Skip to main content

Home/ Future of the Web/ Group items tagged operators

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
Paul Merrell

Use Tor or 'EXTREMIST' Tails Linux? Congrats, you're on the NSA's list * The Register - 0 views

www.theregister.co.uk/...nsa_xkeyscore_stasi_scandal

surveillance state NSA-targets Tor Tails

shared by Paul Merrell on 04 Jul 14 - No Cached
  • Alleged leaked documents about the NSA's XKeyscore snooping software appear to show the paranoid agency is targeting Tor and Tails users, Linux Journal readers – and anyone else interested in online privacy.Apparently, this configuration file for XKeyscore is in the divulged data, which was obtained and studied by members of the Tor project and security specialists for German broadcasters NDR and WDR. <a href="http://pubads.g.doubleclick.net/gampad/jump?iu=/6978/reg_security/front&sz=300x250%7C300x600&tile=3&c=33U7ZK6qwQrMkAACSrTugAAAP1&t=ct%3Dns%26unitnum%3D3%26unitname%3Dwww_top_mpu%26pos%3Dtop%26test%3D0" target="_blank"> <img src="http://pubads.g.doubleclick.net/gampad/ad?iu=/6978/reg_security/front&sz=300x250%7C300x600&tile=3&c=33U7ZK6qwQrMkAACSrTugAAAP1&t=ct%3Dns%26unitnum%3D3%26unitname%3Dwww_top_mpu%26pos%3Dtop%26test%3D0" alt=""></a> In their analysis of the alleged top-secret documents, they claim the NSA is, among other things:Specifically targeting Tor directory servers Reading email contents for mentions of Tor bridges Logging IP addresses used to search for privacy-focused websites and software And possibly breaking international law in doing so. We already know from leaked Snowden documents that Western intelligence agents hate Tor for its anonymizing abilities. But what the aforementioned leaked source code, written in a rather strange custom language, shows is that not only is the NSA targeting the anonymizing network Tor specifically, it is also taking digital fingerprints of any netizens who are remotely interested in privacy.
  • These include readers of the Linux Journal site, anyone visiting the website for the Tor-powered Linux operating system Tails – described by the NSA as "a comsec mechanism advocated by extremists on extremist forums" – and anyone looking into combining Tails with the encryption tool Truecrypt.If something as innocuous as Linux Journal is on the NSA's hit list, it's a distinct possibility that El Reg is too, particularly in light of our recent exclusive report on GCHQ – which led to a Ministry of Defence advisor coming round our London office for a chat.
  • If you take even the slightest interest in online privacy or have Googled a Linux Journal article about a broken package, you are earmarked in an NSA database for further surveillance, according to these latest leaks.This is assuming the leaked file is genuine, of course.Other monitored sites, we're told, include HotSpotShield, FreeNet, Centurian, FreeProxies.org, MegaProxy, privacy.li and an anonymous email service called MixMinion. The IP address of computer users even looking at these sites is recorded and stored on the NSA's servers for further analysis, and it's up to the agency how long it keeps that data.The XKeyscore code, we're told, includes microplugins that target Tor servers in Germany, at MIT in the United States, in Sweden, in Austria, and in the Netherlands. In doing so it may not only fall foul of German law but also the US's Fourth Amendment.
  • ...2 more annotations...
  • The nine Tor directory servers receive especially close monitoring from the NSA's spying software, which states the "goal is to find potential Tor clients connecting to the Tor directory servers." Tor clients linking into the directory servers are also logged."This shows that Tor is working well enough that Tor has become a target for the intelligence services," said Sebastian Hahn, who runs one of the key Tor servers. "For me this means that I will definitely go ahead with the project.”
  • While the German reporting team has published part of the XKeyscore scripting code, it doesn't say where it comes from. NSA whistleblower Edward Snowden would be a logical pick, but security experts are not so sure."I do not believe that this came from the Snowden documents," said security guru Bruce Schneier. "I also don't believe the TAO catalog came from the Snowden documents. I think there's a second leaker out there."If so, the NSA is in for much more scrutiny than it ever expected.
Paul Merrell

Guest Post: NSA Reform - The Consequences of Failure | Just Security - 0 views

justsecurity.org/...sa-reform-consequences-failure

surveillance-state NSA-reform encryption

shared by Paul Merrell on 02 Dec 14 - No Cached
  • In the absence of real reform, people and institutions at home and abroad are taking matters into their own hands. In America, the NSA’s overreach is changing the way we communicate with and relate to each other. In order to evade government surveillance, more and more Americans are employing encryption technology.  The veritable explosion of new secure messaging apps like Surespot, OpenWhisper’s collaboration with WhatsApp, the development and deployment of open source anti-surveillance tools like Detekt, the creation of organizationally-sponsored “surveillance self-defense” guides, the push to universalize the https protocol, anti-surveillance book events featuring free encryption workshops— are manifestations of the rise of the personal encryption and pro-privacy digital resistance movement. Its political implications are clear: Americans, along with people around the world, increasingly see the United States government’s overreaching surveillance activities as a threat to be blocked.
  • The federal government’s vacuum-cleaner approach to surveillance—manifested in Title II of the PATRIOT Act, the FISA Amendments Act, and EO 12333—has backfired in these respects, and the emergence of this digital resistance movement is one result. Indeed, the existence and proliferation of social networks hold the potential to help this movement spread faster and to more of the general public than would have been possible in decades past. This is evidenced by the growing concern worldwide about governments’ ability to access reams of information about people’s lives with relative ease. As one measure, compared to a year ago, 41% of online users in North America now avoid certain Internet sites and applications, 16% change who they communicate with, and 24% censor what they say online. Those numbers, if anywhere close to accurate, are a major concern for democratic society.
  • Even if commercially available privacy technology proves capable of providing a genuine shield against warrantless or otherwise illegal surveillance by the United States government, it will remain a treatment for the symptom, not a cure for the underlying legal and constitutional malady. In April 2014, a Harris poll of US adults showed that in response to the Snowden revelations, “Almost half of respondents (47%) said that they have changed their online behavior and think more carefully about where they go, what they say, and what they do online.” Set aside for a moment that just the federal government’s collection of the data of innocent Americans is itself likely a violation of the Fourth Amendment. The Harris poll is just one of numerous studies highlighting the collateral damage to American society and politics from NSA’s excesses: segments of our population are now fearful of even associating with individuals or organizations executive branch officials deem controversial or suspicious. Nearly half of Americans say they have changed their online behavior out of a fear of what the federal government might do with their personal information. The Constitution’s free association guarantee has been damaged by the Surveillance State’s very operation.
  • ...1 more annotation...
  • The failure of the Congress and the courts to end the surveillance state, despite the repeated efforts by a huge range of political and public interest actors to effect that change through the political process, is only fueling the growing resistance movement. Federal officials understand this, which is why they are trying—desperately and in the view of some, underhandedly—to shut down this digital resistance movement. This action/reaction cycle is exactly what it appears to be: an escalating conflict between the American public and its government. Without comprehensive surveillance authority reforms (including a journalist “shield law” and ironclad whistleblower protections for Intelligence Community contractors) that are verifiable and enforceable, that conflict will only continue.
Paul Merrell

BBC News - GCHQ's Robert Hannigan says tech firms 'in denial' on extremism - 0 views

www.bbc.com/uk-29891285

surveillance state GCHQ terrorists™

shared by Paul Merrell on 05 Nov 14 - No Cached
  • Web giants such as Twitter, Facebook and WhatsApp have become "command-and-control networks... for terrorists and criminals", GCHQ's new head has said. Islamic State extremists had "embraced" the web but some companies remained "in denial" over the problem, Robert Hannigan wrote in the Financial Times. He called for them to do more to co-operate with security services. However, civil liberties campaigners said the companies were already working with the intelligence agencies. None of the major tech firms has yet responded to Mr Hannigan's comments.
  • GCHQ, terrorists, and the internet: what are the issues? GCHQ v tech firms: Internet reacts Change at the top for Britain's
  • Mr Hannigan said IS had "embraced the web as a noisy channel in which to promote itself, intimidate people, and radicalise new recruits." The "security of its communications" added another challenge to agencies such as GCHQ, he said - adding that techniques for encrypting - or digitally scrambling - messages "which were once the preserve of the most sophisticated criminals or nation states now come as standard". GCHQ and its sister agencies, MI5 and the Secret Intelligence Service, could not tackle these challenges "at scale" without greater support from the private sector, including the largest US technology companies which dominate the web, he wrote.
  • Paul Merrell on 05 Nov 14
     
    What I want to know is what we're going to do with that NSA data center at Bluffdale, Utah, after the NSA is abolished? Maybe give it to the Internet Archive?
Paul Merrell

China expands Internet backbone to improve speeds, reliability | ITworld - 0 views

www.itworld.com/...mprove-speeds-reliability.html

internet China new-access-points

shared by Paul Merrell on 15 Jan 15 - No Cached
  • Even as China cuts access to some foreign online services, it is laying more fiber optic cables to improve its connection to global Internet networks.
  • China recently added seven new access points to the world’s Internet backbone, adding to the three points that connect through Beijing, Shanghai, and Guangzhou, the country’s Ministry of Industry and Information Technology announced on Monday. More good reads Google partners up for $60M undersea fiber link between Florida and Brazil Meet the 12 wealthiest people in social media China disrupts some websites linked to US content delivery network To expand its Internet backbone networks, China laid over 3,000 kilometers worth of fiber optic cable, and invested 2.9 billion yuan (US$477 million) in its construction. Driving the project were the country’s three state-owned telecom operators, which provide most of China’s Internet broadband.
Paul Merrell

Obama wants to help make your Internet faster and cheaper. This is his plan. - The Wash... - 0 views

www.washingtonpost.com/...et-service-to-rival-large-isps

internet broadband U.S. Obama FCC state-preemption

shared by Paul Merrell on 15 Jan 15 - No Cached
  • Frustrated over the number of Internet providers that are available to you? If so, you're like many who are limited to just a handful of broadband companies. But now President Obama wants to change that, arguing that choice and competition are lacking in the U.S. broadband market. On Wednesday, Obama will unveil a series of measures aimed at making high-speed Web connections cheaper and more widely available to millions of Americans. The announcement will focus chiefly on efforts by cities to build their own alternatives to major Internet providers such as Comcast, Verizon or AT&T — a public option for Internet access, you could say. He'll write to the Federal Communications Commission urging the agency to help neutralize laws, erected by states, that effectively protect large established Internet providers against the threat represented by cities that want to build and offer their own, municipal Internet service. He'll direct federal agencies to expand grants and loans for these projects and for smaller, rural Internet providers. And he'll draw attention to a new coalition of mayors from 50 cities who've committed to spurring choice in the broadband industry.
  • "When more companies compete for your broadband business, it means lower prices," Jeff Zients, director of Obama's National Economic Council, told reporters Tuesday. "Broadband is no longer a luxury. It's a necessity." The announcement highlights a growing chorus of small and mid-sized cities that say they've been left behind by some of the country's biggest Internet providers. In many of these places, incumbent companies have delayed network upgrades or offer what customers say is unsatisfactory service because it isn't cost-effective to build new infrastructure. Many cities, such as Cedar Falls, Iowa, have responded by building their own, publicly operated competitors. Obama will travel to Cedar Falls on Wednesday to roll out his initiative.
Paul Merrell

Here's How You Can Find Out If The NSA Shared Your Data With British Spies - Forbes - 0 views

www.forbes.com/...d-your-data-with-british-spies

surveillance state NSA GCHQ info-request

shared by Paul Merrell on 18 Feb 15 - No Cached
  • In the UK earlier this month, human rights groups Liberty and Privacy International were cheered by a tribunal decision that declared GCHQ’s access to NSA spies’ data illegal. Though it was a hollow victory, as the tribunal also declared all current activities, including all those blanket surveillance projects much derided by free speech activists, entirely legal. The practices previously broke the law because the public was unaware of what safeguards were in place for the UK’s access to data from NSA programs like Prism; as soon as Snowden blew everything wide open the snoops had to explain themselves, and that was enough for the tribunal to confirm the legality of GCHQ’s operations. But the case has had one significant effect: anyone can now figure out if their data was illegally shared by the agencies. Privacy International has set up a simple webpage that anyone in the world can sign up to. You can visit the page here.
  • Once the UK Investigatory Powers Tribunal has determined whom was affected, it has to inform them. Though participants should find out whether their data were unlawfully obtained by GCHQ from the millions of private communications hoovered up by the NSA up until December 2014, it won’t be anytime soon. Privacy International warned in its FAQs: “Count on it being many months, and likely years before this action is completed.” And somewhat ironically Privacy International has to collect participant’s information, including their name and email address, to supply the service. They may ask for more information from willing participants once the group has determined if more is required from the IPT. Anyone who wants to submit directly to the tribunal can do so here.
Paul Merrell

U.S. Embedded Spyware Overseas, Report Claims - NYTimes.com - 0 views

www.nytimes.com/...tworks-security-firm-says.html

surveillance state NSA NSA-methods embedded-spyware

shared by Paul Merrell on 18 Feb 15 - No Cached
  • The United States has found a way to permanently embed surveillance and sabotage tools in computers and networks it has targeted in Iran, Russia, Pakistan, China, Afghanistan and other countries closely watched by American intelligence agencies, according to a Russian cybersecurity firm.In a presentation of its findings at a conference in Mexico on Monday, Kaspersky Lab, the Russian firm, said that the implants had been placed by what it called the “Equation Group,” which appears to be a veiled reference to the National Security Agency and its military counterpart, United States Cyber Command.
  • It linked the techniques to those used in Stuxnet, the computer worm that disabled about 1,000 centrifuges in Iran’s nuclear enrichment program. It was later revealed that Stuxnet was part of a program code-named Olympic Games and run jointly by Israel and the United States.Kaspersky’s report said that Olympic Games had similarities to a much broader effort to infect computers well beyond those in Iran. It detected particularly high infection rates in computers in Iran, Pakistan and Russia, three countries whose nuclear programs the United States routinely monitors.
  • Some of the implants burrow so deep into the computer systems, Kaspersky said, that they infect the “firmware,” the embedded software that preps the computer’s hardware before the operating system starts. It is beyond the reach of existing antivirus products and most security controls, Kaspersky reported, making it virtually impossible to wipe out.
  • ...1 more annotation...
  • In many cases, it also allows the American intelligence agencies to grab the encryption keys off a machine, unnoticed, and unlock scrambled contents. Moreover, many of the tools are designed to run on computers that are disconnected from the Internet, which was the case in the computers controlling Iran’s nuclear enrichment plants.
Gary Edwards

Is Linux dead for the desktop? - 1 views

www.cio.co.uk/...is-linux-dead-for-desktop

Linux-desktop wordSDK Office-365

shared by Gary Edwards on 23 Oct 14 - No Cached
  • Linux never had the apps
  • Charles King, an IT analyst who follows enterprise trends, says the big change is in IT. At one time, executives in charge of computing services were mostly concerned with operating systems and applications for massive throng of traditional business users. Those users have now flocked to mobile computing devices, but they still have a Windows PC sitting on their desk.
  • Today, Microsoft's lock (on the desktop, anyway) remains secure, even in the face of Apple's surge," King says. "Ironically enough, though, the open source model remains alive and well but mostly in the development of new standards and development platforms."
  • ...5 more annotations...
  • David Johnson
  • What corporate end users really need is familiarity, consistency and compatibility - something Apple, Microsoft and Google seem more adept at offering."
  • Can desktop Linux OS be saved? Johnson says the best example of how to save Linux OS is the Chrome OS, an all-in-one laptop and desktop offering available through major consumer electronics companies such as LG (with their Chromebase all-in-one) and the Samsung Chromebook 2
  • The problem is that Chrome OS and Android aren't the same as Linux OS on the desktop. It's a complete reinvention. There are few Windows-like productivity apps and no knowledge worker apps designed for keyboard and mouse.
  • All of experts agree - Windows won every battle for the business user.
  • Gary Edwards on 23 Oct 14
     
    "For executives in charge of desktop deployments in a large company, Linux OS was once hailed as a saviour for corporate end users. With incredibly low pricing - free, with fee-based support plans, for example - distributions such as Ubuntu Desktop and SUSE Linux Enterprise offered a "good enough" user interface, along with plenty of powerful apps and a rich browser. A few years ago, both Dell and HP jumped on the bandwagon; today, they still offer "developer" and "workstation" models that come pre-loaded with a Linux install. Plus, anyone who follows the Linux market knows that Google has reimagined Linux as a user-friendly tablet interface (the wildly popular Android OS) and a browser-only desktop variant (Chrome OS). Linux also shows up on countless connected home gadgets, fitness trackers, watches and other low-cost devices, mostly because OS costs are so low. The desktop computing OS for end users has failed to capture any attention lately, though. Al Gillen, the programme vice president for servers and system software at IDC, says the Linux OS as a computing platform for end users is at least comatose - and probably dead. Yes, it has reemerged on Android and other devices, but it has gone almost completely silent as a competitor to Windows for mass deployment. As they say, you can hear the crickets chirping."
Gonzalo San Gil, PhD.

How similar are OS X and Linux? | CIO - 0 views

www.cio.com/...imilar-are-os-x-and-linux.html

Mac OSX vs Linux migration shift operating systems UNIX

shared by Gonzalo San Gil, PhD. on 01 Apr 15 - No Cached
  • Gonzalo San Gil, PhD. on 01 Apr 15
     
    "In today's Apple roundup: What are the similarities between OS X and Linux? Plus: Why Apple bought FoundationDB, and reviews of the new 13-inch Macbook Pro with Force Touch"
  • Gonzalo San Gil, PhD. on 01 Apr 15
     
    "In today's Apple roundup: What are the similarities between OS X and Linux? Plus: Why Apple bought FoundationDB, and reviews of the new 13-inch Macbook Pro with Force Touch"
Paul Merrell

Free At Last: New DMCA Rules Might Make the Web a Better Place | nsnbc international - 0 views

nsnbc.me/...ht-make-the-web-a-better-place

DMCA-exemptions auto-software VW-scandal video-games remixers

shared by Paul Merrell on 28 Oct 15 - No Cached
  • David Mao, the Librarian of Congress, has issued new rules pertaining to exemptions to the Digital Millennium Copyright Act (DMCA) after a 3 year battle that was expedited in the wake of the Volkswagen scandal.
  • Opposition to this new decision is coming from the Environmental Protection Agency (EPA) and the auto industry because the DMCA prohibits “circumventing encryption or access controls to copy or modify copyrighted works.” For example, GM “claimed the exemption ‘could introduce safety and security issues as well as facilitate violation of various laws designed specifically to regulate the modern car, including emissions, fuel economy, and vehicle safety regulations’.” The exemption in question is in Section 1201 which forbids the unlocking of software access controls which has given the auto industry the unique ability to “threaten legal action against anyone who needs to get around those restrictions, no matter how legitimate the reason.” Journalist Nick Statt points out that this provision “made it illegal in the past to unlock your smartphone from its carrier or even to share your HBO Go password with a friend. It’s designed to let corporations protect copyrighted material, but it allows them to crackdown on circumventions even when they’re not infringing on those copyrights or trying to access or steal proprietary information.”
  • Kit Walsh, staff attorney for the Electronic Frontier Foundation (EFF), explained that the “‘access control’ rule is supposed to protect against unlawful copying. But as we’ve seen in the recent Volkswagen scandal—where VW was caught manipulating smog tests—it can be used instead to hide wrongdoing hidden in computer code.” Walsh continued: “We are pleased that analysts will now be able to examine the software in the cars we drive without facing legal threats from car manufacturers, and that the Librarian has acted to promote competition in the vehicle aftermarket and protect the long tradition of vehicle owners tinkering with their cars and tractors. The year-long delay in implementing the exemptions, though, is disappointing and unjustified. The VW smog tests and a long run of security vulnerabilities have shown researchers and drivers need the exemptions now.” As part of the new changes, gamers can “modify an old video game so it doesn’t perform a check with an authentication server that has since been shut down” and after the publisher cuts of support for the video game.
  • ...1 more annotation...
  • Another positive from the change is that smartphone users will be able to jailbreak their phone and finally enjoy running operating systems and applications from any source, not just those approved by the manufacturer. And finally, those who remix excerpts from DVDs, Blu – Ray discs or downloading services will be allowed to mix the material into theirs without violating the DMCA.
Gonzalo San Gil, PhD.

Yes, the NSA Worried About Whether Spying Would Backfire | WIRED - 1 views

www.wired.com/...-whether-spying-would-backfire

nsa worries spying citizens backfire wired

shared by Gonzalo San Gil, PhD. on 16 Nov 15 - No Cached
  • Gonzalo San Gil, PhD. on 16 Nov 15
     
    ""For all the time I worked on all of these issues, this was a constant discussion," Olsen says. "How do we calibrate what we're trying to do for the country with how to protect civil liberties and privacy?""
  • Paul Merrell on 16 Nov 15
     
    NSA can't credibly claim surprise at how people reacted to the Snowden disclosures. NSA's spying on U.S. citizens was first uncovered by the Senate's Church Committee in about 1976. Congress enacted legslation unequivocally telling NSA and the Defense Department that spying on Americans was not to happen again (and that the CIA was to immediately cease spying within the territorial boundaries of the U.S.). Then came the Total Information Awareness scandal, when Congress discovered that DoD was right back at it again, this time operating from under the cover of the Defense Advanced Research Projects Agency. Congress responded by abolishing the program and eliminating the job position of its director, former Admiral John Poindexter of Iran/Contra scandal fame. But rather than complying with the abolition order, most of the TIA program's staff, hardware, software, and data was simply transferred to NSA. NSA, of course, persuaded the Justice Department to secretly reinterpret key provisions of the Patriot Act more broadly than a First Grade preschooler would allow to continue spying on U.S. citizens. Indeed, anyone whose college education included the assignment to read and discuss George Orwell's 1984 would have known that NSA's program had drastically outgrown the limits of what a free society would tolerate. So this is really about deliberate defiance of the limits established by the Constitution and Congressional enactments, not about anything even remotely legal or morally acceptable. The fact that Congress did not react strongly after the Snowden disclosures, as it had after the Church Committee's report and discovery of the TIA program raises a strong suspicion that members of Congress have been blackmailed into submission using information about them gathered via NSA surveillance. We know from whistleblowers Edward Snowden and Russell Tice that members of Congress were surveilled by NSA, yet not even that violation has been taken up by Congress. Instead
Paul Merrell

Cy Vance's Proposal to Backdoor Encrypted Devices Is Riddled With Vulnerabilities | Jus... - 0 views

www.justsecurity.org/...evices-riddled-vulnerabilities

surveillance state encryption-backdoors Vance

shared by Paul Merrell on 11 Dec 15 - No Cached
  • Less than a week after the attacks in Paris — while the public and policymakers were still reeling, and the investigation had barely gotten off the ground — Cy Vance, Manhattan’s District Attorney, released a policy paper calling for legislation requiring companies to provide the government with backdoor access to their smartphones and other mobile devices. This is the first concrete proposal of this type since September 2014, when FBI Director James Comey reignited the “Crypto Wars” in response to Apple’s and Google’s decisions to use default encryption on their smartphones. Though Comey seized on Apple’s and Google’s decisions to encrypt their devices by default, his concerns are primarily related to end-to-end encryption, which protects communications that are in transit. Vance’s proposal, on the other hand, is only concerned with device encryption, which protects data stored on phones. It is still unclear whether encryption played any role in the Paris attacks, though we do know that the attackers were using unencrypted SMS text messages on the night of the attack, and that some of them were even known to intelligence agencies and had previously been under surveillance. But regardless of whether encryption was used at some point during the planning of the attacks, as I lay out below, prohibiting companies from selling encrypted devices would not prevent criminals or terrorists from being able to access unbreakable encryption. Vance’s primary complaint is that Apple’s and Google’s decisions to provide their customers with more secure devices through encryption interferes with criminal investigations. He claims encryption prevents law enforcement from accessing stored data like iMessages, photos and videos, Internet search histories, and third party app data. He makes several arguments to justify his proposal to build backdoors into encrypted smartphones, but none of them hold water.
  • Before addressing the major privacy, security, and implementation concerns that his proposal raises, it is worth noting that while an increase in use of fully encrypted devices could interfere with some law enforcement investigations, it will help prevent far more crimes — especially smartphone theft, and the consequent potential for identity theft. According to Consumer Reports, in 2014 there were more than two million victims of smartphone theft, and nearly two-thirds of all smartphone users either took no steps to secure their phones or their data or failed to implement passcode access for their phones. Default encryption could reduce instances of theft because perpetrators would no longer be able to break into the phone to steal the data.
  • Vance argues that creating a weakness in encryption to allow law enforcement to access data stored on devices does not raise serious concerns for security and privacy, since in order to exploit the vulnerability one would need access to the actual device. He considers this an acceptable risk, claiming it would not be the same as creating a widespread vulnerability in encryption protecting communications in transit (like emails), and that it would be cheap and easy for companies to implement. But Vance seems to be underestimating the risks involved with his plan. It is increasingly important that smartphones and other devices are protected by the strongest encryption possible. Our devices and the apps on them contain astonishing amounts of personal information, so much that an unprecedented level of harm could be caused if a smartphone or device with an exploitable vulnerability is stolen, not least in the forms of identity fraud and credit card theft. We bank on our phones, and have access to credit card payments with services like Apple Pay. Our contact lists are stored on our phones, including phone numbers, emails, social media accounts, and addresses. Passwords are often stored on people’s phones. And phones and apps are often full of personal details about their lives, from food diaries to logs of favorite places to personal photographs. Symantec conducted a study, where the company spread 50 “lost” phones in public to see what people who picked up the phones would do with them. The company found that 95 percent of those people tried to access the phone, and while nearly 90 percent tried to access private information stored on the phone or in other private accounts such as banking services and email, only 50 percent attempted contacting the owner.
  • ...8 more annotations...
  • Vance attempts to downplay this serious risk by asserting that anyone can use the “Find My Phone” or Android Device Manager services that allow owners to delete the data on their phones if stolen. However, this does not stand up to scrutiny. These services are effective only when an owner realizes their phone is missing and can take swift action on another computer or device. This delay ensures some period of vulnerability. Encryption, on the other hand, protects everyone immediately and always. Additionally, Vance argues that it is safer to build backdoors into encrypted devices than it is to do so for encrypted communications in transit. It is true that there is a difference in the threats posed by the two types of encryption backdoors that are being debated. However, some manner of widespread vulnerability will inevitably result from a backdoor to encrypted devices. Indeed, the NSA and GCHQ reportedly hacked into a database to obtain cell phone SIM card encryption keys in order defeat the security protecting users’ communications and activities and to conduct surveillance. Clearly, the reality is that the threat of such a breach, whether from a hacker or a nation state actor, is very real. Even if companies go the extra mile and create a different means of access for every phone, such as a separate access key for each phone, significant vulnerabilities will be created. It would still be possible for a malicious actor to gain access to the database containing those keys, which would enable them to defeat the encryption on any smartphone they took possession of. Additionally, the cost of implementation and maintenance of such a complex system could be high.
  • Privacy is another concern that Vance dismisses too easily. Despite Vance’s arguments otherwise, building backdoors into device encryption undermines privacy. Our government does not impose a similar requirement in any other context. Police can enter homes with warrants, but there is no requirement that people record their conversations and interactions just in case they someday become useful in an investigation. The conversations that we once had through disposable letters and in-person conversations now happen over the Internet and on phones. Just because the medium has changed does not mean our right to privacy has.
  • In addition to his weak reasoning for why it would be feasible to create backdoors to encrypted devices without creating undue security risks or harming privacy, Vance makes several flawed policy-based arguments in favor of his proposal. He argues that criminals benefit from devices that are protected by strong encryption. That may be true, but strong encryption is also a critical tool used by billions of average people around the world every day to protect their transactions, communications, and private information. Lawyers, doctors, and journalists rely on encryption to protect their clients, patients, and sources. Government officials, from the President to the directors of the NSA and FBI, and members of Congress, depend on strong encryption for cybersecurity and data security. There are far more innocent Americans who benefit from strong encryption than there are criminals who exploit it. Encryption is also essential to our economy. Device manufacturers could suffer major economic losses if they are prohibited from competing with foreign manufacturers who offer more secure devices. Encryption also protects major companies from corporate and nation-state espionage. As more daily business activities are done on smartphones and other devices, they may now hold highly proprietary or sensitive information. Those devices could be targeted even more than they are now if all that has to be done to access that information is to steal an employee’s smartphone and exploit a vulnerability the manufacturer was required to create.
  • Vance also suggests that the US would be justified in creating such a requirement since other Western nations are contemplating requiring encryption backdoors as well. Regardless of whether other countries are debating similar proposals, we cannot afford a race to the bottom on cybersecurity. Heads of the intelligence community regularly warn that cybersecurity is the top threat to our national security. Strong encryption is our best defense against cyber threats, and following in the footsteps of other countries by weakening that critical tool would do incalculable harm. Furthermore, even if the US or other countries did implement such a proposal, criminals could gain access to devices with strong encryption through the black market. Thus, only innocent people would be negatively affected, and some of those innocent people might even become criminals simply by trying to protect their privacy by securing their data and devices. Finally, Vance argues that David Kaye, UN Special Rapporteur for Freedom of Expression and Opinion, supported the idea that court-ordered decryption doesn’t violate human rights, provided certain criteria are met, in his report on the topic. However, in the context of Vance’s proposal, this seems to conflate the concepts of court-ordered decryption and of government-mandated encryption backdoors. The Kaye report was unequivocal about the importance of encryption for free speech and human rights. The report concluded that:
  • States should promote strong encryption and anonymity. National laws should recognize that individuals are free to protect the privacy of their digital communications by using encryption technology and tools that allow anonymity online. … States should not restrict encryption and anonymity, which facilitate and often enable the rights to freedom of opinion and expression. Blanket prohibitions fail to be necessary and proportionate. States should avoid all measures that weaken the security that individuals may enjoy online, such as backdoors, weak encryption standards and key escrows. Additionally, the group of intelligence experts that was hand-picked by the President to issue a report and recommendations on surveillance and technology, concluded that: [R]egarding encryption, the U.S. Government should: (1) fully support and not undermine efforts to create encryption standards; (2) not in any way subvert, undermine, weaken, or make vulnerable generally available commercial software; and (3) increase the use of encryption and urge US companies to do so, in order to better protect data in transit, at rest, in the cloud, and in other storage.
  • The clear consensus among human rights experts and several high-ranking intelligence experts, including the former directors of the NSA, Office of the Director of National Intelligence, and DHS, is that mandating encryption backdoors is dangerous. Unaddressed Concerns: Preventing Encrypted Devices from Entering the US and the Slippery Slope In addition to the significant faults in Vance’s arguments in favor of his proposal, he fails to address the question of how such a restriction would be effectively implemented. There is no effective mechanism for preventing code from becoming available for download online, even if it is illegal. One critical issue the Vance proposal fails to address is how the government would prevent, or even identify, encrypted smartphones when individuals bring them into the United States. DHS would have to train customs agents to search the contents of every person’s phone in order to identify whether it is encrypted, and then confiscate the phones that are. Legal and policy considerations aside, this kind of policy is, at the very least, impractical. Preventing strong encryption from entering the US is not like preventing guns or drugs from entering the country — encrypted phones aren’t immediately obvious as is contraband. Millions of people use encrypted devices, and tens of millions more devices are shipped to and sold in the US each year.
  • Finally, there is a real concern that if Vance’s proposal were accepted, it would be the first step down a slippery slope. Right now, his proposal only calls for access to smartphones and devices running mobile operating systems. While this policy in and of itself would cover a number of commonplace devices, it may eventually be expanded to cover laptop and desktop computers, as well as communications in transit. The expansion of this kind of policy is even more worrisome when taking into account the speed at which technology evolves and becomes widely adopted. Ten years ago, the iPhone did not even exist. Who is to say what technology will be commonplace in 10 or 20 years that is not even around today. There is a very real question about how far law enforcement will go to gain access to information. Things that once seemed like merely science fiction, such as wearable technology and artificial intelligence that could be implanted in and work with the human nervous system, are now available. If and when there comes a time when our “smart phone” is not really a device at all, but is rather an implant, surely we would not grant law enforcement access to our minds.
  • Policymakers should dismiss Vance’s proposal to prohibit the use of strong encryption to protect our smartphones and devices in order to ensure law enforcement access. Undermining encryption, regardless of whether it is protecting data in transit or at rest, would take us down a dangerous and harmful path. Instead, law enforcement and the intelligence community should be working to alter their skills and tactics in a fast-evolving technological world so that they are not so dependent on information that will increasingly be protected by encryption.
Alexandra IcecreamApps

Android vs. iPhone - Icecream Tech Digest - 0 views

icecreamapps.com/...android-vs-iphone

android vs iphone ios best smartphone mobile operating system os smartphones ssystem

shared by Alexandra IcecreamApps on 17 Dec 15 - No Cached
  • Alexandra IcecreamApps on 17 Dec 15
     
    Lately, smartphone users are divided into two groups: Android supporters and iPhone worshipers. Not mentioning Windows phones, basically the majority of all users tend to have either an Android phone or an iPhone. The Android vs. iPhone battle is a …
  • Alexandra IcecreamApps on 17 Dec 15
     
    Lately, smartphone users are divided into two groups: Android supporters and iPhone worshipers. Not mentioning Windows phones, basically the majority of all users tend to have either an Android phone or an iPhone. The Android vs. iPhone battle is a …
Paul Merrell

Section 215 and "Fruitless" (?!?) Constitutional Adjudication | Just Security - 0 views

www.justsecurity.org/...ss-constitutional-adjudication

surveillance state 215 ACLU Clapper litigation 2nd-Circuit constitutional law

shared by Paul Merrell on 02 Nov 15 - No Cached
  • This morning, the Second Circuit issued a follow-on ruling to its May decision in ACLU v. Clapper (which had held that the NSA’s bulk telephone records program was unlawful insofar as it had not properly been authorized by Congress). In a nutshell, today’s ruling rejects the ACLU’s request for an injunction against the continued operation of the program for the duration of the 180-day transitional period (which ends on November 29) from the old program to the quite different collection regime authorized by the USA Freedom Act. As the Second Circuit (in my view, quite correctly) concluded, “Regardless of whether the bulk telephone metadata program was illegal prior to May, as we have held, and whether it would be illegal after November 29, as Congress has now explicitly provided, it is clear that Congress intended to authorize it during the transitionary period.” So far, so good. But remember that the ACLU’s challenge to bulk collection was mounted on both statutory and constitutional grounds, the latter of which the Second Circuit was able to avoid in its earlier ruling because of its conclusion that, prior to the enactment of the USA Freedom Act, bulk collection was unauthorized by Congress. Now that it has held that it is authorized during the transitional period, that therefore tees up, quite unavoidably, whether bulk collection violates the Fourth Amendment. But rather than decide that (momentous) question, the Second Circuit ducked:
  • We agree with the government that we ought not meddle with Congress’s considered decision regarding the transition away from bulk telephone metadata collection, and also find that addressing these issues at this time would not be a prudent use of judicial authority. We need not, and should not, decide such momentous constitutional issues based on a request for such narrow and temporary relief. To do so would take more time than the brief transition period remaining for the telephone metadata program, at which point, any ruling on the constitutionality of the demised program would be fruitless. In other words, because any constitutional violation is short-lived, and because it results from the “considered decision” of Congress, it would be fruitless to actually resolve the constitutionality of bulk collection during the transitional period.
  • Hopefully, it won’t take a lot of convincing for folks to understand just how wrong-headed this is. For starters, if the plaintiffs are correct, they are currently being subjected to unconstitutional government surveillance for which they are entitled to a remedy. The fact that this surveillance has a limited shelf-life (and/or that Congress was complicit in it) doesn’t in any way ameliorate the constitutional violation — which is exactly why the Supreme Court has, for generations, recognized an exception to mootness doctrine for constitutional violations that, owing to their short duration, are “capable of repetition, yet evading review.” Indeed, in this very same opinion, the Second Circuit first held that the ACLU’s challenge isn’t moot, only to then invokes mootness-like principles to justify not resolving the constitutional claim. It can’t be both; either the constitutional challenge is moot, or it isn’t. But more generally, the notion that constitutional adjudication of a claim with a short shelf-life is “fruitless” utterly misses the significance of the establishment of forward-looking judicial precedent, especially in a day and age in which courts are allowed to (and routinely do) avoid resolving the merits of constitutional claims in cases in which the relevant precedent is not “clearly established.” Maybe, if this were the kind of constitutional question that was unlikely to recur, there’d be more to the Second Circuit’s avoidance of the issue in this case. But whether and to what extent the Fourth Amendment applies to information we voluntarily provide to third parties is hardly that kind of question, and the Second Circuit’s unconvincing refusal to answer that question in a context in which it is quite squarely presented is nothing short of feckless.
Gonzalo San Gil, PhD.

Why ChromeOS Tops Linux, Mac and Windows - Datamation - 1 views

www.datamation.com/...ops-linux-mac-and-windows.html

chrome tops linux mac windows operating systems

shared by Gonzalo San Gil, PhD. on 24 Nov 15 - No Cached
  • Gonzalo San Gil, PhD. on 24 Nov 15
     
    "Those who know me best are quick to let me know: I'm a touch stubborn on certain matters. But there is one area where I've found myself caving to the pressures of reality. In this article, I'll make a case for why I believe ChromeOS might end up winning the OS wars."
Paul Merrell

Microsoft Helping to Store Police Video From Taser Body Cameras | nsnbc international - 0 views

nsnbc.me/...-video-from-taser-body-cameras

surveillance state police body-cameras Taser Microsoft cloud-services Azure

shared by Paul Merrell on 27 Oct 15 - No Cached
  • Microsoft has joined forces with Taser to combine the Azure cloud platform with law enforcement management tools.
  • Taser’s Axon body camera data management software on Evidence.com will run on Azure and Windows 10 devices to integrate evidence collection, analysis, and archival features as set forth by the Federal Bureau of Investigation Criminal Justice Information Services (CJIS) Security Policy. As per the partnership, Taser will utilize Azure’s machine learning and computing technologies to store police data on Microsoft’s government cloud. In addition, redaction capabilities of Taser will be improved which will assist police departments that are subject to bulk data requests. Currently, Taser is operating on Amazon Web Services; however this deal may entice police departments to upgrade their technology, which in turn would drive up sales of Windows 10. This partnership comes after Taser was given a lucrative deal with the Los Angeles Police Department (LAPD) last year, who ordered 7,000 body cameras equipped with 800 Axom body cameras for their officers in response to the recent deaths of several African Americans at the hands of police.
  • In order to ensure Taser maintains a monopoly on police body cameras, the corporation acquired contracts with police departments all across the nation for the purchase of body cameras through dubious ties to certain chiefs of police. The corporation announced in 2014 that “orders for body cameras [has] soared to $24.6 million from October to December” which represents a 5-fold increase in profits from 2013. Currently, Taser is in 13 cities with negotiations for new contracts being discussed in 28 more. Taser, according to records and interviews, allegedly has “financial ties to police chiefs whose departments have bought the recording devices.” In fact, Taser has been shown to provide airfare and luxury hotels for chiefs of police when traveling for speaking engagements in Australia and the United Arab Emirates (UAE); and hired them as consultants – among other perks and deals. Since 2013, Taser has been contractually bound with “consulting agreements with two such chiefs’ weeks after they retired” as well as is allegedly “in talks with a third who also backed the purchase of its products.”
Gonzalo San Gil, PhD.

How Can I Find Out How Much Bandwidth I'm Using at Home? - 0 views

lifehacker.com/...uch-bandwidth-im-using-at-home

bandwidth use monitor all operating systems

shared by Gonzalo San Gil, PhD. on 21 Dec 15 - No Cached
  • Gonzalo San Gil, PhD. on 21 Dec 15
     
    "Dear Lifehacker, How can I check and see how much bandwidth I've been using? Is there any way to keep a running tally of my bandwidth so I can see when I use the most, or if something's using a lot of bandwidth that I'm not aware of? "
Paul Merrell

Google Is Constantly Tracking, Even If You Turn Off Device 'Location History' | Zero Hedge - 1 views

www.zerohedge.com/...dna-even-if-you-turn-it-report

surveillance state Google location-tracking digital-privacy

shared by Paul Merrell on 14 Aug 18 - No Cached
  • In but the latest in a continuing saga of big tech tracking and surveillance stories which should serve to convince us all we are living in the beginning phases of a Minority Report style tracking and pansophical "pre-crime" system, it's now confirmed that the world's most powerful tech company and search tool will always find a way to keep your location data. The Associated Press sought the help of Princeton researchers to prove that while Google is clear and upfront about giving App users the ability to turn off or "pause" Location History on their devices, there are other hidden means through which it retains the data.
  • According to the AP report: Google says that will prevent the company from remembering where you’ve been. Google’s support page on the subject states: “You can turn off Location History at any time. With Location History off, the places you go are no longer stored.” That isn’t true. Even with Location History paused, some Google apps automatically store time-stamped location data without asking. For example, Google stores a snapshot of where you are when you merely open its Maps app. Automatic daily weather updates on Android phones pinpoint roughly where you are. And some searches that have nothing to do with location, like “chocolate chip cookies,” or “kids science kits,” pinpoint your precise latitude and longitude — accurate to the square foot — and save it to your Google account. The issue directly affects around two billion people using Google's Android operating software and iPhone users relying on Google maps or a simple search. Among the computer science researchers at Princeton conducting the tests is Jonathan Mayer, who told the AP, “If you’re going to allow users to turn off something called ‘Location History,’ then all the places where you maintain location history should be turned off,” and added, “That seems like a pretty straightforward position to have.”
Paul Merrell

Microsoft Pitches Technology That Can Read Facial Expressions at Political Rallies - 1 views

theintercept.com/...pressions-at-political-rallies

facial-recognition emotion-recognition cloud computing Microsoft

shared by Paul Merrell on 07 Aug 16 - No Cached
  • On the 21st floor of a high-rise hotel in Cleveland, in a room full of political operatives, Microsoft’s Research Division was advertising a technology that could read each facial expression in a massive crowd, analyze the emotions, and report back in real time. “You could use this at a Trump rally,” a sales representative told me. At both the Republican and Democratic conventions, Microsoft sponsored event spaces for the news outlet Politico. Politico, in turn, hosted a series of Microsoft-sponsored discussions about the use of data technology in political campaigns. And throughout Politico’s spaces in both Philadelphia and Cleveland, Microsoft advertised an array of products from “Microsoft Cognitive Services,” its artificial intelligence and cloud computing division. At one exhibit, titled “Realtime Crowd Insights,” a small camera scanned the room, while a monitor displayed the captured image. Every five seconds, a new image would appear with data annotated for each face — an assigned serial number, gender, estimated age, and any emotions detected in the facial expression. When I approached, the machine labeled me “b2ff” and correctly identified me as a 23-year-old male.
  • “Realtime Crowd Insights” is an Application Programming Interface (API), or a software tool that connects web applications to Microsoft’s cloud computing services. Through Microsoft’s emotional analysis API — a component of Realtime Crowd Insights — applications send an image to Microsoft’s servers. Microsoft’s servers then analyze the faces and return emotional profiles for each one. In a November blog post, Microsoft said that the emotional analysis could detect “anger, contempt, fear, disgust, happiness, neutral, sadness or surprise.” Microsoft’s sales representatives told me that political campaigns could use the technology to measure the emotional impact of different talking points — and political scientists could use it to study crowd response at rallies.
  • Facial recognition technology — the identification of faces by name — is already widely used in secret by law enforcement, sports stadiums, retail stores, and even churches, despite being of questionable legality. As early as 2002, facial recognition technology was used at the Super Bowl to cross-reference the 100,000 attendees to a database of the faces of known criminals. The technology is controversial enough that in 2013, Google tried to ban the use of facial recognition apps in its Google glass system. But “Realtime Crowd Insights” is not true facial recognition — it could not identify me by name, only as “b2ff.” It did, however, store enough data on each face that it could continuously identify it with the same serial number, even hours later. The display demonstrated that capability by distinguishing between the number of total faces it had seen, and the number of unique serial numbers. Photo: Alex Emmons
  • ...2 more annotations...
  • Instead, “Realtime Crowd Insights” is an example of facial characterization technology — where computers analyze faces without necessarily identifying them. Facial characterization has many positive applications — it has been tested in the classroom, as a tool for spotting struggling students, and Microsoft has boasted that the tool will even help blind people read the faces around them. But facial characterization can also be used to assemble and store large profiles of information on individuals, even anonymously.
  • Alvaro Bedoya, a professor at Georgetown Law School and expert on privacy and facial recognition, has hailed that code of conduct as evidence that Microsoft is trying to do the right thing. But he pointed out that it leaves a number of questions unanswered — as illustrated in Cleveland and Philadelphia. “It’s interesting that the app being shown at the convention ‘remembered’ the faces of the people who walked by. That would seem to suggest that their faces were being stored and processed without the consent that Microsoft’s policy requires,” Bedoya said. “You have to wonder: What happened to the face templates of the people who walked by that booth? Were they deleted? Or are they still in the system?” Microsoft officials declined to comment on exactly what information is collected on each face and what data is retained or stored, instead referring me to their privacy policy, which does not address the question. Bedoya also pointed out that Microsoft’s marketing did not seem to match the consent policy. “It’s difficult to envision how companies will obtain consent from people in large crowds or rallies.”
  • Paul Merrell on 07 Aug 16
     
    But nobody is saying that the output of this technology can't be combined with the output of facial recognition technology to let them monitor you individually AND track your emotions. Fortunately, others are fighting back with knowledge and tech to block facial recognition. http://goo.gl/JMQM2W
Paul Merrell

Challenge to data transfer tool used by Facebook will go to Europe's top court | TechCr... - 1 views

techcrunch.com/...k-will-go-to-europes-top-court

surveillance state NSA Irish_High_Court EU data-privacy litigation ECJ

shared by Paul Merrell on 06 Oct 17 - No Cached
  • The five-week court hearing in what is a complex case delving into detail on US surveillance operations took place in February. The court issued its ruling today. The 153-page ruling starts by noting “this is an unusual case”, before going into a detailed discussion of the arguments and concluding that the DPC’s concerns about the validity of SCCs should be referred to the European Court of Justice for a preliminary ruling. Schrems is also the man responsible for bringing, in 2013, a legal challenge that ultimately struck down Safe Harbor — the legal mechanism that had oiled the pipe for EU-US personal data flows for fifteen years before the ECJ ruled it to be invalid in October 2015. Schrems’ argument had centered on U.S. government mass surveillance programs, as disclosed via the Snowden leaks, being incompatible with fundamental European privacy rights. After the ECJ struck down Safe Harbor he then sought to apply the same arguments against Facebook’s use of SCCs — returning to Ireland to make the complaint as that’s where the company has its European HQ. It’s worth noting that the European Commission has since replaced Safe Harbor with a new (and it claims more robust) data transfer mechanism, called the EU-US Privacy Shield — which is now, as Safe Harbor was, used by thousands of businesses. Although that too is facing legal challenges as critics continue to argue there is a core problem of incompatibility between two distinct legal regimes where EU privacy rights collide with US mass surveillance.
  • Schrems’ Safe Harbor challenge also started in the Irish Court before being ultimately referred to the ECJ. So there’s more than a little legal deja vu here, especially given the latest development in the case. In its ruling on the SCC issue, the Irish Court noted that a US ombudsperson position created under Privacy Shield to handle EU citizens complaints about companies’ handling of their data is not enough to overcome what it described as “well founded concerns” raised by the DPC regarding the adequacy of the protections for EU citizens data.
  • Making a video statement outside court in Dublin today, Schrems said the Irish court had dismissed Facebook’s argument that the US government does not undertake any surveillance.
  • ...3 more annotations...
  • In a written statement on the ruling Schrems added: “I welcome the judgement by the Irish High Court. It is important that a neutral Court outside of the US has summarized the facts on US surveillance in a judgement, after diving through more than 45,000 pages of documents in a five week hearing.
  • On Facebook, he also said: “In simple terms, US law requires Facebook to help the NSA with mass surveillance and EU law prohibits just that. As Facebook is subject to both jurisdictions, they got themselves in a legal dilemma that they cannot possibly solve in the long run.”
  • While Schrems’ original complaint pertained to Facebook, the Irish DPC’s position means many more companies that use the mechanism could face disruption if SCCs are ultimately invalidated as a result of the legal challenge to their validity.
« First ‹ Previous 261 - 280 of 301 Next › Last »
Showing 20 items per page