Skip to main content

Home/ Future of the Web/ Group items tagged order

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
Matteo Spreafico

SAP Network Blogs - 0 views

www.sdn.sap.com/...weblogs

BusinessProcess collaboration future wave google sap

shared by Matteo Spreafico on 29 Sep 09 - Cached
  • Gravity is a prototype developed by SAP Research in Brisbane, Australia and SAP NetWeaver Development providing real-time, cloud-based collaborative business process modelling within Google Wave.
  • Leveraging the collaborative features of Google Wave, all business process modelling activities get propagated in near real-time to all other participants of the Wave. In addition, participants of the Wave can use all other features provided by Google and its developer community to enrich the collaborative modelling experience.
  • In addition to the near real-time propagation of model content to all participants of a Wave, various features of true real-time collaboration are shown, such as different colour-coding for each individual modeller, history of a model, asynchronous and synchronous editing, and more. The demo also shows how robots (automated components that act as Wave participants) can be leveraged in order to syntactically correct the model on the fly. In the end, we will see how models are exported using BPMN 2.0 XML. They will then be imported into SAP Netweaver BPM for further refinement and execution.
idea man

Regulations.gov - 1 views

www.regulations.gov/...home.html

shared by idea man on 17 Oct 10 - No Cached
  • idea man on 17 Oct 10
     
    The Department is also considering revising the ADA's title II regulation to establish requirements for making the services, programs, or activities offered by State and local governments to the public via the Web accessible. The Department is issuing this advance notice of proposed rulemaking in order to solicit public comment on various issues relating to the potential application of such requirements 
Paul Merrell

Google Open Sources Google XML Pages - O'Reilly News - 0 views

news.oreilly.com/...e-open-sources-google-xml.html

google google xml pages gxp open source

shared by Paul Merrell on 12 Aug 08 - Cached
  • OSCON 2008, Gonsalves made the announcement that, after several years of consideration, Google was releasing Google XML Pages (or GXP) under the Apache Open Source License.
  • At OSCON 2008, Gonsalves made the announcement that, after several years of consideration, Google was releasing Google XML Pages (or GXP) under the Apache Open Source License.
  • Originally developed as a Python interpreter that produced Java source code, gxp was rewritten in 2006-7 to be a completely Java based application. The idea behind gxp is fairly simple (and is one that is used, in slightly different fashion, for Microsoft's XAML and Silverlight) - a web designer can declare a number of XML namespaces that define specific libraries on an XHTML or GXP container element, intermixing GXP and XHTML code in order to perform conditional logic, invoke server components, define state variables or create template modules. This GXP code is then parsed and used to generate the relevant Java code, which in turn is compiled into a server module invoked from within a Java servlet engine such as Tomcat or Jetty and cached on the server.
Paul Merrell

Home - Pencil Project - 0 views

www.evolus.vn/Home.html

extension firefox3 pencil xulrunner

shared by Paul Merrell on 14 Sep 08 - Cached
  • The Pencil Project's unique mission is to build a free and opensource tool for making diagrams and GUI prototyping that everyone can use.
  • Built-in stencils for diagraming and prototyping Multi-page document with background page On-screen text editing with rich-text supports PNG rasterizing Undo/redo supports Installing user-defined stencils Standard drawing operations: aligning, z-ordering, scaling, rotating... Cross-platforms Adding external objects And much more...
  • Paul Merrell on 14 Sep 08
     
    Interesting application for prototyping GUIs. Runs as a Firefox 3 extension or standalone on Linux and Windows using XULRunner.
Paul Merrell

Will Language Overload Force Open Enterprises? - 0 views

www.internetnews.com/...oad+Force+Open+Enterprises.htm

rest tim bray xml

shared by Paul Merrell on 30 Jul 08 - Cached
  • "XML doesn't have the monopoly it used to have," Bray said. "It used to be that if you wanted to send messages back and forth across the wire, XML was the only game in town." "Clearly, there is going to more heterogeneity for wire formats, too," he added. "Increasingly, given that the future will have more than two programming languages, there will be a lot more messages being passed around."
  • Bray comes to the issue from a unique perspective. As a co-author of the original XML specifications, he helped create a language that at one point had been intended to become the lingua franca for all Web communications. He now admits that he wasn't entirely accurate in his original vision of where XML would end up.
  • "I was so completely wrong on everything," Bray admitted. "We thought we were going to replace HTML and that turned out to be a silly idea. It turned out be used for syndication feeds and purchase orders and a million other things, and that's fine. Things find their own level." However, in today's world of language proliferation, Bray has another favorite approach for exchanging information. "I am a strong partisan of the REST (define) approach, which provides a Web-based approach for integration of anything to anything," Bray said. "REST isn't tied to XML or JSON but it makes it easy to use either."
  • anonymous on 02 Oct 13
     
    Most quality online stores. Know whether you are a trusted online retailer in the world. Whatever we can buy very good quality. and do not hesitate. Everything is very high quality. Including clothes, accessories, bags, cups. Highly recommended. This is one of the trusted online store in the world. View now www.retrostyler.com
Paul Merrell

IPhone software developers stifled under Apple's gag order - Los Angeles Times - 0 views

www.latimes.com/...le25-2008aug25,0,4479285.story

apple iphone screwups

shared by Paul Merrell on 28 Aug 08 - Cached
  • The software development kit that Apple Inc. distributed to programmers bound them to not discuss the process of creating programs for the iPhone. Companies typically waive such legal restrictions once the product in question launches, but Apple didn't. And it won't say why.
  • As a result, iPhone developers -- and businesses that cater to them -- say they are prohibited from asking technical questions or sharing tips anywhere in public. On Apple's official support website, moderators remind visitors that they are bound by the nondisclosure agreement and should mind what they say or ask.
  • Conference organizers are trying to figure out how to plan sessions for iPhone software developers when they're not allowed to talk about iPhone software. Book publishers are sitting on how-to manuals, afraid that if they ship them Apple will sue.
Paul Merrell

Accessible Rich Internet Applications (WAI-ARIA) Version 1.0 - 0 views

www.w3.org/...WD-wai-aria-20080806

accessibility ria

shared by Paul Merrell on 14 Aug 08 - Cached
  • Accessibility of Web content to people with disabilities requires semantic information about widgets, structures, and behaviors, in order to allow Assistive Technologies to make appropriate transformations. This specification provides an ontology of roles, states, and properties that set out an abstract model for accessible interfaces and can be used to improve the accessibility and interoperability of Web Content and Applications. This information can be mapped to accessibility frameworks that use this information to provide alternative access solutions. Similarly, this information can be used to change the rendering of content dynamically using different style sheet properties. The result is an interoperable method for associating behaviors with document-level markup. This document is part of the WAI-ARIA suite described in the ARIA Overview.
  • Paul Merrell on 14 Aug 08
     
    New working draft from W3C. See also details of the call for comment: http://lists.w3.org/Archives/Public/w3c-wai-ig/2008JulSep/0034
Paul Merrell

XForms for HTML: W3C Working Draft 19 December 2008 - 0 views

www.w3.org/...WD-XForms-for-HTML-20081219

xforms html

shared by Paul Merrell on 23 Dec 08 - Cached
  • AbstractXForms for HTML provides a set of attributes and script methods that can be used by the tags or elements of an HTML or XHTML web page to simplify the integration of data-intensive interactive processing capabilities from XForms. The semantics of the attributes are mapped to the rich XForms model-view-controller-connector architecture, thereby allowing web application authors a smoother, selective migration path to the higher-order behaviors available from the full element markup available in modules of XForms.
  • This document describes XForms for HTML, which provides a set of attributes and script methods encompassing a useful subset of XForms functionality and mapping that functionality to syntactic constructs that are familiar to authors of HTML and XHTML web pages. The intent of this module is to simplify the means by which web page authors gain access to the rich functionality available from the hybrid execution model of XForms, which combines declarative constructs with event-driven imperative processing. These attributes and script methods increase the initial consumability of XForms by allowing injection of rich semantics directly into the host language markup. In turn, the behaviors of the attributes and script methods are mapped to the XForms model-view-controller-connector architecture so that applications manifest behaviors consistent with having used XForms markup elements. This allows authors to gradually address greater application complexity as it arises in the software lifecycle by opportunistically, i.e. as the need arises, switching from the attributes and script methods of this specification to the corresponding XForms markup elements. This gradual adoption strategy is being further supported by the modularization of XForms into components that can be consumed incrementally by authors and implementers.
Paul Merrell

GooSoft shapes super White Space database * The Register - 0 views

www.theregister.co.uk/...white_spaces_database

broadcast spectrum White Space Database web politics

shared by Paul Merrell on 05 Feb 09 - Cached
  • The world's largest software and search companies Wednesday announced the formation of the White Spaces Database Group with PC and broadcasting hardware and services specialists Dell, Hewlett Packard, Motorola, Comsearch, and NeuStar.
  • The White Spaces Database Group comes after months of concerted lobbying of the US Federal Communications Commission (FCC) by Microsoft, Google, and the other companies to make unused TV frequencies - white spaces - available for internet access by PCs and other devices.
  • The FCC last November ruled against broadcasters and said it would open up white spaces, but in a concession to their concerns, it stipulated the need for an online database that devices accessing the spectrum must read in order to find out what channels they are allowed to use. The database should be built and run by a third party and will be selected through a "public process."
Gary Edwards

EU Might Force OEMs to Offer Choice of Browsers During Setup > Comments - 0 views

www.osnews.com/...20850

eu browsers webkit silverlight xaml wpf microsoft

shared by Gary Edwards on 29 Jan 09 - Cached
  • Gary Edwards on 29 Jan 09
     
    Maybe the EU can right the marketplace and restore competition by identifying all proprietary formats, protocols and interfaces used by Microsoft in an anti-competitive way; then issue a directive to either replace these locks with open standard alternatives, or pay a monthly anti-competitive reimbursement penalty until such time as the end user effectively replaces these systems. This approach is similar to the "WiNE solution" put forward to Judge Jackson as part of the USA anti-trust remedy. Judge Jackson favored a break up of Microsoft into two divisions; Operating systems and other businesses. Few believed this was enforceable, with many citing the infamous "Chinese Wall" claims made by Chairman Bill
Paul Merrell

MICROSOFT CORP (Form: 10-Q, Received: 01/22/2009 09:02:43) - 0 views

investor.shareholder.com/...EdgarDetail.asp

Microsoft DG Competition MSIE bundling tying web standards

shared by Paul Merrell on 26 Jan 09 - No Cached
  • In January 2008 the Commission opened a competition law investigation related to the inclusion of various capabilities in our Windows operating system software, including Web browsing software. The investigation was precipitated by a complaint filed with the Commission by Opera Software ASA, a firm that offers Web browsing software. On January 15, 2009, the European Commission issued a statement of objections expressing the Commission’s preliminary view that the inclusion of Internet Explorer in Windows since 1996 has violated European competition law. According to the statement of objections, other browsers are foreclosed from competing because Windows includes Internet Explorer. We will have an opportunity to respond in writing to the statement of objections within about two months. We may also request a hearing, which would take place after the submission of this response. Under European Union procedure, the European Commission will not make a final determination until after it receives and assesses our response and conducts the hearing, should we request one. The statement of objections seeks to impose a remedy that is different than the remedy imposed in the earlier proceeding concerning Windows Media Player.
  • While computer users and OEMs are already free to run any Web browsing software on Windows, the Commission is considering ordering Microsoft and OEMs to obligate users to choose a particular browser when setting up a new PC. Such a remedy might include a requirement that OEMs distribute multiple browsers on new Windows-based PCs. We may also be required to disable certain unspecified Internet Explorer software code if a user chooses a competing browser. The statement of objections also seeks to impose a significant fine based on sales of Windows operating systems in the European Union. In January 2008, the Commission opened an additional competition law investigation that relates primarily to interoperability with respect to our Microsoft Office family of products. This investigation resulted from complaints filed with the Commission by a trade association of Microsoft’s competitors.
Paul Merrell

Google Desktop - Features - 0 views

desktop.google.com/features.html

google gadgets sidebar

shared by Paul Merrell on 13 Feb 09 - Cached
  • You can also keep your Google Gadgets organized in your sidebar, a vertical bar on your desktop which basically functions as a control panel for your gadget. You can drag and drop any of your gadgets into or out of your sidebar, or move them up or down to arrange them in any order. The sidebar can be set to always stay on top of other screens, and we've re-designed it to blend better into your desktop.
  • With the Add Gadgets interface, finding new gadgets is fast and easy. Simply click on the "+" button at the top of your sidebar or select "Add gadgets" from the option menu to bring up this screen. From here, you can view gadgets by category by clicking on the titles on the left or search for specific gadgets by using the search box in the top right. Once you've found the gadget you want, just mouse over it and click the "Add" button.
  • Paul Merrell on 13 Feb 09
     
    Just noticed that Google is now bundling a "Google Gadgets Sidebar" with Google Desktop Search. I should have seen that one coming but didn't. It's a natural combination that should get Gadgets onto many desktops. Notably, now there is also an RSS feed for Gadgets, notifying users as new Gadgets are added to the very quickly growing collection of registered gadgets. It's an impressive blend of technology and market positioning, expanding from Google's core search market.
Paul Merrell

Publicly Available Standards - 0 views

standards.iso.org/...index.html

iso_iec:26300-2006 odf

shared by Paul Merrell on 29 May 08 - Cached
    • Paul Merrell
      Paul Merrell on 29 May 08
       
      This is the download page for ISO/IEC information technology standards available at no charge. The same standards are available on other ISO, IEC, and other standards organizations' web pages for a fee. If you need an ISO/IEC information technology standard, check here before you pay money for what's also given away for free. Notice that standards are arranged on the page in numerical order.
  • Paul Merrell on 29 May 08
     
    Most ISO and IEC standards are only available for purchase. However, a few are publicly available at no charge. ISO/IEC:26300-2006 is one of the latter and can be downloaded from this page in XHTML format. Note that the standards listed on the page are arranged numerically and the OpenDocument standard is very near the bottom of the page. This version of ODF is the only version that has the legal status of an international standard, making it eligible as a government procurement specification throughout all Member nations of the Agreement on Government Procurement.
  • anonymous on 23 Sep 13
     
    Like this http://www.hdfilmsaati.net Film,dvd,download,free download,product... ppc,adword,adsense,amazon,clickbank,osell,bookmark,dofollow,edu,gov,ads,linkwell,traffic,scor,serp,goggle,bing,yahoo.ads,ads network,ads goggle,bing,quality links,link best,ptr,cpa,bpa
Paul Merrell

Rob Weir is caught in a deceit - 0 views

www.adjb.net/...ormance-and-Portability-4.aspx

rob weir normative

shared by Paul Merrell on 19 May 09 - Cached
  • Ah, Marbux, what circus is complete without the clowns?
  • It seems you like to ignore requirements in order to defend Microsoft
  • Do you get paid to spread FUD like this, or is it merely a dilettantish pursuit?
  • ...1 more annotation...
  • I am unable to even imagine that you would be ignorant of basic standards terminology. So why do you persist in intentionally misleading your readers?
Paul Merrell

Vodafone reveals existence of secret wires that allow state surveillance | Business | T... - 0 views

www.theguardian.com/...es-allowing-state-surveillance

surveillance state non-U.S.-spy-agencies Vodafone

shared by Paul Merrell on 07 Jun 14 - No Cached
  • Vodafone, one of the world's largest mobile phone groups, has revealed the existence of secret wires that allow government agencies to listen to all conversations on its networks, saying they are widely used in some of the 29 countries in which it operates in Europe and beyond.The company has broken its silence on government surveillance in order to push back against the increasingly widespread use of phone and broadband networks to spy on citizens, and will publish its first Law Enforcement Disclosure Report on Friday. At 40,000 words, it is the most comprehensive survey yet of how governments monitor the conversations and whereabouts of their people.The company said wires had been connected directly to its network and those of other telecoms groups, allowing agencies to listen to or record live conversations and, in certain cases, track the whereabouts of a customer. Privacy campaigners said the revelations were a "nightmare scenario" that confirmed their worst fears on the extent of snooping.
  • Vodafone's group privacy officer, Stephen Deadman, said: "These pipes exist, the direct access model exists."We are making a call to end direct access as a means of government agencies obtaining people's communication data. Without an official warrant, there is no external visibility. If we receive a demand we can push back against the agency. The fact that a government has to issue a piece of paper is an important constraint on how powers are used."Vodafone is calling for all direct-access pipes to be disconnected, and for the laws that make them legal to be amended. It says governments should "discourage agencies and authorities from seeking direct access to an operator's communications infrastructure without a lawful mandate".
  • In America, Verizon and AT&T have published data, but only on their domestic operations. Deutsche Telekom in Germany and Telstra in Australia have also broken ground at home. Vodafone is the first to produce a global survey.
  • ...2 more annotations...
  • Peter Micek, policy counsel at the campaign group Access, said: "In a sector that has historically been quiet about how it facilitates government access to user data, Vodafone has for the first time shone a bright light on the challenges of a global telecom giant, giving users a greater understanding of the demands governments make of telcos. Vodafone's report also highlights how few governments issue any transparency reports, with little to no information about the number of wiretaps, cell site tower dumps, and other invasive surveillance practices."
  • Snowden, the National Security Agency whistleblower, joined Google, Reddit, Mozilla and other tech firms and privacy groups on Thursday to call for a strengthening of privacy rights online in a "Reset the net" campaign.Twelve months after revelations about the scale of the US government's surveillance programs were first published in the Guardian and the Washington Post, Snowden said: "One year ago, we learned that the internet is under surveillance, and our activities are being monitored to create permanent records of our private lives – no matter how innocent or ordinary those lives might be. Today, we can begin the work of effectively shutting down the collection of our online communications, even if the US Congress fails to do the same."
  • Paul Merrell on 07 Jun 14
     
    The Vodafone disclosures will undoubtedly have a very large ripple effect. Note carefully that this is the first major telephone service in the world to break ranks with the others and come out swinging at secret government voyeur agencies. Will others follow. If you follow the links to the Vodafone report, you'll find a very handy big PDF providing an overview of the relevant laws in each of the customer nations. There's a cute Guardian table that shows the aggregate number of warrants for interception of content via Vodafone for each of those nations, broken down by content type. That table has white-on-black cells noting where disclosure of those types of surveillance statistics are prohibited by law. So it is far from a complete picture, but it's a heck of a good start.  But several of those customer nations are members of the E.U., where digital privacy rights are enshrined as human rights under an EU-wide treaty. So expect some heat to roll downhill on those nations from the European treaty organizations, particularly the European Court of Human Rights, staffed with civil libertarian judges, from which there is no appeal.     
Paul Merrell

Safer email - Transparency Report - Google - 0 views

www.google.com/...saferemail

surveillance state NSA-reform encryption email stats Gmail

shared by Paul Merrell on 04 Jun 14 - No Cached
  • Email encryption in transit Many email providers don’t encrypt messages while they’re in transit. When you send or receive emails with one of these providers, these messages are as open to snoopers as a postcard in the mail. A growing number of email providers are working to change that, by encrypting messages sent to and from our services using Transport Layer Security (TLS). When an email is encrypted in transit with TLS, it makes it harder for others to read what you’re sending. The data below explains the current state of email encryption in transit.
  • Generally speaking, use of encryption in transit increases over time, as more providers enable and maintain their support. Factors such as varying volumes of email may explain other fluctuations.
  • Below is the percentage of email encrypted for the top domains in terms of volume of email to and from Gmail, in alphabetical order.
  • ...1 more annotation...
  • Explore the data Search any domain (e.g. “example.com”) or string (e.g. “de”) to see how much of the email exchanged with Gmail is encrypted in transit. Or download the full dataset.
Paul Merrell

Google Says Website Encryption Will Now Influence Search Rankings - 0 views

techcrunch.com/...-now-influence-search-rankings

surveillance state NSA-reform NSA-blowback Google

shared by Paul Merrell on 08 Aug 14 - No Cached
  • Google will begin using website encryption, or HTTPS, as a ranking signal – a move which should prompt website developers who have dragged their heels on increased security measures, or who debated whether their website was “important” enough to require encryption, to make a change. Initially, HTTPS will only be a lightweight signal, affecting fewer than 1% of global queries, says Google. That means that the new signal won’t carry as much weight as other factors, including the quality of the content, the search giant noted, as Google means to give webmasters time to make the switch to HTTPS. Over time, however, encryption’s effect on search ranking make strengthen, as the company places more importance on website security. Google also promises to publish a series of best practices around TLS (HTTPS, is also known as HTTP over TLS, or Transport Layer Security) so website developers can better understand what they need to do in order to implement the technology and what mistakes they should avoid. These tips will include things like what certificate type is needed, how to use relative URLs for resources on the same secure domain, best practices around allowing for site indexing, and more.
  • In addition, website developers can test their current HTTPS-enabled website using the Qualys Lab tool, says Google, and can direct further questions to Google’s Webmaster Help Forums where the company is already in active discussions with the broader community. The announcement has drawn a lot of feedback from website developers and those in the SEO industry – for instance, Google’s own blog post on the matter, shared in the early morning hours on Thursday, is already nearing 1,000 comments. For the most part, the community seems to support the change, or at least acknowledge that they felt that something like this was in the works and are not surprised. Google itself has been making moves to better securing its own traffic in recent months, which have included encrypting traffic between its own servers. Gmail now always uses an encrypted HTTPS connection which keeps mail from being snooped on as it moves from a consumer’s machine to Google’s data centers.
  • While HTTPS and site encryption have been a best practice in the security community for years, the revelation that the NSA has been tapping the cables, so to speak, to mine user information directly has prompted many technology companies to consider increasing their own security measures, too. Yahoo, for example, also announced in November its plans to encrypt its data center traffic. Now Google is helping to push the rest of the web to do the same.
  • Paul Merrell on 08 Aug 14
     
    The Internet continues to harden in the wake of the NSA revelations. This is a nice nudge by Google.
Paul Merrell

Leaked docs show spyware used to snoop on US computers | Ars Technica - 0 views

arstechnica.com/...-used-to-snoop-on-us-computers

surveillance state Gamma-Group FinFisher zero-day-exploits Vupen-Security MSOffice MSIE Acrobat

shared by Paul Merrell on 10 Aug 14 - No Cached
  • Software created by the controversial UK-based Gamma Group International was used to spy on computers that appear to be located in the United States, the UK, Germany, Russia, Iran, and Bahrain, according to a leaked trove of documents analyzed by ProPublica. It's not clear whether the surveillance was conducted by governments or private entities. Customer e-mail addresses in the collection appeared to belong to a German surveillance company, an independent consultant in Dubai, the Bosnian and Hungarian Intelligence services, a Dutch law enforcement officer, and the Qatari government.
  • The leaked files—which were posted online by hackers—are the latest in a series of revelations about how state actors including repressive regimes have used Gamma's software to spy on dissidents, journalists, and activist groups. The documents, leaked last Saturday, could not be readily verified, but experts told ProPublica they believed them to be genuine. "I think it's highly unlikely that it's a fake," said Morgan Marquis-Bore, a security researcher who while at The Citizen Lab at the University of Toronto had analyzed Gamma Group's software and who authored an article about the leak on Thursday. The documents confirm many details that have already been reported about Gamma, such as that its tools were used to spy on Bahraini activists. Some documents in the trove contain metadata tied to e-mail addresses of several Gamma employees. Bill Marczak, another Gamma Group expert at the Citizen Lab, said that several dates in the documents correspond to publicly known events—such as the day that a particular Bahraini activist was hacked.
  • The leaked files contain more than 40 gigabytes of confidential technical material, including software code, internal memos, strategy reports, and user guides on how to use Gamma Group software suite called FinFisher. FinFisher enables customers to monitor secure Web traffic, Skype calls, webcams, and personal files. It is installed as malware on targets' computers and cell phones. A price list included in the trove lists a license of the software at almost $4 million. The documents reveal that Gamma uses technology from a French company called Vupen Security that sells so-called computer "exploits." Exploits include techniques called "zero days" for "popular software like Microsoft Office, Internet Explorer, Adobe Acrobat Reader, and many more." Zero days are exploits that have not yet been detected by the software maker and therefore are not blocked.
  • ...2 more annotations...
  • Many of Gamma's product brochures have previously been published by the Wall Street Journal and Wikileaks, but the latest trove shows how the products are getting more sophisticated. In one document, engineers at Gamma tested a product called FinSpy, which inserts malware onto a user's machine, and found that it could not be blocked by most antivirus software. Documents also reveal that Gamma had been working to bypass encryption tools including a mobile phone encryption app, Silent Circle, and were able to bypass the protection given by hard-drive encryption products TrueCrypt and Microsoft's Bitlocker.
  • The documents also describe a "country-wide" surveillance product called FinFly ISP which promises customers the ability to intercept Internet traffic and masquerade as ordinary websites in order to install malware on a target's computer. The most recent date-stamp found in the documents is August 2, coincidung with the first tweet by a parody Twitter account, @GammaGroupPR, which first announced the hack and may be run by the hacker or hackers responsible for the leak. On Reddit, a user called PhineasFisher claimed responsibility for the leak. "Two years ago their software was found being widely used by governments in the middle east, especially Bahrain, to hack and spy on the computers and phones of journalists and dissidents," the user wrote. The name on the @GammaGroupPR Twitter account is also "Phineas Fisher." GammaGroup, the surveillance company whose documents were released, is no stranger to the spotlight. The security firm F-Secure first reported the purchase of FinFisher software by the Egyptian State Security agency in 2011. In 2012, Bloomberg News and The Citizen Lab showed how the company's malware was used to target activists in Bahrain. In 2013, the software company Mozilla sent a cease-and-desist letter to the company after a report by The Citizen Lab showed that a spyware-infected version of the Firefox browser manufactured by Gamma was being used to spy on Malaysian activists.
Paul Merrell

The Latest Rules on How Long NSA Can Keep Americans' Encrypted Data Look Too Familiar |... - 0 views

justsecurity.org/...s-hold-encrypted-data-familiar

surveillance state NSA IAA-2015 Sect-309 legislation

shared by Paul Merrell on 26 Jan 15 - No Cached
  • Does the National Security Agency (NSA) have the authority to collect and keep all encrypted Internet traffic for as long as is necessary to decrypt that traffic? That was a question first raised in June 2013, after the minimization procedures governing telephone and Internet records collected under Section 702 of the Foreign Intelligence Surveillance Act were disclosed by Edward Snowden. The issue quickly receded into the background, however, as the world struggled to keep up with the deluge of surveillance disclosures. The Intelligence Authorization Act of 2015, which passed Congress this last December, should bring the question back to the fore. It established retention guidelines for communications collected under Executive Order 12333 and included an exception that allows NSA to keep ‘incidentally’ collected encrypted communications for an indefinite period of time. This creates a massive loophole in the guidelines. NSA’s retention of encrypted communications deserves further consideration today, now that these retention guidelines have been written into law. It has become increasingly clear over the last year that surveillance reform will be driven by technological change—specifically by the growing use of encryption technologies. Therefore, any legislation touching on encryption should receive close scrutiny.
  • Section 309 of the intel authorization bill describes “procedures for the retention of incidentally acquired communications.” It establishes retention guidelines for surveillance programs that are “reasonably anticipated to result in the acquisition of [telephone or electronic communications] to or from a United States person.” Communications to or from a United States person are ‘incidentally’ collected because the U.S. person is not the actual target of the collection. Section 309 states that these incidentally collected communications must be deleted after five years unless they meet a number of exceptions. One of these exceptions is that “the communication is enciphered or reasonably believed to have a secret meaning.” This exception appears to be directly lifted from NSA’s minimization procedures for data collected under Section 702 of FISA, which were declassified in 2013. 
  • While Section 309 specifically applies to collection taking place under E.O. 12333, not FISA, several of the exceptions described in Section 309 closely match exceptions in the FISA minimization procedures. That includes the exception for “enciphered” communications. Those minimization procedures almost certainly served as a model for these retention guidelines and will likely shape how this new language is interpreted by the Executive Branch. Section 309 also asks the heads of each relevant member of the intelligence community to develop procedures to ensure compliance with new retention requirements. I expect those procedures to look a lot like the FISA minimization guidelines.
  • ...6 more annotations...
  • This language is broad, circular, and technically incoherent, so it takes some effort to parse appropriately. When the minimization procedures were disclosed in 2013, this language was interpreted by outside commentators to mean that NSA may keep all encrypted data that has been incidentally collected under Section 702 for at least as long as is necessary to decrypt that data. Is this the correct interpretation? I think so. It is important to realize that the language above isn’t just broad. It seems purposefully broad. The part regarding relevance seems to mirror the rationale NSA has used to justify its bulk phone records collection program. Under that program, all phone records were relevant because some of those records could be valuable to terrorism investigations and (allegedly) it isn’t possible to collect only those valuable records. This is the “to find a needle a haystack, you first have to have the haystack” argument. The same argument could be applied to encrypted data and might be at play here.
  • This exception doesn’t just apply to encrypted data that might be relevant to a current foreign intelligence investigation. It also applies to cases in which the encrypted data is likely to become relevant to a future intelligence requirement. This is some remarkably generous language. It seems one could justify keeping any type of encrypted data under this exception. Upon close reading, it is difficult to avoid the conclusion that these procedures were written carefully to allow NSA to collect and keep a broad category of encrypted data under the rationale that this data might contain the communications of NSA targets and that it might be decrypted in the future. If NSA isn’t doing this today, then whoever wrote these minimization procedures wanted to at least ensure that NSA has the authority to do this tomorrow.
  • There are a few additional observations that are worth making regarding these nominally new retention guidelines and Section 702 collection. First, the concept of incidental collection as it has typically been used makes very little sense when applied to encrypted data. The way that NSA’s Section 702 upstream “about” collection is understood to work is that technology installed on the network does some sort of pattern match on Internet traffic; say that an NSA target uses example@gmail.com to communicate. NSA would then search content of emails for references to example@gmail.com. This could notionally result in a lot of incidental collection of U.S. persons’ communications whenever the email that references example@gmail.com is somehow mixed together with emails that have nothing to do with the target. This type of incidental collection isn’t possible when the data is encrypted because it won’t be possible to search and find example@gmail.com in the body of an email. Instead, example@gmail.com will have been turned into some alternative, indecipherable string of bits on the network. Incidental collection shouldn’t occur because the pattern match can’t occur in the first place. This demonstrates that, when communications are encrypted, it will be much harder for NSA to search Internet traffic for a unique ID associated with a specific target.
  • This lends further credence to the conclusion above: rather than doing targeted collection against specific individuals, NSA is collecting, or plans to collect, a broad class of data that is encrypted. For example, NSA might collect all PGP encrypted emails or all Tor traffic. In those cases, NSA could search Internet traffic for patterns associated with specific types of communications, rather than specific individuals’ communications. This would technically meet the definition of incidental collection because such activity would result in the collection of communications of U.S. persons who aren’t the actual targets of surveillance. Collection of all Tor traffic would entail a lot of this “incidental” collection because the communications of NSA targets would be mixed with the communications of a large number of non-target U.S. persons. However, this “incidental” collection is inconsistent with how the term is typically used, which is to refer to over-collection resulting from targeted surveillance programs. If NSA were collecting all Tor traffic, that activity wouldn’t actually be targeted, and so any resulting over-collection wouldn’t actually be incidental. Moreover, greater use of encryption by the general public would result in an ever-growing amount of this type of incidental collection.
  • This type of collection would also be inconsistent with representations of Section 702 upstream collection that have been made to the public and to Congress. Intelligence officials have repeatedly suggested that search terms used as part of this program have a high degree of specificity. They have also argued that the program is an example of targeted rather than bulk collection. ODNI General Counsel Robert Litt, in a March 2014 meeting before the Privacy and Civil Liberties Oversight Board, stated that “there is either a misconception or a mischaracterization commonly repeated that Section 702 is a form of bulk collection. It is not bulk collection. It is targeted collection based on selectors such as telephone numbers or email addresses where there’s reason to believe that the selector is relevant to a foreign intelligence purpose.” The collection of Internet traffic based on patterns associated with types of communications would be bulk collection; more akin to NSA’s collection of phone records en mass than it is to targeted collection focused on specific individuals. Moreover, this type of collection would certainly fall within the definition of bulk collection provided just last week by the National Academy of Sciences: “collection in which a significant portion of the retained data pertains to identifiers that are not targets at the time of collection.”
  • The Section 702 minimization procedures, which will serve as a template for any new retention guidelines established for E.O. 12333 collection, create a large loophole for encrypted communications. With everything from email to Internet browsing to real-time communications moving to encrypted formats, an ever-growing amount of Internet traffic will fall within this loophole.
  • Paul Merrell on 26 Jan 15
     
    Tucked into a budget authorization act in December without press notice. Section 309 (the Act is linked from the article) appears to be very broad authority for the NSA to intercept any form of telephone or other electronic information in bulk. There are far more exceptions from the five-year retention limitation than the encrypted information exception. When reading this, keep in mind that the U.S. intelligence community plays semantic games to obfuscate what it does. One of its word plays is that communications are not "collected" until an analyst looks at or listens to partiuclar data, even though the data will be searched to find information countless times before it becomes "collected." That searching was the major basis for a decision by the U.S. District Court in Washington, D.C. that bulk collection of telephone communications was unconstitutional: Under the Fourth Amendment, a "search" or "seizure" requiring a judicial warrant occurs no later than when the information is intercepted. That case is on appeal, has been briefed and argued, and a decision could come any time now. Similar cases are pending in two other courts of appeals. Also, an important definition from the new Intelligence Authorization Act: "(a) DEFINITIONS.-In this section: (1) COVERED COMMUNICATION.-The term ''covered communication'' means any nonpublic telephone or electronic communication acquired without the consent of a person who is a party to the communication, including communications in electronic storage."       
Paul Merrell

British Prime Minister Suggests Banning Some Online Messaging Apps - NYTimes.com - 0 views

bits.blogs.nytimes.com/...ing-some-online-messaging-apps

surveillance state UK Cameron encryption legislation

shared by Paul Merrell on 19 Jan 15 - No Cached
  • Popular messaging services like Snapchat and WhatsApp are in the cross hairs in Britain. That was the message delivered on Monday by Prime Minister David Cameron, who said he would pursue banning encrypted messaging services if Britain’s intelligence services were not given access to the communications. The statement comes as many European politicians are demanding that Internet companies like Google and Facebook provide greater information about people’s online activities after several recent terrorist threats, including the attacks in Paris.
  • Mr. Cameron, who has started to campaign ahead of a national election in Britain in May, said his government, if elected, would ban encrypted online communication tools that could potentially be used by terrorists if the country’s intelligence agencies were not given increased access. The reforms are part of new legislation that would force telecom operators and Internet services providers to store more data on people’s online activities, including social network messages. “Are we going to allow a means of communications which it simply isn’t possible to read?” Mr. Cameron said at an event on Monday, in reference to services like WhatsApp, Snapchat and other encrypted online applications. “My answer to that question is: ‘No, we must not.’ ” Mr. Cameron said his first duty was to protect the country against terrorist attacks.
  • “The attacks in Paris demonstrated the scale of the threat that we face and the need to have robust powers through our intelligence and security agencies in order to keep our people safe,” he added. Any restriction on these online services, however, would not take effect until 2016, at the earliest, and it remained unclear how the British government could stop people from using these apps, which are used by hundreds of millions of people worldwide.
« First ‹ Previous 161 - 180 of 219 Next › Last »
Showing 20 items per page