Group items matching

in title, tags, annotations or url

While the Justice Department wages a public fight with Apple over access to a locked iPhone, government officials are privately debating how to resolve a prolonged standoff with another technology company, WhatsApp, over access to its popular instant messaging application, officials and others involved in the case said. No decision has been made, but a court fight with WhatsApp, the world’s largest mobile messaging service, would open a new front in the Obama administration’s dispute with Silicon Valley over encryption, security and privacy.WhatsApp, which is owned by Facebook, allows customers to send messages and make phone calls over the Internet. In the last year, the company has been adding encryption to those conversations, making it impossible for the Justice Department to read or eavesdrop, even with a judge’s wiretap order.

As recently as this past week, officials said, the Justice Department was discussing how to proceed in a continuing criminal investigation in which a federal judge had approved a wiretap, but investigators were stymied by WhatsApp’s encryption.The Justice Department and WhatsApp declined to comment. The government officials and others who discussed the dispute did so on condition of anonymity because the wiretap order and all the information associated with it were under seal. The nature of the case was not clear, except that officials said it was not a terrorism investigation. The location of the investigation was also unclear.

To understand the battle lines, consider this imperfect analogy from the predigital world: If the Apple dispute is akin to whether the F.B.I. can unlock your front door and search your house, the issue with WhatsApp is whether it can listen to your phone calls. In the era of encryption, neither question has a clear answer.Some investigators view the WhatsApp issue as even more significant than the one over locked phones because it goes to the heart of the future of wiretapping. They say the Justice Department should ask a judge to force WhatsApp to help the government get information that has been encrypted. Others are reluctant to escalate the dispute, particularly with senators saying they will soon introduce legislation to help the government get data in a format it can read.

Nearly three years after NSA whistleblower Edward Snowden gave journalists his trove of documents on the intelligence community’s broad and powerful surveillance regime, the public is still missing some crucial, basic facts about how the operations work. Surveillance researchers and privacy advocates published a report on Wednesday outlining what we do know, thanks to the period of discovery post-Snowden — and the overwhelming amount of things we don’t. The NSA’s domestic surveillance was understandably the initial focus of public debate. But that debate never really moved on to examine the NSA’s vastly bigger foreign operations. “There has been relatively little public or congressional debate within the United States about the NSA’s overseas surveillance operations,” write Faiza Patel and Elizabeth Goitein, co-directors of the Brennan Center for Justice’s Liberty and National Security Program, and Amos Toh, legal adviser for David Kaye, the U.N. special rapporteur on the right to freedom of opinion and expression.

The central guidelines the NSA is supposed to follow while spying abroad are described in Executive Order 12333, issued by President Ronald Reagan in 1981, which the authors describe as “a black box.” Just Security, a national security law blog, and the Brennan Center for Justice are co-hosting a panel on Thursday on Capitol Hill to discuss the policy, where the NSA’s privacy and civil liberties officer, Rebecca Richards, will be present. And the independent government watchdog, the Privacy and Civil Liberties Oversight Board, which has authored in-depth reports on other NSA programs, intends to publish a report on 12333 surveillance programs “this year,” according to spokesperson Jen Burita. In the meantime, the authors of the report came up with a list of questions they say need to be answered to create an informed public debate.

The German software-as-a-service firm Open-Xchange, which provides apps that telcos and other service providers can bundle with their connectivity or hosting products, is adding a cloud-based office productivity toolset called OX Documents to its OX App Suite lineup. Open-Xchange has around 70 million users through its contracts with roughly 80 providers such as 1&1 Internet and Strato. Its OX App Suite takes the form of a virtual desktop of sorts, that lets users centralize their email and file storage accounts and view all sorts of documents through a unified portal. However, as of an early April release it will also include OX Text, a non-destructive, collaborative document editor that rivals Google Docs, and that has an interesting heritage of its own.

The President of Brazil, Dilma Rousseff announces publicly the creation of a world internet system INDEPENDENT from US and Britain ( the “US-centric internet”). Not many understand that, while the immediate trigger for the decision (coupled with the cancellation of a summit with the US president) was the revelations on NSA spying, the reason why Rousseff can take such a historic step is that the alternative infrastructure: The BRICS cable from Vladivostock, Russia  to Shantou, China to Chennai, India  to Cape Town, South Africa  to Fortaleza, Brazil,  is being built and it’s, actually, in its final phase of implementation. No amount of provocation and attempted “Springs” destabilizations and Color Revolution in the Middle East, Russia or Brazil can stop this process.  The huge submerged part of the BRICS plan is not yet known by the broader public.

Nonetheless it is very real and extremely effective. So real that international investors are now jumping with both feet on this unprecedented real economy opportunity. The change… has already happened. Brazil plans to divorce itself from the U.S.-centric Internet over Washington’s widespread online spying, a move that many experts fear will be a potentially dangerous first step toward politically fracturing a global network built with minimal interference by governments. President Dilma Rousseff has ordered a series of measures aimed at greater Brazilian online independence and security following revelations that the U.S. National Security Agency intercepted her communications, hacked into the state-owned Petrobras oil company’s network and spied on Brazilians who entrusted their personal data to U.S. tech companies such as Facebook and Google.

BRICS Cable… a 34 000 km, 2 fibre pair, 12.8 Tbit/s capacity, fibre optic cable system For any global investor, there is no crisis – there is plenty of growth. It’s just not in the old world BRICS is ~45% of the world’s population and ~25% of the world’s GDP BRICS together create an economy the size of Italy every year… that’s the 8th largest economy in the world The BRICS presents profound opportunities in global geopolitics and commerce Links Russia, China, India, South Africa, Brazil – the BRICS economies – and the United States. Interconnect with regional and other continental cable systems in Asia, Africa and South America for improved global coverage Immediate access to 21 African countries and give those African countries access to the BRICS economies. Projected ready for service date is mid to second half of 2015.

All existing data sharing agreements between Europe and the US should be revoked, and US web site providers should prominently inform European citizens that their data may be subject to government surveillance, according to the recommendations of a briefing report for the European Parliament. The report was produced in response to revelations about the US National Security Agency (NSA) snooping on internet traffic, and aims to highlight the subsequent effect on European Union (EU) citizens' rights.

The report warns that EU data protection authorities have failed to understand the “structural shift of data sovereignty implied by cloud computing”, and the associated risks to the rights of EU citizens. It suggests “a full industrial policy for development of an autonomous European cloud computing capacity” should be set up to reduce exposure of EU data to NSA surveillance that is undertaken by the use of US legislation that forces US-based cloud providers to provide access to data they hold.

To put pressure on the US government, the report recommends that US websites should ask EU citizens for their consent before gathering data that could be used by the NSA. “Prominent notices should be displayed by every US web site offering services in the EU to inform consent to collect data from EU citizens. The users should be made aware that the data may be subject to surveillance by the US government for any purpose which furthers US foreign policy,” it said. “A consent requirement will raise EU citizen awareness and favour growth of services solely within EU jurisdiction. This will thus have economic impact on US business and increase pressure on the US government to reach a settlement.”

What is Schema.org? This site provides a collection of schemas, i.e., html tags, that webmasters can use to markup their pages in ways recognized by major search providers. Search engines including Bing, Google, Yahoo! and Yandex rely on this markup to improve the display of search results, making it easier for people to find the right web pages. Many sites are generated from structured data, which is often stored in databases. When this data is formatted into HTML, it becomes very difficult to recover the original structured data. Many applications, especially search engines, can benefit greatly from direct access to this structured data. On-page markup enables search engines to understand the information on web pages and provide richer search results in order to make it easier for users to find relevant information on the web. Markup can also enable new tools and applications that make use of the structure. A shared markup vocabulary makes it easier for webmasters to decide on a markup schema and get the maximum benefit for their efforts. So, in the spirit of sitemaps.org, search engines have come together to provide a shared collection of schemas that webmasters can use.

After only one hour of floor debate, and no allowed amendments, the House of Representatives today passed legislation that opponents believe may give brand new authorization to the U.S. government to conduct domestic dragnets. The USA Freedom Act was approved in a 338-88 vote, with approximately equal numbers of Democrats and Republicans voting against. The bill’s supporters say it will disallow bulk collection of domestic telephone metadata, in which the Foreign Intelligence Surveillance Court has regularly ordered phone companies to turn over such data. The Obama administration claims such collection is authorized by Section 215 of the USA Patriot Act, which is set to expire June 1. However, the U.S. Court of Appeals for the Second Circuit recently held that Section 215 does not provide such authorization. Today’s legislation would prevent the government from issuing such orders for bulk collection and instead rely on telephone companies to store all their metadata — some of which the government could then demand using a “specific selection term” related to foreign terrorism. Bill supporters maintain this would prevent indiscriminate collection.

However, the legislation may not end bulk surveillance and in fact could codify the ability of the government to conduct dragnet data collection. “We’re taking something that was not permitted under regular section 215 … and now we’re creating a whole apparatus to provide for it,” Rep. Justin Amash, R-Mich., said on Tuesday night during a House Rules Committee proceeding. “The language does limit the amount of bulk collection, it doesn’t end bulk collection,” Rep. Amash said, arguing that the problematic “specific selection term” allows for “very large data collection, potentially in the hundreds of thousands of people, maybe even millions.” In a statement posted to Facebook ahead of the vote, Rep. Amash said the legislation “falls woefully short of reining in the mass collection of Americans’ data, and it takes us a step in the wrong direction by specifically authorizing such collection in violation of the Fourth Amendment to the Constitution.”

“While I appreciate a number of the reforms in the bill and understand the need for secure counter-espionage and terrorism investigations, I believe our nation is better served by allowing Section 215 to expire completely and replacing it with a measure that finds a better balance between national security interests and protecting the civil liberties of Americans,” Congressman Ted Lieu, D-Calif., said in a statement explaining his vote against the bill.

Senate Majority Whip John Cornyn (R-Texas) on Tuesday said the upper chamber is unlikely to move on a stalled cybersecurity bill before the August recess.Senate Republican leaders, including Cornyn, had been angling to get the bill — known as the Cybersecurity Information Sharing Act (CISA) — to the floor this month.ADVERTISEMENTBut Cornyn said that there is simply too much of a time crunch in the remaining legislative days to get to the measure, intended to boost the public-private exchange of data on hackers.  “I’m sad to say I don’t think that’s going to happen,” he told reporters off the Senate floor. “The timing of this is unfortunate.”“I think we’re just running out time,” he added.An aide for Senate Majority Leader Mitch McConnell (R-Ky.) said he had not committed to a specific schedule after the upper chamber wraps up work in the coming days on a highway funding bill.Cornyn said Senate leadership will look to move on the bill sometime after the legislature returns in September from its month-long break.

The move would delay yet again what’s expected to be a bruising floor fight about government surveillance and digital privacy rights.“[CISA] needs a lot of work,” Sen. Patrick Leahy (D-Vt.), who currently opposes the bill, told The Hill on Tuesday. “And when it comes up, there’s going to have to be a lot of amendments otherwise it won’t pass.”Despite industry support, broad bipartisan backing, and potentially even White House support, CISA has been mired in the Senate for months over privacy concerns.Civil liberties advocates worry the bill would create another venue for the government’s intelligence wing to collect sensitive data on Americans only months after Congress voted to rein in surveillance powers.But industry groups and many lawmakers insist a bolstered data exchange is necessary to better understand and counter the growing cyber threat. Inaction will leave government and commercial networks exposed to increasingly dangerous hackers, they say.Sen. Ron Wyden (D-Ore.), who has been leading the chorus opposing the bill, rejoiced Tuesday after hearing of the likely delay.

“I really want to commend the advocates for the tremendous grassroots effort to highlight the fact that this bill was badly flawed from a privacy standpoint,” he told The Hill.Digital rights and privacy groups are blanketing senators’ offices this week with faxes and letters in an attempt to raise awareness of bill’s flaws.“Our side has picked up an enormous amount of support,” Wyden said.Wyden was the only senator to vote against CISA in the Senate Intelligence Committee. The panel approved the measure in March by a 14-1 vote and it looked like CISA was barrelling toward the Senate floor.After the House easily passed its companion pieces of legislation, CISA’s odds only seemed better.But the measure got tied up in the vicious debate over the National Security Agency's (NSA) spying powers that played out throughout April and May.“It’s like a number of these issues, in the committee the vote was 14-1, everyone says, ‘oh, Ron Wyden opposes another bipartisan bill,’” Wyden said Tuesday. “And I said, ‘People are going to see that this is a badly flawed bill.’”

Imagine you are the target of a phishing attack: Someone sends you an email attachment containing malware. Your email service provider shares the attachment with the government, so that others can configure their computer systems to spot similar attacks. The next day, your provider gets a call. It’s the Department of Homeland Security (DHS), and they’re curious. The malware appears to be from Turkey. Why, DHS wants to know, might someone in Turkey be interested in attacking you? So, would your email company please share all your emails with the government? Knowing more about you, investigators might better understand the attack. Normally, your email provider wouldn’t be allowed to give this information over without your consent or a search warrant. But that could soon change. The Senate may soon make another attempt at passing the Cybersecurity Information Sharing Act, a bill that would waive privacy laws in the name of cybersecurity. In April, the US House of Representatives passed by strong majorities two similar “cyber threat” information sharing bills. These bills grant companies immunity for giving DHS information about network attacks, attackers, and online crimes.

Sharing information about security vulnerabilities is a good idea. Shared vulnerability data empowers other system operators to check and see if they, too, have been attacked, and also to guard against being similarly attacked in the future. I’ve spent most of my career fighting for researchers’ rights to share this kind of information against threats from companies that didn’t want their customers to know their products were flawed. But, these bills gut legal protections against government fishing expeditions exactly at a time when individuals and Internet companies need privacy laws to get stronger, not weaker. 

Worse, the bills aren’t needed. Private companies share threat data with each other, and even with the government, all the time. The threat data that security professionals use to protect networks from future attacks is a far more narrow category of information than those included in the bills being considered by Congress, and will only rarely contain private information. And none of the recent cyberattacks — not Sony, not Target, and not the devastating grab of sensitive background check interviews on government employees at the Office of Personnel Management — would have been mitigated by these bills.

The Intercept published an expose on the NSA's XKeyscore program. Along with information on the breadth and scale of the NSA's metadata collection, The Intercept revealed how the NSA relies on unencrypted cookie data to identify users. As The Intercept says: "The NSA’s ability to piggyback off of private companies’ tracking of their own users is a vital instrument that allows the agency to trace the data it collects to individual users. It makes no difference if visitors switch to public Wi-Fi networks or connect to VPNs to change their IP addresses: the tracking cookie will follow them around as long as they are using the same web browser and fail to clear their cookies." The NSA slides released by The Intercept give detailed guides to understanding the data transmitted by these cookies, as well as how to find unique machine identifiers that analysts can use to differentiate between multiple machines using the same IP address. We've written before about how spy agencies piggyback on social media account data to find Internet users' names or other identifying info, and these slides drive home the point that HTTP cookies leave users vulnerable to government surveillance, since any intermediary (or spy agency) can read the sensitive data they contain.

Worse yet, most of the time these identifying cookies come from third-party sources on webpages, and users have no meaningful way to opt out of receiving them (short of blocking all third party cookies) since advertisers (the main server of these types of cookies) refuse to honor the Do Not Track header.  Browser makers could help address this sort of non-consensual tracking by both advertisers and the NSA with some simple technical changes—changes that have been shown to reduce the number of third party cookies received by 67%. So far, though, they've been unwilling to build privacy protecting features in by default. Until they do, the best way for users to protect themselves is by installing a privacy protecting app like Privacy Badger, which is designed to block these types of uniquely identifying tracking cookies, or HTTPS Everywhere to block the transmission of HTTP cookies.

After months of deliberation, the Obama administration has made a long-awaited decision on the thorny issue of how to deal with encrypted communications: It will not — for now — call for legislation requiring companies to decode messages for law enforcement. Rather, the administration will continue trying to persuade companies that have moved to encrypt their customers’ data to create a way for the government to still peer into people’s data when needed for criminal or terrorism investigations. “The administration has decided not to seek a legislative remedy now, but it makes sense to continue the conversations with industry,” FBI Director James B. Comey said at a Senate hearing Thursday of the Homeland Security and Governmental Affairs Committee.

The decision, which essentially maintains the status quo, underscores the bind the administration is in — balancing competing pressures to help law enforcement and protect consumer privacy. The FBI says it is facing an increasing challenge posed by the encryption of communications of criminals, terrorists and spies. A growing number of companies have begun to offer encryption in which the only people who can read a message, for instance, are the person who sent it and the person who received it. Or, in the case of a device, only the device owner has access to the data. In such cases, the companies themselves lack “backdoors” or keys to decrypt the data for government investigators, even when served with search warrants or intercept orders.

The decision was made at a Cabinet meeting Oct. 1. “As the president has said, the United States will work to ensure that malicious actors can be held to account — without weakening our commitment to strong encryption,” National Security Council spokesman Mark Stroh said. “As part of those efforts, we are actively engaged with private companies to ensure they understand the public safety and national security risks that result from malicious actors’ use of their encrypted products and services.” But privacy advocates are concerned that the administration’s definition of strong encryption also could include a system in which a company holds a decryption key or can retrieve unencrypted communications from its servers for law enforcement. “The government should not erode the security of our devices or applications, pressure companies to keep and allow government access to our data, mandate implementation of vulnerabilities or backdoors into products, or have disproportionate access to the keys to private data,” said Savecrypto.org, a coalition of industry and privacy groups that has launched a campaign to petition the Obama administration.

On Tuesday, the European court of justice, Europe’s supreme court, lobbed a grenade into the cosy, quasi-monopolistic world of the giant American internet companies. It did so by declaring invalid a decision made by the European commission in 2000 that US companies complying with its “safe harbour privacy principles” would be allowed to transfer personal data from the EU to the US. This judgment may not strike you as a big deal. You may also think that it has nothing to do with you. Wrong on both counts, but to see why, some background might be useful. The key thing to understand is that European and American views about the protection of personal data are radically different. We Europeans are very hot on it, whereas our American friends are – how shall I put it? – more relaxed.

Given that personal data constitutes the fuel on which internet companies such as Google and Facebook run, this meant that their exponential growth in the US market was greatly facilitated by that country’s tolerant data-protection laws. Once these companies embarked on global expansion, however, things got stickier. It was clear that the exploitation of personal data that is the core business of these outfits would be more difficult in Europe, especially given that their cloud-computing architectures involved constantly shuttling their users’ data between server farms in different parts of the world. Since Europe is a big market and millions of its citizens wished to use Facebook et al, the European commission obligingly came up with the “safe harbour” idea, which allowed companies complying with its seven principles to process the personal data of European citizens. The circle having been thus neatly squared, Facebook and friends continued merrily on their progress towards world domination. But then in the summer of 2013, Edward Snowden broke cover and revealed what really goes on in the mysterious world of cloud computing. At which point, an Austrian Facebook user, one Maximilian Schrems, realising that some or all of the data he had entrusted to Facebook was being transferred from its Irish subsidiary to servers in the United States, lodged a complaint with the Irish data protection commissioner. Schrems argued that, in the light of the Snowden revelations, the law and practice of the United States did not offer sufficient protection against surveillance of the data transferred to that country by the government.

The Irish data commissioner rejected the complaint on the grounds that the European commission’s safe harbour decision meant that the US ensured an adequate level of protection of Schrems’s personal data. Schrems disagreed, the case went to the Irish high court and thence to the European court of justice. On Tuesday, the court decided that the safe harbour agreement was invalid. At which point the balloon went up. “This is,” writes Professor Lorna Woods, an expert on these matters, “a judgment with very far-reaching implications, not just for governments but for companies the business model of which is based on data flows. It reiterates the significance of data protection as a human right and underlines that protection must be at a high level.”

Activists worried about online privacy are sending Congress a message with some old-school technology: They're sending faxes -- more than 6.2 million, they claim -- to express opposition to the Cybersecurity Information Sharing Act (CISA).Why faxes? "Congress is stuck in 1984 and doesn't understand modern technology," according to the campaign Fax Big Brother. The week-long campaign was organized by the nonpartisan Electronic Frontier Foundation, the group Access and Fight for the Future, the activist group behind the major Internet protests that helped derail a pair of anti-piracy bills in 2012. It also has the backing of a dozen groups like the ACLU, the American Library Association, National Association of Criminal Defense Lawyers and others.

CISA aims to facilitate information sharing regarding cyberthreats between the government and the private sector. The bill gained more attention following the massive hack in which the records of nearly 22 million people were stolen from government computers."The ability to easily and quickly share cyber attack information, along with ways to counter attacks, is a key method to stop them from happening in the first place," Sen. Dianne Feinstein, D-California, who helped introduce CISA, said in a statement after the hack. Senate leadership had planned to vote on CISA this week before leaving for its August recess. However, the bill may be sidelined for the time being as the Republican-led Senate puts precedent on a legislative effort to defund Planned Parenthood.Even as the bill was put on the backburner, the grassroots campaign to stop it gained steam. Fight for the Future started sending faxes to all 100 Senate offices on Monday, but the campaign really took off after it garnered attention on the website Reddit and on social media. The faxed messages are generated by Internet users who visit faxbigbrother.com or stopcyberspying.com -- or who simply send a message via Twitter with the hashtag #faxbigbrother. To send all those faxes, Fight for the Future set up a dedicated server and a dozen phone lines and modems they say are capable of sending tens of thousands of faxes a day.

Fight for the Future told CBS News that it has so many faxes queued up at this point, that it may take months for Senate offices to receive them all, though the group is working on scaling up its capability to send them faster. They're also limited by the speed at which Senate offices can receive them.

Abstract Since 1999 the W3C has been working on a set of Semantic Web standards that have the potential to revolutionize web search. Also known as Linked Data, the Machine-Readable Web, the Web of Data, or Web 3.0, the Semantic Web relies on highly structured metadata that allow computers to understand the relationships between objects. Semantic web standards are complex, and difficult to conceptualize, but they offer solutions to many of the issues that plague libraries, including precise web search, authority control, classification, data portability, and disambiguation. This article will outline some of the benefits that linked data could have for libraries, will discuss some of the non-technical obstacles that we face in moving forward, and will finally offer suggestions for practical ways in which libraries can participate in the development of the semantic web.