Group items tagged

Jeffrey Kantor, who was fired by Appian Corporation, sued a host of government officials, including Attorney General Eric Holder, Director of National Intelligence James Clapper, CIA Director John Brennan, Defense Secretary Chuck Hagel and Secretary of State John Kerry in Federal Court, alleging civil rights violations, disclosure of private information and retaliation… He also sued Secretary of Energy Ernest Moniz, Acting Secretary of Homeland Security Rand Beers, Treasury Secretary Jacob Lew, EPA Administrator Regina McCarthy and U.S. Office of Personnel Management Director Katherine Archuleta.

“The Art of Deception: Training for Online Covert Operations.”

Among the core self-identified purposes of JTRIG are two tactics: (1) to inject all sorts of false material onto the internet in order to destroy the reputation of its targets; and (2) to use social sciences and other techniques to manipulate online discourse and activism to generate outcomes it considers desirable. To see how extremist these programs are, just consider the tactics they boast of using to achieve those ends: “false flag operations” (posting material to the internet and falsely attributing it to someone else), fake victim blog posts (pretending to be a victim of the individual whose reputation they want to destroy), and posting “negative information” on various forums. 

Critically, the “targets” for this deceit and reputation-destruction extend far beyond the customary roster of normal spycraft: hostile nations and their leaders, military agencies, and intelligence services. In fact, the discussion of many of these techniques occurs in the context of using them in lieu of “traditional law enforcement” against people suspected (but not charged or convicted) of ordinary crimes or, more broadly still, “hacktivism”, meaning those who use online protest activity for political ends. The title page of one of these documents reflects the agency’s own awareness that it is “pushing the boundaries” by using “cyber offensive” techniques against people who have nothing to do with terrorism or national security threats, and indeed, centrally involves law enforcement agents who investigate ordinary crimes:

the report recognized that email privacy is critical

one issue was left conspicuously unaddressed in the report. The Securities and Exchange Commission, the civil agency in charge of protecting investors and ensuring orderly markets, has been advocating for a special exception to the warrant requirement. No agency can or should have a get-out-of-jail-free card for bypassing the Fourth Amendment.

the algorithm is only as fair as the data fed into it.

After the disastrous technological launch of the healthcare.gov website, built by political cronies rather than companies who understand the internet, there has been plenty of discussion as to why the code wasn't open sourced. At that link, there's a good discussion from On the Media, with Paul Ford, discussing what a big mistake it was that the government decided not to open source the code and be much more transparent about the process. It discusses the usual attacks on open source and why they almost certainly don't apply to this situation.

On Monday, Prime Minister John Key announced that he had requested an inquiry by the Inspector-General of Intelligence and Security after it was revealed that the Government Communications Security Bureau (GSCB) illegally intercepted the communications of individuals in the Megaupload case.

GCSB is an intelligence agency of the New Zealand government responsible for spying on external entities. It is forbidden by law from conducting surveillance on its own citizens or permanent residents in the country. Now it has been revealed that incorrect information supplied by the police’s Organized and Financial Crime Agency (OFCANZ) led the GCSB to spy on Kim Dotcom and Bram van der Kolk.

During an earlier hearing, Detective Inspector Grant Wormald of OFCANZ said that apart from surveillance carried out by the police, no other surveillance had been carried out against Dotcom. But with the revelation that GCSB had indeed been monitoring the Megaupload founder at the behest of OFCANZ, questions are now being raised about this apparent inconsistency, not least since Wormald previously acknowledged that a secret government unit had been involved in a pre-raid planning meeting in January.

Documents provided by NSA whistleblower Edward Snowden show that the government worked in secret to exploit a new internet surveillance law enacted in the wake of revelations of illegal domestic spying to initiate a new metadata collection program that appeared designed to collect information about the communications of New Zealanders.

Snowden explained that “at the NSA, I routinely came across the communications of New Zealanders in my work with a mass surveillance tool we share with GCSB, called ‘X KEYSCORE.”" He further detailed that “the GCSB provides mass surveillance data into XKEYSCORE. They also provide access to the communications of millions of New Zealanders to the NSA at facilities such as the GCSB facility in Waihopai, and the Prime Minister is personally aware of this fact.”

Of course, internet access has already been spreading to the far corners of the planet without any "help" from the ITU. Over two billion people are already online, representing about a third of the planet. And, yes, spreading that access further is a good goal, but the ITU is not the player to do it. The reason that the internet has been so successful and has already spread as far as it has, as fast as it has, is that it hasn't been controlled by a bureaucratic government body in which only other governments could vote. Instead, it was built as an open interoperable system that anyone could help build out. It was built in a bottom up manner, mainly by engineers, not bureaucrats. Changing that now makes very little sense.

And that's the thing. The internet works just fine. The only reason to "fix" it, is to "break" it in exactly the way the ITU wants, which is to favor a few players who have done nothing innovative to actually deserve it.

Documents leaked by former NSA contractor Edward Snowden show that the NSA created and promulgated a flawed formula for generating random numbers to create a "back door" in encryption products, the New York Times reported in September. Reuters later reported that RSA became the most important distributor of that formula by rolling it into a software tool called Bsafe that is used to enhance security in personal computers and many other products.Undisclosed until now was that RSA received $10 million in a deal that set the NSA formula as the preferred, or default, method for number generation in the BSafe software, according to two sources familiar with the contract. Although that sum might seem paltry, it represented more than a third of the revenue that the relevant division at RSA had taken in during the entire previous year, securities filings show.

RSA, meanwhile, was changing. Bidzos stepped down as CEO in 1999 to concentrate on VeriSign, a security certificate company that had been spun out of RSA. The elite lab Bidzos had founded in Silicon Valley moved east to Massachusetts, and many top engineers left the company, several former employees said.And the BSafe toolkit was becoming a much smaller part of the company. By 2005, BSafe and other tools for developers brought in just $27.5 million of RSA's revenue, less than 9% of the $310 million total."When I joined there were 10 people in the labs, and we were fighting the NSA," said Victor Chan, who rose to lead engineering and the Australian operation before he left in 2005. "It became a very different company later on."By the first half of 2006, RSA was among the many technology companies seeing the U.S. government as a partner against overseas hackers.New RSA Chief Executive Art Coviello and his team still wanted to be seen as part of the technological vanguard, former employees say, and the NSA had just the right pitch. Coviello declined an interview request.An algorithm called Dual Elliptic Curve, developed inside the agency, was on the road to approval by the National Institutes of Standards and Technology as one of four acceptable methods for generating random numbers. NIST's blessing is required for many products sold to the government and often sets a broader de facto standard.RSA adopted the algorithm even before NIST approved it. The NSA then cited the early use of Dual Elliptic Curve inside the government to argue successfully for NIST approval, according to an official familiar with the proceedings.RSA's contract made Dual Elliptic Curve the default option for producing random numbers in the RSA toolkit. No alarms were raised, former employees said, because the deal was handled by business leaders rather than pure technologists.

According to a new report from Der Spiegel based on internal NSA documents, the signals intelligence agency's elite hacking unit (TAO) is able to conduct sophisticated wiretaps in ways that make Hollywood fantasy look more like reality. The report indicates that the NSA, in collaboration with the CIA and FBI, routinely and secretly intercepts shipping deliveries for laptops or other computer accessories in order to implant bugs before they reach their destinations. According to Der Spiegel, the NSA's TAO group is able to divert shipping deliveries to its own "secret workshops" in a method called interdiction, where agents load malware onto the electronics or install malicious hardware that can give US intelligence agencies remote access. While the report does not indicate the scope of the program, or who the NSA is targeting with such wiretaps, it's a unique look at the agency's collaborative efforts with the broader intelligence community to gain hard access to communications equipment. One of the products the NSA appears to use to compromise target electronics is codenamed COTTONMOUTH, and has been available since 2009; it's a USB "hardware implant" that secretly provides the NSA with remote access to the compromised machine.

Apparently part of the issue for the original filing to reveal this information was that some copyright holders are getting antsy that as the case drags on, they won't also be able to file civil cases against Megaupload before the three-year statute of limitations expires. However, as Megaupload's lawyers point out, there is no urgency here since the government itself made no move to share this information over the past two years. If it really wanted to share the information it had ample time to make the request and allow Megaupload's lawyers to review and take part in the process, rather than trying to route around them entirely. I'm guessing the recent successes against IsoHunt and Hotfile may have contributed to the timing as well. The MPAA pretty clearly thinks it can use those two cases to go after Megaupload as well, outside of the criminal case which will continue.

If there’s one thing that needs constant reminding, it’s the explicit purpose of the copyright monopoly. Its purpose is to promote the progress of human knowledge. Nothing less. Nothing more.

[Congress has the power] to promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries.

has the power, and not the obligation

"This week, Blizzard tightened up its procedures to ensure compliance with these laws, and players connecting from the affected nations are restricted from access to Blizzard games and services," read the statement. Unfortunately, said Blizzard, the same sanctions meant it could not give refunds to players in Iran or help them move their account elsewhere. "We apologise for any inconvenience this causes and will happily lift these restrictions as soon as US law allows," it added. Although the block on Wow has been imposed by Blizzard, other reports suggest a wider government ban might have been imposed.

Court documents have revealed how information supplied by New Zealand’s Organised and Financial Crime Agency led to Kim Dotcom and his associates being illegally monitored by GCSB, the Kiwi spy agency comparable to the United States’ CIA. Today a High Court judge expressed concern at the situation, with Dotcom’ legal team calling for an independent inquiry into the fiasco. Meanwhile, pressure continues to mount on Prime Minister John Key as it’s revealed the government issued an information suppression order.

According to court documents, GCSB checked with OFCANZ that both Dotcom and der Kolk were indeed foreign nationals. OFCANZ said they were, but in fact neither should have been spied on by GCSB. The monitoring went ahead anyway. In the High Court today, Justice Helen Winkelmann asked lawyers how it could be possible that GCSB hadn’t known about Dotcom’s New Zealand residency.

During an earlier hearing, Detective Inspector Grant Wormald of OFCANZ said that apart from surveillance carried out by the police, no other surveillance had been carried out against Dotcom. But with the revelation that GCSB had indeed been monitoring the Megaupload founder at the behest of OFCANZ, questions are now being raised about this apparent inconsistency, not least since Wormald previously acknowledged that a secret government unit had been involved in a pre-raid planning meeting in January.

"I don't want to pre-empt the work of journalists," he said, "but there's no question the US is engaged in economic spying. If there's information at Siemens that they think would be beneficial to the national interests (not the national security) of the United States, they'll go after that information."

While evidence shows the NSA has spied on Brazil's Petrobras oil company, the US government has never been conclusively linked to the surveillance or theft of trade secrets on an international stage. If true, the revelations would have a grave diplomatic impact, particularly the government attempts to regain the trust of allied nations.

"deny, disrupt, degrade and deceive" by any means possible.

According to reports in Der Spiegel last year, British intelligence has tapped the reservations systems of over 350 top hotels around the world for the past three years to set up Royal Concierge. It was used to spy on trade delegations, foreign diplomats, and other targets with a taste for the high life.

A PowerPoint presentation from 2010 states that JTRIG activities account for five per cent of GCHQ's operations budget and uses a variety of techniques. These include "call bombing" to drown out a target's ability to receive messages, attacking targets in hotels, Psyops (psychological operations) against individuals, and going all the way up to disrupting a country's critical infrastructure.

The practice contradicted what Mr. Verrilli had told the Supreme Court last year in a case challenging the law, the FISA Amendments Act of 2008. Legalizing a form of the Bush administration’s program of warrantless surveillance, the law authorized the government to wiretap Americans’ e-mails and phone calls without an individual court order and on domestic soil so long as the surveillance is “targeted” at a foreigner abroad. A group of plaintiffs led by Amnesty International had challenged the law as unconstitutional. But Mr. Verrilli last year urged the Supreme Court to dismiss the case because those plaintiffs could not prove that they had been wiretapped. In making that argument, he said a defendant who faced evidence derived from the law would have proper legal standing and would be notified, so dismissing the lawsuit by Amnesty International would not close the door to judicial review of the 2008 law. The court accepted that logic, voting 5-to-4 to dismiss the case. In a statement, Patrick Toomey, staff attorney with the American Civil Liberties Union, which had represented Amnesty International and the other plaintiffs, hailed the move but criticized the Justice Department’s prior practice.

Still, it remains unclear how many other cases — including closed matters in which convicts are already service prison sentences — involved evidence derived from warrantless wiretapping in which the National Security Division did not provide full notice to defendants, nor whether the department will belatedly notify them. Such a notice could lead to efforts to reopen those cases.