cyber Defence Mission GCHQ Application for Renewal of Warrant GPW/1160 Software Reverse Engineering — GCHQ Reverse Engineering — GCHQ Wiki Malware Analysis & Reverse Engineering — ACNO Skill Levels — GCHQ
Paul Merrell

Last Call Working Draft -- W3C Authoring Tool Accessibility Guidelines (ATAG) 2.0 - 1 views

www.w3.org/ATAG20

accessibility authoring tools web standards W3C

shared by Paul Merrell on 09 Jul 10 - Cached
  • Examples of authoring tools: ATAG 2.0 applies to a wide variety of web content generating applications, including, but not limited to: web page authoring tools (e.g., WYSIWYG HTML editors) software for directly editing source code (see note below) software for converting to web content technologies (e.g., "Save as HTML" features in office suites) integrated development environments (e.g., for web application development) software that generates web content on the basis of templates, scripts, command-line input or "wizard"-type processes software for rapidly updating portions of web pages (e.g., blogging, wikis, online forums) software for generating/managing entire web sites (e.g., content management systems, courseware tools, content aggregators) email clients that send messages in web content technologies multimedia authoring tools debugging tools for web content software for creating mobile web applications
  • Web-based and non-web-based: ATAG 2.0 applies equally to authoring tools of web content that are web-based, non-web-based or a combination (e.g., a non-web-based markup editor with a web-based help system, a web-based content management system with a non-web-based file uploader client). Real-time publishing: ATAG 2.0 applies to authoring tools with workflows that involve real-time publishing of web content (e.g., some collaborative tools). For these authoring tools, conformance to Part B of ATAG 2.0 may involve some combination of real-time accessibility supports and additional accessibility supports available after the real-time authoring session (e.g., the ability to add captions for audio that was initially published in real-time). For more information, see the Implementing ATAG 2.0 - Appendix E: Real-time content production. Text Editors: ATAG 2.0 is not intended to apply to simple text editors that can be used to edit source content, but that include no support for the production of any particular web content technology. In contrast, ATAG 2.0 can apply to more sophisticated source content editors that support the production of specific web content technologies (e.g., with syntax checking, markup prediction, etc.).
  • Paul Merrell on 09 Jul 10
     
    Link is the latest version link so page should update when this specification graduates to a W3C recommendation.
Gary Edwards

Microsoft Office Sharepoint Server: a next generation of deeper, wider content silos? |... - 0 views

blogs.zdnet.com/collaboration

cloud-computing sharepoint

shared by Gary Edwards on 24 Jun 08 - Cached
  • Some of the next generation collaboration platforms are succeeding precisely because they are silo bunker busters. The problem of dozens of digital filing cabinets full of thousands of iterations of hard to find documents within enterprise environments is arguably being solved by the new generation of nimble project contextual tools. Taxonomies and tagging, threaded discussion, wikis and other ‘Enterprise 2.0‘ tools are an alternative solution to the problem of generating mountains of hard to find silo’d information and associated email. Microsoft have a fabulously lucrative franchise with their Office suite of Word, PowerPoint, Excel et al desktop products. A huge issue in the enterprise space is blizzards of email containing links to documents created with these products on shared drives, or iterations actually attached to the mail messages. Add mobile users on laptops with intermittent connection and you also have serious synch headaches.
  • Gary Edwards on 24 Jun 08
     
    Discussion about the impact SharePoint is having: based on Boston 2008 Enterprise 2.0 Conference
  • anonymous on 02 Oct 13
     
    Most quality online stores. Know whether you are a trusted online retailer in the world. Whatever we can buy very good quality. and do not hesitate. Everything is very high quality. Including clothes, accessories, bags, cups. Highly recommended. This is one of the trusted online store in the world. View now www.retrostyler.com
Paul Merrell

Sun, Microsoft tout fruits of cooperation - CNET News - 0 views

news.cnet.com/...2100-1022_3-5706750.html

sun microsoft cloud computing 2005 web services

shared by Paul Merrell on 31 Dec 08 - Cached
  • The software will be incorporated into future versions of the companies' products--likely in 2006, Ballmer said. For now, it's the most concrete example of cooperation between the companies whose fierce competition was blunted somewhat by a 2004 agreement to settle legal issues, share patents and make their software interoperable.
  • Next up will be cooperation in a number of other domains: storage software and hardware; unified systems management; Web services standards for messaging and event-tracking; and Windows terminal services that let PCs act like thin clients by leaving the heavy lifting of computing to central servers.
  • Paul Merrell on 31 Dec 08
     
    From 2005, a year after Sun and Microsoft became partners in Microsoft's assault on the Web.
Paul Merrell

Introducing the Open XML Format External File Converter for 2007 Microsoft Office Syste... - 0 views

msdn.microsoft.com/...dd300649.aspx

OOXML native file support APIs native formats MS Office conversions

shared by Paul Merrell on 10 Dec 08 - Cached
  • In other words, revising the Open XML Format converter interfaces by adding new functionality does not require any recompilation of existing clients. This guarantees backward compatibility as these converter interfaces are upgraded.
    • Paul Merrell
      Paul Merrell on 10 Dec 08
       
      But what does it do for forward compatibility? OOXML is a moving interoperabillity target.
  • In addition to allowing converters to override external file formats, the applications allow converters to override OpenDocument Format-related formats (such as .odt). For example, if you specify a converter to be the default converter for .odt, Word 2007 SP2 invokes the specified converter whenever a user tries to open an .odt file from the Windows Shell instead of going through the native load path for Word 2007 SP2.
    • Paul Merrell
      Paul Merrell on 10 Dec 08
       
      How wonderful. Developers can bypass the forthcoming Microsoft native file support for ODF. Perhaps to convert Excel formulas to OpenForumla?
  • Open XML Format converters for Word 2007 SP2, Excel 2007 SP2, or PowerPoint 2007 SP2 are implemented as out-of-process COM servers. Out-of-process converters have the benefit of running in their own process space, which means issues or crashes within converters do not affect the application process space. In addition, out-of-process 32-bit converters can function on 64-bit operating systems in Microsoft Windows on Windows 64-bit (WoW64) mode without the need for converters to be compiled in 64-bit.
    • Paul Merrell
      Paul Merrell on 10 Dec 08
       
      Pretty lame excuses for not documenting the native file support APIs. I.e., the native file supoort APIs already throw "can't open file" error messages for problematic documents without crashing the app. The bit about not needing to recompile converters for 64-bit Windoze is a complete red herring. This is only a benefit if one requires conversion in an external process. It wouldn't be an issue if the native file support APIs were documented and their intermediate formats were the interop targets.
    • Paul Merrell
      Paul Merrell on 10 Dec 08
       
      I.e., one need not recompile the Office app if a supported native format is added. The OpenDocument Foundation and Sun plug-ins for MS Office proved that.
  • ...3 more annotations...
  • To begin developing a converter, you should familiarize yourself with the Open XML standard. For more information, see: Standard ECMA-376: Office Open XML File Formats.
    • Paul Merrell
      Paul Merrell on 10 Dec 08
       
      Note that they specify Ecma 376 rather than ISO/IEC:29500-2008 Office Open XML. So you get to rewrite your converters when Microsoft adds support for the official standard in the next major release of Office.
  • External files are imported into Word 2007 SP2, Excel 2007 SP2, or PowerPoint 2007 SP2 by converting the external file to Open XML Formats. External files are exported from Word 2007 SP2, Excel 2007 SP2, or PowerPoint by converting Open XML Formats to external files. The success of either the import or export conversion depends upon the accurate generation and interpretation of Open XML Formats by the converter.
    • Paul Merrell
      Paul Merrell on 10 Dec 08
       
      Note that this is a process external to the native file support APIs and their intermediate formats. The real APIs apparently will remain obfuscated. Thiis forces others to develop support for Ecma 376 rather than working directly with the native file support APIs. In other words, more incentives for others to target the moving target OOXML rather than the more stable intermediate formats.
  • Summary: Get the details about the interfaces that you need to use to create an Open XML Format External File Converter for the 2007 Microsoft Office system Service Pack 2 (SP2). (16 Printed Pages)
Paul Merrell

Cover Pages: Content Management Interoperability Services (CMIS) - 0 views

xml.coverpages.org/cmis.html

CMIS CMS interop standards convergence

shared by Paul Merrell on 04 Dec 08 - Cached
  • "Business challenges: (1) Enterprises needed to aggregate/reuse business content trapped in disparate repositories: Different systems deployed in different departments, Systems inherited through business acquisition and merger. (2) Companies needed to get up-to-date information from business partner's repository: E.g. Aircraft maintenance crew needed to access manufacturers' vast manual repository to get the latest spec and procedure to comply with FAA regulation. (3) ISVs wanted a single application code-base that can be deployed in different repository environments: Lower development and maintenance cost, Bigger addressable market... Content Management Interoperability Services is a Web-based, protocol-layer interface to enable application to interoperate with disparate content management systems. It is platform-and language-agnostic, message-based, with loose coupling.
  • The specification was drafted by EMC, IBM, and Microsoft in a project started October 2006. Additional collaborators include: Alfresco, Open Text, Oracle, and SAP. Interoperability has been validated by all seven vendors.
Paul Merrell

WG Review: Internet Wideband Audio Codec (codec) - 0 views

www.ietf.org/...msg06848.html

IETF wideband audio codec

shared by Paul Merrell on 07 Jan 10 - Cached
  • According to reports from developers of Internet audio applications and operators of Internet audio services, there are no standardized, high-quality audio codecs that meet all of the following three conditions: 1. Are optimized for use in interactive Internet applications. 2. Are published by a recognized standards development organization (SDO) and therefore subject to clear change control. 3. Can be widely implemented and easily distributed among application developers, service operators, and end users. There exist codecs that provide high quality encoding of audio information, but that are not optimized for the actual conditions of the Internet; according to reports, this mismatch between design and deployment has hindered adoption of such codecs in interactive Internet applications.
  • The goal of this working group is to develop a single high-quality audio codec that is optimized for use over the Internet and that can be widely implemented and easily distributed among application developers, service operators, and end users. Core technical considerations include, but are not necessarily limited to, the following: 1. Designing for use in interactive applications (examples include, but are not limited to, point-to-point voice calls, multi-party voice conferencing, telepresence, teleoperation, in-game voice chat, and live music performance) 2. Addressing the real transport conditions of the Internet as identified and prioritized by the working group 3. Ensuring interoperability with the Real-time Transport Protocol (RTP), including secure transport via SRTP 4. Ensuring interoperability with Internet signaling technologies such as Session Initiation Protocol (SIP), Session Description Protocol (SDP), and Extensible Messaging and Presence Protocol (XMPP); however, the result should not depend on the details of any particular signaling technology
David Corking

A Manifesto for Slow Communication - John Freeman - WSJ.com - 0 views

online.wsj.com/...3550604574358643117407778.html

E-mail Social Networking facebook

shared by David Corking on 24 Aug 09 - Cached
  • How many of our most joyful memories have been created in front of a screen?
  • Communicating at great haste hones our utterances down to instincts and impulses that until now have been held back or channeled more carefully.
    • David Corking
      David Corking on 24 Aug 09
       
      But most of us can speak faster than we can type or text, and no-one complained that conversation makes our brains work too fast.
  • Our cafes, post offices, parks, cinemas, town centers, main streets and commu­nity meeting halls have suffered as a result of this development.
    • David Corking
      David Corking on 24 Aug 09
       
      Really? How many people met strangers in such places?
  • ...3 more annotations...
  • The difference between typing an email and writing a letter or memo out by hand is akin to walking on concrete versus stroll­ing on grass.
  • A butcher can tell you which cuts of meat are the freshest; an online grocer may not. That same butcher, if he is good, might not just remember your preferences—which an online retailer can do frighteningly well—but ask you how your mother has been doing, whether you caught the latest football game. These interactions remind us that we are more than con­sumers; they remind us that we are part of the world in a way no amount of online shopping ever will.
    • David Corking
      David Corking on 24 Aug 09
       
      This is right on the money - a visit to a local farm shop is a wonderful experience.
  • If we spend our eve­ning online trading short messages over Facebook with friends thousands of miles away rather than going to our local pub or park with a friend, we are effectively withdrawing from the peo­ple we could turn to for solace, humor and friendship, not to mention the places we could go to do this. We trade the com­plicated reality of friendship for its vacuum-packed idea.
    • David Corking
      David Corking on 24 Aug 09
       
      It might be just the way this essay was abridged for the paper, but I cannot see whether the author wants us to spend all evening writing a longhand letter to a distant friend, or ignore them altogether to spend time with a local friend.
  • David Corking on 24 Aug 09
     
    While I disagree with a lot of this essay, I recommend it as food for thought.
Paul Merrell

Watch a message from Counselor to the President John Podesta. | The White House - 0 views

www.whitehouse.gov/...big-data-review

surveillance state Obama opinion-questionnire

shared by Paul Merrell on 21 Mar 14 - No Cached
  • On January 17, President Obama spoke at the Justice Department about changes in the technology that we use for national security purposes, and what these technologies mean for our privacy broadly. He called on the administration to conduct a 90-day review of big data and privacy: how these areas affect the way we live, and the way we work — and how data is being used by universities, the private sector, and the government. This is a complicated issue that affects every American — and we want to hear your feedback. Learn more about this review, and if you like, share your thoughts.
  • Paul Merrell on 21 Mar 14
     
    Please let them know what you think.
Paul Merrell

ExposeFacts - For Whistleblowers, Journalism and Democracy - 0 views

exposefacts.org

transparency whistle-blowers resources Wikileaks Tail

shared by Paul Merrell on 06 Jun 14 - No Cached
  • Launched by the Institute for Public Accuracy in June 2014, ExposeFacts.org represents a new approach for encouraging whistleblowers to disclose information that citizens need to make truly informed decisions in a democracy. From the outset, our message is clear: “Whistleblowers Welcome at ExposeFacts.org.” ExposeFacts aims to shed light on concealed activities that are relevant to human rights, corporate malfeasance, the environment, civil liberties and war. At a time when key provisions of the First, Fourth and Fifth Amendments are under assault, we are standing up for a free press, privacy, transparency and due process as we seek to reveal official information—whether governmental or corporate—that the public has a right to know. While no software can provide an ironclad guarantee of confidentiality, ExposeFacts—assisted by the Freedom of the Press Foundation and its “SecureDrop” whistleblower submission system—is utilizing the latest technology on behalf of anonymity for anyone submitting materials via the ExposeFacts.org website. As journalists we are committed to the goal of protecting the identity of every source who wishes to remain anonymous.
  • The seasoned editorial board of ExposeFacts will be assessing all the submitted material and, when deemed appropriate, will arrange for journalistic release of information. In exercising its judgment, the editorial board is able to call on the expertise of the ExposeFacts advisory board, which includes more than 40 journalists, whistleblowers, former U.S. government officials and others with wide-ranging expertise. We are proud that Pentagon Papers whistleblower Daniel Ellsberg was the first person to become a member of the ExposeFacts advisory board. The icon below links to a SecureDrop implementation for ExposeFacts overseen by the Freedom of the Press Foundation and is only accessible using the Tor browser. As the Freedom of the Press Foundation notes, no one can guarantee 100 percent security, but this provides a “significantly more secure environment for sources to get information than exists through normal digital channels, but there are always risks.” ExposeFacts follows all guidelines as recommended by Freedom of the Press Foundation, and whistleblowers should too; the SecureDrop onion URL should only be accessed with the Tor browser — and, for added security, be running the Tails operating system. Whistleblowers should not log-in to SecureDrop from a home or office Internet connection, but rather from public wifi, preferably one you do not frequent. Whistleblowers should keep to a minimum interacting with whistleblowing-related websites unless they are using such secure software.
  • Paul Merrell on 06 Jun 14
     
    A new resource site for whistle-blowers. somewhat in the tradition of Wikileaks, but designed for encrypted communications between whistleblowers and journalists.  This one has an impressive board of advisors that includes several names I know and tend to trust, among them former whistle-blowers Daniel Ellsberg, Ray McGovern, Thomas Drake, William Binney, and Ann Wright. Leaked records can only be dropped from a web browser running the Tor anonymizer software and uses the SecureDrop system originally developed by Aaron Schwartz. They strongly recommend using the Tails secure operating system that can be installed to a thumb drive and leaves no tracks on the host machine. https://tails.boum.org/index.en.html Curious, I downloaded Tails and installed it to a virtual machine. It's a heavily customized version of Debian. It has a very nice Gnome desktop and blocks any attempt to connect to an external network by means other than installed software that demands encrypted communications. For example, web sites can only be viewed via the Tor anonymizing proxy network. It does take longer for web pages to load because they are moving over a chain of proxies, but even so it's faster than pages loaded in the dial-up modem days, even for web pages that are loaded with graphics, javascript, and other cruft. E.g., about 2 seconds for New York Times pages. All cookies are treated by default as session cookies so disappear when you close the page or the browser. I love my Linux Mint desktop, but I am thinking hard about switching that box to Tails. I've been looking for methods to send a lot more encrypted stuff down the pipe for NSA to store. Tails looks to make that not only easy, but unavoidable. From what I've gathered so far, if you want to install more software on Tails, it takes about an hour to create a customized version and then update your Tails installation from a new ISO file. Tails has a wonderful odor of having been designed for secure computing. Current
Paul Merrell

NSA Spying Inspires ProtonMail 'End-to-End' Encrypted Email Service | NDTV Gadgets - 0 views

gadgets.ndtv.com/...encrypted-email-service-526769

surveillance state secure-email ProtonMail

shared by Paul Merrell on 20 May 14 - No Cached
  • ne new email service promising "end-to-end" encryption launched on Friday, and others are being developed while major services such as Google Gmail and Yahoo Mail have stepped up security measures.A major catalyst for email encryption were revelations about widespread online surveillance in documents leaked by Edward Snowden, the former National Security Agency contractor."A lot of people were upset with those revelations, and that coalesced into this effort," said Jason Stockman, a co-developer of ProtonMail, a new encrypted email service which launched Friday with collaboration of scientists from Harvard, the Massachusetts Institute of Technology and the European research lab CERN.Stockman said ProtonMail aims to be as user-friendly as the major commercial services, but with extra security, and with its servers located in Switzerland to make it more difficult for US law enforcement to access.
  • "Our vision is to make encryption and privacy mainstream by making it easy to use," Stockman told AFP. "There's no installation. Everything happens behind the scenes automatically."Even though email encryption using special codes or keys, a system known as PGP, has been around for two decades, "it was so complicated," and did not gain widespread adoption, Stockman said.After testing over the past few months, ProtonMail went public Friday using a "freemium" model a basic account will be free with some added features for a paid account.
  • As our users from China, Iran, Russia, and other countries around the world have shown us in the past months, ProtonMail is an important tool for freedom of speech and we are happy to finally be able to provide this to the whole world," the company said in a blog post.Google and Yahoo recently announced efforts to encrypt their email communications, but some specialists say the effort falls short."These big companies don't want to encrypt your stuff because they spy on you, too," said Bruce Schneier, a well-known cryptographer and author who is chief technology officer for CO3 Systems."Hopefully, the NSA debate is creating incentives for people to build more encryption."Stockman said that with services like Gmail, even if data is encrypted, "they have the key right next to it if you have the key and lock next to each other, so it's pretty much useless."
  • ...3 more annotations...
  • By locating in Switzerland, ProtonMail hopes to avoid the legal woes of services like Lavabit widely believed to be used by Snowden which shut down rather than hand over data to the US government, and which now faces a contempt of court order.Even if a Swiss court ordered data to be turned over, Stockman said, "we would hand over piles of encrypted data. We don't have a key. We never see the password."
  • Lavabit founder Ladar Levison meanwhile hopes to launch a new service with other developers in a coalition known as the "Dark Mail Alliance."Levison told AFP he hopes to have a new encrypted email system in testing within a few months and widely available later this year."The goal is to make it ubiquitous, so people don't have to turn it on," he said.But he added that the technical hurdles are formidable, because the more user-friendly the system becomes, "the more susceptible it is to a sophisticated attacker with fake or spoofed key information."Levison said he hopes Dark Mail will become a new open standard that can be adopted by other email services.
  • on Callas, a cryptographer who developed the PGP standard and later co-founded the secure communications firm Silent Circle, cited challenges in making a system that is both secure and ubiquitous."If you are a bank you have to have an email system that complies with banking regulations," Callas told AFP, which could allow, for example, certain emails to be subject to regulatory or court review."Many of the services on the Internet started with zero security. We want to start with a system that is totally secure and let people dial it down."The new email system would complement Silent Circle's existing secure messaging system and encrypted mobile phone, which was launched earlier this year."If we start competing for customers on the basis of maximum privacy, that's good for everybody," Callas said.
  • Paul Merrell on 20 May 14
     
    They're already so swamped that you have to reserve your user name and wait for an invite. They say they have to add servers. Web site is at https://protonmail.ch/ "ProtonMail works on all devices, including desktops, laptops, tablets, and smartphones. It's as simple as visiting our site and logging in. There are no plugins or apps to install - simply use your favorite web browser." "ProtonMail works on all devices, including desktops, laptops, tablets, and smartphones.
Paul Merrell

​'Hostile to privacy': Snowden urges internet users to get rid of Dropbox - R... - 0 views

rt.com/...44-snowden-rid-dropbox-privacy

surveillance state Snowden Dropbox encryption

shared by Paul Merrell on 16 Oct 14 - No Cached
  • Edward Snowden has hit out at Dropbox and other services he says are “hostile to privacy,” urging web users to abandon unencrypted communication and adjust privacy settings to prevent governments from spying on them in increasingly intrusive ways. “We are no longer citizens, we no longer have leaders. We’re subjects, and we have rulers,” Snowden told The New Yorker magazine in a comprehensive hour-long interview. There isn’t enough investment into security research, into understanding how metadata could better be protected and why that is more necessary today than yesterday, he said.
  • Edward Snowden has hit out at Dropbox and other services he says are “hostile to privacy,” urging web users to abandon unencrypted communication and adjust privacy settings to prevent governments from spying on them in increasingly intrusive ways. “We are no longer citizens, we no longer have leaders. We’re subjects, and we have rulers,” Snowden told The New Yorker magazine in a comprehensive hour-long interview. There isn’t enough investment into security research, into understanding how metadata could better be protected and why that is more necessary today than yesterday, he said.
  • The whistleblower believes one fallacy in how authorities view individual rights has to do with making the individual forsake those rights by default. Snowden’s point is that the moment you are compelled to reveal that you have nothing to hide is when the right to privacy stops being a right – because you are effectively waiving that right. “When you say, ‘I have nothing to hide,’ you’re saying, ‘I don’t care about this right.’ You’re saying, ‘I don’t have this right, because I’ve got to the point where I have to justify it.’ The way rights work is, the government has to justify its intrusion into your rights – you don’t have to justify why you need freedom of speech.” In that situation, it becomes OK to live in a world where one is no longer interested in privacy as such – a world where Facebook, Google and Dropbox have become ubiquitous, and where there are virtually no safeguards against the wrongful use of the information one puts there.
  • ...1 more annotation...
  • In particular, Snowden advised web users to “get rid” of Dropbox. Such services only insist on encrypting user data during transfer and when being stored on the servers. Other services he recommends instead, such as SpiderOak, encrypt information while it’s on your computer as well. “We're talking about dropping programs that are hostile to privacy,” Snowden said. The same goes for social networks such as Facebook and Google, too. Snowden says they are “dangerous” and proposes that people use other services that allow for encrypted messages to be sent, such as RedPhone or SilentCircle.
Paul Merrell

Utah lawmaker questions city water going to NSA - 0 views

www.rgj.com/...19438569

surveillance state NSA Bluffdale water data privacy

shared by Paul Merrell on 24 Nov 14 - No Cached
  • SALT LAKE CITY – A Utah lawmaker concerned about government spying on its citizens is questioning whether city water service should be cut off to a massive National Security Agency data storage facility outside Salt Lake City.Republican Rep. Marc Roberts, of Santaquin, said there are serious questions about privacy and surveillance surrounding the center, and several Utah residents who spoke at a legislative committee hearing Wednesday agreed.During the last legislative session, lawmakers opted to hold off on Roberts' bill to shut off the facility's water and decided to study it during the interim."This is not a bill just about a data center. This is a bill about civil rights," web developer Joe Levi said. "This is a bill that needs to be taken up and needs to be taken seriously."Pete Ashdown, founder of Salt Lake City-based Internet provider XMission, called the center a stain upon the state and its technology industry. "I do encourage you to stand up and do something about it," he said.Lawmakers said they aren't considering shutting down $1.7 billion facility, but the committee chair acknowledged the concerns and said there might be another way to get the point across. "We may look at some type of a strong message to give our representatives to take back to Congress," said Republican Sen. David Hinkins, of Orangeville.
  • The NSA's largest data storage center in the U.S. was built in Utah over 37 other locations because of open land and cheap electricity. The center sits on a National Guard base about 25 miles south of Salt Lake City in the town of Bluffdale.NSA officials said the center is key to protecting national security networks and allowing U.S. authorities to watch for cyber threats. Beyond that, the agency has offered few details.The center attracted much discussion and concern after revelations last year that the NSA has been collecting millions of U.S. phone records and digital communications stored by major Internet providers.
  • Cybersecurity experts say the nondescript Utah facility is a giant storehouse for phone calls, emails and online records that have been secretly collected.Outside the computer storehouses are large coolers that keep the machines from overheating. The coolers use large amounts of water, which the nearby city of Bluffdale sells to the center at a discounted rate.City records released earlier this year showed monthly water use was much less than the 1 million gallons a day that the U.S. Army Corps of Engineers predicted the center would need, causing some to wonder if the center was fully operational.NSA officials have refused to say if the center is up and running after its scheduled opening in October 2013 was stalled by electrical problems.City utility records showed the NSA has been making monthly minimum payments of about $30,000 to Bluffdale. The city manager said that pays for more water than the center used.The state of Nevada shut off water to the site of the proposed Yucca Mountain nuclear waste dump 90 miles northwest of Las Vegas in 2002, after months of threats.The project didn't run dry because the Energy Department built a 1-million-gallon tank and a small well for the site. Department officials said the stored water, plus 400,000 gallons stored in other tanks at the Nevada Test Site, provided time for scientists to continue experiments and design work at the site.
  • ...1 more annotation...
  • SALT LAKE CITY – A Utah lawmaker concerned about government spying on its citizens is questioning whether city water service should be cut off to a massive National Security Agency data storage facility outside Salt Lake City.Rep
  • Paul Merrell on 24 Nov 14
     
    Hey, go for their electricity too! But what do we do with the Bluffdale facility after we abolish the NSA? Turn it over to Internet Archives, with a $1 billion endowment for maintenance? Free and permanent web sites for everyone?  
« First ‹ Previous 81 - 100 of 119 Next ›
Showing 20 items per page