Group items tagged

BlueHost refused to help the International Middle East Media Center (IMEMC)  during a Denial of Service DoS attack. Asked for help, BlueHost reportedly said that they should deal with the issue themselves, which was impossible without BlueHost’s cooperation. The news agency’s website was down for days because BlueHost reportedly just shut down IMEMC’s server and told the editor-in-chief, Saed Bannoura to “go somewhere else”. The question is whether “transparency” can be the privilege of major corporations or whether there is need for legislation that forces all corporations to provide detailed information that enables media and other internet users to pursue real or alleged malware threats, cyber attacks and so forth, criminally and legally. That is, also when the alleged or real threat involves major corporations.

“We will pursue a new foreign policy that finally learns from the mistakes of the past…We will stop looking to topple regimes and overthrow governments…. Our goal is stability not chaos, because we want to rebuild our country [the United States] …In our dealings with other countries, we will seek shared interests wherever possible and pursue a new era of peace, understanding, and good will.” There won’t be any peace under Mattis or McMaster, that’s for sure. Both men are anti-Moscow hardliners who think Russia is an emerging rival that must be confronted and defeated. Even more worrisome is the fact that uber-hawk John McCain recently stated that he talks with both men “almost daily” (even though he has avoided talking to Trump since he was elected in November.) According to German Marshall Fund’s Derek Chollet, a former Obama Pentagon official. “(McCain) is trying to run U.S. defense policy through Mattis and effectively ignore Trump.” (Kimberly Dozier, Daily Beast contributing editor)  Chollet’s comments square with our belief that Trump has relinquished his control over foreign policy to placate his critics.

In response to Mattis’s comments, Syrian President Bashar al Assad said: “Any military operation in Syria without the approval of the Syrian government is illegal, and  any troops on the Syrian soil,  is an invasion, whether to liberate Raqqa or any other place. …The (US-led) coalition has never been serious about fighting ISIS or the terrorists.” Clearly, Washington is using the fight against ISIS as a pretext for capturing and holding territory in a critical, energy-rich area of the world. The plan to seize parts of East Syria for military bases and pipeline corridors fits neatly within this same basic strategy.   But it also throws a wrench in Moscow’s plan to restore the country’s borders and put an end to the six year-long conflict. And what does Tillerson mean when he talks about “interim zones of stability” a moniker that the Trump administration carefully crafted to avoid the more portentous-sounding “safe zones”. (Readers will recall that Hillary Clinton was the biggest proponent of safe zones in Syria, even though they would require a huge commitment of US troops as well as the costly imposition of a no-fly zone.) Tillerson’s comments suggest that the Trump administration is deepening its involvement in Syria despite the risks of a catastrophic clash with Moscow. Ever since General Michael Flynn was forced to step down from his position as National Security Advisor, (Flynn wanted to “normalize” relations with Russia), Trump has filled his foreign policy team with Russophobic hawks who see Moscow as “hostile revisionist power” that “annex(es) territory, intimidates our allies, develops nuclear weapons, and uses proxies under the cover of modernized conventional militaries.” Those are the words of  the man who replaced Flynn as NSA,  Lt. General HR McMaster. While the media applauded the McMaster appointment as an “outstanding choice”, his critics think it signals a departure from Trump’s campaign promise:

Washington’s Syria policy is now in the hands of a small group of right-wing extremists who think Russia is the biggest threat the nation has faced since WW2. That’s why there’s been a sharp uptick in the number of troops deployed to the region. 

Eric Grosse, Google’s security chief, suggested in an interview that the N.S.A.'s own behavior invited the new arms race.“I am willing to help on the purely defensive side of things,” he said, referring to Washington’s efforts to enlist Silicon Valley in cybersecurity efforts. “But signals intercept is totally off the table,” he said, referring to national intelligence gathering.“No hard feelings, but my job is to make their job hard,” he added.

Hardware firms like Cisco, which makes routers and switches, have found their products a frequent subject of Mr. Snowden’s disclosures, and their business has declined steadily in places like Asia, Brazil and Europe over the last year. The company is still struggling to convince foreign customers that their networks are safe from hackers — and free of “back doors” installed by the N.S.A. The frustration, companies here say, is that it is nearly impossible to prove that their systems are N.S.A.-proof.

Many point to an episode in 2012, when Russian security researchers uncovered a state espionage tool, Flame, on Iranian computers. Flame, like the Stuxnet worm, is believed to have been produced at least in part by American intelligence agencies. It was created by exploiting a previously unknown flaw in Microsoft’s operating systems. Companies argue that others could have later taken advantage of this defect.Worried that such an episode undercuts confidence in its wares, Microsoft is now fully encrypting all its products, including Hotmail and Outlook.com, by the end of this year with 2,048-bit encryption, a stronger protection that would take a government far longer to crack. The software is protected by encryption both when it is in data centers and when data is being sent over the Internet, said Bradford L. Smith, the company’s general counsel.

Mr. Smith also said the company was setting up “transparency centers” abroad so that technical experts of foreign governments could come in and inspect Microsoft’s proprietary source code. That will allow foreign governments to check to make sure there are no “back doors” that would permit snooping by United States intelligence agencies. The first such center is being set up in Brussels.Microsoft has also pushed back harder in court. In a Seattle case, the government issued a “national security letter” to compel Microsoft to turn over data about a customer, along with a gag order to prevent Microsoft from telling the customer it had been compelled to provide its communications to government officials. Microsoft challenged the gag order as violating the First Amendment. The government backed down.

In Washington, officials acknowledge that covert programs are now far harder to execute because American technology companies, fearful of losing international business, are hardening their networks and saying no to requests for the kind of help they once quietly provided.Continue reading the main story Robert S. Litt, the general counsel of the Office of the Director of National Intelligence, which oversees all 17 American spy agencies, said on Wednesday that it was “an unquestionable loss for our nation that companies are losing the willingness to cooperate legally and voluntarily” with American spy agencies.

In one slide from the disclosures, N.S.A. analysts pointed to a sweet spot inside Google’s data centers, where they could catch traffic in unencrypted form. Next to a quickly drawn smiley face, an N.S.A. analyst, referring to an acronym for a common layer of protection, had noted, “SSL added and removed here!”

Facebook and Yahoo have also been encrypting traffic among their internal servers. And Facebook, Google and Microsoft have been moving to more strongly encrypt consumer traffic with so-called Perfect Forward Secrecy, specifically devised to make it more labor intensive for the N.S.A. or anyone to read stored encrypted communications.One of the biggest indirect consequences from the Snowden revelations, technology executives say, has been the surge in demands from foreign governments that saw what kind of access to user information the N.S.A. received — voluntarily or surreptitiously. Now they want the same.

The latest move in the war between intelligence agencies and technology companies arrived this week, in the form of a new Google encryption tool. The company released a user-friendly, email encryption method to replace the clunky and often mistake-prone encryption schemes the N.S.A. has readily exploited.But the best part of the tool was buried in Google’s code, which included a jab at the N.S.A.'s smiley-face slide. The code included the phrase: “ssl-added-and-removed-here-; - )”

But in a provision likely to raise concerns from privacy advocates, the administration wants to require DHS to share that information “in as near real time as possible” with other government agencies that have a cybersecurity mission, the official said. Those include the National Security Agency, the Pentagon’s ­Cyber Command, the FBI and the Secret Service. “DHS needs to take an active lead role in ensuring that unnecessary personal information is not shared with intelligence authorities,” Jaycox said. The debates over government surveillance prompted by disclosures from former NSA contractor Edward Snowden have shown that “the agencies already have a tremendous amount of unnecessary information,” he said.

The administration official stressed that the legislation will require companies to remove unnecessary personal information before furnishing it to the government in order to qualify for liability protection. It also will impose limits on the use of the data for cybersecurity crimes and instances in which there is a threat of death or bodily harm, such as kidnapping, the official said. And it will require DHS and the attorney general to develop guidelines for the federal government’s use and retention of the data. It will not authorize a company to take offensive cyber-measures to defend itself, such as “hacking back” into a server or computer outside its own network to track a breach. The bill also will provide liability protection to companies that share data with private-sector-developed organizations set up specifically for that purpose. Called information sharing and analysis organizations, these groups often are set up by particular industries, such as banking, to facilitate the exchange of data and best practices.

Efforts to pass information-sharing legislation have stalled in the past five years, blocked primarily by privacy concerns. The package also contains provisions that would allow prosecution for the sale of botnets or access to armies of compromised computers that can be used to spread malware, would criminalize the overseas sale of stolen U.S. credit card and bank account numbers, would expand federal law enforcement authority to deter the sale of spyware used to stalk people or commit identity theft, and would give courts the authority to shut down botnets being used for criminal activity, such as denial-of-service attacks.

It would reaffirm that federal racketeering law applies to cybercrimes and amends the Computer Fraud and Abuse Act by ensuring that “insignificant conduct” does not fall within the scope of the statute. A third element of the package is legislation Obama proposed Monday to help protect consumers and students against cyberattacks. The theft of personal financial information “is a direct threat to the economic security of American families, and we’ve got to stop it,” Obama said. The plan, unveiled in a speech at the Federal Trade Commission, would require companies to notify customers within 30 days after the theft of personal information is discovered. Right now, data breaches are handled under a patchwork of state laws that the president said are confusing and costly to enforce. Obama’s plan would streamline those into one clear federal standard and bolster requirements for companies to notify customers. Obama is proposing closing loopholes to make it easier to track down cybercriminals overseas who steal and sell identities. “The more we do to protect consumer information and privacy, the harder it is for hackers to damage our businesses and hurt our economy,” he said.

In October, Obama signed an order to protect consumers from identity theft by strengthening security features in credit cards and the terminals that process them. Marc Rotenberg, executive director of the Electronic Privacy Information Center, said there is concern that a federal standard would “preempt stronger state laws” about how and when companies have to notify consumers. The Student Digital Privacy Act would ensure that data entered would be used only for educational purposes. It would prohibit companies from selling student data to third-party companies for purposes other than education. Obama also plans to introduce a Consumer Privacy Bill of Rights. And the White House will host a summit on cybersecurity and consumer protection on Feb. 13 at Stanford University.

And just last week, Attorney General Eric Holder, while in London, opined that much of the criticism of Obama is based on race – meaning that if Obama were fully white, his critics would be silent. This is highly inflammatory, grossly misleading, patently without evidential support and, yet again, chilling. Tagging someone as a racist is the political equivalent of applying paint that won’t come off. Were the Democrats who criticized Attorney General Alberto Gonzales or Secretary of State Condoleezza Rice racists? Is it appropriate for government officials to frighten people into silence by giving them pause before they speak, during which they basically ask themselves whether the criticism they are about to hurl is worth the pain the government will soon inflict in retaliation? The whole purpose of the First Amendment is to permit, encourage and even foment open, wide, robust debate about the policies and personnel of the government. That amendment presumes that individuals – not the government – will decide what language to read and hear. Because of that amendment, the marketplace of ideas – not the government – will determine which criticisms will sink in and sting and which will fall by the wayside and be forgotten.

Surely, government officials can use words to defend themselves; in fact, one would hope they would. Yet, when the people fear exercising their expressive liberties because of how the governmental targets they criticize might use the power of the government to stifle them, we are no longer free. Expressing ideas, no matter how bold or brazen, is the personal exercise of a natural right that the government in a free society is powerless to touch, directly or indirectly. Yet, when the government succeeds in diminishing public discourse so that it only contains words and ideas of which the government approves, it will have succeeded in establishing tyranny. This tyranny – if it comes – will not come about overnight. It will begin in baby steps and triumph before we know it. Yet we do know that it already has begun.