P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 07-08-13, 07:51 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - August 10th, '13

Since 2002


































"I think you're right that Game of Thrones is the most pirated show in the world. That's better than an Emmy." – Jeff Bewkes, CEO of Time Warner


"Even if, in the game of 20 questions, they give us an answer that is precisely correct, they often delight in obfuscating behind a flurry of tech speak. The result is that Congress has not been able to, and in many cases has not wanted to, exert serious oversight of the intelligence community." – Rep. Rush D. Holt (D-N.J.)


"I’m taking a break from email. If you knew what I know about email, you might not use it either. I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States." – Ladar Levison


"Protecting people's rights is bad? Well then, I guess I'll be bad." – Daniel Zolnikov, R-Montana






































August 10th, 2013




BREAKING: HALF OF TOR SITES COMPROMISED, INCLUDING TORMAIL
S.H.G._Nackt @SHG_Nackt

The founder of Freedom Hosting has been arrested in Ireland and is awaiting extradition to USA.

In a crackdown that FBI claims to be about hunting down pedophiles, half of the onion sites in the TOR network has been compromised, including the e-mail counterpart of TOR deep web, TORmail.

http://www.independent.ie/irish-news...-29469402.html

This is undoubtedly a big blow to the TOR community, Crypto Anarchists, and more generally, to Internet anonymity. All of this happening during DEFCON.

If you happen to use and account name and or password combinations that you have re used in the TOR deep web, change them NOW.

Eric Eoin Marques who was arrested runs a company called Host Ultra Limited.

http://www.solocheck.ie/Irish-Compan...Limited-399806
http://www.hostultra.com/

He has an account at WebHosting Talk forums.

http://www.webhostingtalk.com/showthread.php?t=157698

A few days ago there were mass outages of Tor hidden services that predominantly effected Freedom Hosting websites.

http://postimg.org/image/ltj1j1j6v/

"Down for Maintenance
Sorry, This server is currently offline for maintenance. Please try again in a few hours."

If you saw this while browsing Tor you went to an onion hosted by Freedom Hosting. The javascript exploit was injected into your browser if you had javascript enabled.

What the exploit does:

The JavaScript zero-day exploit that creates a unique cookie and sends a request to a random server that basically fingerprints your browser in some way, which is probably then correlated somewhere else since the cookie doesn't get deleted. Presumably it reports the victim's IP back to the FBI.

An iframe is injected into FH-hosted sites:

TOR/FREEDOM HOST COMPORMISED
By: a guest on Aug 3rd, 2013
http://pastebin.com/pmGEj9bV

Which leads to this obfuscated code:

Javascript Mozilla Pastebin
Posted by Anonymous on Sun 4th Aug 02:52
http://pastebin.mozilla.org/2776374

FH STILL COMPROMISED
By: a guest on Aug 3rd, 2013
http://pastebin.com/K61QZpzb

FBI Hidden Service in connection with the JavaScript exploit:
7ydnpplko5lbgfx5

Who's affected Time scales:

Anyone who accessed an FH site in the past two days with JavaScript enabled. Eric Eoin Marques was arrested on Sunday so that's the earliest possible date.

"In this paper we expose flaws both in the design and implementation of Tor’s hidden services that allow an attacker to measure the popularity of arbitrary hidden services, take down hidden services and deanonymize hidden services

Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization"

http://www.ieee-security.org/TC/SP20...s/4977a080.pdf

The FBI Ran a Child Porn Site for Two Whole Weeks
http://gizmodo.com/why-the-fbi-ran-a...eeks-510247728

http://postimg.org/image/o4qaep8pz/

On any other day one would say these sick perverts got what they deserved. Unfortunately the Feds are stepping far beyond just pedophiles in this latest issue.

The js inserted at Freedom Hosting? Nothing really, just an iframe inject script with a UUID embedded server-side.

The iframe then delivers an exploit kit that appears to be a JavaScript 0day leading to...something. It only attempts to exploit Firefox (17 and up) on Windows NT. There's definitely some heap spraying and some possible shell code. The suspect shell code block contains some strings that look to formulate an HTTP request, but I haven't been able to collect the final payload yet. The shell code also contains the UUID with which the exploit was delivered. Any UUID will work to get this part of the exploit.

I'm still pulling this little bundle of malware apart. So far, I've got that the attack is split across three separate files, each loaded into an iframe. Calls are made between the frames to further obfuscate the control flow. The 'content_2.html' and 'content_3.html' files are only served up if the request "looks like" Firefox and has a correct Referer header. The 'content_2.html' is loaded from the main exploit iframe and in turn loads 'content_3.html'.

Short version. Preliminary analysis: This little thing probably CAN reach out without going through Tor. It appears to be exploiting the JavaScript runtime in Firefox to download something.

UPDATE: The exploit only affects Firefox 17 and involves several JS heap-sprays. Note that the current Extended Support Release is Firefox 17, so this may also affect some large organizations using Firefox ESR.

http://pastebin.mozilla.org/2777139

The script will only attempt the exploit on Firefox 17, so I'm no longer worried about it being some new 0day. Enough of the "Critical" MFSAs are for various sorts of memory corruption that I don't have the time to find out if this is actually a new exploit or something seen before.

http://postimg.org/image/mb66vvjsh/

Logical outcomes from this?

1. FBI/NSA just shut down the #1 biggest hosting site and #1 most wanted person on Tor

2. Silkroad is next on their list, being the #2 most wanted (#1 was Child Porn, #2 is drugs)

3. Bitcoin and all crypto currenecies set to absolutely CRASH as a result since the feds can not completely control this currency as they please.

I don't always call the Feds agenda transparent, but when i do, I say they can be trying harder.
http://www.twitlonger.com/show/n_1rlo0uu





Hidden Services, Current Events, and Freedom Hosting
phobos

Around midnight on August 4th we were notified by a few people that a large number of hidden service addresses have disappeared from the Tor Network. There are a variety of rumors about a hosting company for hidden services: that it is suddenly offline, has been breached, or attackers have placed a javascript exploit on their web site.

A Hidden service is a server – often delivering web pages – that is reachable only through the Tor network. While most people know that the Tor network with its thousands of volunteer-run nodes provides anonymity for users who don´t want to be tracked and identified on the internet, the lesser-known hidden service feature of Tor provides anonymity also for the server operator.

Anyone can run hidden services, and many do. We use them internally at The Tor Project to offer our developers anonymous access to services such as SSH, IRC, HTTP, and our bug tracker. Other organizations run hidden services to protect dissidents, activists, and protect the anonymity of users trying to find help for suicide prevention, domestic violence, and abuse-recovery. Whistleblowers and journalists use hidden services to exchange information in a secure and anonymous way and publish critical information in a way that is not easily traced back to them. The New Yorker's Strongbox is one public example.

Hidden service addresses, aka the dot onion domain, are cryptographically and automatically generated by the tor software. They look like this http://idnxcnkne4qt76tg.onion/, which is our torproject.org website as a hidden service.

There is no central repository nor registry of addresses. The dot onion address is both the name and routing address for the services hosted at the dot onion. The Tor network uses the .onion-address to direct requests to the hidden server and route back the data from the hidden server to the anonymous user. The design of the Tor network ensures that the user can not know where the server is located and the server can not find out the IP-address of the user, except by intentional malicious means like hidden tracking code embedded in the web pages delivered by the server. Additionally, the design of the Tor network, which is run by thousands of volunteers, ensures that it is impossible to censor or block certain .onion-addresses.

The person, or persons, who run Freedom Hosting are in no way affiliated or connected to The Tor Project, Inc., the organization coordinating the development of the Tor software and research. In the past, adversarial organizations have skipped trying to break Tor hidden services and instead attacked the software running at the server behind the dot onion address. Exploits for PHP, Apache, MySQL, and other software are far more common than exploits for Tor. The current news indicates that someone has exploited the software behind Freedom Hosting. From what is known so far, the breach was used to configure the server in a way that it injects some sort of javascript exploit in the web pages delivered to users. This exploit is used to load a malware payload to infect user's computers. The malware payload could be trying to exploit potential bugs in Firefox 17 ESR, on which our Tor Browser is based. We're investigating these bugs and will fix
them if we can.

As for now, one of multiple hidden service hosting companies appears to be down. There are lots of rumors and speculation as to what's happened. We're reading the same news and threads you are and don't have any insider information. We'll keep you updated as details become available.
https://blog.torproject.org/blog/hid...reedom-hosting





TOR Project: Stop Using Windows, Disable JavaScript

The anonymizing network gives some advice following a startling Firefox zero-day vulnerability
Jeremy Kirk

The TOR Project is advising that people stop using Windows after the discovery of a startling vulnerability in Firefox that undermined the main advantages of the privacy-centered network.

The zero-day vulnerability allowed as-yet-unknown interlopers to use a malicious piece of JavaScript to collect crucial identifying information on computers visiting some websites using The Onion Router (TOR) network.

"Really, switching away from Windows is probably a good security move for many reasons," according to a security advisory posted Monday by The TOR Project.

The TOR Project's reasoning comes from the characteristics of the malicious JavaScript that exploited the zero-day vulnerability. The script was written to target Windows computers running Firefox 17 ESR (Extended Support Release), a version of the browser customized to view websites using TOR.

People using Linux and OS X were not affected, but that doesn't mean they couldn't be targeted in the future. "This wasn't the first Firefox vulnerability, nor will it be the last," The TOR Project warned.

The JavaScript was likely planted on certain websites that the attacker wanted to see who came to visit. The script collected the hostname and MAC (Media Access Control) address of a person's computer and sent it to a remote computer, the exact kind of data that TOR users hope to avoid revealing while surfing the Internet.

"This exploit doesn't look like general purpose malware; it looks targeted specifically to unmask Tor Browser Bundle users without actually installing any backdoors on their host," said Vlad Tsyrklevich, a security researcher who analyzed the code, in an email. He published an analysis on his website.

The TOR Project also advised users to turn off JavaScript by clicking the blue "S" by the green onion within the TOR browser.

"Disabling JavaScript will reduce your vulnerability to other attacks like this one, but disabling JavaScript will make some websites not work like you expect," TOR wrote. "A future version of Tor Browser Bundle will have an easier interface for letting you configure your JavaScript settings."

The vulnerability was patched by Mozilla in later versions of Firefox, but some people may still be using the older versions of the TOR Browser Bundle. The bundle's browser, based on Firefox, is specially configured to visit TOR sites, which have URLs that look like "http://idnxcnkne4qt76tg.onion/."

Requests to websites on TOR take a circuitous route through a network of servers around the world designed to obscure a computer's IP address and other networking information that makes it easier to link a computer to a user.

Several TOR Browser Bundle versions were fixed over a four-day period starting June 26. Although the Browser Bundle will automatically check for a new version, it is possible that some users didn't upgrade, which could have put them at risk.

"It's reasonable to conclude that the attacker now has a list of vulnerable Tor users who visited those hidden services," The TOR Project wrote.

Although unconfirmed, computer security experts have theorized the malware may have been used by law enforcement to collect information on people who browsed certain TOR websites supported by a company called Freedom Hosting.

That hosting company is believed to be connected to a 28-year-old man, Eric Eoin Marques. He is being held by Irish authorities pending an extradition request from the U.S. on charges of distributing and promoting child pornography, according to the Irish publication the Independent.

In response to a query about the case, the FBI said Monday that someone had been arrested as part of an investigation, but did not identify the person.
http://www.itworld.com/software/3679...ble-javascript





File-Sharing in Germany: Could the Cost of Getting Caught be About to Come Down?

Summary: Every year, law firms in Germany are shaking down hundreds of thousands of people for file-sharing, despite some legal grey areas.
Michael Filtz

Last year, when Nina Arbabzadeh, from Toronto, signed up to do an exchange program at the Hertie School of Government in Berlin, she never expected that while in Germany she would have to pay hundreds of euros for a copyright infringement fine.

"When going there I had no understanding that something like this might happen," Arbabzadeh said.

After taking a quick trip to Budapest, Arbabzadeh, who was then completing a master of public policy degree at the University of Toronto, and her roommate came back to Berlin to an irate landlord who had received a letter from a Hamburg-area law firm saying that he owed €1,200 as a fine for illegally sharing music files from Channel Orange, an album by R&B artist Frank Ocean.

"We panicked quite a bit," she said.

Arbabzadeh, now back in Toronto after completing the exchange program, is one of hundreds of thousands of people in Germany each year who receive cease-and-desist letters from German law firms working on the behalf of media companies trying to crack down on illegal file-sharing. According to Christian Solmecke, an attorney who defends those who receive such letters, about half a million were sent out in 2011, and about 250,000 were sent out last year. Usually, recipients of the letters have to pay a fine of between €300 to €1,500 and sign a document that says they will never do it again.

Solmecke says that these letters are used by law firms as a sort of opening salvo, inducing people to settle up before a full-on trial. "If the case goes to court," Solmecke said, "they want between €150 and €300 per traded file."

So, for somebody who has shared 1,000 files, the cost can theoretically balloon to €300,000. Although, Solmecke says, a prosecuting law firm would probably only bring a handful of instances to court, in order to manage their client's reputation. "People won't like the music industry any more if there are such high damages," he said.

Solmecke's Cologne-based firm, Wilde Beuger Solmecke, has represented about 30,000 clients who have received cease-and-desist letters and can usually negotiate the fee down "by about half". But this comes at a cost: Wilde Beuger Solmecke usually bills between €400 to €500 for representation.

Legal grey areas

To find people who are illegally sharing files in Germany, law firms hire companies who monitor BitTorrent traffic for copyrighted items — popular films, music, games, and porn are specifically tracked. These firms find IP addresses that originate in Germany, and then trace them back to an ISP such as Deutsche Telekom or Vodafone, who are then obligated by law to give up the name and address of the person who was using the IP address at the time of the offence. In Germany, uploading a copyrighted file is unambiguously illegal, as is downloading (although there are some rare exceptions for downloading copyrighted files for personal use).

However, complicating the issue is the fact that the copyright laws surrounding file-sharing are currently going through changes, and grey areas and unresolved issues abound. For instance, according to Christian Solmecke, the person whose name is on the internet contract for an offending IP address is liable, unless he is able to "excuse himself"; that is, prove that somebody else (a roommate, for example) could have used the internet at the time a file was shared. "[But it's not clear if you have to give up a the person who was actually responsible," Solmecke said.

And last year, Germany's Federal Supreme Court ruled that parents were not liable if their children illegally shared files if the parents have done everything they could to make sure the children knew what they were doing was wrong.

Additionally, as the law currently stands, anybody operating an unsecured wi-fi network (at a coffee shop, for example) would be automatically responsible for any copyright infringement that occurs on the network. There is a current Supreme Court case that questions the legality of this, but it probably won't be resolved before the federal elections, which take place in September.

And even the amounts of the fines are in dispute. In June, Germany passed a law regulating cease-and-desist letters. Now, law firms sending out the letters can only ask for about €150 in legal fees. "We will see if everything stops now, since the music industry won't find lawyers who work for €150," Solmecke said.

Solmecke noted that the law firms may find a way around this by increasing the fines for damages — that is, lost profits sustained by the copyright holders. However, calculating a fine based on damages is currently difficult in Germany, since courts haven't said with any clarity how much loss is sustained by a media company if a song or movie is shared.

'I didn't download the album'

After discussing the cease-and-desist letter that their landlord received, Arbabzadeh and her roommate racked their brain to figure out who had downloaded Channel Orange.

"I didn't download the album, my roommate didn't download the album," she said. Arbabzadeh eventually came to the conclusion that a visitor from out of town must have been responsible.

"I think she had downloaded the album in Toronto, but it was still on her BitTorrent program, and one day she had her laptop open and the files were automatically uploaded."

So Arbabzadeh contacted the law firm who had sent the letter — which was difficult as she wasn't fluent in German — and they wouldn't return her emails. Eventually, she enlisted the help of a translator. "I told them that we were students and that we didn't have any income while we were living in Berlin," she said.

The law firm eventually halved the fee (from €1,200 to €600) and Arbabzadeh paid up.

"I had to go through a lot of pain and agony over this, to be frank," she said, "and I had no idea that this was such a big deal in Germany."
http://www.zdnet.com/file-sharing-in...wn-7000018915/





SOPA Died in 2012, But Obama Administration Wants to Revive Part of It
Andrea Peterson

You probably remember the online outrage over the Stop Online Piracy Act (SOPA) copyright enforcement proposal. Last week, the Department of Commerce’s Internet Policy Task Force released a report on digital copyright policy that endorsed one piece of the controversial proposal: making the streaming of copyrighted works a felony.

As it stands now, streaming a copyrighted work over the Internet is considered a violation of the public performance right. The violation is only punishable as a misdemeanor, rather than the felony charges that accompany the reproduction and distribution of copyrighted material.

SOPA attempted to change that in Section 201, aptly titled “Streaming of copyrighted works in violation of criminal law.” Some have suggested that the SOPA version and an earlier stand-alone piece of legislation from Sen. Amy Klobuchar (D-Minn.) would have criminalized covers of songs shared on Youtube.

One campaign against this particular type of copyright crackdown highlighted how such a law could have made Justin Bieber into a criminal. Bieber himself spoke out against Klobuchar’s bill, saying the senator should be “locked up—put away in cuffs” while noting he personally thinks it is “awesome” when he sees fans uploading their own covers of his songs.

The Commerce Department report recommends “[a]dopting the same range of penalties for criminal streaming of copyrighted works to the public as now exists for criminal reproduction and distribution,” adding that “[s]ince the most recent updates to the criminal copyright provisions, streaming (both audio and video) has become a significant if not dominant means for consumers to enjoy content online.”

It’s certainly true that as networks have built the capacity to stream large amounts of data, streaming has become a major way for people to consume entertainment online — and not all of that consumption is officially sanctioned. But as the quality of legal streaming options has grown, so has the market for it. Netflix boasts “nearly 38 million members” in 40 countries and the music streaming service Spotify claims over 24 million active users in more than 28 countries.
http://www.washingtonpost.com/blogs/...ve-part-of-it/





Sky’s Court Ordered Piracy Filter Blocks TorrentFreak
Ernesto

Website blocking has become a hot topic in the UK in recent weeks. Opponents of both voluntary and court-ordered blockades have warned about the potential collateral damage these blocking systems may cause, and they have now been proven right. As it turns out blocked sites can easily exploit the system and add new IP-addresses to Sky’s blocklist. As a result TorrentFreak has been rendered inaccessible to the ISP’s four million customers.

Following a High Court ruling last month, six UK ISPs are required to block subscriber access to the popular TV-torrent site EZTV.it.

The actions EZTV faces are not the first taken against a torrent site in the UK. The Pirate Bay, KickassTorrents and several other “pirate” sites have been blocked by previous court orders and remain inaccessible by conventional means.

However, over the past couple of days Sky subscribers noticed that the blocklist had been quietly expanded with a new site that’s certainly not covered by any court order – TorrentFreak.com.

Our site first became inaccessible on Wednesday night, only to be unblocked 14 hours later. However, about an hour ago it was again added to the blocklist.

The recent blocking spree is causing confusion among Sky subscribers who have no idea why TorrentFreak is longer accessible. However, we can confirm that the problem lies with Sky’s filtering software that is supposed to enforce the court-ordered torrent site blockades.

The owner of EZTV informed TorrentFreak that he used Geo DNS to point UK visitors to TorrentFreak’s IP-address. Soon after there were reports that our website had become inaccessible to Sky users.

Yesterday afternoon EZTV updated the DNS entries again, now pointing the UK public to some of Facebook’s IP-addresses. The idea was to add Facebook to the piracy blocklist, but nothing happened, perhaps because the DNS pointed to a wide range of IP-addresses.

This morning EZTV switched the DNS entries back to TorrentFreak’s IP-address and soon after our site became unavailable to Sky subscribers, as the Twitter reports below clearly confirm.

From the above it appears that Sky’s filtering system blocks any and all IP-addresses that EZTV adds to their DNS. This essentially means that EZTV, or any other blocked site, has the power to render entire websites inaccessible to Sky subscribers. Luckily we were the target and not Google.

From what we can tell, other UK Internet providers are using different systems as TorrentFreak is still accessible.

Interestingly enough, Virgin users reported an hour long blackout of Facebook yesterday evening. Whether this is related to EZTV’s DNS entries is unknown at the point, but it’s not common for Facebook to go “down” on a single UK provider.

EZTV’s owner tells TorrentFreak that he just wanted to see how the various blocking procedures work at UK ISPs. He never imagined that simply adding a few IP-addresses to EZTV’s DNS zone would take out TorrentFreak. He stresses that there was absolutely no “hacking” involved and alerted us about the plan.

It’s expected that after realizing how vulnerable to exploits their blocking system is, Sky will soon correct their mistake. While this may bring TorrentFreak back, this blunder is likely to be used by blocking opponents to show how easily things can go wrong.

In the meantime, Sky subscribers will have to use a proxy to access TorrentFreak.

Update: Sky isn’t in a hurry to fix the flaw, but EZTV said it will remove the TorrentFreak IP address from its DNS so the site should be accessible again soon.
http://torrentfreak.com/skys-court-o...tfreak-130809/





Pirate Bay Releases ‘Pirate Browser’ to Thwart Censorship
Ernesto

The Pirate Bay is taking a stand against the increased censorship efforts it faces in several European countries. On its 10th anniversary the infamous BitTorrent site is releasing its “Pirate Browser,” a fully functional web browser that allows people to access The Pirate Bay and other blocked sites just fine. The current release is Windows only but TorrentFreak is informed that Mac and Linux versions will follow soon.

The Pirate Bay is arguably the most censored website on the Internet.

Courts in the UK, the Netherlands, Italy and elsewhere have ordered Internet providers to block subscriber access to the torrent site, and more are expected to follow.

Up until now The Pirate Bay has encouraged users affected by the blackout to use proxy sites. However, on its 10th anniversary they are now releasing a special “PirateBrowser” which effectively bypasses any ISP blockade.

“It’s a simple one-click browser that circumvents censorship and blockades and makes the site instantly available and accessible. No bundled ad-ware, toolbars or other crap, just a Pre-configured Firefox browser,” The Pirate Bay explains.

The browser is based on Firefox 23 bundled with a Tor client and some proxy configurations to speed up loading. It is meant purely as a tool to circumvent censorship and unlike the Tor browser it doesn’t provide any anonymity for its users.

“This browser is just to circumvent censorship, to remove limits on accessing sites governments don’t want you to know about,” The Pirate Bay notes.

PirateBrowser works like any other web browser and comes pre-loaded with several bookmarks for blocked sites, which aside from The Pirate Bay includes EZTV, KickassTorrents, Bitsnoop and H33T.

The browser also lists the alternative .onion addresses for both TPB and EZTV as backups to access these sites.

The Pirate Bay is not alone in its efforts to keep the Internet open and accessible. The Obama administration has spent millions of dollars on similar projects allowing citizens of oppressed regimes to access blocked websites, albeit for different reasons.

The Pirate Bay team informs TorrentFreak that “PirateBrowser” is just the first step in their efforts to fight web censorship. They are also working on a special BitTorrent-powered browser, which lets users store and distribute The Pirate Bay and other websites on their own.

In theory, this will allow sites to exist and update even without having a public facing website. As a result, it will be virtually impossible to block or shut them down. The first version of this new software is currently being tested but there is currently no firm launch date. More on that later.

In the meantime, the development of PirateBrowser will also continue. The current release is only available for the Windows platform but Mac and Linux versions will follow in the future.
http://torrentfreak.com/pirate-bay-r...orship-130810/





The Pirate Bay is 10 Years Old Today: ‘We Really Didn’t Think We’d Make it This Far’
Emil Protalinski

The Pirate Bay, arguably the most resilient file sharing website, was first founded on August 9, 2003, although it didn’t launch until September 15, 2003. Nevertheless, the group considers the former date to be its start, so today The Pirate Bay is 10 years old.

When it first arrived on the scene (pun not intended), The Pirate Bay was powered by just four Linux servers. Since then, it has fought back against multiple raids, legal problems, service issues, DDoS attacks, ISP blocks, domain seizures, and has thus moved its servers all over the world.

In January 2008, Swedish prosecutors filed charges against the four founders for facilitating illegal downloading of copyrighted material. In February 2009, they were put on trial and in April 2009, Peter Sunde, Fredrik Neij, Gottfrid Svartholm, and Carl Lundströmwere were found guilty by the court, which sentenced them to a year in prison with a fine of 30 million SEK (approximately $3.5 million that year).

All four appealed the verdict, and in November 2010 the court shortened the prison sentences, but increased damages. In February 2012, the Supreme Court of Sweden refused to hear an appeal in the case.

As a result of the court case, ISPs have been ordered by governments around the world to block access to The Pirate Bay. Unsurprisingly, proxies have been to provide access to the site regardless.

Here’s the group’s triumphant blog post, typos and all:

Oh look, we made it.

A decade of agression, repression and lulz.

We really didn’t think we’d make it this far. Not because of cops, mafiaa or corrupt politicians. But because we thought that we’d eventually be to old for this shit. But hey, running this ship makes us feel young.

And we’re gonna stay young til we die.

Thank you for everything. We would not be anything without you.


Tomorrow, The Pirate Bay plans to throw a party in Stockholm to celebrate its decade-long existence.
http://thenextweb.com/insider/2013/0...e-it-this-far/





Pirates Form Church to Battle Copyright Law That Insults Their Beliefs
Andy

With Russia’s new anti-piracy law just a few days old, further opposition will be voiced today in a particularly unconventional manner. Following Russia’s first Kopimi-inspired wedding yesterday, in which the happy couple exchanged vows and silicon chips, pirates in several areas of the country will today apply to form their own church. Official complaints will then be filed against the new law on the basis that it insults the beliefs that underpin the Kopimist religion.

Last week Russia introduced its brand new anti-piracy law that will see sites blocked at the ISP level if they fail to respond swiftly to copyright complaints.

The law, which critics say is overbroad and likely to cause collateral damage, is opposed by big companies such as Google, local search engine Yandex, Internet resources such as Wikipedia and thousands of website operators and users.

But just as protests including last week’s blackout by 1,700 sites subside, a more unconventional front is opening up.

Later today pirate activists in five regions – Moscow, St. Petersburg, Nizhny Novgorod, Kazan and Khabarovsk – will submit documents to begin the process of having their church officially recognized by the authorities.

If that all goes to plan in a few years time Russia will have its own Church Kopimizma, but for the faithful there are important issues to be dealt with right now.

As soon as the papers are filed the church’s founders will file a lawsuit against the anti-piracy legislation that came into force August 1. They will do this on the basis that the law, which restricts copying and sharing, is an insult to Kopimists.

But according to lawyer Victor Naumov, separation of religion and state in Russia means that it’s unlikely that the complaint will achieve much, although an appeal could be made to the Constitutional Court of the Russian Federation.

Nevertheless, the movement’s early followers are already showing commitment. Izvestia reports that a Kopimist-inspired wedding between Olga Koroleva and Vladislav Petrushenka took place yesterday but instead of the traditional exchange of rings, the pair exchanged microchips which they plan to have embedded in their bodies.

However, Church Kopimizma announced on Facebook that the pirate wedding was actually the outcome of a collaboration between Pastafarians and the Russian Pirate Church.

The new Russian Kopimist church will closely follow the values pioneered by Sweden’s Church of Kopimism, a religion that was formally recognized by the authorities there in 2012.

This means that it’s likely that CTRL+C and CTRL+V will likely be held as sacred symbols, and the acts of sharing and copying will be viewed as the most beautiful things in the world. The church also believes that the value of information increases the more it’s spread and that while confidentiality is sacred, listening in to other people’s conversations is the greatest sin.
https://torrentfreak.com/pirates-for...eliefs-130805/





Time Warner CEO Says Having Game Of Thrones As 'Most Pirated' Is 'Better Than An Emmy'
Mike Masnick

Because it's so popular -- and so pirated (in part because you can't view it legally online if you're not an HBO subscriber via cable/satellite) -- the question of Game of Thrones and piracy is a story that just never dies. Many people have argued that it's ridiculous that there are no legal options for cord cutters, and that just leads to more infringement -- and, in turn, that's resulted in people arguing that a good part of the show's popularity is likely due to infringement. Of course, for those associated directly with the show, it seems like they're a bit conflicted about this. Director David Petrarca first said that unauthorized downloads were great because they added to the cultural buzz that made the show thrive... and once that story got attention, he quickly walked it back, suddenly saying he was opposed to unauthorized watching. And, bizarrely, we've even seen the US ambassador to Australia argue that stopping infringement of Game of Thrones is a major priority.

Well, Ambassador Jeffrey Bleich might want to chat with Jeff Bewkes, CEO of Time Warner (owners of HBO), who just pointed out that unauthorized watching leads to more subscribers and is "better than an Emmy."

Yes, in response to a question about whether the network kinda-sorta regards the extensive theft of HBO's flagship show, Game of Thrones, as a compliment, Bewkes said, "I have to admit it, I think you're right." The much-discussed fantasy series is HBO's most popular, and "if you go to people who are watching it without subs, it's a tremendous word-of-mouth thing," the exec told investors. "We've been dealing with this for 20, 30 years—people sharing subs, running wires down the backs of apartment buildings. Our experience is that it leads to more paying subs. I think you're right that Game of Thrones is the most pirated show in the world," he said. "That's better than an Emmy."

Of course, plenty of people have been pointing out for years and years and years that infringement is a signal of unmet demand, so it's nice to see them catching up. Of course, now let's see if Time Warner still backs the next ridiculous and draconian copyright enforcement expansion...
http://www.techdirt.com/articles/201...han-emmy.shtml





Comcast Developing Anti-Piracy Alternative to ‘Six Strikes’ (Exclusive)

Cable operator pitching TV industry on plan to convert illegal downloads to legal transaction opportunities
Andrew Wallenstein

Comcast Corp. is developing a new approach to fighting piracy in the U.S., and wants other major content companies and distributors on board.

The owner of the nation’s largest cable operator has begun preliminary discussions with both film and TV studios and other leading Internet service providers about employing technology, according to sources, that would provide offending users with transactional opportunities to access legal versions of copyright-infringing videos as they’re being downloaded.

A spokeswoman for Comcast declined comment.

Comcast is said to be keen on getting content owners and ISPs from outside the conglomerate to join the effort, even for a beta trial that would be concentrated to a limited selection of programs and Internet subscribers. No timetable has been set, however.

As sources described the new system, a consumer illegally downloading a film or movie from a peer-to-peer system would be quickly pushed a pop-up message with links to purchase or rent the same content, whether the title in question exists on the VOD library of a participating distributor’s own broadband network or on a third-party seller like Amazon.

The new approach would be an alternative to the Copyright Alert System, a voluntary initiative many leading programmers and distributors like Comcast have been utilizing since February. Other CAS participants include AT&T, Verizon, Time Warner Cable and Cablevision, as well as all studios affiliated with MPAA.

Also informally known as the “six strikes” initiative, CAS issues warnings to subscribers engaging in copyright infringement as many as six times before the ISP can actively impede their bandwidth.

While Comcast is among the prominent distributors and programmers who participate in CAS as a member of Center for Copyright Information, this new system is not a CCI initiative. That said, CCI has been notified of Comcast’s interests and could eventually step in to become part of its implementation.

While sources familiar with the new initiative emphasized that it is being seen as a complement to CAS and not a replacement, the very emergence of an alternative raises questions as to the viability of CAS, which has been criticized for myriad reasons ranging from the questionable strategic rationale of punishing subscribers to an implementation that has been characterized as scattershot. How the two systems would coexist is unclear.

But the Obama Administration has been supportive of CAS. Earlier this year, White House-appointed copyright czar Victoria Espinel singled out the initiative as a positive step toward copyright enforcement that didn’t require government intervention.

Just last week, France moved to downscale Hadopi, a system similar to CAS, the first of its kind worldwide. After three years of implementation and heavy criticism, Hadopi will now fine offending subscribers instead of blocking Internet access after repeated warnings.

Using pirated content as a platform to drive legal transactions reflects an alternate philosophy regarding copyright infringement, one that sees the illegal activity less as a crime that requires punishment and more as lead generation to a consumer whose behavior is borne out of inadequate legitimate digital content options.

CAS and the new approach share a basic framework in that the ISP role is largely automated, notifying offending users based on information derived from the content companies who have a third party pulling the IP addresses of those downloading copyright-infringing material.

But there are a few crucial differences: With the new conversion strategy, the notification would occur in real time. Though not instantaneous, it would be a good deal faster than CAS, which sends subscribers e-mails, voicemails or browser-based messages that can occur weeks after the alleged piracy takes place.

Comcast is also hoping the new approach has a more educational impact than CAS, which sources indicate has provided Comcast with subscriber feedback suggesting it is ineffective in that respect. Encouraging legal transactions could also be a better tack to take with the segment of consumers unknowingly pirating from illegal websites with design interfaces so slick they confuse users into thinking they are legitimate sources for content.

The CAS website, to which alerts link back to, has a section that lists various legal digital content options but that information is neither delivered in real time nor is it targeted on a title-by-title basis.

Under the new plan, ISPs wouldn’t get a cut of revenue derived from the transactions they drive to legal third-party sites, a referral arrangement fairly typical on the Internet.

While that may keep Comcast from deriving incremental economic benefit, the new system would still help combat congestion on its broadband network and help drive usage to Xfinity, the MSO’s vast collection of VOD titles available on digital platforms.

Comcast has nearly 40% share of the broadband market among cable operators, totaling approximately 20 million subscribers.

While Comcast knows the solution is feasible, the company’s engineers haven’t formally begun work on it. The project is being worked on in tandem with engineers at NBC Universal, the content side of the conglomerate.

The notion of turning piracy into opportunity isn’t entirely new. Verance Corp., for instance, is out shopping a new version of the Cinavia software that would provide a similar capability to piracy-blocking on Blu-ray disc players.

Comcast comes to the piracy problem with a vested interest in more ways than one. In addition to being one of the leading providers of broadband Internet in the U.S., the company also owns a movie studio, Universal Pictures, and myriad broadcast and cable TV channels from NBC to E!. Programmers have long complained that the value of their content has been undermined by copyright infringement.

A strategic shift from Comcast isn’t merely some isolated, unilateral action. On an issue like piracy that counts on collaborative effort across industries, the action taken by the biggest player at the table tends to be an influential move. What’s more, the company is openly courting other companies to get involved in the experiment.
http://variety.com/2013/digital/news...ve-1200572790/





TiVo, Media Center PC Makers Alarmed by CableCard-Cutting Bill

Cable operators could leave CableCard behind in their own hardware.
Rob Pegoraro

The CableCard—that small slab that lets a TiVo tune into cable by authenticating its connection—would lose a regulatory safeguard under a bill nearing introduction in Congress.

The "‘Consumer Video Device Cost Savings Act" proposes to squelch the authority of the Federal Communications Commission (FCC) to make cable operators use CableCards in their own boxes—a rule enacted in 2007 that discourages second-class treatment of third-party devices like TiVo DVRs.

"In today’s competitive video marketplace, cable operators have no incentive to make it more difficult for their customers to use preferred devices to access their video programming," a draft dated July 24 reads. A subsequent draft from earlier this week drops that finding and cites a shorter name, "Consumer Choice in Video Devices Act." The bill, sponsored by Rep. Robert E. Latta (R-OH), would bar any FCC "rule or policy that prohibits a multi-channel video programming distributor from placing into service navigation devices for sale, lease, or use that perform both conditional access and other functions in a single integrated device." (Latta's office declined comment.)

The National Cable & Telecommunications Association (NCTA) thinks that's a good, overdue idea, citing $1 billion in added subscriber costs since 2007 and an extra 500 million annual kilowatt hours of electrical use. (The former number covers operator-leased hardware, although it can be cheaper to use a CableCard with a tuner bought elsewhere. The latter comes from Energy Star guidelines allowing 15 kWh per year for a CableCard, against 60 kWh for a minimal cable box without HD or DVR features; older models use much more.)

And NCTA says having more than 42 million CableCards in operator-supplied hardware (versus about 603,000 in third-party gear) ensures continued support. Meanwhile, satellite broadcasters face no such requirement.

"The insurance is already there," said NCTA General Counsel Neal Goldberg in a phone interview. "They've got 40 million-plus boxes in the game."

An electronics-industry executive who didn't want to be identified further agreed. "If they never bought another set-top for their own use with CableCard, it's not like their networks would stop supporting CableCard," he said.

But TiVo and others worry more about CableCard's potential replacements. "The cable guys want to 'end of life' CableCard [and] move on to new security techniques without making a nationally standard successor solution available," wrote TiVo General Counsel Matt Zinn in an e-mail. He predicted higher prices for CableCards that will be left out of new features. (They already can't get many video-on-demand services.)

Hauppauge Computer Works cofounder and CEO Ken Plotkin expressed the same fear about post-CableCard authentication in his company's WinTV receivers. "The issue with 'embedded conditional access' is that each cable operator has their own encryption system, and it is impractical for a small company to develop the decryption technology for each."

Few other firms ship CableCard-ready devices—many gave up after apathetic or inept support from cable before the integration ban and a 2010 set of rules that required operators to let subscribers pop in a card instead of waiting for a service call.

But this fall, Samsung plans to ship a Smart Media Player that would receive cable as well as Internet video services—a combination absent from cable boxes. Samsung is not taking a position on Latta's bill.

Even without that, the regulatory framework meant to open cable hardware has been fracturing. In October, the FCC allowed operators to encrypt basic cable, ending the ability of QAM (Quadrature Amplitude Modulation) tuners to receive local, public, educational, and government channels. In April, it granted Charter an encryption-ban waiver so it could implement downloadable security schemes that electronics vendors might incorporate into future products.

And in January, the Court of Appeals for the District of Columbia Circuit struck down a set of FCC regulations that constrained satellite broadcaster Echostar—but some of those rules, not at issue in the decision, covered CableCard deployment. Last month, TiVo petitioned the FCC to reinstate them.

Nobody here seems to love CableCard all that much—it had one job, to promote an open market for cable gear, and it hasn't done that. (One does exist in Europe, where EU regulations mandate the "DVB-C" standard.) But the Latta bill would erode the FCC's leverage to shape any replacement.

"Once a successor to CableCard is in place, we can [be] thinking about how to phase out some CableCard-specific rules," wrote Public Knowledge Senior Staff Attorney John Bergmayer. "But that should be the FCC's job—this level of statutory micromanagement is not helpful."
http://arstechnica.com/tech-policy/2...-cutting-bill/





CBS Says Time Warner Cable a la Carte Proposal Is 'A Sham'
Chris Welch

The showdown between CBS and Time Warner Cable is now being waged by CEOs. In a letter addressed to CBS president and CEO Leslie Moonves, Time Warner Cable chairman Glen Britt says the cable provider is ready to resume broadcasting the network's channels "with the new economics TWC reluctantly agreed to" in recent negotiations. Other terms from their previous contracts would carry over to this new deal. "Since both parties have lived under those terms productively for many years, we believe we should continue to live with them in the interest of restoring CBS immediately for the benefit of consumers."

Britt said the three magic words

If CBS doesn't like that idea, Britt has another proposal ready — one many consumers have long been pining for. "We would also be willing to resume carriage by allowing CBS to make its stations available on an a la carte basis at a price and on terms of its choosing," Britt writes. Such a move would theoretically allow Time Warner Cable's subscribers to individually decide which CBS stations (including TMC, Flix, Showtime, and The Smithsonian Channel) to include in their channel package. "This way, rather than debating the point, we would allow customers to decide for themselves how much value they ascribe to CBS programming." Just don't get too excited; Britt knows better than anyone that Moonves and CBS are unlikely to ever agree to such terms, and the consumer-friendly suggestion is more a matter of positioning than a legitimate negotiation tactic.

Whichever way CBS goes on the proposals, Britt wants the company to immediately stop blocking CBS.com content from his internet customers. The cable blackout only affects viewers in certain markets, but CBS is leaving TWC's entire base of internet users without access to CBS.com programming.

It is surely beyond the pale for you to subject these internet customers to blocking of content that is made available for free to all others. This is especially so given that CBS uses free public airwaves to broadcast that content and has public interest obligations that it is plainly flouting.

Update: CBS tells Variety that a la carte isn't on the table, calling TWC's proposal "a sham":

"Today's so-called proposal is a sham, a public relations vehicle designed to distract from the fact that Time Warner Cable is not negotiating in good faith. Anyone familiar with the entertainment business knows that the economics and structure of the cable industry doesn't work that way and isn't likely to for quite some time. In short, this was an empty gesture from a company that is expert at them."
http://www.theverge.com/2013/8/5/459...-solve-dispute





Self-Serving War of Words By 2 Giants In Television
David Carr

As consumers in the modern age, we’ve become accustomed to the brinkmanship between cable distributors and programmers. Most of the time, there is much rattling of sabers and then some accommodation is reached. But sometimes, the war of words turns into an actual war, as it did on Friday when Time Warner Cable announced it would turn off CBS stations for three million of its customers in New York, Los Angeles and Dallas.

It’s a significant inconvenience for viewers, but it is not the only irritation in the by-now-familiar rumbles between the companies that own the pipes and the companies that make the programming that goes into those pipes.

While it may be disappointing that some of us will miss a rerun of “Dexter” on Showtime, which is owned by CBS, or the network’s summer hit “Under the Dome,” what makes it worse is the suggestion by both sides that they are only trying to stick up for us. Blacked-out Time Warner Cable customers were confronted by the following propaganda on their screens:

“The outrageous demands from CBS, the owner of Showtime and TMC, has forced us to remove it from your lineup while we continue to negotiate for fair and reasonable terms.”

“Forced us ...” Really, Time Warner Cable? It seems more like the business negotiation you were having with one of your suppliers did not yield the desired result and you’ve chosen to turn up the heat.

Not to be outdone, a statement from CBS made sure everyone understood that the network was really doing the people’s work in responding to the news:

“CBS remains resolute in the pursuit of fair compensation for our programming and will use the full resources available to us to make sure that Time Warner Cable subscribers are aware of its shortsighted, anti-consumer strategy.”

There’s more where that came from — “disinformation,” “voodoo mathematics” and “wildly inflated percentages” — but you get the idea.

Here’s an idea for both parties: Leave us out of it.

We know that you are fighting over lucre, not our inalienable rights as cable consumers. Pretending that you are fighting on our behalf rather than in the interests of your shareholders and executives is infantilizing and unbecoming. CBS is coming off another record year, Time Warner Cable’s stock is storming along, and the fight over retransmission fees is about how the pie is sliced, nothing more.

We have all grown used to the respective parties turning programming on and off as the negotiating table requires, but your bombast is tired, your motives are transparent and it’s clear that the public dimensions of this business conflict are far down the list of priorities.

Writing in the comments section accompanying the news in The New York Times, one reader spoke for many of us:

“These games of chicken are depressingly common among cable companies and networks across the country — made all the more obnoxious by the marketing spin from both sides intended directed at customers they assume to be economic illiterates. They are nothing more than battles between media behemoths over who can stick their hands deeper into the pockets of the remaining viewers beholden to their dying business models.”So, as you were, guys. Continue to bash in each other’s heads all you want. Just don’t pretend this is a noble crusade for the consumer.
http://www.nytimes.com/2013/08/05/bu...hemselves.html





CBS Blackout Triggers Surge in TV-Show Piracy
Ernesto

Since Friday more than three million Time Warner customers throughout the United States have lost access to CBS programming, including the popular Showtime network. In what appears to be a direct result of the blackout, the percentage of unauthorized downloads from affected regions has risen pretty dramatically this week. Piracy rates of the popular show “Under The Dome” shot up 34% over the weekend, while official ratings dropped.

One of the main motivations for people to download and stream TV-shows from unauthorized sources is availability.

If fans can’t get a show through legal channels they often turn to pirated alternatives.

So when Time Warner Cable dropped CBS last Friday after the companies failed to reach a broadcasting agreement, there was a good chance that many of the blacked-out subscribers would turn to file-sharing networks to get their fix.

Data gathered by TorrentFreak shows that this is indeed the case for the popular show “Under The Dome.”

To find out whether download rates in the affected markets increased, we monitored U.S. BitTorrent downloads of last week’s episode as well as the one that aired this Monday following the blackout.

The data from these two samples show that in Los Angeles, New York City, Boston, Chicago, Dallas, Denver, Detroit and Pittsburgh, relatively more people downloaded the latest episode, an indication that customers are turning to unauthorized channels to get the show.

With hundreds of thousands of downloads Under The Dome is one of the most pirated TV-shows at the moment. Of all sampled downloaders in the U.S. 10.9% came from the blackout regions for last week’s episode, and this increased to 14.6% for Monday’s episode, a 34% increase.

In New York City, one of the largest affected markets, the relative piracy rate more than doubled from 1.3% of all U.S. downloads last week to 3% for the episode that aired after the blackout.

Worldwide, the latest Under The Dome episode was downloaded slightly more than previous episodes. This means that the relative increase in piracy rates also resulted in more downloads. More tracking is required to show a long-term effect, and whether the results are the same for other CBS shows.

While one should always be careful of drawing strong conclusions from city-based data, especially when we don’t know how many downloaders are Time Warner Cable subscribers, these initial results do suggest that the blackout resulted in a local piracy surge.

At the same time that piracy spiked, the official ratings took a large hit. On Monday, Under The Dome reached its season low ranking with only 10.49 million viewers compared to 11.41 million the week before.

Meanwhile, Time Warner and CBS are still unable to reach an agreement. Yesterday Time Warner’s Chief Executive Glenn Britt offered to include CBS as an “a la carte” option for its subscribers but CBS dismissed the proposal as “a sham.”

As long as this standoff continues it’s expected that more and more TV fans will turn to unauthorized channels to watch their favorite shows, with the risk that some may never come back.
http://torrentfreak.com/cbs-blackout...piracy-130807/





Daily Telegraph Repeatedly Wrong in NBN Reports
Nayantara Mally

The Australian Press Council has expressed concern about the Daily Telegraph’s coverage of the Federal Government’s National Broadband Network project, backing a local critic’s complaint that three articles in a short period of time had contained “inaccurate or misleading assertions” about the NBN.

In a statement, the Press Council noted that it had taken notice of a complaint made about three articles published by The Daily Telegraph on 9 June, 17 June and 6 July 2011 about aspects of the National Broadband Network (NBN).

The first article in The Daily Telegraph, headlined “Australian taxpayers’ latest NBN horror show”, was also published in other News Ltd newspapers under a different headline. The plaintiff, local Jamie Benaud, complained that this article overstated the ratio of NBN staff to customers by understating the number of customers who had taken up NBN offers. He also pointed out the inaccuracy of the article’s claim that customers and internet service providers (ISPs) were accessing NBN services without charge in Tasmania. The Council regarded the wrong assertion about the staff/customer ratio as misleading and unfair since the NBN was still at a very early start-up stage.

The Daily Telegraph claimed that the customer figures were based on up-to-date available data at the time of publication, and that free access applied in all the mainland States. The Council however, deemed that the newspaper should have tried harder to obtain the latest customer figures even though the mistake did not significantly affect the point being made. The Council admitted that the errors by themselves could have been considered minor ones, but that the forceful nature of the headline necessitated upholding the complaints about the article.

Benaud’s complaint targeted an unfair and inaccurate implication in another article headlined “Join the NBN or you’ll be digging deep”. The impression created was that customers not signing up for NBN at the beginning would have to pay an “estimated” $900 per day to have the cable laid to their home at a later date and then up to $140 a month to get an ISP connection. Benaud indicated NBN Co’s statement that later cable-laying would still be free of cost for “standard installation” and that ISP connection costs could be as reasonable as $30 a month.

The Daily Telegraph agreed that its statement regarding cable-laying costs might have been misread and had therefore published a clarification, but it upheld its mention of only the upper ISP price as fair and a common practice. The Council disagreed about the statement related to the cable-laying cost, calling it seriously inaccurate, while noting the newspaper’s attempts to clarify the matter.

However, the Council said the article implied that $900 would have to be paid to an ISP. With the actual ISP connection fee range being as wide as $30-140 and the minimum fees also being well known, the Council described as unfair and misleading the newspaper’s description of the fee as “up to $140”.

Benaud complained about the comparison in the article titled “Low interest in high speed internet” of a certain customer’s current internet costs of $39 per month with what it claimed would be between $53 and more than $130 a month on signing up for NBN services.

Benaud said that this should have taken into account that the customer’s phone service would cost much more than $39 totally for internet and phone, since the price range of $53 to $130, in reality, included a combination of internet and phone services, and not internet alone. The Daily Telegraph stated that the consumer himself did not have a problem with the portrayal or accuracy of his statements.

Since the newspaper omitted the costs of combined phone and internet services, the Council upheld the complaint, calling the comparison misleading. The Council also expressed its concern that the three articles had been published in a short space of time containing erroneous and misleading assertions. It stated that the sequence of mistakes should not have occurred and should have been addressed sufficiently and promptly when brought to the newspaper’s attention.

It’s not the first time that a major News Ltd newspaper in Australia has been criticised for its coverage of the NBN. In a war of words in October 2010, Communications Minister Stephen Conroy had asked Coalition senators not to believe what they read in newspapers such as The Australian and in other publications by News Ltd, after The Australian published a string of articles about the NBN which Conroy perceived to be unnecessarily negative.
http://delimiter.com.au/2011/12/24/d...n-nbn-reports/





NZ’s Top Students to Debate Whether File Sharing Should Be Prosecuted

Thirty six of New Zealand’s top secondary school debaters will gather in Wellington this weekend for the National Finals of the Russell McVeagh New Zealand Schools’ Debating Championships, hosted by Victoria University of Wellington.

The two best teams will meet in the Grand Final on Monday 12 August debating "This House would not prosecute people who download and share entertainment media on the Internet."

The Debating Council is partnering with InternetNZ for this year’s Grand Final, to encourage public debate and education over internet issues.

Desley Horton, the President of the Schools’ Debating Council said that the Grand Final should be a great debate on a highly topical issue: “As we move into a digital age, young people in particular are increasingly questioning whether or not our laws are fit for purpose and up to date. It’ll be fascinating to see what New Zealand’s brightest young minds have to say about this issue.”

Jordan Carter, Chief Executive of InternetNZ said that the issue the students will be debating is important. “As more of our recreation time is spent online, the question of how intellectual property rights affect our ability to access content is a hot issue – and the perspective of those who will live longest with today’s decisions is important.”

Teams from Wellington, Auckland, Canterbury, Otago-Southland, Hawke’s Bay, Northland, Central North Island, Waikato and Kahurangi-Marlborough will take part in seven preliminary rounds of debates over the weekend at Victoria University of Wellington’s Law School.

Students will only find out the topic and what side they are to argue one hour before the debates.

The Grand Final between the top two teams at the Championships will take place in the Legislative Council Chamber at Parliament on Monday 12 August at 2.30pm, hosted by Hon Peter Dunne.

Waikato won the tournament in 2012 and 2011.

The best five speakers at the tournament will be named as members of the Russell McVeagh New Zealand Schools’ Debating Team and represent New Zealand at an upcoming international tournament.

The Russell McVeagh New Zealand Schools’ Debating Champs has been annually since 1988 and are recognised as the country’s most prestigious schools debating competition. The Championships are sponsored by Russell McVeagh.

Members of the public are invited to watch the debating action at the Victoria University Pipitea Campus this weekend. A full timetable of the rounds can be found at www.debating.org.nz
http://www.scoop.co.nz/stories/ED130...rosecution.htm





University Of California Approves Major Open Access Policy To Make Research Free
Gregory Ferenstein

Good news for fans of the scientific method: the largest and most influential university system on the planet will be giving out its research for free. After 6-year-long fight with the for-profit academic publishing industry, the University of California Senate approved open access standards for research on all 10 campuses.

The policy is major win for those who want to see academic research made public, rather than behind the pricy paywalls of big publishers. Last year, Harvard Library penned a memo urging the university’s 2,100 faculty to boycott for-profit academic research databases and instead submit articles to lower-cost open access journals.

Universities pay millions for access to their colleague’s research, with subscriptions costs up to $40,000 for a single journal. Publishing, too, can cost many times more for more prestigious closed-access journals. Nature reports that it can cost $5,000 to publish in the biology journal, Cell Reports, but only $1,350 for the most popular open-access journal PLoS ONE. “It’s still ludicrous how much it costs to publish research,” said molecular biologist at the University of California, Berkeley, Michael Eisen.

The open access movement has friends in high-places. Recently, in response to a WeThePeople petition, the White House pledged a whopping $100 million to promote open access and to require all federally-funded research to be free of charge.

There are issues with open access; it costs money to curate high-quality peer-review and market the research. Many academic papers take years to write, and its a risky proposition to leave it in the hands of an experimental publisher.

But, speaking as a writer who likes to include academic research in my articles, open access could not come soon enough. Media outlets get inundated with research findings, but often can’t get access to the articles to report on them critically. Open access may not be perfect, but it is the future. The more people use it, the better the journals will become. And, ultimately, there will be little need for closed access at all.
http://techcrunch.com/2013/08/02/uni...research-free/





Algorithms Are the New Content Creators, and That’s Bad News for Humans
Peter Wayner

When the news hit that a photographer was suing BuzzFeed for $3.6 million for reusing one of his images, some on the internet reacted with fear and horror. Because many of those people — and websites — are notoriously loose with reusing images, and they like to hide behind the blithe view that it’s all “fair use.”

These debates about the bounds of fair use will always be important, but they obscure a very unfair dynamic that is squeezing artists — and turning the web into a battleground between humans and machines. The trouble is that in many cases today, there’s no human artist, writer, or editor creating what we see on the web. Some algorithm assembled the photos and it’s enjoying a nice little loophole. The machines sail on past the rules about copyright because the law lets those companies blame any infringement on the chaos of the internet. It’s a system that’s tilting the tables against any of the human artists who write, edit, or illustrate.

In other words, the battle for fair use is unfair to anyone who plays by the old rules and tries to share with the artists because human creatives can’t compete with the automated services that aren’t sharing with the artists.

Peter Wayner is the author of Disappearing Cryptography (published by Morgan Kaufmann, now part of Elsevier) and Free for All (published by HarperBusiness), as well as a number of e-books. He recently wrote Attention Must Be Paid, But For $800? and another short book exploring the coming changes from autonomous cars. Wayner has contributed to The New York Times, InfoWorld, and other publications. He lives in Baltimore.

I’m not a practicing lawyer, but I can speak from my personal experience around the issue of fair use when putting together Attention Must Be Paid, But For $800?, a short economic history that compared two productions of Death of a Salesman. A friend suggested adding some photos from 1949 and 2012 (the years when the first and latest productions reached Broadway) because the book used these events as a way to understand just how life and our economy had changed. Adding pictures of the production in 1949 and 2012 would really bring the manuscript to life.

While websites can invoke murky notions that the law is different in cyberspace, the law on books is well understood. If I included photos, I needed to share my royalties with the photographers or risk a punitive copyright lawsuit. As a creative worker, I understood sharing with the photographers. And the pictures would really add depth to the book.

After working through the often byzantine licensing matrices of major photo archives, I found the pictures would cost about $300-$600 per image — adding 20 images would easily add about $10,000 to the book budget. Would this be worth it? Would more people buy an illustrated book? An informal marketing survey suggested it wasn’t worth it; one friend told me flat out that if he wanted the pictures, he would just go to Google. And he was right: All the photos were there.

The automated machines have me and the photographers beat. Aggregators — whether listmakers, search engines, online curation boards, content farms, and other sites — can scrape them from the web and claim that posting these images is fair use. (BuzzFeed claims that what it does is “transformative,” allowing them to call their lists a new creation.)

We already know these companies make a profit on the ads. But what we don’t know is that the algorithms they use are acting less and less like a card catalog for the web and more and more like an author. In other words, the machine isn’t just a dumb hunk of silicon: It’s a living creator. It’s less like a dull machine and more like a fully functional, content-producing Terminator.
The algorithms are acting less like a card catalog for the web and more like an author. It’s a living creator.

Anyone who searches for “Death of a Salesman” gets search results with a nice sidebar filled with a few facts and some images that Google scraped from websites under fair use. In this way, they can do things that I, a lowly human, can’t do. And while I had to pay $10,000, they could “get” them for free.

The market therefore punishes the people who try to do the right thing by the photographers. If I raised the price of my book to pay for the images, even more people would choose the book “written” by Google’s computers.

Is there recourse? Well, if the algorithm violates a copyright, owners can fill out DMCA takedown forms. But it’s an onerous process that can’t match the scale of the breach, because it pits human against machine. The aggregators’ machines scrape the web day and night but humans need to fill out the forms in their waking hours.

So what if we turned the model on its head? What if the researchers at these companies could improve their bots enough for the algorithms to make intelligent decisions about fair use? If their systems can organize the web and drive cars, surely they are capable of shouldering some of the responsibility for making smart decisions about fair use.

Such tools could help identify blogs or websites that borrow too aggressively from other sites. The search engines that are crawling the net could then use that information to flag sites that cross the line from fair use into plagiarism. Google, for example, already has tools that find music in videos uploaded to YouTube, and then shares the revenue with the creators.
Fair use is unfair when it pits humans against machines.

The fair-use algorithms could also honor what the artist wants — for instance, some artists want to be copied. In these cases, a markup language that enumerates just how much the artist wants to encourage fair use could help provide that choice. That way, those who want rampant copying could encourage it while those who want to maintain exclusivity could dial back the limits.

Approaches like this would offer more support for writers and photographers, the human creatives who can never match the scale and reach of automated machines. Because fair use is unfair when it pits humans against machines.

We must not forget that as good as some of the aggregated and automated results can be (and they are), we still need humans to synthesize knowledge and write new books instead of having bots just digitize the old ones. The web needs to encourage and reward those who create and bring new insight to the internet — not just those that remix it.
http://www.wired.com/opinion/2013/08...inst-machines/





A Mogul Gets a Landmark in the Capital
Nick Wingfield and David Streitfeld

The Washington of Jeffrey P. Bezos has been the one of disruptive technology, fleece jackets and software engineers. He has shown little interest in the Washington of politics, power suits and Woodward and Bernstein.

Yet now, from his tech frontier in Seattle, Mr. Bezos has bridged those far-flung worlds by buying The Washington Post.

The purchase price of $250 million is a pittance for a man who ranked 19th on Forbes magazine’s list of billionaires, with an estimated fortune of more than $25 billion. But the deal was still an astonishing move for a magnate who has kept a low profile in politics and has said almost nothing about his interest in newspapers, except that he reads them.

Nonetheless, Mr. Bezos will now have a microphone as powerful as anyone in Washington and outside the West Wing. Keeping with a lot of his tech industry peers, he brings with him a sort of libertarian bent, having supported gay marriage in the state of Washington and fought higher income taxes on wealthy people.

“Of the businesspeople I know, he and Bill Gates are the two most intellectually curious people I know,” said Rob Glaser, the founder of another Seattle technology company, RealNetworks, who has known Mr. Bezos since the 1990s. “It doesn’t surprise me that Jeff would find something with the intellectual depth of The Post an intriguing, compelling thing to be involved with.”

Mr. Bezos, 49, said in a statement on Monday that he would leave the day-to-day operations at The Washington Post to others. But his history — rising quickly as a Wall Street whiz, then starting Amazon.com out of a garage and building it into a retailing giant — is chock-full of cold calculations to improve his company’s fortunes. Many of his decisions have panned out, as Amazon has muscled its way into nearly every corner of retailing, leaving many competitors chafed its his wake.

The purchase of The Washington Post fits into one of the more eclectic — some might say, eccentric — patterns of investing and charitable giving of today’s billionaires. On top of the usual ream of stakes in technology start-ups like Uber and Twitter, Mr. Bezos has indulged his passion for space by financing the recovery from the seabed of an Apollo rocket that carried the first men to the moon.

He is paying for creation of a clock buried in a mountain in West Texas that will tick once a year for the next 10,000 years.

And now, Mr. Bezos — a man known for being an unsentimental businessman — has invested squarely in a sentimental business steeped in tradition. Of course, The Washington Post deal could feed his demonstrated appetite for reinventing venerable industries, from retailing to book publishing. Amazon’s Kindle business has turned Mr. Bezos from a merchant into a media mogul, as celebrated in some circles as another digital disrupter, Steven P. Jobs, Apple’s former chief executive.

Mr. Bezos and Donald E. Graham, The Washington Post’s chief executive, have longstanding connections that may have helped the discussions. As an article on The Post’s Web site noted on Monday, Mr. Graham gave the Amazon chief advice on how to promote newspapers on the Kindle device. And Amazon is an investor in LivingSocial, an e-commerce venture led by Tim O’Shaughnessy, Mr. Graham’s son-in-law.

He has provided few clues about what changes might be in store. In an interview last year, though, he stated that he did not think people reading the Web would pay for a newspaper subscription because they were too trained to get it free. The Washington Post started an online subscription plan this year.

He said in the same interview that there would be no printed newspapers in 20 years. The Washington Post had more than 457,000 subscribers to its daily edition in the first quarter of this year.

This year, Mr. Bezos was one of a group that put $5 million into the Business Insider, a news site founded by Henry Blodget. Mr. Blodget rose to fame as a Wall Street analyst in the late 1990s with a wild forecast for Amazon’s shares that came true.

Drew Herdener, a spokesman for Amazon, who works with the Amazon chief on his personal initiatives, said Mr. Bezos was not available for an interview.

As Amazon has grown, so too has the volume of criticism of the company. It controls at least a quarter of the book business, more than any company in the past. Critics say that concentration is unhealthy.

Mr. Bezos’ disinclination to collect sales tax led him to investigate setting up Amazon on an Indian reservation. The company stoutly resisted efforts in many states over the years to get it to collect the taxes, saying it preferred a national solution. A tax reform measure mandating the collection of taxes by Internet companies has passed the Senate but is stalled in the House.

Critics of Amazon were aghast at the news of The Washington Post purchase, saying it would further increase the power of a company and a tycoon they think already has too much of it. Although Mr. Bezos and not Amazon bought The Post, rivals and critics were already concerned that the newspaper’s work would be used to help Amazon.

“It’s an old boring story — rich man buys a newspaper — but in this instance it’s one of the richest men ever buying one of the most important newspapers ever, which is the one our government leaders read first thing every morning,” said Dennis Johnson, the co-founder of Melville House, a well-regarded small publisher. “This is the capper in the development of one of the most powerful vertical monopolies in our history, which is also one of the most controlling in matters of cultural concern.”

Mr. Bezos was a tinkerer from an early age. After Princeton, he went to Wall Street, ending up at D. E. Shaw & Company, a hedge fund.

He began Amazon when he took note of two things: how fast the Internet was growing as it became a consumer medium in the early 1990s, and how well-suited the book business was to selling online. One Web site could offer all the hundreds of thousands of titles in print in a way that a land-based store never could.

But as Amazon grew big, Mr. Bezos himself largely shunned the media spotlight.

Mr. Bezos has also mostly shunned the political spotlight, as well. His political contributions have gone mostly to Amazon’s corporate PAC, which divides its campaign checks relatively evenly between Democratic and Republican candidates. The stepson of a Cuban immigrant, Mr. Bezos has stayed out of the immigration debate that has attracted so many luminaries from the technology business.

Last year, Mr. Bezos and his wife made waves with a $2.5 million contribution to the successful campaign to legalize same-sex marriage in Washington State. He was one of the biggest donors in 2010 to another winning effort to defeat a proposed income tax on the wealthy in Washington State. People who know Mr. Bezos describe his political views as libertarian, with a small “l.”

On Monday, Mr. Bezos told Washington Post employees that he did not intend to leave his full-time Amazon duties, or to relocate.

“I am happily living in ‘the other Washington’ where I have a day job that I love,” he wrote.

Nick Wingfield reported from Seattle and David Streitfeld from San Francisco. Nicholas Confessore contributed reporting from New York.
http://www.nytimes.com/2013/08/06/bu...e-capital.html





New U.S. Spying Revelations Coming from Snowden Leaks: Journalist
Anthony Boadle

Glenn Greenwald, the American journalist who published documents leaked by fugitive former U.S. intelligence contractor Edward Snowden, plans to make new revelations "within the next 10 days or so" on secret U.S. surveillance of the Internet.

"The articles we have published so far are a very small part of the revelations that ought to be published," Greenwald on Tuesday told a Brazilian congressional hearing that is investigating the U.S. internet surveillance in Brazil.

"There will certainly be many more revelations on spying by the U.S. government and how they are invading the communications of Brasil and Latin America," he said in Portuguese.

The Rio de Janeiro-based columnist for Britain's Guardian newspaper said he has recruited the help of experts to understand some of the 15,000 to 20,000 classified documents from the National Security Agency that Snowden passed him, some of which are "very long and complex and take time to read."

Greenwald told Reuters he does not believe the pro-transparency website WikiLeaks had obtained a package of documents from Snowden, and that only he and filmmaker Laura Poitras have complete archives of the leaked material.

Greenwald said Snowden, who was in hiding in Hong Kong before flying to Russia in late June, was happy to leave a Moscow airport after being granted temporary asylum, and pleased that he had stirred up a worldwide debate on internet privacy and secret U.S. surveillance programs used to monitor emails.

"I speak with him a lot since he left the airport, almost every day. We use very strong encryption to communicate," Greenwald told the Brazilian legislators. "He is very well."

"He is very pleased with the debate that is arising in many countries around the world on internet privacy and U.S. spying. It is exactly the debate he wanted to inform," Greenwald said.

After a meeting in June with Snowden in Hong Kong, Greenwald published in The Guardian the first of many reports that rattled the U.S. intelligence community by disclosing the breadth and depth of alleged NSA surveillance of telephone and internet usage.

Last month, in an article co-authored by Greenwald, the Brazilian newspaper O Globo reported that the NSA spied on Latin American countries with programs that can monitor billions of emails and phone calls for suspicious activity. Latin American countries fumed at what they considered a violation of their sovereignty and demanded explanations and an apology.

COMMERCIAL SECRETS

In Brazil, the largest U.S. trading partner in South America, angry senators questioned President Dilma Rousseff's planned state visit to Washington in October and a billion-dollar purchase of U.S.-made fighter jets Brazil is considering.

Members of the Senate Foreign Relations Committee peppered Greenwald with questions on Tuesday, such as whether the NSA was capable of spying on Brazil's commercial secrets, including the discovery of promising offshore oil reserves, and the communications of the country's president and armed forces.

Greenwald had no details on specific targets and said the documents did not name telecommunications and internet companies in the United States and Brazil that might have collaborated with the NSA's collection of internet users' data.

The journalist said Snowden planned to stay in Moscow "as long as he needs to, until he can secure his situation." He said Snowden knew he ran the risk of spending the rest of his life in jail or being hunted by the most powerful nation in the world, but had no doubts about his decision to leak the documents on the U.S. surveillance programs.

Greenwald criticized governments around the world for failing to offer Snowden protection, even while they publicly denounced the U.S. surveillance of their citizens' internet usage.

Meanwhile, Washington is working through diplomatic channels to persuade governments to stop complaining about the surveillance programs, he said.

"The Brazilian government is showing much more anger in public than it is showing in private discussions with the U.S. government," Greenwald told reporters. "All governments are doing this, even in Europe."

In a speech at the United Nations on Tuesday, Brazilian Foreign Minister Antonio Patriota called the interception of telecommunications and acts of espionage in Latin America "a serious issue, with a profound impact on the international order." But he did not mention the United States by name.

(Editing by Paul Simao)
http://www.reuters.com/article/2013/...97600L20130807





NSA to Cut System Administrators by 90 Percent to Limit Data Access
Jonathan Allen

The National Security Agency, hit by disclosures of classified data by former contractor Edward Snowden, said Thursday it intends to eliminate about 90 percent of its system administrators to reduce the number of people with access to secret information.

Keith Alexander, the director of the NSA, the U.S. spy agency charged with monitoring foreign electronic communications, told a cybersecurity conference in New York City that automating much of the work would improve security.

"What we're in the process of doing - not fast enough - is reducing our system administrators by about 90 percent," he said.

The remarks came as the agency is facing scrutiny after Snowden, who had been one of about 1,000 system administrators who help run the agency's networks, leaked classified details about surveillance programs to the press.

Before the change, "what we've done is we've put people in the loop of transferring data, securing networks and doing things that machines are probably better at doing," Alexander said.

Using technology to automate much of the work now done by employees and contractors would make the NSA's networks "more defensible and more secure," as well as faster, he said at the conference, in which he did not mention Snowden by name.

These efforts pre-date Snowden's leaks, the agency has said, but have since been accelerated.

Alexander's remarks largely echoed similar comments made to Congress and at other public appearances over the past two months since his agency came under fire from civil liberties advocates and lawmakers concerned by Snowden's revelations.

Snowden leaked documents to the Guardian and the Washington Post, which published stories revealing previously secret telephone and internet surveillance programs run by the U.S. government.

Snowden now faces criminal charges but has since been granted temporary asylum in Russia.

Other security measures that Alexander has previously discussed include requiring at least two people to be present before certain data can be accessed on the agency's computer systems.

"At the end of the day it's about people and trust," Alexander said. He again defended his agency's conduct, much of which he said had been "grossly mischaracterized" by the press.

"No one has willfully or knowingly disobeyed the law or tried to invade your civil liberties or privacies," he said. "There were no mistakes like that at all."

He told his audience to "get the facts" and make up their own minds, adding that the agency itself could do more to enable this: "We've got to push out more, I recognize that," he said.

(Reporting By Jonathan Allen; Editing by Cynthia Osterman)
http://www.reuters.com/article/2013/...97801020130809





The Many Ways That Obama Has Been Spying On You
Brian Merchant

Planning on doing something online today? Or making a phone call, perhaps? Well, do it with a smile, because the National Security Agency will have a record of it. Over the last 24 hours, a pair of game-changing reports have revealed the truly stunning amount of data the federal government is collecting about your personal life. There's a lot of information swirling around now, so here's a handy guide to all of the things Obama's crew have gone big brother on.

First, the background: On Tuesday, June 5th, The Guardian dropped the bombshell that the National Security Agency was requiring Verizon, via court order, to turn over the metadata for all of its call records. The NSA has apparently forced Verizon to indiscriminately have over information about all of its millions of communications records on an "ongoing, daily basis". If you use Verizon, we learned, the NSA has copies of the metadata of all of the phone calls you've made over the last two months.

Then, the Washington Post revealed that ever since 2007, at least nine of the top technology companies—including Microsoft, Google, Yahoo!, and Facebook—were knowingly allowing the NSA to mine all of its user data in a program ominously called PRISM. Then came this:

So it's not just Verizon, then. Surprise. It's all a little dizzying. It's enough to make a privacy advocate's head explode. And it makes the revelation that the Obama administration had swiped two months of phone records from the Associated Press seem downright quaint. I mean, this is hundreds of millions of Americans we're talking about. To clarify, here's a handy list of everyone the NSA has essentially been spying on in the United States of America:

• Every person who has dialed, texted, or otherwise used a cell phone or land line over the last seven years. Your metadata is stored somewhere in NSA's servers, where the government has access to every communication you have completed since 2007.
• Anyone who maintains a Facebook profile, Gmail account, or Yahoo! account.
• Anyone who has communicated on Skype or a Google Hangout at any point over the last six years.
• Anyone who has entered a search query on Google or Bing.
• Anyone who has had an online conversation on Gchat or Facebook.
• Perhaps, even, anyone who has charged something to their credit card—the details are murkier here, but the Wall Street Journal reports that the NSA has a PRISM-like deal with credit card companies to hand over data about what you're buying.

To be clear, here, this isn't spying 1.0—the NSA isn't actively listening to your calls or watching suspicious chats scroll by on some ominous control screen. The Week's Mark Ambinder notes that it's much more mundane, in explaining how the NSA uses your telephone records—and, ostensibly, your data.

First of all, the NSA isn't recording the cell phone conversations themselves. They're keeping the metadata, which includes pretty much everything else: the time the call was made, its duration, who the call was made to, etc. Less is known about practices surrounding the data-mining, but it's likely being stored in a similar dump as the telephone metadata, which is kept in a giant database called MARINA.

The vast majority of that data just sits there—the NSA must allegedly seek permission from a court if it dips into the data pool for assistance into an investigation. However, the agency can do this, legally, even after it has already pulled the files. And because the NSA appears to be borderline violating the directive of the Patriot Act that ostensibly makes the whole operation legal in the first place—that it must have "tangible" reason to monitor someone's data—and because the project's operating procedures are classified and incredibly murky, it's hard to know if they are being lawfully or responsibly adhered to.

So that's where we are right now. Obama has clearly expanded the surveillance activities instigated by George W. Bush, though he is not wiretapping phones outright like his predecessor. Still, his administration has overseen the most drastic expansion of surveillance by the state, perhaps in history. Our chat logs, status updates, phone records, even our video conference calls—they're all sitting in a massive database housed in a government-protected data center like the gigantic complex that's currently wrapping construction in Utah.

Whether or not that alarms you, I suppose, depends on the amount of faith you place in secretive government agencies to access and analyze your data lawfully and responsibly, both now and five years on. For its part, the government's intelligence bureau has responded by vowing to declassify some elements of the program, so the public can "understand its limits."

Most of us know we've ceded some of our privacy by embracing the digital era—we know Facebook is hocking our data to advertisers, we know the Patriot Act is still standing—but knowing that Uncle Sam is keeping a massive record of every digital thing we've done in a giant bowl of data in the desert is likely to make some skin crawl.
http://motherboard.vice.com/blog/the...-spying-on-you





Other Agencies Clamor for Data N.S.A. Compiles
Eric Lichtblau and Michael S. Schmidt

The National Security Agency’s dominant role as the nation’s spy warehouse has spurred frequent tensions and turf fights with other federal intelligence agencies that want to use its surveillance tools for their own investigations, officials say.

Agencies working to curb drug trafficking, cyberattacks, money laundering, counterfeiting and even copyright infringement complain that their attempts to exploit the security agency’s vast resources have often been turned down because their own investigations are not considered a high enough priority, current and former government officials say.

Intelligence officials say they have been careful to limit the use of the security agency’s troves of data and eavesdropping spyware for fear they could be misused in ways that violate Americans’ privacy rights.

The recent disclosures of agency activities by its former contractor Edward J. Snowden have led to widespread criticism that its surveillance operations go too far and have prompted lawmakers in Washington to talk of reining them in. But out of public view, the intelligence community has been agitated in recent years for the opposite reason: frustrated officials outside the security agency say the spy tools are not used widely enough.

“It’s a very common complaint about N.S.A.,” said Timothy H. Edgar, a former senior intelligence official at the White House and at the office of the director of national intelligence. “They collect all this information, but it’s difficult for the other agencies to get access to what they want.”

“The other agencies feel they should be bigger players,” said Mr. Edgar, who heard many of the disputes before leaving government this year to become a visiting fellow at Brown University. “They view the N.S.A. — incorrectly, I think — as this big pot of data that they could go get if they were just able to pry it out of them.”

Smaller intelligence units within the Drug Enforcement Administration, the Secret Service, the Pentagon and the Department of Homeland Security have sometimes been given access to the security agency’s surveillance tools for particular cases, intelligence officials say.

But more often, their requests have been rejected because the links to terrorism or foreign intelligence, usually required by law or policy, are considered tenuous. Officials at some agencies see another motive — protecting the security agency’s turf — and have grown resentful over what they see as a second-tier status that has undermined their own investigations into security matters.

At the drug agency, for example, officials complained that they were blocked from using the security agency’s surveillance tools for several drug-trafficking cases in Latin America, which they said might be connected to financing terrorist groups in the Middle East and elsewhere.

At the Homeland Security Department, officials have repeatedly sought to use the security agency’s Internet and telephone databases and other resources to trace cyberattacks on American targets that are believed to have stemmed from China, Russia and Eastern Europe, according to officials. They have often been rebuffed.

Officials at the other agencies, speaking only on the condition of anonymity because they were not authorized to discuss the tensions, say the National Security Agency’s reluctance to allow access to data has been particularly frustrating because of post-Sept. 11 measures that were intended to encourage information-sharing among federal agencies.

In fact, a change made in 2008 in the executive order governing intelligence was intended to make it easier for the security agency to share surveillance information with other agencies if it was considered “relevant” to their own investigations. It has often been left to the national intelligence director’s office to referee the frequent disputes over how and when the security agency’s spy tools can be used. The director’s office declined to comment for this article.

Typically, the agencies request that the N.S.A. target individuals or groups for surveillance, search its databases for information about them, or share raw intelligence, rather than edited summaries, with them. If those under scrutiny are Americans, approval from the secret Foreign Intelligence Surveillance Court is required.

The security agency, whose mission is to spy overseas, and the F.B.I., its main partner in surveillance operations, dominate the process as the Justice Department’s main “customers” in seeking warrants from the intelligence court, with nearly 1,800 approved by the court last year.

In a statement, the security agency said that it “works closely with all intelligence community partners, and embeds liaison officers and other personnel at those agencies for the express purpose of ensuring N.S.A. is meeting their requirements and providing support to their missions.”

The security agency’s spy tools are attractive to other agencies for many reasons. Unlike traditional, narrowly tailored search warrants, those granted by the intelligence court often allow searches through records and data that are vast in scope. The standard of evidence needed to acquire them may be lower than in other courts, and the government may not be required to disclose for years, if ever, that someone was the focus of secret surveillance operations.

Decisions on using the security agency’s powers rest on many complicated variables, including a link to terrorism or “foreign intelligence,” the type of surveillance or data collection that is being conducted, the involvement of American targets, and the priority of the issue.

“Every agency wants to think that their mission has to be the highest priority,” said a former senior White House intelligence official involved in recent turf issues.

Other intelligence shops usually have quick access to N.S.A. tools and data on pressing matters of national security, like investigating a terrorism threat, planning battlefield operations or providing security for a presidential trip, officials say. But the conflicts arise during longer-term investigations with unclear foreign connections.

In pressing for greater access, a number of smaller agencies maintain that their cases involve legitimate national security threats and could be helped significantly by the N.S.A.’s ability to trace e-mails and Internet activity or other tools.

Drug agency officials, for instance, have sought a higher place for global drug trafficking on the intelligence community’s classified list of surveillance priorities, according to two officials.

Dawn Dearden, a drug agency spokeswoman, said it was comfortable allowing the N.S.A. and the F.B.I. to take the lead in seeking surveillance warrants. “We don’t have the authority, and we don’t want it, and that comes from the top down,” she said.

But privately, intelligence officials at the drug agency and elsewhere have complained that they feel shut out of the process by the N.S.A. and the F.B.I. from start to finish, with little input on what groups are targeted with surveillance and only sporadic access to the classified material that is ultimately collected.

Sometimes, security agency and bureau officials accuse the smaller agencies of exaggerating links to national security threats in their own cases when pushing for access to the security agency’s surveillance capabilities. Officials from the other agencies say that if a link to national security is considered legitimate, the F.B.I. will at times simply take over the case itself and work it with the N.S.A.

In one such case, the bureau took control of a Secret Service investigation after a hacker was linked to a foreign government, one law enforcement official said. Similarly, the bureau became more interested in investigating smuggled cigarettes as a means of financing terrorist groups after the case was developed by the Bureau of Alcohol, Tobacco, Firearms and Explosives.

Mr. Edgar said officials in the national intelligence director’s office occasionally allow other agencies a role in identifying surveillance targets and seeing the results when it is relevant to their own inquiries. But more often, he acknowledged, the office has come down on the side of keeping the process held to an “exclusive club” at the N.S.A., the F.B.I. and the Justice Department, with help from the Central Intelligence Agency on foreign issues.

Officials in the national intelligence director’s office worry about opening the surveillance too widely beyond the security agency and the F.B.I. for fear of abuse, Mr. Edgar said. The two intelligence giants have been “burned” by past wiretapping controversies and know the political consequences if they venture too far afield, he added.

“I would have been very uncomfortable if we had let these other agencies get access to the raw N.S.A. data,” he said.

As furious as the public criticism of the security agency’s programs has been in the two months since Mr. Snowden’s disclosures, “it could have been much, much worse, if we had let these other agencies loose and we had real abuses,” Mr. Edgar said. “That was the nightmare scenario we were worried about, and that hasn’t happened.”

Eric Schmitt contributed reporting.
http://www.nytimes.com/2013/08/04/us...-compiles.html





Exclusive: U.S. Directs Agents to Cover Up Program Used to Investigate Americans
John Shiffman and Kristina Cooke

A secretive U.S. Drug Enforcement Administration unit is funneling information from intelligence intercepts, wiretaps, informants and a massive database of telephone records to authorities across the nation to help them launch criminal investigations of Americans.

Although these cases rarely involve national security issues, documents reviewed by Reuters show that law enforcement agents have been directed to conceal how such investigations truly begin - not only from defense lawyers but also sometimes from prosecutors and judges.

The undated documents show that federal agents are trained to "recreate" the investigative trail to effectively cover up where the information originated, a practice that some experts say violates a defendant's Constitutional right to a fair trial. If defendants don't know how an investigation began, they cannot know to ask to review potential sources of exculpatory evidence - information that could reveal entrapment, mistakes or biased witnesses.

"I have never heard of anything like this at all," said Nancy Gertner, a Harvard Law School professor who served as a federal judge from 1994 to 2011. Gertner and other legal experts said the program sounds more troubling than recent disclosures that the National Security Agency has been collecting domestic phone records. The NSA effort is geared toward stopping terrorists; the DEA program targets common criminals, primarily drug dealers.

"It is one thing to create special rules for national security," Gertner said. "Ordinary crime is entirely different. It sounds like they are phonying up investigations."

THE SPECIAL OPERATIONS DIVISION

The unit of the DEA that distributes the information is called the Special Operations Division, or SOD. Two dozen partner agencies comprise the unit, including the FBI, CIA, NSA, Internal Revenue Service and the Department of Homeland Security. It was created in 1994 to combat Latin American drug cartels and has grown from several dozen employees to several hundred.

Today, much of the SOD's work is classified, and officials asked that its precise location in Virginia not be revealed. The documents reviewed by Reuters are marked "Law Enforcement Sensitive," a government categorization that is meant to keep them confidential.

"Remember that the utilization of SOD cannot be revealed or discussed in any investigative function," a document presented to agents reads. The document specifically directs agents to omit the SOD's involvement from investigative reports, affidavits, discussions with prosecutors and courtroom testimony. Agents are instructed to then use "normal investigative techniques to recreate the information provided by SOD."

A spokesman with the Department of Justice, which oversees the DEA, declined to comment.

But two senior DEA officials defended the program, and said trying to "recreate" an investigative trail is not only legal but a technique that is used almost daily.

A former federal agent in the northeastern United States who received such tips from SOD described the process. "You'd be told only, ‘Be at a certain truck stop at a certain time and look for a certain vehicle.' And so we'd alert the state police to find an excuse to stop that vehicle, and then have a drug dog search it," the agent said.

"PARALLEL CONSTRUCTION"

After an arrest was made, agents then pretended that their investigation began with the traffic stop, not with the SOD tip, the former agent said. The training document reviewed by Reuters refers to this process as "parallel construction."

The two senior DEA officials, who spoke on behalf of the agency but only on condition of anonymity, said the process is kept secret to protect sources and investigative methods. "Parallel construction is a law enforcement technique we use every day," one official said. "It's decades old, a bedrock concept."

A dozen current or former federal agents interviewed by Reuters confirmed they had used parallel construction during their careers. Most defended the practice; some said they understood why those outside law enforcement might be concerned.

"It's just like laundering money - you work it backwards to make it clean," said Finn Selander, a DEA agent from 1991 to 2008 and now a member of a group called Law Enforcement Against Prohibition, which advocates legalizing and regulating narcotics.

Some defense lawyers and former prosecutors said that using "parallel construction" may be legal to establish probable cause for an arrest. But they said employing the practice as a means of disguising how an investigation began may violate pretrial discovery rules by burying evidence that could prove useful to criminal defendants.

A QUESTION OF CONSTITUTIONALITY

"That's outrageous," said Tampa attorney James Felman, a vice chairman of the criminal justice section of the American Bar Association. "It strikes me as indefensible."

Lawrence Lustberg, a New Jersey defense lawyer, said any systematic government effort to conceal the circumstances under which cases begin "would not only be alarming but pretty blatantly unconstitutional."

Lustberg and others said the government's use of the SOD program skirts established court procedures by which judges privately examine sensitive information, such as an informant's identity or classified evidence, to determine whether the information is relevant to the defense.

"You can't game the system," said former federal prosecutor Henry E. Hockeimer Jr. "You can't create this subterfuge. These are drug crimes, not national security cases. If you don't draw the line here, where do you draw it?"

Some lawyers say there can be legitimate reasons for not revealing sources. Robert Spelke, a former prosecutor who spent seven years as a senior DEA lawyer, said some sources are classified. But he also said there are few reasons why unclassified evidence should be concealed at trial.

"It's a balancing act, and they've doing it this way for years," Spelke said. "Do I think it's a good way to do it? No, because now that I'm a defense lawyer, I see how difficult it is to challenge."

CONCEALING A TIP

One current federal prosecutor learned how agents were using SOD tips after a drug agent misled him, the prosecutor told Reuters. In a Florida drug case he was handling, the prosecutor said, a DEA agent told him the investigation of a U.S. citizen began with a tip from an informant. When the prosecutor pressed for more information, he said, a DEA supervisor intervened and revealed that the tip had actually come through the SOD and from an NSA intercept.

"I was pissed," the prosecutor said. "Lying about where the information came from is a bad start if you're trying to comply with the law because it can lead to all kinds of problems with discovery and candor to the court." The prosecutor never filed charges in the case because he lost confidence in the investigation, he said.

A senior DEA official said he was not aware of the case but said the agent should not have misled the prosecutor. How often such misdirection occurs is unknown, even to the government; the DEA official said the agency does not track what happens with tips after the SOD sends them to agents in the field.

The SOD's role providing information to agents isn't itself a secret. It is briefly mentioned by the DEA in budget documents, albeit without any reference to how that information is used or represented when cases go to court.

The DEA has long publicly touted the SOD's role in multi-jurisdictional and international investigations, connecting agents in separate cities who may be unwittingly investigating the same target and making sure undercover agents don't accidentally try to arrest each other.

SOD'S BIG SUCCESSES

The unit also played a major role in a 2008 DEA sting in Thailand against Russian arms dealer Viktor Bout; he was sentenced in 2011 to 25 years in prison on charges of conspiring to sell weapons to the Colombian rebel group FARC. The SOD also recently coordinated Project Synergy, a crackdown against manufacturers, wholesalers and retailers of synthetic designer drugs that spanned 35 states and resulted in 227 arrests.

Since its inception, the SOD's mandate has expanded to include narco-terrorism, organized crime and gangs. A DEA spokesman declined to comment on the unit's annual budget. A recent LinkedIn posting on the personal page of a senior SOD official estimated it to be $125 million.

Today, the SOD offers at least three services to federal, state and local law enforcement agents: coordinating international investigations such as the Bout case; distributing tips from overseas NSA intercepts, informants, foreign law enforcement partners and domestic wiretaps; and circulating tips from a massive database known as DICE.

The DICE database contains about 1 billion records, the senior DEA officials said. The majority of the records consist of phone log and Internet data gathered legally by the DEA through subpoenas, arrests and search warrants nationwide. Records are kept for about a year and then purged, the DEA officials said.

About 10,000 federal, state and local law enforcement agents have access to the DICE database, records show. They can query it to try to link otherwise disparate clues. Recently, one of the DEA officials said, DICE linked a man who tried to smuggle $100,000 over the U.S. southwest border to a major drug case on the East Coast.

"We use it to connect the dots," the official said.

"AN AMAZING TOOL"

Wiretap tips forwarded by the SOD usually come from foreign governments, U.S. intelligence agencies or court-authorized domestic phone recordings. Because warrantless eavesdropping on Americans is illegal, tips from intelligence agencies are generally not forwarded to the SOD until a caller's citizenship can be verified, according to one senior law enforcement official and one former U.S. military intelligence analyst.

"They do a pretty good job of screening, but it can be a struggle to know for sure whether the person on a wiretap is American," the senior law enforcement official said.

Tips from domestic wiretaps typically occur when agents use information gleaned from a court-ordered wiretap in one case to start a second investigation.

As a practical matter, law enforcement agents said they usually don't worry that SOD's involvement will be exposed in court. That's because most drug-trafficking defendants plead guilty before trial and therefore never request to see the evidence against them. If cases did go to trial, current and former agents said, charges were sometimes dropped to avoid the risk of exposing SOD involvement.

Current and former federal agents said SOD tips aren't always helpful - one estimated their accuracy at 60 percent. But current and former agents said tips have enabled them to catch drug smugglers who might have gotten away.

"It was an amazing tool," said one recently retired federal agent. "Our big fear was that it wouldn't stay secret."

DEA officials said that the SOD process has been reviewed internally. They declined to provide Reuters with a copy of their most recent review.

(Edited by Blake Morrison)
http://www.reuters.com/article/2013/...97409R20130805





Exclusive: IRS Manual Detailed DEA's Use of Hidden Intel Evidence
John Shiffman and David Ingram

Details of a U.S. Drug Enforcement Administration program that feeds tips to federal agents and then instructs them to alter the investigative trail were published in a manual used by agents of the Internal Revenue Service for two years.

The practice of recreating the investigative trail, highly criticized by former prosecutors and defense lawyers after Reuters reported it this week, is now under review by the Justice Department. Two high-profile Republicans have also raised questions about the procedure.

A 350-word entry in the Internal Revenue Manual instructed agents of the U.S. tax agency to omit any reference to tips supplied by the DEA's Special Operations Division, especially from affidavits, court proceedings or investigative files. The entry was published and posted online in 2005 and 2006, and was removed in early 2007. The IRS is among two dozen arms of the government working with the Special Operations Division, including the Federal Bureau of Investigation, the National Security Agency and the Central Intelligence Agency.

An IRS spokesman had no comment on the entry or on why it was removed from the manual. Reuters recovered the previous editions from the archives of the Westlaw legal database, which is owned by Thomson Reuters Corp, the parent of this news agency.

As Reuters reported Monday, the Special Operations Division of the DEA funnels information from overseas NSA intercepts, domestic wiretaps, informants and a large DEA database of telephone records to authorities nationwide to help them launch criminal investigations of Americans. The DEA phone database is distinct from a NSA database disclosed by former NSA contractor Edward Snowden.

Monday's Reuters report cited internal government documents that show that law enforcement agents have been trained to conceal how such investigations truly begin - to "recreate" the investigative trail to effectively cover up the original source of the information.

DEA officials said the practice is legal and has been in near-daily use since the 1990s. They have said that its purpose is to protect sources and methods, not to withhold evidence.

NEW DETAIL

Defense attorneys and some former judges and prosecutors say that systematically hiding potential evidence from defendants violates the U.S. Constitution. According to documents and interviews, agents use a procedure they call "parallel construction" to recreate the investigative trail, stating in affidavits or in court, for example, that an investigation began with a traffic infraction rather than an SOD tip.

The IRS document offers further detail on the parallel construction program.

"Special Operations Division has the ability to collect, collate, analyze, evaluate, and disseminate information and intelligence derived from worldwide multi-agency sources, including classified projects," the IRS document says. "SOD converts extremely sensitive information into usable leads and tips which are then passed to the field offices for real-time enforcement activity against major international drug trafficking organizations."

The 2005 IRS document focuses on SOD tips that are classified and notes that the Justice Department "closely guards the information provided by SOD with strict oversight." While the IRS document says that SOD information may only be used for drug investigations, DEA officials said the SOD role has recently expanded to organized crime and money laundering.

According to the document, IRS agents are directed to use the tips to find new, "independent" evidence: "Usable information regarding these leads must be developed from such independent sources as investigative files, subscriber and toll requests, physical surveillance, wire intercepts, and confidential source information. Information obtained from SOD in response to a search or query request cannot be used directly in any investigation (i.e. cannot be used in affidavits, court proceedings or maintained in investigative files)."

The IRS document makes no reference to SOD's sources of information, which include a large DEA telephone and Internet database.

CONCERN IN CONGRESS

House Intelligence Committee Chairman Mike Rogers, R-Michigan, expressed concern with the concept of parallel construction as a method to hide the origin of an investigation. His comments came on the Mike Huckabee Show radio program.

"If they're recreating a trail, that's wrong and we're going to have to do something about it," said Rogers, a former FBI agent. "We're working with the DEA and intelligence organizations to try to find out exactly what that story is."

Spokespeople for the DEA and the Department of Justice declined to comment.

Sen. Rand Paul, R-Kentucky, a member of the Homeland Security and Government Affairs Committee, said he was troubled that DEA agents have been "trying to cover up a program that investigates Americans."

"National security is one of government's most important functions. So is protecting individual liberty," Paul said. "If the Constitution still has any sway, a government that is constantly overreaching on security while completely neglecting liberty is in grave violation of our founding doctrine."

Officials have stressed that the NSA and DEA telephone databases are distinct. The NSA database, disclosed by Snowden, includes data about every telephone call placed inside the United States. An NSA official said that database is not used for domestic criminal law enforcement.

The DEA database, called DICE, consists largely of phone log and Internet data gathered legally by the DEA through subpoenas, arrests and search warrants nationwide. DICE includes about 1 billion records, and they are kept for about a year and then purged, DEA officials said.

(Research by Hilary Shroyer of West, a Thomson Reuters business. Additional reporting by David Lawder. Edited by Michael Williams)
http://www.reuters.com/article/2013/...9761AZ20130808





Members of Congress Denied Access to Basic Information About NSA

Documents provided by two House members demonstrate how they are blocked from exercising any oversight over domestic surveillance
Glenn Greenwald

Members of Congress have been repeatedly thwarted when attempting to learn basic information about the National Security Agency (NSA) and the secret FISA court which authorizes its activities, documents provided by two House members demonstrate.

From the beginning of the NSA controversy, the agency's defenders have insisted that Congress is aware of the disclosed programs and exercises robust supervision over them. "These programs are subject to congressional oversight and congressional reauthorization and congressional debate," President Obama said the day after the first story on NSA bulk collection of phone records was published in this space. "And if there are members of Congress who feel differently, then they should speak up."

But members of Congress, including those in Obama's party, have flatly denied knowing about them. On MSNBC on Wednesday night, Sen. Richard Blumenthal (D-Ct) was asked by host Chris Hayes: "How much are you learning about what the government that you are charged with overseeing and holding accountable is doing from the newspaper and how much of this do you know?" The Senator's reply:

The revelations about the magnitude, the scope and scale of these surveillances, the metadata and the invasive actions surveillance of social media Web sites were indeed revelations to me."

But it is not merely that members of Congress are unaware of the very existence of these programs, let alone their capabilities. Beyond that, members who seek out basic information - including about NSA programs they are required to vote on and FISA court (FISC) rulings on the legality of those programs - find that they are unable to obtain it.

Two House members, GOP Rep. Morgan Griffith of Virginia and Democratic Rep. Alan Grayson of Florida, have provided the Guardian with numerous letters and emails documenting their persistent, and unsuccessful, efforts to learn about NSA programs and relevant FISA court rulings.

"If I can't get basic information about these programs, then I'm not able to do my job", Rep. Griffith told me. A practicing lawyer before being elected to Congress, he said that his job includes "making decisions about whether these programs should be funded, but also an oath to safeguard the Constitution and the Bill of Rights, which includes the Fourth Amendment."

Rep. Griffith requested information about the NSA from the House Intelligence Committee six weeks ago, on June 25. He asked for "access to the classified FISA court order(s) referenced on Meet the Press this past weekend": a reference to my raising with host David Gregory the still-secret 2011 86-page ruling from the FISA court that found substantial parts of NSA domestic spying to be in violation of the Fourth Amendment as well as governing surveillance statutes.

In that same June 25 letter, Rep. Griffith also requested the semi-annual FISC "reviews and critiques" of the NSA. He stated the rationale for his request: "I took an oath to uphold the United States Constitution, and I intend to do so."

Almost three weeks later, on July 12, Rep. Griffith requested additional information from the Intelligence Committee based on press accounts he had read about Yahoo's unsuccessful efforts in court to resist joining the NSA's PRISM program. He specifically wanted to review the arguments made by Yahoo and the DOJ, as well as the FISC's ruling requiring Yahoo to participate in PRISM.

On July 22, he wrote another letter to the Committee seeking information. This time, it was prompted by press reports that that the FISA court had renewed its order compelling Verizon to turn over all phone records to the NSA. Rep. Griffith requested access to that court ruling.

The Congressman received no response to any of his requests. With a House vote looming on whether to defund the NSA's bulk collection program - it was scheduled for July 25 - he felt he needed the information more urgently than ever. He recounted his thinking to me: "How can I responsibly vote on a program I know very little about?"

On July 23, he wrote another letter to the Committee, noting that it had been four weeks since his original request, and several weeks since his subsequent ones. To date, six weeks since he first asked, he still has received no response to any of his requests (the letters sent by Rep. Griffith can be seen here).

"I know many of my constituents will ask about this when I go home," he said, referring to the August recess when many members of Congress meet with those they represent. "Now that I won't get anything until at least September, what am I supposed to tell them? How can I talk about NSA actions I can't learn anything about except from press accounts?"

Congressman Grayson has had very similar experiences, except that he sometimes did receive responses to his requests: negative ones.

On June 19, Grayson wrote to the House Intelligence Committee requesting several documents relating to media accounts about the NSA. Included among them were FISA court opinions directing the collection of telephone records for Americans, as well as documents relating to the PRISM program.

But just over four weeks later, the Chairman of the Committee, GOP Rep. Mike Rogers, wrote to Grayson informing him that his requests had been denied by a Committee "voice vote".

In a follow-up email exchange, a staff member for Grayson wrote to the Chairman, advising him that Congressman Grayson had "discussed the committee's decision with Ranking Member [Dutch] Ruppersberger on the floor last night, and he told the Congressman that he was unaware of any committee action on this matter." Grayson wanted to know how a voice vote denying him access to these documents could have taken place without the knowledge of the ranking member on the Committee, and asked: "can you please share with us the recorded vote, Member-by-Member?" The reply from this Committee was as follows:

Thanks for your inquiry. The full Committee attends Business Meetings. At our July 18, 2013 Business Meeting, there were seven Democrat Members and nine Republican Members in attendance. The transcript is classified."

To date, neither Griffith nor Grayson has received any of the documents they requested. Correspondence between Grayson and the Committee - with names of staff members and email addresses redacted - can be read here.

Denial of access for members of Congress to basic information about the NSA and the FISC appears to be common. Justin Amash, the GOP representative who, along with Democratic Rep. John Conyers, co-sponsored the amendment to ban the NSA's bulk collection of Americans' phone records, told CNN on July 31: "I, as a member of Congress, can't get access to the court opinions. I have to beg for access, and I'm denied it if I - if I make that request."

It is the Intelligence Committees of both the House and Senate that exercise primary oversight over the NSA. But as I noted last week, both Committees are, with the exception of a handful of members, notoriously beholden to the NSA and the intelligence community generally.

Its members typically receive much larger contributions from the defense and surveillance industries than non-Committee members. And the two Committee Chairs - Democrat Dianne Feinstein in the Senate and Republican Mike Rogers in the House - are two of the most steadfast NSA loyalists in Congress. The senior Democrat on the House Committee is ardent NSA defender Dutch Ruppersberger, whose district not only includes NSA headquarters in Fort Meade, but who is also himself the second-largest recipient of defense/intelligence industry cash.

Moreover, even when members of the Intelligence Committee learn of what they believe to be serious abuses by the NSA, they are barred by law from informing the public. Two Democratic Committee members in the Senate, Ron Wyden and Mark Udall, spent years warning Americans that they would be "stunned to learn" of the radical interpretations of secret law the Obama administration had adopted in the secret FISA court to vest themselves with extremist surveillance powers.

Yet the two Senators, prohibited by law from talking about it, concealed what they had discovered. It took Edward Snowden's whistleblowing for Americans to learn what those two Intelligence Committee members were so dramatically warning them about.

Finally, all members of Congress - not just those on the Intelligence Committees - are responsible for making choices about the NSA and for protecting the privacy rights and other Constitutional guarantees of Americans. "I did not take an oath to defer to the Intelligence Committee," Rep. Griffith told me. "My oath is to make informed decisions, and I can't do my job when I can't get even the most basic information about these programs."

In early July, Grayson had staffers distribute to House members several slides published by the Guardian about NSA programs as part of Grayson's efforts to trigger debate in Congress. But, according to one staff member, Grayson's office was quickly told by the House Intelligence Committee that those slides were still classified, despite having been published and discussed in the media, and directed Grayson to cease distribution or discussion of those materials in the House, warning that he could face sanctions if he continued.

It has been widely noted that the supremely rubber-stamping FISA court constitutes NSA "oversight" in name only, and that the Intelligence Committees are captured by the agency and constrained to act even if they were inclined to. Whatever else is true, members of Congress in general clearly know next to nothing about the NSA and the FISA court beyond what they read in the media, and those who try to rectify that are being actively blocked from finding out.
http://www.theguardian.com/commentis...-denied-access





Lawmakers Say Obstacles Limited Oversight of NSA’s Telephone Surveillance Program
Peter Wallsten

The Obama administration points to checks and balances from Congress as a key rationale for supporting bulk collection of Americans’ telephone communications data, but several lawmakers responsible for overseeing the program in recent years say that they felt limited in their ability to challenge its scope and legality.

The administration argued Friday that lawmakers were fully informed of the surveillance program and voted to keep it in place as recently as 2011. Officials say they have taken unusual steps to make information available to Congress, and committee leaders say they have carefully examined the National Security Agency’s data collection.

Yet some other members of the intelligence and judiciary committees paint a different picture.

They describe regular classified briefings in which intelligence officials would not volunteer details if questions were not asked with absolute precision.

Unlike typical congressional hearings that feature testimony from various sides of a debate, the briefings in 2010 and 2011 on the telephone surveillance program were by definition one-sided affairs, with lawmakers hearing only from government officials steeped in the legal and national security arguments for aggressive spying.

Additional obstacles stemmed from the classified nature of documents, which lawmakers may read only in specific, secure offices; rules require them to leave their notes behind and restrict their ability to discuss the issues with colleagues, outside experts or their own staff.

While Senate Intelligence Committee members can each designate a full-time staffer for the committee who has full access, House members must rely on the existing committee staff, many of whom used to work for the spy agencies they are tasked with overseeing.

Agency officials, meantime, aggressively court the committee, giving lawmakers a sense of being insiders in a clandestine world and at times treating them to a real-life version of the Spy Museum, former members said.

And when a handful of skeptics on each panel raised concerns about the surveillance program or proposed changes, such as shifting the data collection to the companies rather than the government, they were handily defeated by bipartisan majorities who saw the program as a crucial tool in preventing terrorist attacks.

“In terms of the oversight function, I feel inadequate most of the time,” said Rep. Jan Schakowsky (D-Ill.), a member of the House Intelligence Committee and an NSA critic. Bulk surveillance “certainly was approved by Congress. Was it approved by a fully knowing Congress? That is not the case.”

Rep. Adam B. Schiff (D-Calif.), another member of the House Intelligence Committee, said the biggest challenge has been figuring out exactly what questions to ask. “Sometimes you wonder if you’re missing big things that you shouldn’t be missing,” Schiff said. The task is made harder, he said, because members must leave their briefing materials in the committee offices in the Capitol basement, where each member’s documents are kept in three-ring binders labeled “Top Secret.”

“The members have to maintain their own notes and their own follow-up and keep the issues very much in their own minds,” he said.

Similar concerns have come from some Republicans, including Rep. F. James Sensenbrenner Jr. of Wisconsin, a key author of the law authorizing the bulk data surveillance who has in recent weeks become a critic. He said classified briefings for lawmakers were a “rope-a-dope operation” designed to silence “those who are on the trail of something that isn’t right” because rules restrict their ability to speak with other members and the public.

The administration’s move Friday to issue a fuller defense of the surveillance program, disclosed publicly in June by former NSA contractor Edward Snowden, seemed designed to stem a growing bipartisan tide on Capitol Hill against bulk collection of Americans’ data. A measure co-sponsored by a young libertarian, Rep. Justin Amash (R-Mich.), and an old liberal, Rep. John Conyers Jr. (D-Mich.), to halt the bulk data collection was narrowly defeated in a close call that surprised administration officials.

On Friday, Obama and his administration sought to remind the public that many of these same lawmakers moving to undercut the program had previously signed off on it.

The White House issued a statement saying the administration had “engaged Congress on these issues on 35 occasions, including several committee hearings and all-Senate and all-House Members’ meetings.”

A 22-page white paper from the Department of Justice laying out the legal rationale for the bulk collection program singled out Congress’s access to the details of the program and its role in repeatedly approving the underlying provision, known as Section 215 of the USA Patriot Act.

“Information concerning the use of Section 215 to collect telephony metadata in bulk was made available to all Members of Congress, and Congress reauthorized Section 215 without change after this information was provided,” the document said. “It is significant to the legal analysis of the statute that Congress was on notice of this activity and of the source of its legal authority when the statute was reauthorized.”

Friday’s release followed the recent declassification of letters to lawmakers showing that administration officials had repeatedly told Congress about the bulk collections. One summary sent in 2009 mentioned “critical and highly sensitive intelligence collection programs under which NSA collects and analyzes large amounts of transactional data.” The document added: “Although the programs collect a large amount of information, the vast majority of that information is never reviewed by anyone in the government, because the information is not responsive to the limited queries that are authorized for intelligence purposes.”

James R. Clapper, director of national intelligence, said in a letter to lawmakers released last month that the government made “special efforts” undertaken by officials to give all members of Congress the chance to learn about the program beyond the required oversight of the intelligence and judiciary committees. People familiar with the all-member briefings in 2010 and 2011 say the sessions were highly unusual, even risky, because such a wide swath of lawmakers were granted access to highly sensitive materials.

Obama on Friday outlined a series of proposed changes that he said would enhance public confidence in the surveillance program and strengthen oversight, including the addition of an adversarial view when the government seeks orders from the top-secret Foreign Intelligence Surveillance Court. Currently, the judges hear only from the officials in a non-adversarial process.

His calls for change have been echoed in recent days by other defenders of the NSA program, including Senate Intelligence Committee Chairwoman Dianne Feinstein (D-Calif.), who said Friday she would launch a “major review” this fall of the bulk collection program. A similar effort is being planned by the Republican chairman of the House Intelligence Committee, Rep. Mike Rogers of Michigan. The reviews are geared toward increasing public confidence in programs that remain fully supported by the committees — and are not designed to end the bulk collection.

Rogers, in a Saturday interview, rejected the complaints from critics, saying that he and the committee’s ranking Democrat, Rep. C.A. Dutch Ruppersberger of Maryland, have worked together to increase scrutiny of intelligence program budgets. The committee, he said, poses tough questions to agency officials and engages in spirited, behind-the-scenes debates over the bulk data program.

“You may not like the program, but we were doing plenty of oversight to make sure it was legal and constitutional,” he said.

Rogers said “very few members” take advantage of his invitations to receive quarterly staff briefings on counterterrorism operations, and others skipped briefings on the NSA bulk surveillance.

“If you have individual members who say they don’t have time to be on the intelligence committee, then I say get off the intelligence committee,” he said.

Ruppersberger said all members benefit from an expert staff and a push in recent years for greater bipartisanship on the panel. The issues are complex and time-consuming, he said, “but we have to learn them. We have to hold these agencies accountable, but we also have to give them the resources they need to protect our country.”

Sen. John D. Rockefeller IV (D-W.Va.), a member of the Senate Intelligence Committee who expressed anger that Congress was kept in the dark about interrogation and surveillance tactics under the George W. Bush administration, now feels that Congress has what it needs. He credits Feinstein and the Senate panel’s ranking Republican, Sen. Saxby Chambliss of Georgia, for inviting every senator into the committee offices to examine classified materials.

“The intelligence oversight committees have kicked the tires on these programs very hard, with hearings and legislation and oversight, and the programs have overwhelming bipartisan support on these committees,” a Rockefeller spokeswoman said.

Congress’s 2011 reauthorization vote approved, at Obama’s urging, a four-year extension to the Patriot Act provisions, until June 2015. The reauthorization passed with overwhelming bipartisan majorities, despite objections from civil liberties groups and a handful of lawmakers, including some who were fully aware of the telephone data collection and issued carefully worded yet vague warnings in public debate.

Sen. Patrick J. Leahy (D-Vt.), chairman of the Senate Judiciary Committee, co-sponsored a measure with Sen. Rand Paul (R-Ky.) to increase congressional oversight of the intelligence community’s record-gathering under the 215 provision, but it was never voted on. Another effort at limiting the surveillance failed during the 2006 reauthorization, when House-Senate negotiators declined to adopt a measure backed by a majority of senators that would have required stronger privacy protections. Instead of only allowing the government to gain telephone business records if the records were “relevant” to an authorized investigation, the Senate-approved bill would have also required that the records be linked to the activities of a foreign power, an agent of a foreign power or an individual in contact with such an agent of a foreign power.

Critics with deep knowledge of the congressional oversight committees say lawmakers’ ability to regulate the sprawling and complex intelligence network provides only a limited check on executive power.

“I am astounded that so many members of Congress could be informed about the specifics of the program and fail to see the urgent need for public discussions,” said former representative Lee Hamilton (D-Ind.), a longtime member of the House Intelligence Committee who co-chaired the 9/11 Commission.

Noting that a handful of skeptical lawmakers, such as Sen. Ron Wyden (D-Ore.), had tried to apply pressure behind closed doors, Hamilton added: “Even they were simply unable to get it into the open. It took a leaker to do it.”

Rep. Jerrold Nadler (D-N.Y.), a House Judiciary Committee member who was briefed multiple times by senior intelligence officials, said classification rules prevented him and others from being able to make a coherent case for amendments.

“Even if members know about it, they can’t say it, so how do you change it?” Nadler asked. “Even when it comes up for renewal, you say, ‘We have to change the law with this language.’ Why? You can’t say. How do you get political support to change a law when you can’t say the reason?”

Rep. Rush D. Holt (D-N.J.), a former House Intelligence Committee member who clashed frequently with officials from the NSA and other agencies, said he felt the agencies would confuse members rather than earnestly try to respond to concerns.

“Even if, in the game of 20 questions, they give us an answer that is precisely correct, they often delight in obfuscating behind a flurry of tech speak,” Holt said.

“The result,” Holt added, “is that Congress has not been able to, and in many cases has not wanted to, exert serious oversight of the intelligence community.”

But outside committee meetings, Holt said agency officials were assertive in their efforts to “ingratiate” themselves with intelligence committee members by letting them experience some tools of the spy trade.

One time, in between meetings with agency officials, for instance, Holt and several colleagues were invited to shoot high-caliber weapons at a CIA firing range.

Carol D. Leonnig contributed to this report.
http://www.washingtonpost.com/politi...65d_story.html





N.S.A. Sifting Broader Set of Data Crossing U.S. Border
Charlie Savage

The National Security Agency is searching the contents of vast amounts of Americans’ e-mail and text communications into and out of the country, hunting for people who mention information about foreigners under surveillance, according to intelligence officials.

The N.S.A. is not just intercepting the communications of Americans who are in direct contact with foreigners targeted overseas, a practice that government officials have openly acknowledged. It is also casting a far wider net for people who cite information linked to those foreigners, like a little used e-mail address, according to a senior intelligence official.

While it has long been known that the agency conducts extensive computer searches of data it vacuums up overseas, that it is systematically searching — without warrants — through the contents of Americans’ communications that cross the border reveals more about the scale of its secret operations.

It also adds another element to the unfolding debate, provoked by the disclosures of Edward J. Snowden, the former N.S.A. contractor, about whether the agency has infringed on Americans’ privacy as it scoops up e-mails and phone data in its quest to ferret out foreign intelligence.

Government officials say the cross-border surveillance was authorized by a 2008 law, the FISA Amendments Act, in which Congress approved eavesdropping on domestic soil without warrants as long as the “target” was a noncitizen abroad. Voice communications are not included in that surveillance, the senior official said.

Asked to comment, Judith A. Emmel, an N.S.A. spokeswoman, did not directly address surveillance of cross-border communications. But she said the agency’s activities were lawful and intended to gather intelligence not about Americans but about “foreign powers and their agents, foreign organizations, foreign persons or international terrorists.”

“In carrying out its signals intelligence mission, N.S.A. collects only what it is explicitly authorized to collect,” she said. “Moreover, the agency’s activities are deployed only in response to requirements for information to protect the country and its interests.”

Hints of the surveillance appeared in a set of rules, leaked by Mr. Snowden, for how the N.S.A. may carry out the 2008 FISA law. One paragraph mentions that the agency “seeks to acquire communications about the target that are not to or from the target.” The pages were posted online by the newspaper The Guardian on June 20, but the telltale paragraph, the only rule marked “Top Secret” amid 18 pages of restrictions, went largely overlooked amid other disclosures.

To conduct the surveillance, the N.S.A. is temporarily copying and then sifting through the contents of what is apparently most e-mails and other text-based communications that cross the border. The senior intelligence official, who, like other former and current government officials, spoke on condition of anonymity because of the sensitivity of the topic, said the N.S.A. makes a “clone of selected communication links” to gather the communications, but declined to specify details, like the volume of the data that passes through them.

Computer scientists said that it would be difficult to systematically search the contents of the communications without first gathering nearly all cross-border text-based data; fiber-optic networks work by breaking messages into tiny packets that flow at the speed of light over different pathways to their shared destination, so they would need to be captured and reassembled.

The official said that a computer searches the data for the identifying keywords or other “selectors” and stores those that match so that human analysts could later examine them. The remaining communications, the official said, are deleted; the entire process takes “a small number of seconds,” and the system has no ability to perform “retrospective searching.”

The official said the keyword and other terms were “very precise” to minimize the number of innocent American communications that were flagged by the program. At the same time, the official acknowledged that there had been times when changes by telecommunications providers or in the technology had led to inadvertent overcollection. The N.S.A. monitors for these problems, fixes them and reports such incidents to its overseers in the government, the official said.

The disclosure sheds additional light on statements intelligence officials have made recently, reassuring the public that they do not “target” Americans for surveillance without warrants.

At a House Intelligence Committee oversight hearing in June, for example, a lawmaker pressed the deputy director of the N.S.A., John Inglis, to say whether the agency listened to the phone calls or read the e-mails and text messages of American citizens. Mr. Inglis replied, “We do not target the content of U.S. person communications without a specific warrant anywhere on the earth.”

Timothy Edgar, a former intelligence official in the Bush and Obama administrations, said that the rule concerning collection “about” a person targeted for surveillance rather than directed at that person had provoked significant internal discussion.

“There is an ambiguity in the law about what it means to ‘target’ someone,” Mr. Edgar, now a visiting professor at Brown, said. “You can never intentionally target someone inside the United States. Those are the words we were looking at. We were most concerned about making sure the procedures only target communications that have one party outside the United States.”

The rule they ended up writing, which was secretly approved by the Foreign Intelligence Surveillance Court, says that the N.S.A. must ensure that one of the participants in any conversation that is acquired when it is searching for conversations about a targeted foreigner must be outside the United States, so that the surveillance is technically directed at the foreign end.

Americans’ communications singled out for further analysis are handled in accordance with “minimization” rules to protect privacy approved by the surveillance court. If private information is not relevant to understanding foreign intelligence, it is deleted; if it is relevant, the agency can retain it and disseminate it to other agencies, the rules show.

While the paragraph hinting at the surveillance has attracted little attention, the American Civil Liberties Union did take note of the “about the target” language in a June 21 post analyzing the larger set of rules, arguing that the language could be interpreted as allowing “bulk” collection of international communications, including of those of Americans.

Jameel Jaffer, a senior lawyer at the A.C.L.U., said Wednesday that such “dragnet surveillance will be poisonous to the freedoms of inquiry and association” because people who know that their communications will be searched will change their behavior.

“They’ll hesitate before visiting controversial Web sites, discussing controversial topics or investigating politically sensitive questions,” Mr. Jaffer said. “Individually, these hesitations might appear to be inconsequential, but the accumulation of them over time will change citizens’ relationship to one another and to the government.”

The senior intelligence official argued, however, that it would be inaccurate to portray the N.S.A. as engaging in “bulk collection” of the contents of communications. “ ‘Bulk collection’ is when we collect and retain for some period of time that lets us do retrospective analysis,” the official said. “In this case, we do not do that, so we do not consider this ‘bulk collection.’ ”

Stewart Baker, a former general counsel for the N.S.A., said that such surveillance could be valuable in identifying previously unknown terrorists or spies inside the United States who unwittingly reveal themselves to the agency by discussing a foreign-intelligence “indicator.” He cited a situation in which officials learn that Al Qaeda was planning to use a particular phone number on the day of an attack.

“If someone is sending that number out, chances are they are on the inside of the plot, and I want to find the people who are on the inside of the plot,” he said.

The senior intelligence official said that the “about the target” surveillance had been valuable, but said it was difficult to point to any particular terrorist plot that would have been carried out if the surveillance had not taken place. He said it was one tool among many used to assemble a “mosaic” of information in such investigations. He also pointed out that the surveillance was used for other types of foreign-intelligence collection, not just terrorism, the official said.

There has been no public disclosure of any ruling by the Foreign Intelligence Surveillance Court explaining its legal analysis of the 2008 FISA law and the Fourth Amendment as allowing “about the target” searches of Americans’ cross-border communications. But in 2009, the Justice Department’s Office of Legal Counsel signed off on a similar process for searching federal employees’ communications without a warrant to make sure none contain malicious computer code.

That opinion, by Steven G. Bradbury, who led the office in the Bush administration, may echo the still-secret legal analysis. He wrote that because that system, called EINSTEIN 2.0, scanned communications traffic “only for particular malicious computer code” and there was no authorization to acquire the content for unrelated purposes, it “imposes, at worst, a minimal burden upon legitimate privacy rights.”
http://www.nytimes.com/2013/08/08/us...en-by-nsa.html





NSA Loophole Allows Warrantless Search for US Citizens' Emails and Phone Calls

Exclusive: Spy agency has secret backdoor permission to search databases for individual Americans' communications
James Ball and Spencer Ackerman

The National Security Agency has a secret backdoor into its vast databases under a legal authority enabling it to search for US citizens' email and phone calls without a warrant, according to a top-secret document passed to the Guardian by Edward Snowden.

The previously undisclosed rule change allows NSA operatives to hunt for individual Americans' communications using their name or other identifying information. Senator Ron Wyden told the Guardian that the law provides the NSA with a loophole potentially allowing "warrantless searches for the phone calls or emails of law-abiding Americans".

The authority, approved in 2011, appears to contrast with repeated assurances from Barack Obama and senior intelligence officials to both Congress and the American public that the privacy of US citizens is protected from the NSA's dragnet surveillance programs.

The intelligence data is being gathered under Section 702 of the of the Fisa Amendments Act (FAA), which gives the NSA authority to target without warrant the communications of foreign targets, who must be non-US citizens and outside the US at the point of collection.

The communications of Americans in direct contact with foreign targets can also be collected without a warrant, and the intelligence agencies acknowledge that purely domestic communications can also be inadvertently swept into its databases. That process is known as "incidental collection" in surveillance parlance.

But this is the first evidence that the NSA has permission to search those databases for specific US individuals' communications.

A secret glossary document provided to operatives in the NSA's Special Source Operations division – which runs the Prism program and large-scale cable intercepts through corporate partnerships with technology companies – details an update to the "minimization" procedures that govern how the agency must handle the communications of US persons. That group is defined as both American citizens and foreigners located in the US.

"While the FAA 702 minimization procedures approved on 3 October 2011 now allow for use of certain United States person names and identifiers as query terms when reviewing collected FAA 702 data," the glossary states, "analysts may NOT/NOT [not repeat not] implement any USP [US persons] queries until an effective oversight process has been developed by NSA and agreed to by DOJ/ODNI [Office of the Director of National Intelligence]."

The term "identifiers" is NSA jargon for information relating to an individual, such as telephone number, email address, IP address and username as well as their name.

The document – which is undated, though metadata suggests this version was last updated in June 2012 – does not say whether the oversight process it mentions has been established or whether any searches against US person names have taken place.

Wyden, an Oregon Democrat on the Senate intelligence committee, has obliquely warned for months that the NSA's retention of Americans' communications incidentally collected and its ability to search through it has been far more extensive than intelligence officials have stated publicly. Speaking this week, Wyden told the Guardian it amounts to a "backdoor search" through Americans' communications data.

"Section 702 was intended to give the government new authorities to collect the communications of individuals believed to be foreigners outside the US, but the intelligence community has been unable to tell Congress how many Americans have had their communications swept up in that collection," he said.

"Once Americans' communications are collected, a gap in the law that I call the 'back-door searches loophole' allows the government to potentially go through these communications and conduct warrantless searches for the phone calls or emails of law-abiding Americans."

Wyden, along with his intelligence committee colleague Mark Udall, have attempted repeatedly to warn publicly about the ability of the intelligence community to look at the communications of US citizens, but are limited by their obligation not to reveal highly classified information.

But in a letter they recently wrote to the NSA director, General Keith Alexander, the two senators warned that a fact sheet released by the NSA in the wake of the initial Prism revelations to reassure the American public about domestic surveillance was misleading.

In the letter, they warned that Americans' communications might be inadvertently collected and stored under Section 702, despite rules stating only data on foreigners should be collected and retained.

"[W]e note that this same fact sheet states that under Section 702, 'Any inadvertently acquired communication of or concerning a US person must be promptly destroyed if it is neither relevant to the authorised purpose nor evidence of a crime,'" they said.

"We believe that this statement is somewhat misleading, in that it implied the NSA has the ability to determine how many American communications it has collected under Section 702, or that the law does not allow the NSA to deliberately search for the records of particular Americans."

The foreign intelligence surveillance (Fisa) court issues approvals annually authorizing such operations, with specific rules on who can be targeted and what measures must be taken to minimize any details "inadvertently" collected on US persons.

Secret minimization procedures dating from 2009, published in June by the Guardian, revealed that the NSA could make use of any "inadvertently acquired" information on US persons under a defined range of circumstances, including if they held usable intelligence, information on criminal activity, threat of harm to people or property, are encrypted or are believed to contain any information relevant to cybersecurity.

At that stage, however, the rules did not appear to allow for searches of collected data relating to specific US persons.

Assurances from Obama and senior administration officials to the American public about the privacy of their communications have relied on the strict definition of what constitutes "targeting" while making no mention of the permission to search for US data within material that has already been collected.

The day after the Guardian revealed details of the NSA's Prism program, President Obama said: "Now, with respect to the internet and emails, this doesn't apply to US citizens and it doesn't apply to people living in the United States."

Speaking at a House hearing on 18 June this year, deputy attorney general James Cole told legislators "[T]here's a great deal of minimization procedures that are involved here, particularly concerning any of the acquisition of information that deals or comes from US persons.

"As I said, only targeting people outside the United States who are not US persons. But if we do acquire any information that relates to a US person, under limited criteria only can we keep it."

Dianne Feinstein, the California Democrat who chairs the Senate intelligence committee, said in June 2012 that she believed the intelligence agencies and the Justice Department were sufficiently mindful of Americans' privacy.

"The intelligence community is strictly prohibited from using Section 702 to target a US person, which must at all times be carried out pursuant to an individualized court order based upon probable cause," Feinstein stated in a report provided to the Senate record.

While there are several congressional proposals to constrain the NSA's bulk collection of Americans' phone records, there has to date been much less legislative appetite to abridge its powers under Section 702 – as lawmakers are satisfied it doesn't sufficiently violate Americans' privacy.

"702 is focused outside the United States at non-citizens," said Adam Schiff, a member of the House intelligence committee. "The evidence of the effectiveness of 702 is much more substantial than 215 [the bulk phone records collection]. So I think there are fewer fourth amendment concerns and more evidence of the saliency of the program."

Wyden and Udall – both of whom say foreign surveillance conducted under Section 702 has legitimate value for US national security – have tried and failed to restrict the NSA's ability to collect and store Americans' communications that it accidentally acquires.

Wyden told the Guardian that he raised concerns about the loophole with President Obama during an August 1 meeting with legislators about the NSA's surveillance powers.

"I believe that Congress should reform Section 702 to provide better protections for Americans' privacy, and that this could be done without losing the value that this collection provides," he said.

The Guardian put the latest revelations to the NSA and the Office of the Director of National Intelligence but no response had been received by the time of publication.
http://www.theguardian.com/world/201...es-email-calls





Obama Offers Plan Meant to Ease Concerns on Surveillance
Charlie Savage and Michael D. Shear

President Obama on Friday sought to get his administration ahead of the roiling debate over National Security Agency surveillance, releasing new information about spying activities and calling for changes aimed at bolstering public confidence that the programs do not intrude too far into Americans’ privacy.

At a time when leaks by the former N.S.A. contractor Edward J. Snowden have ripped the veil from the agency’s expansive spying both inside the United States and abroad, Mr. Obama held a news conference at which he conceded a need for greater openness and safeguards over vast American surveillance efforts.

“It’s right to ask questions about surveillance, particularly as technology is reshaping every aspect of our lives,” Mr. Obama said, adding: “It’s not enough for me, as president, to have confidence in these programs. The American people need to have confidence in them as well.”

Among other steps, Mr. Obama announced the creation of a high-level task force of outside intelligence and civil liberties specialists to advise the government about how to balance security and privacy as computer technology makes it possible to gather ever more information about people’s private lives.

The president also threw his administration’s support behind a proposal to change the procedures of the secret court that approves electronic spying under the Foreign Intelligence Surveillance Act in order to make its deliberations more adversarial. The court, created in 1978, was initially envisioned to carry out a limited role of reviewing whether there was sufficient evidence to wiretap someone as a suspected foreign terrorist or spy.

But in recent years, it has played a far more sweeping role, issuing lengthy and complex secret opinions interpreting surveillance laws and constitutional privacy rights, without the benefit of opposing lawyers to argue against the Justice Department or file any appeals. Mr. Obama was expected to announce his support for creating an adversarial player in such arguments.

The Obama administration is also planning to release a previously classified legal analysis explaining why the government believes it is lawful under a provision of the Patriot Act known as Section 215 for the N.S.A. to collect and store logs of every phone call dialed or received in the United States.

At the same time, the N.S.A. was expected to release a paper outlining its role and authorities, officials said. The six- to seven-page document was described as setting up a “foundation” to help people understand the legal framework for its activities. Next week, the agency will open a Web site designed to explain itself better to the public amid Mr. Snowden’s disclosures.

“What people are beginning to see in the leaks are elements of a blueprint at N.S.A., but not an operating manual,” a senior administration official said in a conference call before Mr. Obama spoke. “What the paper will try to do is to essentially put them in context. This is a framework.”
http://www.nytimes.com/2013/08/10/us...onference.html

Obama Administration's Legal Rationale for Surveillance (PDF) (Text)




NSA Tries To Justify Its Surveillance Programs With Ridiculous Assertions
Mike Masnick

As President Obama was laying out his "plan" in response to the public's concerns over NSA spying, both the DOJ and the NSA released some documents defending the various programs. I would imagine it will surprise none of you that these documents are chock full of hilarious and misleading claims. Let's highlight a few, starting with the NSA's document, which is shorter, more general and covers all the various programs more broadly. It's also a complete joke. We'll get to the DOJ one in another post.

In his May 2013 address at the National Defense University, the President made clear that we, as a Government, need to review the surveillance authorities used by our law enforcement and intelligence community professionals so that we can collect information needed to keep us safe and ensure that we are undertaking the right kinds of privacy protections to prevent abuse.

Somehow, I think this document has a lot more to do with Ed Snowden's leaks a month later than the speech Obama gave in May...

After the al-Qa'ida attacks on the World Trade Center and the Pentagon, the 9/11 Commission found that the U.S. Government had failed to identify and connect the many "dots" of information that would have uncovered the planning and preparation for those attacks.

Actually, the Commission said that you had collected all that information, but you failed to connect the pieces. Collecting more data does not help with that problem. In fact, the very heads of the Commission that you're citing in defense of these programs have come out publicly to say that the NSA has gone way too far with these programs. So, yeah, you're barking up the wrong tree.

We strive to achieve this through a system that is carefully designed to be consistent with Authorities and Controls and enabled by capabilities that allow us to Collect, Analyze, and Report intelligence needed to protect national security.

As always, the NSA goes back to its authority rather than what it's actually doing and what its abilities are.

This process will often involve the collection of communications metadata -- data that helps NSA understand where to find valid foreign intelligence information needed to protect U.S. national security interests in a large and complicated global network. For instance, the collection of overseas communications metadata associated with telephone calls -- such as the telephone numbers, and time and duration of calls -- allows NSA to map communications between terrorists and their associates.

Well, yes, and also map out communications between everyone else. But, here's where the NSA has some fun. They claim that collecting all that metadata is actually good for American's privacy because by using it to map out networks among real terrorists it means they don't actually go after your stuff:

This strategy helps ensure that NSA's collection of communications content is more precisely focused on only those targets necessary to respond to identified foreign intelligence requirements.

Did you catch that? They only spy on all of us so they know how to avoid spying on all of us.

For a variety of reasons, including technical ones, the communications of U.S. persons are sometimes incidentally acquired in targeting the foreign entities. For example, a U.S. person might be courtesy copied on an e-mail to or from a legitimate foreign target, or a person in the U.S. might be in contact with a known terrorist target.

Or, for example, a US person might be using encryption which makes us think you're a terrorist. Or, you might just be emailing anyone outside of the country. Or that.

In those cases, minimization procedures adopted by the Attorney General in consultation with the Director of National Intelligence and approved by the Foreign Intelligence Surveillance Court are used to protect the privacy of the U.S. person.

The same "minimization procedures" that say if you use encryption, you might be evil so they don't have to protect your privacy any more. Very convincing.

FISA regulates certain types of foreign intelligence collection including certain collection that occurs with compelled assistance from U.S. telecommunications companies.

I just love the lyrical phrase "compelled assistance." That's called "we're the government, we have guns and jails, and you have the info we want, fork it over."

The Government cannot conduct substantive queries of the bulk records for any purpose other than counterterrorism.

Right, but don't ask us about those time when we feed info to the DEA and IRS and then instruct them to launder it so they can pretend they didn't get it from us. Because, you know... that's getting a bit personal.

The BR FISA program is used in cases where there is believed to be a threat to the homeland. Of the 54 terrorism events recently discussed in public, 13 of them had a homeland nexus, and in 12 of those cases, BR FISA played a role.

"Played a role." Except that multiple Senators have now said you've presented absolutely no evidence whatsoever that the BR FISA program (Section 215 of the Patriot Act) has "helped thwart or prevent" any terrorist plots.

Scope and Scale of NSA Collection

According to figures published by a major tech provider, the Internet carries 1,826 Petabytes of information per day. In its foreign intelligence mission, NSA touches about 1.6% of that. However, of the 1.6% of the data, only 0.025% is actually selected for review. The net effect is that NSA analysts look at 0.00004% of the world's traffic in conducting their mission -- that's less than one part in a million. Put another way, if a standard basketball court represented the global communications environment, NSA's total collection would be represented by an area smaller than a dime on that basketball court.

A dime on a basketball court? Huh? Also, almost nothing in the above statements is believable given earlier revelations. Also, what the hell do they mean by "touches"? Collected? Searched? Looked at closely? Fondled lovingly?

In addition to NSA's compliance safeguards, NSA personnel are obligated to report when they believe NSA is not, or may not be, acting consistently with law, policy or procedure. This self-reporting is part of the culture and fabric of NSA. If NSA is not acting in accordance with law, policy or procedure, NSA will report through its internal and external intelligence oversight channels, conduct reviews to understand the root cause, and make appropriate adjustments to improve.

This is guffaw inducing. If you haven't yet, now might be a good time to reread Jane Mayer's 2011 article about what the federal government did to Thomas Drake, Bill Binney and J. Kirk Wiebe for doing exactly that. The idea that this is a part of the "culture and fabric of the NSA" is laughable. That article describes the insanity of former director Michael Hayden in absolutely flipping out when Binney and Wiebe went behind his back and through the "official" channels.

The NSA has absolutely no credibility on this subject, and the claims in this document are simply laughable.
http://www.techdirt.com/articles/201...sertions.shtml





Obama, Tech Executives Met to Discuss Surveillance: Report

President Barack Obama quietly met with the CEOs of Apple Inc, AT&T Inc as well as other technology and privacy representatives on Thursday to discuss government surveillance, according to a media report.

Google Inc computer scientist Vint Cerf and civil liberties leaders also participated in the meeting, along with Apple's Tim Cook and AT&T's Randall Stephenson, Politico said late Thursday, citing sources familiar with the matter.

The session was not included on Obama's daily public schedule for Thursday.

The closed-door meeting followed another private session on Tuesday between top Obama administration officials, industry lobbyists and privacy advocates, Politico reported, adding that the latest meeting "was organized with greater secrecy."

One administration aide characterized Tuesday's meeting was as part of a larger outreach effort, Politico said.

"This is one of a number of discussions the administration is having with experts and stakeholders in response to the president's directive to have a national dialogue about how to best protect privacy in a digital era, including how to respect privacy while defending our national security," the official told the news outlet.

This report comes after revelations about the U.S. government's secret surveillance tactics detailed in various media reports from information disclosed by fugitive former U.S. spy agency contractor Edward Snowden.

Tuesday's meeting included representatives from tech lobbying groups Information Technology Industry Council, TechNet and TechAmerica as well as The American Civil Liberties Union and the Electronic Privacy Information Center, Politico said, citing sources.

Groups invited to Thursday's meeting included representatives from privacy groups such as the Center for Democracy and Technology, Politico said, citing sources familiar with the meeting. Gigi Sohn, the head of another similar group, Public Knowledge, was also invited, it said.

White House representatives and those for the tech companies and privacy groups could not be immediately reached to comment on Politico's report. Politico said the White House, companies and groups have all declined to comment.

(Reporting by Susan Heavey; Editing by Vicki Allen)
http://www.reuters.com/article/2013/...9780IC20130809





NSA Spying May Cost Cloud Companies $35 Billion
James Temple

The National Security Agency surveillance programs aren’t just costing the United States credibility on the world stage — they’re costing domestic tech companies big money.

The recent revelations that the NSA is closely tracking the electronic footprints of foreign citizens could cut as much as $35 billion off the top lines of U.S. cloud computing companies over the next three years. It might also put the nation’s leadership position in the fast growing sector at stake.

That’s according to a new study by the Information Technology and Innovation Foundation, which tried to assess the financial toll of the clandestine PRISM program uncovered by The Guardian and Washington Post in early June. Leaks from defense contractor Edward Snowden showed that the NSA is routinely analyzing emails, photographs, online searches and other digital files that cross the servers of tech giants like Apple, Facebook, Google, Microsoft and Yahoo.

Other prominent industry figures have already underscored the potential cost to U.S. Internet companies, including venture capitalist Marc Andreessen of Andreessen Horowitz. He recently told tech journalist Jessica Lessin that “the severity of the threat depends on whether it will come to light that other governments also have Prism-like programs.”

“It remains to be seen how big a hit,” he said.

The ITIF based its conclusions, which it acknowledged were a rough guess, on a recent survey of 500 respondents by the Cloud Security Alliance. The industry group found that “56 percent of non-US residents were less likely to use US-based cloud providers, in light of recent revelations about government access to customer information.”

Moreover, some 36 percent of U.S. residents said that the NSA leaks have made it more difficult for them to “do business outside of the United States,” the ITIF report said.

Based on those figures, it concluded that:

On the low end, U.S. cloud computing providers might lose $21.5 billion over the next three years. This estimate assumes the U.S. eventually loses about 10 percent of foreign market to European or Asian competitors and retains its currently projected market share for the domestic market.

On the high end, U.S. cloud computing providers might lose $35.0 billion by 2016. This assumes the U.S. eventually loses 20 percent of the foreign market to competitors and retains its current domestic market share.


The report emphasized that European companies and leaders have been pushing hard for years to increase their share of the cloud computing industry, and were quick to emphasize or exploit (depending on your point of view) the fears raised by the NSA revelations.

For instance, one German Justice Minister called for a boycott of U.S. companies and German Interior Minister Hans-Peter Friedrich declared, “whoever fears their communication is being intercepted in any way should use services that don’t go through American servers.”

Added the authors of the report: “After PRISM, the case for national clouds or other protectionist measures is even easier to make.”

The PRISM program was authorized under the 2008 Amendments to the Foreign Intelligence Surveillance Act, which granted the government wide latitude to spy on foreign citizens.

It “allows surveillance of a foreign entity without specifying the people to be monitored or the facilities, places, premises, or property at which surveillance will be directed,” wrote Jennifer Granick, director of civil liberties at the Stanford Center for Internet and Society, in a blog post last year. “Because the target can be any foreign entity, the government can direct surveillance at any facility, even those on American soil, and monitor unspecified Americans’ international communications to or from suspected agents of the foreign entity, or even about that entity.”

It’s been clear for some time that the communications of U.S. citizens can get caught in the dragnet if they communicate with a surveillance target overseas. But the New York Times reported on Thursday that the government is casting an even wider net, prying into the emails of citizens who even mention a target.

The newspaper reports:

While it has long been known that the agency conducts extensive computer searches of data it vacuums up overseas, that it is systematically searching — without warrants — through the contents of Americans’ communications that cross the border reveals more about the scale of its secret operations.

The shift to cloud computing, where a greater portion of software, storage and processing runs in online servers, is one of the driving forces of technology growth today. Worldwide spending on cloud computing is projected to climb by as much as 100 percent between 2012 and 2016, compared to only three percent growth in information technology overall.

U.S. companies like Amazon, Google and Microsoft are leading the field, and profiting handsomely from it.

It’s a wonderful convenience to be able to easily access, work or collaborate on files from different devices in different locations at different times. But as consumers in the U.S. and overseas lose confidence that they can store their contacts, databases, work files, emails, chats and more privately and securely, the value proposition begins to break down.

The Cloud Security Alliance survey suggests overseas citizens and businesses have begun to wonder if they can trust their information with major U.S. companies. But as each week brings fresh revelations about the full scope of U.S. government surveillance, on top of ample concerns about corporate data mining practices, the question becomes whether any of us can’t confidently expect a modicum of privacy in the digital age.
http://blog.sfgate.com/techchron/201...es-35-billion/





Germans’ Fear of American Spying Surges
Chris Bryant

German companies believe the US now poses almost as big a risk as China when it comes to industrial espionage and data theft, a survey has revealed.

The startling finding of a survey of 400 companies conducted in mid-July underscores the shift in German public and business opinion caused by revelations about US surveillance activities.

Some 26 per cent of German managers, IT and security professionals described the US as a high-risk place for industrial espionage and data theft, according to the survey commissioned by EY, the consultancy.

This was second only to the 28 per cent of respondents who view China as a particularly high-risk country for industrial espionage. Russia was ranked third, with 12 per cent saying it posed a significant risk.

When they were asked the same question two years ago only 6 per cent of German companies described the US as a high-risk centre for industrial espionage and data theft.

“Until now [German companies] mostly identified China and Russia as the location of [potential] attackers. Now companies realise that western intelligence agencies also employ very comprehensive surveillance measures,” Bodo Meseke, executive director of fraud investigation and dispute services at EY, said.

US surveillance has become a core issue in Germany’s election campaign following disclosures about Prism, the US data mining programme, and reports in Der Spiegel, the German magazine, that the US has spied on EU offices and is obtaining around 500m pieces of metadata a month from Germany.

Opposition parties have pressed ministers to obtain answers from the US on the extent of any spying on German soil, and the Federation of German Industry has described media reports about US surveillance as “concerning”.

Following meetings in Washington last month, Hans-Peter Friedrich, Germany’s interior minister, assured German industry that the US National Security Agency had not engaged in industrial espionage in Germany.

The US says its cyber activities are focused on combating terrorism and do not target companies, in contrast to China, which Washington accuses of cyber snooping to obtain corporate secrets.

These assurances do not appear to have convinced a significant portion of Germany’s business community.

Germany’s dependence on high-tech exports means the protection of patents and intellectual property are of perennial concern. Modern Germany’s tolerance of mass surveillance is also far lower than in other countries because of their experience of Nazism and East Germany’s Stasi secret police.

German companies continue to view business competitors in foreign countries as a bigger espionage threat than state intelligence agencies, according to the EY survey.

It is unclear whether surveillance concerns will have a negative impact on business ties.

However, there are signs that disclosures made by Edward Snowden, the former NSA official turned whistleblower, are affecting the cloud computing industry, which involves storage of data and software on huge external servers rather than local hard drives.
A separate survey carried out last month by the Cloud Security Alliance, a trade body, found that 10 per cent of non-US members had cancelled plans to use a US-based cloud provider. Some 56 per cent said they would be less likely to use a US cloud company in future.
http://www.ft.com/cms/s/0/d1a163ac-f...44feabdc0.html





German BND Admits Use of NSA Spähprogramm XKeyscore a Terms Yes, But Only for the Foreign Intelligence

The Federal Intelligence Service said the first time, how he uses the spyware XKeyscore. Ex-Head of the Chancellery and SPD parliamentary leader Frank-Walter Steinmeier wants to explain before the Parliamentary Control Panel.

The Federal Intelligence Service (BND) uses the controversial software XKeyscore its U.S. partner, National Security Agency, by its own account only to reconnaissance of foreign satellite communications. "XKeyScore is an important building block for the fulfillment of the BND, particularly in clarifying the situation in crisis areas, to protect stationed German soldiers in the fight against terrorism and for the protection and rescue of abducted German citizen," said the BND .

XKeyScore used since 2007 and will serve the collection and analysis of Internet data. "The BND has access to no NSA databases with XKeyScore, nor does the NSA access to the system used at the BND," assured the foreign intelligence service. "By the mere use of the program, the BND is not part of a network of the NSA."

BND and constitutional protection use XKeyscore

At the same time emphasized the intelligence service, he believes it the specifications of the G 10 Act restricting the secrecy of telecommunications for German citizens. The compatibility of this law does not depend on the used system. "It is rather by ensuring compliance with the legal requirements for use of all systems." The BND and test as well as the Federal Office for Protection of the Constitution set up the software.

Had reported with reference to documents of refugees from Russia ex-NSA employee Edward Snowden, the system could save all communication over multiple days, so both the connection data (who spoke or emailed whom and when) and partially the content. Retroactive to leave so check the terms that certain persons had entered at search engines. In December alone, approximately 180 million records have been recorded from Germany with XKeyscore.

Steinmeier in the criticism

SPD parliamentary leader Frank-Walter Steinmeier sees himself exposed in the Spähaffäre ever sharper criticism. FDP leader Philipp Rösler demanded by ex-intelligence coordinator in the Chancellery, completely elucidate its role in the data exchange between German and U.S. intelligence agencies.

Steinmeier told the Tagesspiegel facing the United States, it had been right, "that our services have worked closely together since September 11, 2001, to prevent further terrorist attacks." The government had its time "Of course make sure that law and order are respected and there is no mass spying on German citizens".

In the words of internal political speaker of the SPD Parliamentary Group, Michael Hartmann, Steinmeier is willing to answer questions to the NSA scandal in the Parliamentary Control Panel. However, it must go to findings, he said the Central German newspaper.

Philipp Rösler (FDP) said Steinmeier had obviously even concealed his party that he had created the basis for cooperation between the NSA and BND BND headquarters in Bad Aibling, Bavaria, as Head of the Chancellery of red-green 2002. Also, there was criticism from the left. "Red-Green has broken the lock for the NSA, Black & Yellow has opened the door wide," concluded Left boss Bernd Riexinger
http://www.microsofttranslator.com/b...m-app-prod01A2
http://www.sueddeutsche.de/politik/e...agen-1.1742601




Deutsche Telekom Ratchets Up Email Security After NSA Scandal

Germany's leading telecoms operator said on Friday it would start channeling e-mail traffic exclusively through its domestic servers in response to public outrage over revelations of U.S. spy programs accessing citizens' private messages.

Deutsche Telekom launched the "E-mail made in Germany" initiative after a month of public indignation over reports on intrusive U.S. snooping based on documents leaked by fugitive former National Security Agency contractor Edward Snowden.

The spying scandal, which has filled German newspapers for weeks, has become a major headache for Chancellor Angela Merkel ahead of a September 22 election. Government snooping is a sensitive subject in Germany due to the heavy surveillance of citizens in the former communist East and under Hitler's Nazis.

"The spying campaign has deeply rattled Germans," Deutsche Telekom Chief Executive Rene Obermann said at a news conference in Berlin on Friday to launch the initiative aiming to make e-mail communication in Germany "more secure".

Deutsche Telekom and its partner United Internet, which account for about two-thirds of all e-mail users in Germany, said they would ensure the encryption of all their clients' e-mails.

The former telecommunications monopoly, in which the German state remains the biggest investor with a 32 percent stake, said all data processing and storage would take place in Germany.

German news magazine Der Spiegel reported in June, citing an NSA document, that the United States taps half a billion phone calls, emails and text messages in Germany in a typical month.

(Reporting by Markus Wacket and Natalia Drozdiak; Editing by Sarah Marsh and Stephen Brown)
http://www.reuters.com/article/2013/...9780L020130809





Important Announcement

Pete S. - Lavabit Support Aug 08 • Announcements

From http://lavabit.com/ :



My Fellow Users,

I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit. After significant soul searching, I have decided to suspend operations. I wish that I could legally share with you the events that led to my decision. I cannot. I feel you deserve to know what’s going on--the first amendment is supposed to guarantee me the freedom to speak out in situations like this. Unfortunately, Congress has passed laws that say otherwise. As things currently stand, I cannot share my experiences over the last six weeks, even though I have twice made the appropriate requests.

What’s going to happen now? We’ve already started preparing the paperwork needed to continue to fight for the Constitution in the Fourth Circuit Court of Appeals. A favorable decision would allow me resurrect Lavabit as an American company.

This experience has taught me one very important lesson: without congressional action or a strong judicial precedent, I would _strongly_ recommend against anyone trusting their private data to a company with physical ties to the United States.

Sincerely,
Ladar Levison
Owner and Operator, Lavabit LLC

Defending the constitution is expensive! Help us by donating to the Lavabit Legal Defense Fund here.
https://lavabit.zendesk.com/home





Two Providers of Secure E-Mail Shut Down
Somini Sengupta

Two major secure e-mail service providers on Thursday took the extraordinary step of shutting down service.

A Texas-based company called Lavabit, which was reportedly used by Edward J. Snowden, announced its suspension Thursday afternoon, citing concerns about secret government court orders.

By evening, Silent Circle, a Maryland-based firm that counts heads of state among its customers, said it was following Lavabit’s lead and shutting its e-mail service as a protective measure.

Taken together, the closures signal that e-mails, even if they are encrypted, can be accessed by government authorities and that the only way to prevent turning over the data is to obliterate the servers that the data sits on.

Mike Janke, Silent Circle’s chief executive, said in a telephone interview late Thursday that his company had destroyed its server. “Gone. Can’t get it back. Nobody can,” he said. “We thought it was better to take flak from customers than be forced to turn it over.”

The company, in a blog post dated Friday, Aug. 9, said it had taken the extreme measure even though it had not received a search order from the government.

Ladar Levison, the owner of Lavabit, suggested — though did not say explicitly — that he had received a search order, and was opting to shut the service so as not to be “complicit in crimes against the American people.”

“After significant soul searching, I have decided to suspend operations,” he wrote. “I wish that I could legally share with you the events that led to my decision. I cannot. I feel you deserve to know what’s going on — the First Amendment is supposed to guarantee me the freedom to speak out in situations like this. Unfortunately, Congress has passed laws that say otherwise. As things currently stand, I cannot share my experiences over the last six weeks, even though I have twice made the appropriate requests.”

The gag order could refer to a secret court order from the Foreign Intelligence Surveillance Court or a National Security Letter. Both prohibit the recipient from saying anything about it.

Silent Circle, which has been in operation for less than a year, said it would continue its phone and text messaging service, which are encrypted end-to-end. E-mail, by its very nature, Mr. Janke said, “is within the reach of any government.”

“We’d considered phasing the service out, continuing service for existing customers, and a variety of other things up until today,” the company’s blog post continued. “It is always better to be safe than sorry, and with your safety we decided that the worst decision is always no decision.”

The announcements spread fast on social media, drawing praise, anxiety and donations to Lavabit’s legal defense fund.

Lavabit’s Facebook page had lit up with comments from frustrated, angry users. “please re-open the servers just that we can recover th info!!!” wrote one.

Mr. Levison described how his service worked in a lengthy post in 2009, saying that Lavabit had 140,000 users, including 70 companies. The security researcher Mikko Hypponen posted a link to his post on Twitter earlier today.

The Electronic Frontier Foundation late Thursday reiterated its call for “more transparency” over government court orders for Internet users information.

“Lavabit’s ominous note and the lack of information about this case is especially concerning for users of large communication service providers like Facebook and Google that may well have been subject to similar pressure, and we hope they will continue to fight for the user in the face of government demands, even if not recognized for years,” it said in a blog post. “Moving forward, we need more transparency so the public can know and understand what led to a ten-year-old business closing its doors and a new start-up abandoning a business opportunity. Hopefully Congress will get concerned, especially when there are American jobs at stake. ”
http://bits.blogs.nytimes.com/2013/0...ail-shut-down/





2 E-Mail Services Close and Destroy Data Rather Than Reveal Files
Somini Sengupta

The shutdown of two small e-mail providers on Thursday illustrates why it is so hard for Internet companies to challenge secret government surveillance: to protect their customers’ data from federal authorities, the two companies essentially committed suicide.

Lavabit, a Texas-based service that was reportedly used by Edward J. Snowden, the leaker who had worked as a National Security Agency contractor, announced the suspension of its service Thursday afternoon. In a blog post, the company’s owner, Ladar Levison, suggested — though did not say explicitly — that he had received a secret search order, and was choosing to shut the service to avoid being “complicit in crimes against the American people.”

Within hours, a fast-growing Maryland-based start-up called Silent Circle also closed its e-mail service and destroyed its e-mail servers. The company said it saw the writing on the wall — while also making it plain that it had not yet received any court orders soliciting user data.

Mike Janke, the chief executive, said the company’s customers included heads of state, members of royalty and government agencies. The company will continue its encrypted phone and text messaging service.

In effect, both businesses destroyed their assets — in part or in full — to avoid turning over their customers’ data. Such public displays are far more difficult for large companies to make, and help explain why the most public efforts to challenge secret government orders have come from small companies and nonprofits.

“Providers are in a bind,” observed Orin Kerr, a law professor who specializes in surveillance law at George Washington University. “They need to respect the privacy rights of customers in order to keep customers, but they also have an obligation to comply with the law. A small company can say, ‘Rather than comply with the law, we will go under.’ But Verizon is not going to do that.”

He added: “The government usually has an easier time with large companies because they have more of a long-term need to have good relations with the government.”

Large Internet companies have moved more quietly and cautiously, addressing consumers’ concerns about government requests only after information about secret orders was leaked by Mr. Snowden. This week, technology industry executives and lobbyists attended meetings at the White House.

In an effort to address public concern about the government’s surveillance programs, President Obama on Friday announced the creation of a task force to advise the government about how to balance security and privacy. He also said he supported a proposal to change the procedures of the secret court that approves electronic spying under the Foreign Intelligence Surveillance Act.

The level of secrecy appeared to be a particular frustration for Mr. Levison. On the Lavabit site Thursday afternoon, Mr. Levison said he was legally prohibited from explaining why he had been compelled to suspend operations. “I wish that I could legally share with you the events that led to my decision. I cannot,” he wrote.

“This experience has taught me one very important lesson: without Congressional action or a strong judicial precedent, I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States,” he added.

Silent Circle’s chief executive, Mr. Janke, said executives at his company — the founders include Philip R. Zimmermann, who created the original e-mail encryption protocol known as Pretty Good Privacy — had opted to follow Lavabit’s example, even before being served with a government order.

He said the incident was a reminder of a fundamental flaw with e-mail technology. An “aggressive” government, he said, can extract e-mail data from any company, no matter how good the company’s encryption tools. Keys to unlock its customers’ encrypted communications had been stored on the company’s servers. Silent Circle destroyed that data, the digital equivalent of a library setting fire to its membership records to keep the government from knowing who checked out what books.

Silent Circle’s text and phone service uses somewhat different technology. The encryption keys are generated between two users as they are communicating and then destroyed. It is aptly called ephemeral encryption.

Bruce Schneier, a cryptographer, applauded Lavabit’s decision, pointing out that its self-destruction was made possible because it had no shareholders to answer to.

“Could you imagine what would happen if Mark Zuckerberg or Larry Page decided to shut down Facebook or Google rather than answer National Security Letters? They couldn’t. They would be fired,” Mr. Schneier wrote on his blog. “When the small companies can no longer operate, it’s another step in the consolidation of the surveillance society.”

Before Lavabit, there was Calyx Internet Access, a small Internet service provider and Web hosting company, that challenged the constitutionality of a secret National Security Letter in 2004. Four Connecticut librarians likewise won their gag order challenge under a so-called National Security Letter in 2006. And a similar challenge was brought by a nonprofit digital library, called the Internet Archive; the government had sought information about one of its users, and it won its challenge to a gag order in 2008.

The most closely watched ruling on secret orders came this year. The San Francisco-based Electronic Frontier Foundation appealed to a United States District judge to lift a gag order issued by the Federal Bureau of Investigation through a national security letter. The court said the gag order was unconstitutional.

Large companies have pushed back more quietly. Yahoo is the only company known to have challenged a gag order from the Foreign Intelligence Surveillance Court. And a coalition of companies, including Google and Microsoft, which sit on a trove of personal communications, have appealed to the Obama administration to be able to disclose just how many Foreign Intelligence Surveillance Act Court orders they receive.

According to Justice Department figures, in 2012, government authorities made 1,856 data requests under the Foreign Intelligence Surveillance Act, the vast majority for electronic surveillance, and another 15,229 requests through National Security Letters.

Nicholas Merrill, the owner of Calyx, received one such letter in early 2004 under the Patriot Act. He closed his business within months. “I was terrified they were going to drag me away,” he said Friday.

It took him years to challenge the court order. He still cannot discuss its contents, he can only acknowledge its existence. His actions, he said, were possible only because his company was small and he was not beholden to shareholders. “In a way being a small company is quite liberating,” he said.

Mr. Merrill said he immediately empathized with Mr. Levison’s plight. “I would imagine he feels so strongly about this that he’s willing to sacrifice his own business and he’s willing to risk angering all his client base for this basic principle,” he said. “I can totally relate to where he’s coming from.”

Nicole Perlroth contributed reporting.
http://bits.blogs.nytimes.com/2013/0...ail-shut-down/





Email Service Used by Snowden Shuts Itself Down, Warns Against Using US-Based Companies

Edward Snowden: 'Google, Facebook, Microsoft, Yahoo, Apple, and the rest of our internet titans must ask themselves why they aren't fighting for our interests the same way'
Glenn Greenwald

A Texas-based encrypted email service recently revealed to be used by Edward Snowden - Lavabit - announced yesterday it was shutting itself down in order to avoid complying with what it perceives as unjust secret US court orders to provide government access to its users' content. "After significant soul searching, I have decided to suspend operations," the company's founder, Ladar Levinson, wrote in a statement to users posted on the front page of its website. He said the US directive forced on his company "a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit." He chose the latter.

CNET's Declan McCullagh smartly speculates that Lavabit was served "with [a] federal court order to intercept users' (Snowden?) passwords" to allow ongoing monitoring of emails; specifically: "the order can also be to install FedGov-created malware." After challenging the order in district court and losing - all in a secret court proceeding, naturally - Lavabit shut itself down to avoid compliance while it appeals to the Fourth Circuit.

This morning, Silent Circle, a US-based secure online communication service, followed suit by shutting its own encrypted email service. Although it said it had not yet been served with any court order, the company, in a statement by its founder, internet security guru Phil Zimmerman, said: "We see the writing on the wall, and we have decided that it is best for us to shut down Silent Mail now."

What is particularly creepy about the Lavabit self-shutdown is that the company is gagged by law even from discussing the legal challenges it has mounted and the court proceeding it has engaged. In other words, the American owner of the company believes his Constitutional rights and those of his customers are being violated by the US Government, but he is not allowed to talk about it. Just as is true for people who receive National Security Letters under the Patriot Act, Lavabit has been told that they would face serious criminal sanctions if they publicly discuss what is being done to their company. Thus we get hostage-message-sounding missives like this:

I wish that I could legally share with you the events that led to my decision. I cannot. I feel you deserve to know what's going on - the first amendment is supposed to guarantee me the freedom to speak out in situations like this. Unfortunately, Congress has passed laws that say otherwise. As things currently stand, I cannot share my experiences over the last six weeks, even though I have twice made the appropriate requests."

Does that sound like a message coming from a citizen of a healthy and free country? Secret courts issuing secret rulings invariably in favor of the US government that those most affected are barred by law from discussing? Is there anyone incapable at this point of seeing what the United States has become? Here's the very sound advice issued by Lavabit's founder:

This experience has taught me one very important lesson: without congressional action or a strong judicial precedent, I would _strongly_ recommend against anyone trusting their private data to a company with physical ties to the United States."

As security expert Bruce Schneier wrote in a great Bloomberg column last week, this is one of the key aspects of the NSA disclosures: the vast public-private surveillance partnership. That's what makes Lavabit's stance so heroic: as our reporting has demonstrated, most US-based tech and telecom companies (though not all) meekly submit to the US government's dictates and cooperative extensively and enthusiastically with the NSA to ensure access to your communications.

Snowden, who told me today that he found Lavabit's stand "inspiring", added:

"Ladar Levison and his team suspended the operations of their 10 year old business rather than violate the Constitutional rights of their roughly 400,000 users. The President, Congress, and the Courts have forgotten that the costs of bad policy are always borne by ordinary citizens, and it is our job to remind them that there are limits to what we will pay.

"America cannot succeed as a country where individuals like Mr. Levison have to relocate their businesses abroad to be successful. Employees and leaders at Google, Facebook, Microsoft, Yahoo, Apple, and the rest of our internet titans must ask themselves why they aren't fighting for our interests the same way small businesses are. The defense they have offered to this point is that they were compelled by laws they do not agree with, but one day of downtime for the coalition of their services could achieve what a hundred Lavabits could not.

"When Congress returns to session in September, let us take note of whether the internet industry's statements and lobbyists - which were invisible in the lead-up to the Conyers-Amash vote - emerge on the side of the Free Internet or the NSA and its Intelligence Committees in Congress."


The growing (and accurate) perception that most US-based companies are not to be trusted with the privacy of electronic communications poses a real threat to those companies' financial interests. A report issued this week by the Technology and Innovation Foundation estimated that the US cloud computing industry, by itself, could lose between $21 billion to $35 billion due to reporting about the industry's ties to the NSA. It also notes that other nations' officials have been issuing the same kind of warnings to their citizens about US-based companies as the one issued by Lavabit yesterday:

And after the recent PRISM leaks, German Interior Minister Hans-Peter Friedrich declared publicly, 'whoever fears their communication is being intercepted in any way should use services that don't go through American servers.' Similarly, Jörg-Uwe Hahn, a German Justice Minister, called for a boycott of US companies."

The US-based internet industry knows that the recent transparency brought to the NSA is a threat to their business interests. This week, several leading Silicon Valley and telecom executives met with President Obama to discuss their "surveillance partnership". But the meeting was - naturally - held in total secrecy. Why shouldn't the agreements and collaborations between these companies and the NSA for access to customer communications not be open and public?

Obviously, the Obama administration, telecom giants, and the internet industry are not going to be moved by appeals to transparency, privacy and basic accountability. But perhaps they'll consider the damage being done to the industry's global reputation and business interests by constructing a ubiquitous spying system with the NSA and doing it all in secret.

It's well past time to think about what all this reflects about the US. As the New York Times Editorial Page put it today, referencing a front-page report from Charlie Savage enabled by NSA documents we published: "Apparently no espionage tool that Congress gives the National Security Agency is big enough or intrusive enough to satisfy the agency's inexhaustible appetite for delving into the communications of Americans." The NYT added:

Time and again, the NSA has pushed past the limits that lawmakers thought they had imposed to prevent it from invading basic privacy, as guaranteed by the Constitution."

I know it's much more fun and self-satisfying to talk about Vladimir Putin and depict him as this omnipotent cartoon villain. Talking about the flaws of others is always an effective tactic for avoiding our own, and as a bonus in this case, we get to and re-live Cold War glory by doing it. The best part of all is that we get to punish another country for the Supreme Sin: defying the dictates of the US leader.

[Note how a country's human rights problems becomes of interest to the US political and media class only when that country defies the US: hence, all the now-forgotten focus on Ecuador's press freedom record when it granted asylum to Julian Assange and considered doing so for Edward Snowden, while the truly repressive and deeply US-supported Saudi regime barely rates a mention. Americans love to feign sudden concern over a country's human rights abuses as a tool for punishing that country for disobedience to imperial dictates and for being distracted from their own government's abuses: Russia grants asylum to Snowden --> Russia is terrible to gays! But maybe it's more constructive for US media figures and Americans generally to think about what's happening to their own country and the abuses of the own government, the one for which they bear responsibility and over which they can exercise actual influence.]

Lavabit has taken an impressive and bold stand against the US government, sacrificing its self-interest for the privacy rights of its users. Those inclined to do so can return that support by helping it with lawyers' fees to fight the US government's orders, via this paypal link provided in the company's statement.

One of the most remarkable, and I think enduring, aspects of the NSA stories is how much open defiance there has been of the US government. Numerous countries around the world have waved away threats, from Hong Kong and Russia to multiple Latin American nations. Populations around the world are expressing serious indignation at the NSA and at their own government to the extent they have collaborated. And now Lavabit has shut itself down rather than participate in what it calls "crimes against the American people", and in doing so, has gone to the legal limits in order to tell us all what has happened. There will undoubtedly be more acts inspired by Snowden's initial choice to unravel his own life to make the world aware of what the US government has been doing in the dark.
http://www.theguardian.com/commentis...silicon-valley





How the Government Killed a Secure E-mail Company
Michael Phillips

In mid-July, Tanya Lokshina, the deputy director for Human Rights Watch’s Moscow office, wrote on her Facebook wall that she had received an e-mail from edsnowden@lavabit.com. It requested that she attend a press conference at Moscow’s Sheremetyevo International Airport to discuss the N.S.A. leaker’s “situation.” This was the wider public’s introduction to Lavabit, an e-mail service prized for its security. Lavabit promised, for instance, that messages stored on the service using asymmetric encryption, which encrypts incoming e-mails before they’re saved on Lavabit’s servers, could not even be read by Lavabit itself.

Yesterday, Lavabit went dark. In a cryptic statement posted on the Web site, the service’s owner and operator, Ladar Levison, wrote, “I cannot share my experiences over the last six weeks, even though I have twice made the appropriate requests.” Those experiences led him to shut down the service rather than, as he put it, “become complicit in crimes against the American people.” Lavabit users reacted with consumer vitriol on the company’s Facebook page (“What about our emails?”), but the tide quickly turned toward government critique. By the end of the night, a similar service, Silent Circle, also shut down its encrypted e-mail product, calling the Lavabit affair the “writing [on] the wall.”

Which secret surveillance scheme is involved in the Lavabit case? The company may have received a national-security letter, which is a demand issued by a federal agency (typically the F.B.I.) that the recipient turn over data about other individuals. These letters often forbid recipients from discussing it with anyone. Another possibility is that the Foreign Intelligence Surveillance Court may have issued a warrant ordering Lavabit to participate in ongoing e-mail surveillance. We can’t be completely sure: as Judge Reggie Walton, the presiding judge of the FISA court, explained to Senator Patrick Leahy in a letter dated July 29th, FISA proceedings, decisions, and legal rationales are typically secret. America’s surveillance programs are secret, as are the court proceedings that enable them and the legal rationales that justify them; informed dissents, like those by Levison or Senator Ron Wyden, must be kept secret. The reasons for all this secrecy are also secret. That some of the secrets are out has not deterred the Obama Administration from prosecuting leakers under the Espionage Act for disclosure of classified information. Call it meta-secrecy.

If Lavabit attempted to resist a FISA order, the first thing it would have done is petition the FISA court to review the order, arguing that it was flawed in some way. According to some legal commentators, such an argument, no matter how it is styled, would almost certainly fail; the FISA court so frequently approves surveillance orders that it is often criticized as a rubber stamp. If Lavabit’s petition failed, it could still drag its feet and force the government to petition the FISA court to issue an order compelling Lavabit to comply. This would give Lavabit another opportunity to press its case.

If Lavabit lost a petition to compel, and still refused to coöperate, it could seek review before the Foreign Intelligence Surveillance Court of Review, which has limited power to review FISA orders and is rarely adversarial. According to Judge Walton, only one company has had the chance to argue before the F.I.S.C.R. as a party objecting to an order—Yahoo, which initially refused to coöperate with the Prism surveillance dragnet.

If Lavabit lost its appeal to the F.I.S.C.R., and still refused to coöperate, it would run a serious risk of being found in contempt; that’s how most courts punish those who disobey its orders. The FISA court is no different. According to the court’s rules of procedure, a party may be held in contempt for defying its orders. The secret court may consider many punishments—secret fines for each day of noncompliance, or even secret jail time for executives. The idea behind civil contempt is that “you hold the key to your own cell.” If you comply, the punishment stops. But hold out long enough and your contempt may be criminal, and your compliance will not end the jail sentence or displace the fine.

With these powers, the FISA court could dismantle a stubborn e-mail service provider, or Facebook, piece by piece. An angry FISA court could demand increasingly severe fines, identify more and more officers for jail time, and make it impossible for Facebook to operate within the United States by issuing more (and more invasive) warrants. In this scenario, the FISA court would order Mark Zuckerberg, hoodie and all, to walk down the hallway to the FISA court’s reportedly unmarked door and explain whether he would coöperate. If he refused to comply, the court could jail him—and then pressure Sheryl Sandberg, and on down the line. Aside from the risk of the public finding out its surveillance methods, the court would only be limited by its willingness to violate the privacy of Facebook’s users, and inflict pain on shareholders, who would not have received the usual disclosures about the company’s books. (In an HSBC money-laundering case, for instance, afraid of harming the shareholders and destabilizing the financial system, the government ultimately blinked, and settled outside of criminal proceedings.)

Because FISA proceedings are secret, there are only a few examples of dissent. In 2004, the Internet service provider Calyx was served with a national-security letter. The letter came with a gag order, which Calyx’s owner, Nicholas Merrill, succeeded in getting partially lifted—after more than six years of litigation. In the meantime, Calyx shut down, with the goal of one day reopening as a nonprofit Internet service provider focussed on privacy. In 2007, a former Qwest Communications International executive (appealing his conviction for insider trading) alleged that the government revoked opportunities for hundreds of millions of dollars of government contracts when Qwest objected to participating in a warrantless surveillance program. The government refused to comment on the executive’s allegations. And, finally, Yahoo resisted FISA orders in 2007 and 2008, according to published reports and Judge Walton’s letter to Leahy. But Yahoo ultimately buckled under the threat of contempt. In each case, the resisting company wanted to inform the public, but was initially denied.

Any one company rightly fears the FISA court’s ability to punish contempt. But the N.S.A.’s surveillance programs are impossible without robust coöperation from America’s telecommunications and Internet companies. Silicon Valley and the telecoms can’t press this leverage because meta-secrecy keeps the companies trapped in a prisoner’s dilemma. Microsoft doesn’t know if Google is heroically resisting. Tim Cook doesn’t know if Mark Zuckerberg has endured a secret jail sentence for freedom’s cause. No company wants to be the only one to disclose its coöperation with Prism and other programs, lest it appear to be weak on privacy and set itself at a competitive disadvantage. That’s why Google and other companies are petitioning for the right to disclose their participation. And, of course, nobody wants to be the first public company taken apart in contempt proceedings.

If Silicon Valley can coördinate its dissent, they stand a chance of moving the policy needle. For the government, meta-secrecy has the added benefit of deflecting the legitimacy that big business would bring to critics of the surveillance state; the few known public dissenters are painted as a rogue’s gallery of hackers, leakers, spies, and traitors. Depending on what he does next, Levison, a businessman in Texas, could join those ranks.

Levison’s statement provides few clues about what he might do. His mention of the Fourth Circuit Court of Appeals is a hint that he was ordered to do something—one of the only ways a case can go directly to a Court of Appeals is to challenge an agency order. A national-security letter is one such order, but there are at least two reasons to think Lavabit was ordered to participate in ongoing surveillance. First, the strategy of challenging national-security letters in the district courts has had some success—why deviate? Second, Levison described his decision as a choice between “becom[ing] complicit” and shutting down. One of the few publicly available national-security letters demands that a company not “disable, suspend, lock, cancel, or interrupt service” until the obligations of the letter are fulfilled. If Levison was ordered to give up Snowden’s encrypted data, refused, and then shut down the company, it’s unlikely he’d be going on the offensive in the Fourth Circuit. And while Lavabit’s encryption and privacy measures make brute force unattractive, the F.B.I. could have gotten a warrant to raid Lavabit and seize its hard drives or servers. Shutting down only mattered if Lavabit’s coöperation did.

There are already two theories as to what a FISA order against Lavabit may have looked like. First, FISA could have ordered Lavabit to insert spyware or build a back door for the N.S.A., as American and Canadian courts reportedly did to the encrypted e-mail service Hushmail, in 2007. Second, FISA could have ordered Lavabit to permit the N.S.A. to intercept users’ passwords. But the truth may never come out.

In a press conference on Friday, President Obama, in addition to pledging greater transparency surrounding the use of Section 215 of the Patriot Act, which the government invokes to gather telephone records, promised to work with Congress to improve the FISA court. He proposed to make its deliberations more transparent and more adversarial, so that FISA judges hear from advocates for both “security” and “liberty.” Most important, he committed to establishing public trust in “the whole elephant” of America’s surveillance programs. That will require open debate—something this Administration has not guaranteed thus far.
http://www.newyorker.com/online/blog...r-secrets.html





Lavabit's Ladar Levison: 'If You Knew What I Know About Email, You Might Not Use It'
Kashmir Hill

Ladar Levison, 32, has spent ten years building encrypted email service Lavabit, attracting over 410,000 users. When NSA whistleblower Edward Snowden was revealed to be one of those users in July, Dallas-based Lavabit got a surge of new customers: $12,000 worth of paid subscribers, triple his usual monthly sign-up. On Thursday, though, Levison pulled the plug on his company, posting a cryptic message about a government investigation that would force him to “become complicit in crimes against the American people” were he to stay in business. Many people have speculated that the investigation concerned the government trying to get access to the email of Edward Snowden, who has been charged with espionage. There are legal restrictions which prevent Levison from being more specific about a protest of government methods that has forced him to shutter his company, an unprecedented move.

“This is about protecting all of our users, not just one in particular. It’s not my place to decide whether an investigation is just, but the government has the legal authority to force you to do things you’re uncomfortable with,” said Levison in a phone call on Friday. “The fact that I can’t talk about this is as big a problem as what they asked me to do.”

Levison’s lawyer, Jesse Binnall, who is based in Northern Virginia — the court district where Levison needed representation — added that it’s “ridiculous” that Levison has to so carefully parse what he says about the government inquiry. “In America, we’re not supposed to have to worry about watching our words like this when we’re talking to the press,” Binnall said.

“As a Dallas company, we weren’t really equipped to respond to this inquiry. The government knew that,” said Levison, who drew parallels with the prosecutorial bullying of Aaron Swartz. “The same kinds of things have happened to me. The government tried to bully me, and [my lawyer] has been instrumental in protecting me, but it’s amazing the lengths they’ve gone to to accomplish their goals.”

Hours after Lavabit announced its shutdown, encryption app Silent Circle said it was preemptively shutting down its email service. Silent Circle founder Phil Zimmermann, who created email encryption software PGP, said the company deleted all of its customers’ existing email when it did that. “We’ll try to do something nice for them to numb the pain,” he said. The thinking being that it’s not obstruction of justice if you do it before justice comes calling?

Levison plans to appeal the government’s request from him in the Fourth Circuit and has asked supporters to donate to his legal fund. As of Thursday night, hours after making the request, he had received $40,000. (Update, 8/10/13: As of Saturday morning, Lavabit’s legal defense fund is closing in on $90,000.)

Lavabit was created in 2004, in response to the Patriot Act, says Levison. He and friends from Southern Methodist University decided to create an email service by geeks for geeks. Levison was concerned that the FBI could send a company a national security letter (NSL) that would force them to turn over information about a customer without going through a court first. “I wanted to put myself in the position of not having information to turn over,” he said. “I didn’t want to be put in the position of compromising people’s privacy without due process.”

Levison isn’t an privacy absolutist. He has cooperated in the past with government investigations. He says he’s received “two dozen” requests over the last ten years, and in cases where he had information, he would turn over what he had. Sometimes he had nothing; messages deleted from his service are deleted permanently.

“I’m not trying to protect people from law enforcement,” he said. “If information is unencrypted and law enforcement has a court order, I hand it over.”

In this case, it is the government’s method that bothers him. “The methods being used to conduct those investigations should not be secret,” he said.

I asked Levison how his service works. He says his customers’ encrypted data is secured with a public key and private key, and that the private key is protected by a password. He doesn’t have the technological capability to decrypt his customer’s data but if someone could intercept the communication between the Lavabit’s Dallas-based servers and a user, they could get the user’s password and then use that to decrypt their data.

Lavabit has 40,000 people logging in every day and sending 1.4 million messages per week. Levison has just one full-time employee — a grad student based in Europe. “I couldn’t talk to him about shutting down because the same legal restriction that applies to our conversation applies with him,” said Levison.

“Some people have suggested moving the service overseas,” said Levison. “Even if I found somewhere secure overseas, it would be hard logistically. My life is here in the States. It would be hard for me to move to another city let alone another country.”

He says he’ll only start operating again if his case sets a precedent. “It needs to be clear that the government can’t do what they’re trying to do,” said Levison. “Otherwise the same request is going to come right back at us. Other big names aren’t able to shut down in protest. I’m one person without a bunch of employees to support. If we win, we win for everyone.”

He says that win would be important for other U.S. businesses. “If there were surveillance bugs in all products coming out of China, would you buy those products?” he asks.

If the shutdown is a permanent one, Levison would be walking away from $50,000 to $100,000 in annual revenue, his primary source of income. He also walked away from his personal email address, which was shut down along with all the other Lavabit accounts.
“I’m taking a break from email,” said Levison. “If you knew what I know about email, you might not use it either.”
http://www.forbes.com/sites/kashmirh...ht-not-use-it/





DEF CON: 30 Percent Of Mobile Malware Made By 10 Russian Firms

Russian mobile malware factories working with thousands of affiliates to exploit Android users
Tom Brewster

Almost a third of all mobile malware is made by just 10 organisations operating out of Russia, a security company has claimed.

These “malware HQs” are pumping out nasty toll fraud apps, largely aimed at Android users, which force the user to call premium rate numbers, said Lookout Mobile Security.

It followed the money all the way back to these ten organisations, discovering thousands of affiliate marketers are also profiting from the scheme, helping spread the malware by setting up websites designed to trick users into downloading seemingly legitimate apps.

These affiliates, who can make up to $12,000 a month, are heavy users of Twitter too. Lookout looked at 500,000 unique Twitter handles it believed were involved in spreading mobile malware, 247,863 of which were linking directly to malicious kit from the micro-blogging platform.

Mobile malware crackdown

“We are not too fond of their activity,” co-founder and CTO of Lookout, Kevin Mahaffey, told TechWeekEurope earlier this week, ahead of the report’s release at the DEF CON 21 conference in Las Vegas.

“We cannot comment on ongoing investigations with law enforcement. But we are very motivated to get them to stop.”

Ryan Smith, senior security engineer at Lookout, said the malware HQs had gone to great lengths to obfuscate and encrypt their code to make detection tricky. Yet many advertise in the most brazen of ways on the public Internet, as seen in the images below:

These malware factories pump out the tools that let the affiliates create custom malware to their liking, meaning they don’t require much technical nous. The main skill they require is web development and a knack for phishing, creating pages that look like the Google Play market itself, or ones that link to updates for popular software, like Skype or Opera:

The next step is to organise massive advertising campaigns over Twitter, getting users to download the app, which starts sending texts without the users’ permission to premium rate numbers. The affiliates take the money, some of which gets invested into more malware.

Whilst Lookout isn’t divulging the names or whereabouts of the original malware sellers, other than saying they’re based in Russia, it continues to monitor the operation, which it has called Dragon Lady. “We have cast a wider net around these organisations,” Smith added. “We are monitoring domains used by the affiliates and malware HQs.”
http://www.techweekeurope.co.uk/news...sations-123671





NSA Revelations Could Hurt Collaboration with 'Betrayed' Hackers
Joseph Menn

The U.S. government's efforts to recruit talented hackers could suffer from the recent revelations about its vast domestic surveillance programs, as many private researchers express disillusionment with the National Security Agency.

Though hackers tend to be anti-establishment by nature, the NSA and other intelligence agencies had made major inroads in recent years in hiring some of the best and brightest, and paying for information on software flaws that help them gain access to target computers and phones.

Much of that goodwill has been erased after the NSA's classified programs to monitor phone records and Internet activity were exposed by former NSA contractor Edward Snowden, according to prominent hackers and cyber experts.

A turn in the community's sentiment was on show at two major security conventions in Las Vegas this week: Black Hat, which attracts more established cyber professionals, and Def Con, which gets a larger gathering of younger, more independent hackers.

"We've gone backwards about 10 years in the relations between the good guys and the U.S. government," said Alex Stamos, a veteran security researcher who was to give a Def Con talk on Saturday on the need to revisit industry ethics.

Stamos has willingly briefed FBI and NSA officials on his work in the past, but said that he would now want their questions in writing and he would bring a lawyer to any meeting.

With top intelligence officials warning in March that cyber attacks and cyber espionage have supplanted terrorism as the top security threat facing the United States, the administration is trying to boost security in critical infrastructure and the military is vastly increasing its ranks of computer specialists.

The NSA, working with the Department of Homeland Security, has been lending more of its expertise to protect defense contractors, banks, utilities and other industries that are being spied upon or attacked by rival nations.

These efforts rely on recruiting talented hackers and working with professionals in the private sector.

Some security experts remain supportive of the government. NSA Director Keith Alexander's talk at the Black Hat conference was well received on Wednesday, despite a few hecklers.

But at the larger and less expensive Def Con, where attendance is expected to top last year's 15,000, conference founder and government advisor Jeff Moss asked federal agents to stay away.

Moss last year brought Alexander as a keynote speaker to woo the hacking community. But he said the relationship between hackers and the government has worsened since then.

"I haven't seen this level or sort of animosity since the 90s," Moss said in an interview. "If you aren't going to say anything in these circumstances, then you never are."

VILLAIN OR HERO

The NSA's surveillance programs target foreigners outside the United States who pose potential threats to U.S. security or who can provide intelligence for foreign policies. But the secret projects also scooped up huge amounts of American data, according to documents leaked by Snowden, triggering sharp criticism from many lawmakers and civil liberties advocates.

"A lot of people feel betrayed by it," said HD Moore, an executive at security firm Rapid 7, though he said he would continue to brief the NSA on software flaws that the agency uses for both offensive and defensive cyber activities. "What bothers me is the hypocritical bit - we demonize China when we've been doing these things and probably worse."

Alexander took a conciliatory tone during his Black Hat speech, defending the NSA but saying he looked forward to a discussion about how it could do things better.

Black Hat attracts professionals whose companies pay thousands of dollars for them to attend. Def Con costs $180 and features many of the same speakers.

At Black Hat, a casual polling station at a vendor's exhibition booth asking whether Snowden was a villain or a hero produced a dead heat: 138 to 138. European attendees were especially prone to vote for hero, the vendor said.

Def Con would have been much rougher on Alexander, judging by interviews there and the reception given speakers who touched on Snowden and other government topics.

Christopher Soghoian, an American Civil Liberties Union technologist, drew applause from hundreds of attendees when he said the ACLU had been the first to sue the NSA after one of the spy programs was revealed.

Peiter Zatko, a hacker hero who funded many small projects from a just-departed post at the Pentagon's Defense Advanced Research Projects Agency, told another large audience that he was unhappy with the surveillance programs and that "challenging the government is your patriotic duty."

The disenchanted give multiple reasons, citing previous misleading statements about domestic surveillance, the government's efforts to force companies to decrypt user communications, and the harm to U.S. businesses overseas.

"I don't think anyone should believe anything they tell us," former NSA hacker Charlie Miller said of top intelligence officials. "I wouldn't work there anymore."

Stamos and Moss said the U.S. government is tilting too much toward offense in cyberspace, using secret vulnerabilities that their targets can then discover and wield against others.

Closest to home for many hackers are the government's aggressive prosecutions under the Computer Fraud and Abuse Act, which has been used against Internet activist Aaron Swartz, who committed suicide in January, and U.S. soldier Bradley Manning, who leaked classified files to anti-secrecy website WikiLeaks.

A letter circulating at Def Con and signed by some of the most prominent academics in computer security said the law was chilling research in the public interest by allowing prosecutors and victim companies to argue that violations of electronic "terms of service" constitute unauthorized intrusions.

Researchers who have found important flaws in electronic voting machines and medical devices did so without authorization, the letter says.

If there is any silver lining, Moss said, it is that before Snowden's leaks, it had been impossible to have an informed discussion about how to balance security and civil liberties without real knowledge of government practices.

"The debate is just starting," he said. "Maybe we can be a template for other democracies."

(Reporting by Joseph Menn in Las Vegas; Editing by Tiffany Wu and Vicki Allen)
http://www.reuters.com/article/2013/...9720A020130803





The Public-Private Surveillance Partnership
Bruce Schneier

Imagine the government passed a law requiring all citizens to carry a tracking device. Such a law would immediately be found unconstitutional. Yet we all carry mobile phones.

If the National Security Agency required us to notify it whenever we made a new friend, the nation would rebel. Yet we notify Facebook Inc. (FB) If the Federal Bureau of Investigation demanded copies of all our conversations and correspondence, it would be laughed at. Yet we provide copies of our e-mail to Google Inc. (GOOG), Microsoft Corp. (MSFT) or whoever our mail host is; we provide copies of our text messages to Verizon Communications Inc. (VZ), AT&T Inc. (T) and Sprint Corp. (S); and we provide copies of other conversations to Twitter Inc., Facebook, LinkedIn (LNKD) Corp. or whatever other site is hosting them.

The primary business model of the Internet is built on mass surveillance, and our government’s intelligence-gathering agencies have become addicted to that data. Understanding how we got here is critical to understanding how we undo the damage.

Computers and networks inherently produce data, and our constant interactions with them allow corporations to collect an enormous amount of intensely personal data about us as we go about our daily lives. Sometimes we produce this data inadvertently simply by using our phones, credit cards, computers and other devices. Sometimes we give corporations this data directly on Google, Facebook, Apple Inc.’s iCloud and so on in exchange for whatever free or cheap service we receive from the Internet in return.

The NSA is also in the business of spying on everyone, and it has realized it’s far easier to collect all the data from these corporations rather than from us directly. In some cases, the NSA asks for this data nicely. In other cases, it makes use of subtle threats or overt pressure. If that doesn’t work, it uses tools like national security letters.
The Partnership

The result is a corporate-government surveillance partnership, one that allows both the government and corporations to get away with things they couldn’t otherwise.

There are two types of laws in the U.S., each designed to constrain a different type of power: constitutional law, which places limitations on government, and regulatory law, which constrains corporations. Historically, these two areas have largely remained separate, but today each group has learned how to use the other’s laws to bypass their own restrictions. The government uses corporations to get around its limits, and corporations use the government to get around their limits.

This partnership manifests itself in various ways. The government uses corporations to circumvent its prohibitions against eavesdropping domestically on its citizens. Corporations rely on the government to ensure that they have unfettered use of the data they collect.

Here’s an example: It would be reasonable for our government to debate the circumstances under which corporations can collect and use our data, and to provide for protections against misuse. But if the government is using that very data for its own surveillance purposes, it has an incentive to oppose any laws to limit data collection. And because corporations see no need to give consumers any choice in this matter -- because it would only reduce their profits -- the market isn’t going to protect consumers, either.

Our elected officials are often supported, endorsed and funded by these corporations as well, setting up an incestuous relationship between corporations, lawmakers and the intelligence community.

The losers are us, the people, who are left with no one to stand up for our interests. Our elected government, which is supposed to be responsible to us, is not. And corporations, which in a market economy are supposed to be responsive to our needs, are not. What we have now is death to privacy -- and that’s very dangerous to democracy and liberty.
Challenging Power

The simple answer is to blame consumers, who shouldn’t use mobile phones, credit cards, banks or the Internet if they don’t want to be tracked. But that argument deliberately ignores the reality of today’s world. Everything we do involves computers, even if we’re not using them directly. And by their nature, computers produce tracking data. We can’t go back to a world where we don’t use computers, the Internet or social networking. We have no choice but to share our personal information with these corporations, because that’s how our world works today.

Curbing the power of the corporate-private surveillance partnership requires limitations on both what corporations can do with the data we choose to give them and restrictions on how and when the government can demand access to that data. Because both of these changes go against the interests of corporations and the government, we have to demand them as citizens and voters. We can lobby our government to operate more transparently -- disclosing the opinions of the Foreign Intelligence Surveillance Court would be a good start -- and hold our lawmakers accountable when it doesn’t. But it’s not going to be easy. There are strong interests doing their best to ensure that the steady stream of data keeps flowing.
http://www.bloomberg.com/news/2013-0...rtnership.html





Former NSA Chief Warns of Cyber-Terror Attacks if Snowden Apprehended

Michael Hayden, who also headed the CIA, speculates on global hacker response if Edward Snowden brought back to US
Spencer Ackerman

Michael Hayden, former director of the NSA, speaks about the electric grid cyber security initiative in Washington. Photograph: Mark Wilson/Getty Images

The former director of the National Security Agency and the CIA speculated on Tuesday that hackers and transparency groups were likely to respond with cyber-terror attacks if the United States government apprehends whistleblower Edward Snowden.

"If and when our government grabs Edward Snowden, and brings him back here to the United States for trial, what does this group do?" said retired air force general Michael Hayden, who from 1999 to 2009 ran the NSA and then the CIA, referring to "nihilists, anarchists, activists, Lulzsec, Anonymous, twentysomethings who haven't talked to the opposite sex in five or six years".

"They may want to come after the US government, but frankly, you know, the dot-mil stuff is about the hardest target in the United States," Hayden said, using a shorthand for US military networks. "So if they can't create great harm to dot-mil, who are they going after? Who for them are the World Trade Centers? The World Trade Centers, as they were for al-Qaida."

Hayden provided his speculation during a speech on cybersecurity to a Washington group, the Bipartisan Policy Center, in which he confessed to being deliberately provocative.

Under Hayden, the NSA began to collect, among other things, the phone records and internet data of Americans without warrants after 9/11, a drastic departure from its traditional mission of collecting foreign intelligence. A variety of technically sophisticated collection and analysis programs, codenamed Stellar Wind, were the genesis of several of the NSA efforts that Snowden disclosed to the Guardian and the Washington Post.

Hayden said that the loose coalition of hacker groups and activists were "less capable" of inflicting actual harm on either US networks or physical infrastructure, but they grow technologically more sophisticated. Echoing years of rhetoric that has described terrorists, Hayden added that their "demands may be unsatisfiable".

Snowden recently received temporary asylum from Russia, allowing the former NSA contractor to leave the Sheremetyevo airport on Thursday, an act of defiance by Moscow toward the Obama administration.

Asked what he expected a potential cyber-terrorist attack related to Snowden to look like, Hayden clarified that he was being "entirely speculative, not predictive".

"I'm just trying to illustrate that you've got a group of people out there who make demands, whose demands may not be satisfiable, may not be rational, from other points of view, may not be the kinds of things that government can accommodate," Hayden said.

"But certainly Mr Snowden has created quite a stir among those folks who are very committed to transparency and global transparency and the global web, kind of ungoverned and free. And I don't know that there's a logic between trying to [punish] America or American institutions for his arrest, but I hold out the possibility. I can sit here and imagine circumstances and scenarios, but they're nothing more than imaginative."
http://www.theguardian.com/technolog...rorism-snowden





US Should Leave Edward Snowden Alone

More than 150 civil society organisations from around the globe are asking President Barack Obama to end the prosecution of Edward Snowden (Activists stage second national day of protest against NSA's domestic spying, 4 August).

Human rights, digital rights and media freedom campaigners from the UK to Uruguay and from the US to Uganda have joined together to call on the US administration to acknowledge Snowden as a whistleblower. All of us ask that he is protected and not persecuted.

Snowden's disclosures have triggered a much-needed public debate about mass surveillance online everywhere. Thanks to him, we have learned the extent to which our online lives are systematically monitored by governments, without transparency, accountability or safeguards from abuse.

Rather than address this gross abuse, the US government has chosen to shoot the messenger. It has revoked his passport and obstructed his search for asylum. European governments have been quick to help.

The knock-on effect will be to encourage others to follow by example. States that have even less regard for their citizens will justify attacks on those who put themselves at significant risk to expose wrongdoing and corruption or raise matters of serious public concern.

We urge President Obama to protect Snowden and other whistleblowers like him. We ask that the president initiate a full, public investigation into the legality of the National Security Agency's actions. Perhaps, then, David Cameron might consider doing the same over allegations concerning GCHQ.

Dr Agnes Callamard
Executive director, Article 19, on behalf of more than 150 global organizations
http://www.theguardian.com/world/201...-snowden-alone





Russia's Mark Zuckerberg Offers Edward Snowden a Job
Chris Boyette

Just as Edward Snowden got out of the Moscow airport, he landed a job offer.

Russia granted temporary asylum on Thursday to the infamous former contractor for the National Security Agency. On the same day, Pavel Durov, CEO of the social network VKontakte, offered Snowden a job as a security software developer. The St. Petersburg-based company is a popular Facebook alternative in Eastern Europe, with 100 million active users.

"I invite Edward to St. Petersburg and will be happy if he decides to join up a stellar team of programmers at VK," Durov wrote on his VKontakte profile page. "I believe Edward would be interested in working on protecting personal data of millions of users."

Durov, 28, is often referred to as Russia's Mark Zuckerberg by the Western media.

Snowden has not publicly said whether he is interested in Durov's offer, and his location has been kept secret for security reasons, according to his Russian lawyer, Anatoly Kucherena.

Snowden's high-profile leak led him into a high-stakes global dispute over his freedom for almost two months, during which time he'd been in limbo at Moscow's airport. He also thrust the world into a debate about government surveillance.

Durov expressed pride in Russia's decision to grant Snowden asylum.

"In such moments one feels pride with our country and regret over the course taken by United States -- a country betraying the principles it was once built on," he said.

An opinion survey conducted by Russian news agency RIA Novosti shows 51% of Russians back Snowden's decision to leak the NSA information, and 43% were in favor of Russia granting him asylum, according to the Levada Center poll.

President Obama and Russian President Vladimir Putin are still on track to hold a meeting in Washington this week in preparation for the G-20 summit, according to a U.S. official.
http://money.cnn.com/2013/08/05/tech...den-vkontakte/




Bradley Manning and "Hacker Madness" Scare Tactic
Cindy Cohn

US Army private Bradley Manning was convicted on 19 counts, including charges under the Espionage Act and the Computer Fraud and Abuse Act for leaking approximately 700,000 government documents to WikiLeaks.

While it was a relief that he was not convicted of the worst charge, "aiding the enemy", the verdict remains deeply troubling and could potentially result in a sentence of life in prison.

We will likely have a deeper analysis of the verdict later, but two things stand out as particularly relevant to – and especially frightening for – folks who love the internet and use digital tools.

First, the decision continues a trend of government prosecutions that use familiarity with digital tools and knowledge of computers as a scare tactic and a basis for obtaining grossly disproportionate and unfair punishments, strategies enabled by broad, vague laws like the CFAA and the Espionage Act. Let's call this the "hacker madness" strategy. Using it, the prosecution portrays actions taken by someone using a computer as more dangerous or scary than they actually are by highlighting the digital tools used to a nontechnical or even technophobic judge.

In the Manning case, the prosecution used Manning's use of a standard, more than 15-year-old Unix program called Wget to collect information, as if it were a dark and nefarious technique. Of course, anyone who has ever called up this utility on a Unix machine, which at this point is likely millions of ordinary Americans, knows that this program is no more scary or spectacular (and far less powerful) than a simple Google search. Yet the court apparently didn't know this and seemed swayed by it.

We've seen this trick before. In a case that we at the Electronic Frontier Foundation handled in 2009, Boston College police used the fact that our client worked on a Linux operating system with "a black screen with white font" as part of a basis for a search warrant. Luckily the Massachusetts Supreme Court tossed out the warrant after EFF got involved, but who knows what would have happened had we not been there. And happily, Oracle got a big surprise when it tried a similar trick in Oracle v. Google and discovered that the judge was a programmer who sharply called them on it.

But law enforcement keeps using this technique, likely based on a calculation that most judges aren't as technical as ordinary Americans, may even be afraid of technology, and can be swayed by the ominous use of technical jargon and techniques – playing to media stereotypes of evil computer geniuses. Indeed the CFAA itself apparently was a response to President Ronald Reagan's fears after watching the completely fictional movie War Games.

Second, while the court did not convict on the "aiding the enemy" charge, the government's argument – that publishing something to the general public on the internet can count as "aiding the enemy" – has strong digital overtones. The "aiding the enemy" charge is a breathtakingly broad military charge never before used against a leaker to the press.

It is shocking that the government would even make this argument and that the judge didn't dismiss it outright. The prosecution argued that even if Manning never intended to aid the enemy, and even though the government did not need to prove the information published by WikiLeaks ever harmed the United States, the mere fact it ended up on the internet means he is guilty of a capital crime.

This argument wasn't actually confined to WikiLeaks – the government admitted during the trial that its claims would apply equally to The New York Times or other traditional media. But the reason this argument wasn't laughed out of court, we suspect, is the digital environment. After all, Adolf Hitler certainly had access to American newspapers, as did Joseph Stalin, Fidel Castro, Mao Zedong, Ho Chi Minh, or any other past enemy of America. The court tried to dress it up a bit, noting that Manning "trained in intelligence and received training on the fact that that enemy uses the internet to collect information about the United States", as if this is something that only someone with specialised "internet training" would know.

But of course it's not. Everyone (at least everyone who regularly uses the internet) knows that the internet is used by good people and bad people all over the world and that anything published is, well, published and available to all. This is a feature of the Internet, not a bug, yet here it played into distorting the "aiding the enemy" crime out of all proportion and may have played a role in the five other counts under Espionage Act claims that he was convicted of.

Even without this claim, Manning still faces life imprisonment – no member of the press or public interested in more transparency about how our military works (or doesn't work) should rest easy with this verdict.

Manning will appeal, of course. And in the long run, these tactics will likely stop working as more people become familiar with technologies. In the meantime, real harm to real people happens through overreaction, over-prosecution, and over-penalisation. And the harm also occurs to the public, which becomes less informed about governmental misconduct at home and abroad.

Here's hoping the military appellate court has a programmer or two on it and can see through the scare tactics and technophobia that the prosecution has been doling out. But we're not holding our breath.
http://www.newscientist.com/article/...re-tactic.html





The Free Web Program That Got Bradley Manning Convicted of Computer Fraud
Max Fisher

One of the charges for which a military court found Army Pfc. Bradley Manning guilty on Tuesday is computer fraud, which carries a maximum sentence of 10 years. But the nature of that conviction might surprise people who haven’t been following the case closely: it all comes down to a simple little Web program that dates back to 1996.

Wget is a free, open-source program so basic that it can be run from the Web or from a file that’s about half the size of an MP3 file. What it does is so simple that most Web users today wouldn’t even realize this could require a separate program: It downloads files. It doesn’t break into password-protected servers, secretly transmit data or steal the latest Kanye West album. The program’s name is a combination of “World Wide Web” and “get,” as in you use it to get files from the Internet. Its function is roughly equivalent to right-clicking something on your Web browser and then hitting “save to desktop.”

Investigators found that, when Manning downloaded vast numbers of U.S. diplomatic cables and other files from the computer network he regularly accessed for his Army intelligence job, he’d used wget to do it. This doesn’t mean he used wget to hack into the system – Manning already had access to the files. It means that he used this tool to download the files more efficiently. Illegally taking and distributing the files are covered under separate charges.

How does using wget qualify as computer fraud? U.S. prosecutors pointed out that wget was not on the list of “approved” programs for use in facility where Manning worked. They argued that, although Manning was allowed to access the files, using an unauthorized program to do it amounted to a digital “trespass” and thus computer fraud. They also used the fact that wget was not permitted on Manning’s computer as further evidence that using it amounted to illegal computer access.

The defense tried to get this charge dismissed two weeks ago, noting that Manning hadn’t stolen passwords or bypassed digital firewalls to access the documents and thus had not committed computer fraud. The judge, Col. Denise Lind, declined to throw out the charge.

That Manning was convicted of computer fraud seems to suggest that using wget on a U.S. government computer to download large numbers of files can be considered the digital equivalent of trespassing – even if it’s on turf you’re otherwise allowed to access.
http://www.washingtonpost.com/blogs/...omputer-fraud/





Latvia Blocking Extradition of Gozi Writer Thanks to "Disproportionate" US Sentencing
John Hawes

One of three men indicted in the US earlier this year in connection with the Gozi banking trojan remains in his native Latvia, after courts there twice blocked US requests for extradition.

The Latvian foreign minister has added his weight to the battle to resist the extradition, arguing that the potential 67 year prison sentence cited in the indictment is "disproportionate" to the crime the man is accused of.

27-year-old Deniss Čalovskis is named in the January 2013 indictment, along with Russian Nikita Kuzmin, already held in the US, and Romanian national Mihai Ionut Paunescu, also currently fighting extradition.

The trio are charged with running a crime syndicate using the Gozi malware in a campaign compared to a "modern-day bank robbery ring", which may have infected over 1 million PCs worldwide, with as many as 40,000 in the US hit by the malware.

Gozi used HTML injection to doctor banking web pages and harvest login data, which was then used to siphon off funds. The botnet of compromised systems could be hired out and attacks tuned to target specific banks or user groups. Čalovskis is thought to have been the technical expert creating the HTML injection code.

All three men are accused of a range of conspiracy charges in the US, with the potential sentences ranging from 60 years for suspected Romanian hosting organiser Paunescu, through Čalovskis' 67 years to a massive 95 years for alleged chief arranger Kuzmin, should he be found guilty and receive the maximum sentence for all charges.

These numbers are of course the maximum possible sentences, actual jail terms are extremely unlikely to come anywhere close to these figures. However, the exorbitant numbers have been enough to delay and possibly prevent extradition.

Prison sentences in the US are extremely high, as are all figures connected to the US' sprawling corrections industry.

Over two million people are behind bars in the USA and close to 3% of the population is either locked up, on parole or on probation. The turnover of the prison system runs into many billions of dollars and the long-standing use of cheap prison labour has added billions to the output of several major US companies.

The sharp increase in prison population over the last 30 years or so has been fed by ever-stricter sentencing, heavily influenced by the "war on drugs" and the "three strikes" rule, to the extent that sentencing structures are now well out of line with the rest of the civilized world.

Cybercrime is a global problem that requires worldwide co-operation and collaboration by diverse justice and law enforcement agencies.

With the bad guys operating in cross-national and even inter-continental teams, coordinated global scoops are needed to round up crooks detected by complex international, inter-agency investigations.

Once the perps are all safely in custody they need to be brought to book under somebody's jurisdiction. In most cases this involves an extradition process.

As most countries' extradition rules prevent the deportation of citizens to countries where they might face penalties that local judges would find insane, the US risks upsetting the delicate balance required to ensure these worldwide prosecutions can be effectively completed.

I have no problem with tough sentences for cybercriminals, but they should remain within the bounds of sanity.

Threatening crazily hefty punishments may seem like a way to create a strong deterrent against new starters joining the malware underworld. They will fail to provide that deterrent, though, if they are seen to be no more than empty threats which cannot be enforced.
http://nakedsecurity.sophos.com/2013...us-sentencing/





Goldman Sachs Sent a Brilliant Computer Scientist to Jail Over 8MB of Open Source Code Uploaded to an SVN
Garry Tan

In 2009, a brilliant software engineer Sergey Aleynikov was arrested by the FBI at Newark Liberty International Airport. The allegation? He stole Goldman Sachs source code, about 8 megabytes of it. But it wasn't purely GS code — It was open source code mixed with Goldman Sachs proprietary code. If anything, if the source code was LGPL or a similar license (common among open source projects), Goldman Sachs was actually supposed to release this code back out to the community. (edit: Clarification, if the code is distributed, it must be released back. Not required legally in this case.)

In Vanity Fair, Michael Lewis writes:

Serge quickly discovered, to his surprise, that Goldman had a one-way relationship with open source. They took huge amounts of free software off the Web, but they did not return it after he had modified it, even when his modifications were very slight and of general rather than financial use. “Once I took some open-source components, repackaged them to come up with a component that was not even used at Goldman Sachs,” he says. “It was basically a way to make two computers look like one, so if one went down the other could jump in and perform the task.” He described the pleasure of his innovation this way: “It created something out of chaos. When you create something out of chaos, essentially, you reduce the entropy in the world.” He went to his boss, a fellow named Adam Schlesinger, and asked if he could release it back into open source, as was his inclination. “He said it was now Goldman’s property,” recalls Serge. “He was quite tense. When I mentioned it, it was very close to bonus time. And he didn’t want any disturbances.”

Open source was an idea that depended on collaboration and sharing, and Serge had a long history of contributing to it. He didn’t fully understand how Goldman could think it was O.K. to benefit so greatly from the work of others and then behave so selfishly toward them. “You don’t create intellectual property,” he said. “You create a program that does something.” But from then on, on instructions from Schlesinger, he treated everything on Goldman Sachs’s servers, even if it had just been transferred there from open source, as Goldman Sachs’s property. (At Serge’s trial Kevin Marino, his lawyer, flashed two pages of computer code: the original, with its open-source license on top, and a replica, with the open-source license stripped off and replaced by the Goldman Sachs license.)


Aleynikov decided to take another job, but in the meantime he stayed on at Goldman to help out. That's where it got sticky for him:

He agreed to hang around for six weeks and teach other Goldman people everything he knew, so they could continue to find and fix the broken bands in their gigantic rubber ball. Four times in the course of those last weeks he mailed himself source code he was working on. (He’d later be accused of sending himself 32 megabytes of code, but what he sent was essentially the same 8 megabytes of code four times over.) The files contained a lot of open-source code he had worked with, and modified, over the past two years, mingled together with code that wasn’t open source but proprietary to Goldman Sachs. As he would later try and fail to explain to an F.B.I. agent, he hoped to disentangle the one from the other, in case he needed to remind himself how he had done what he had done with the open-source code, in the event he might need to do it again. He sent these files the same way he had sent himself files nearly every week, since his first month on the job at Goldman. “No one had ever said a word to me about it,” he says. He pulled up his browser and typed into it the words: Free Subversion Repository. Up popped a list of places that stored code, for free, and in a convenient fashion. He clicked the first link on the list. The entire process took about eight seconds. And then he did what he had always done since he first started programming computers: he deleted his bash history. To access the computer he was required to type his password. If he didn’t delete his bash history, his password would be there to see, for anyone who had access to the system.

...
The story the F.B.I. found so unconvincing—that Serge had taken the files because he thought he might later like to parse the open-source code contained within—made complete sense to the new jurors. As Goldman hadn’t permitted him to release his debugged or improved code back to the public—possibly in violation of the original free licenses, which often stated that improvements must be publicly shared—the only way to get his hands on these was to take the Goldman code. That he had taken, in the bargain, some code that wasn’t open source, which happened to be contained in the same files as the open-source code, surprised no one. Grabbing a bunch of files that contained both open-source and non-open-source code was an efficient, quick, and dirty way to collect the open-source code, even if the open-source code was the only part that interested him.


And so this case is disturbing to me, because a software engineer like any of us is assailed by one of the more infamous financial institutions in the world. He violated confidentiality, but 8 years of jail, really? He's spent 11 months in prison already. He didn't steal the crown jewels or the secret sauce— his acquittal was on the basis that the code saved to SVN wasn't the proprietary trading strategies at all, and it was extensions to open source software that he wrote himself.

Yet Goldman Sachs pursued criminal charges against him anyway. And continues to pursue him.

I'd love to know what specific pieces of software they were. Software engineers would be able to tell what was kosher and what was not. It scares me that a jury of non software engineers (truly, not a jury of Aleynikov's peers) will likely be responsible for deciding his fate.

Serge was acquitted via the 2nd Circuit Court of Appeals, and released in February of 2012. (photo above) He has since been re-arrested and is being tried by the state of New York. In the United States we have a thing called double jeopardy — you can't be tried for the same thing twice. Somehow that doesn't apply here. Not when Goldman is after you.

Sergey Aleynikov faces two felony counts in New York.

The full article by Michael Lewis is very much worth reading in the current issue of Vanity Fair now.
http://blog.garrytan.com/goldman-sac...to-an-svn-repo





LulzSec Hacker Gets Year in Prison for Sony Attack
Annie Youderian

A second member of the hacking group LulzSec was sentenced Thursday to one year and one day in federal prison for his role in a computer attack on Sony Pictures Entertainment.

Raynaldo Rivera, 21, of Chandler, Ariz., also must serve 13 months of home detention, perform 1,000 hours of community service and pay $605,663 in restitution.

Prosecutors said the 2011 attack compromised Sony's computer systems and resulted in the personal information of more than 138,000 people being posted online.

Rivera, known by the online moniker "neuron," pleaded guilty last October to conspiring to cause damage to a protected computer, according to the U.S. attorney.

LulzSec's purported goal in the attack, according to court documents, was to see the "raw, uninterrupted, chaotic thrill of entertainment and anarchy" and to provide stolen personal data "so that equally evil people can entertain us with what they do with it."

Rivera's sentence is almost identical to that of fellow LulzSec member Cody Andrew Kretsinger, known online as "recursion," who was sentenced in April to a year and day in prison.

Rivera and Kretsinger both studied at the University of Advancing Technology in Tempe, Ariz. Prosecutors said Kretsinger recruited Rivera to join LulzSec, known for its affiliation with the amorphous hacking collective Anonymous.

In 2011 LulzSec engaged in a "two-month rampage of cyber attacks against various corporate and government entities in the United States and the United Kingdom," prosecutors said in a sentencing memo.
http://www.courthousenews.com/2013/08/08/60130.htm





Math Advances Raise the Prospect of an Internet Security Crisis

Academic advances suggest that the encryption systems that secure online communications could be undermined in just a few years.
Tom Simonite

Why It Matters

Cryptographic schemes protect vast quantities of financial and personal information.


The encryption systems used to secure online bank accounts and keep critical communications private could be undone in just a few years, security researchers warned at the Black Hat conference in Las Vegas yesterday. Breakthroughs in math research made in the past six months could underpin practical, fast ways to decode encrypted data that’s considered unbreakable today.

Alex Stamos, chief technology officer of the online security company Artemis, led a presentation describing how he and three other security researchers studied recent publications from the insular world of academic cryptopgraphy research, which covers trends in attacking common encryption schemes.

“Our conclusion is there is a small but definite chance that RSA and classic Diffie-Hellman will not be usable for encryption purposes in four to five years,” said Stamos, referring to the two most commonly used encryption methods.

Any hints that those methods could be undermined must be taken seriously, said Stamos. They are used to protect banking, online commerce, and e-mail, as well as the mechanisms that ensure that updates downloaded by operating systems such as Windows and OSX are genuine. The result of the two encryption methods being broken would be, said Stamos, “a total failure of trust on the Internet.”

RSA and Diffie-Hellman encryption are both underpinned by a mathematical challenge known as the discrete logarithm problem. That problem is computationally difficult to solve, ensuring that encrypted data can only be decoded quickly with knowledge of the secret key used to encode it in the first place. Breaking RSA or Diffie-Hellman encryption today requires using vast computing resources for significant periods of time.

However, it is possible that algorithms able to solve the discrete logarithm problem quickly could exist. “We rely on that efficient algorithm not being found,” said Jarved Samuel, a cryptographer who works for security consultancy ISEC Partners and presented alongside Stamos. “If it is found the cryptosystem is broken.”

Earlier this year, French academic Antoine Joux published two papers that suggest such an algorithm could be found before long. “This is a big deal, since there was marginal progress for 25 years,” said Samuel. “This will spur researchers into looking more closely at the problem and most likely result in more progress.”

One reason to believe that progress will be swift, says Samuel, is that Joux’s advances weren’t based on inventing completely new techniques. Rather, he applied known tricks that hadn’t previously been used on this specific problem. Beating RSA encryption would take a little more additional work, Samuel notes, because it relies less directly on the discrete log problem than Diffie-Hellman encryption does.

However, Stamos believes that once a mathematician publishes a good enough technique, it would quickly be used in online attacks. “Joux or one of these guys could have a breakthrough, throw it onto the crypto mailing lists, and a practical implementation could be worked out in a day or two,” he said.

Philippe Courtot, CEO of security company Qualys, singled out Stamos’s presentation in a brief speech that opened the Black Hat conference on Wednesday. “The RSA protocol that is the foundation of security on the Internet is likely to be broken in the very near future,” he said, noting that while the computer security industry was underpinned by just a handful of key encryption schemes, “we are very slow at adapting them.”

Stamos called on the security industry to think about how to move away from Diffie-Hellman and RSA, and specifically to use an alternative known as elliptic curve cryptography (ECC), which is significantly younger but relies on more intractable mathematical challenges to secure encrypted data.

The U.S. National Security Agency has for years recommended ECC as the most reliable cryptographic protection available. In 2005 the agency released a toolkit called SuiteB featuring encryption algorithms to be used to protect government information. SuiteB makes use of ECC and eschews RSA and Diffie-Hellman. A classified encryption toolkit, SuiteA, is used internally by the NSA and is also believed to be based on ECC.

The Russian government has also moved away from RSA for sensitive data, and has declassified its own encryption toolkit that uses ECC. When Russia needed to renew the method for identifying .ru Web domains, it insisted that its ECC algorithms be used.

Implementations of ECC were pioneered and patented by a company called Certicom that is now a subsidiary of the phone manufacturer BlackBerry. Although the U.S. government has purchased licenses that allow the use of ECC by itself and its contractors, other companies that want to use ECC will need to make expensive deals with Certicom to avoid lawsuits. In 2007 Certicom sued Sony for using ECC in software for BlueRay DVDs without licensing its patents. Sony initially attempted to have some patents invalidated in court, before settling out of court in 2009.

Stamos called on BlackBerry to change its policy regarding the Certicom patents, suggesting it could allow open use of them for SuiteB-based systems using ECC, but still make significant revenue from other use cases. “There’s not a company in the world that has the opportunity that BlackBerry has right now,” he said, adding that if RSA and Diffie-Hellman were broken, the U.S. government would likely overturn Certicom’s patents in the national interest. “If the cryptopocalypse happens, those patents are not going to last.”

Some in the security community speculate that cryptographers at the NSA may have already figured out how to break many common encryption schemes. The sophisticated Flame malware discovered last year featured a completely new mathematical technique to defeat an encryption method used to verify some software updates as originating with Microsoft, allowing Flame to masquerade as legitimate software. Flame is presumed to have been created by a government, perhaps the United States, and Stamos joked that it originated with someone who had significant computing resources “in their basement, in Maryland,” the state where the NSA and many defense contractors are based.

However, Moxie Marlinspike, cofounder of Whisper Systems, which develops apps for encrypted calls and texts on smartphones, told MIT Technology Review in advance of Stamos’s talk that he believed the leading edge of cryptographic research remains mostly out in the open. “I don’t think they’re ahead of us,” he said, referring to the government. Federal pay scales, which are public, lag far behind those in the private sector, Marlinspike pointed out, something he believes keeps the best cryptographic talent in the private sector.
http://www.technologyreview.com/news...curity-crisis/





How Unique – and Trackable - is Your Browser?

Click here and see.

Courtesy EFF – Jack.





Wireless PEAP-MS-CHAPv2 Authentication Could Allow Information Disclosure

Microsoft is aware of a public report that describes a known weakness in the Wi-Fi authentication protocol known as PEAP-MS-CHAPv2 (Protected Extensible Authentication Protocol with Microsoft Challenge Handshake Authentication Protocol version 2), used by Windows Phones for WPA2 wireless authentication. In vulnerable scenarios, an attacker who successfully exploited this issue could achieve information disclosure against the targeted device. Microsoft is not currently aware of active attacks or of customer impact at this time. Microsoft is actively monitoring this situation to keep customers informed and to provide customer guidance as necessary.

To exploit this issue, an attacker controlled system could pose as a known Wi-Fi access point, causing the targeted device to automatically attempt to authenticate with the access point, and in turn allowing the attacker to intercept the victim's encrypted domain credentials. An attacker could then exploit cryptographic weaknesses in the PEAP-MS-CHAPv2 protocol to obtain the victim's domain credentials. Those credentials could then be re-used to authenticate the attacker to network resources, and the attacker could take any action that the user could take on that network resource.

Recommendation. Apply the suggested action to require a certificate verifying a wireless access point before starting an authentication process. Please see the Suggested Actions section of this advisory for more information.
http://technet.microsoft.com/en-us/s...visory/2876146





Backdoor Found in OpenX Ad Platform

Package compromised since 2012 permits remote hijack.
Darren Pauli

A backdoor has existed for up to nine months in a platform sold by OpenX, the self-described global leader of digital advertising which counts the New York Post, Coca Cola, Bloomberg and EA among its customers.

The backdoor was contained within the official OpenX package and recently removed.

It meant according to Sucuri researcher Daniel Cid that anyone who downloaded the product could have provided attackers "full access" to their web sites.

"That’s how serious it is," Cid said.

StopMalvertising researcher Kimberly obtained a copy of the compromised file dated September 2012.

She said the backdoor, first reported by Heise Security (German), exists in the zip, tgz and bz2 archives of the software.

"After examining openXVideoAds.zip, I was able to locate the PHP code in flowplayer-3.1.1.min.js, a file located in the plugins\deliveryLog\vastServeVideoPlayer\flowplayer\3.1.1 folder," she said.

"Server administrators can find out if they are running the OpenX version that contains the backdoor by searching for PHP tags inside .js files."

Users have warned administrators should be vigilant regarding potentially vulnerable installations of OpenX that their organisations have since disused.

OpenX have been contacted for comment and said they were aware of the reports but was not yet prepared to make a statement.

More to come.
http://www.scmagazine.com.au/News/35...-platform.aspx





MIT Researchers: Printable Keys Make Mechanical Locks Insecure
Jason Mick

Students show 3D printing can be used to copy "difficult to duplicate" designs with ease

"If we show that mechanical locks are vulnerable to key duplication just by having a handful of numbers you can download off the internet, hopefully they ‘ll be phased out more quickly... Either that or make 3D printers illegal," warns Eric Van Albert, a 21-year-old engineering student at the Massachusetts Institute of Technology (MIT) in an interview with Forbes, following his keynote at Def Con 21.

Along with fellow student and researcher David Lawrence, Mr. Van Albert showed off a software tool that used scans from a flatbed scanner of a highly advanced "secure" key design to create a 3D model of the key and then duplicate it via online printing services Shapeways (nylon; $5 USD) and i.Materialise (titanium: $150 USD).

The researchers focused their efforts on Schlage Lock Comp.'s flagship secure-key solution, dubbed Primus. Primus keys carry glaring "do not duplicate" message, which references Schlage's patent on its two-tracked toothed key design, U.S. Patent No. 5,808,858. The patent was filed in 1997 and granted in 1998. The keys are typically used by law enforcement, mental health institutions, and military detention centers; they are even personally recommended by famous lockpick expert Marc Weber Tobias who wrote the much-referenced 1970 textbook on security Locks, Safes, and Security.

Inspired by security expert Bruce Schneier's "Sneakey" project, which has performed duplication of keys based on photos taken from hundreds of feet away, the pair of MIT researchers studied the Schlage keys and the patents involved carefully, looking to unlock their secrets.

They found two unique numeric codes -- six numbers cut into the top of the key and another set of five in its sidecut. Describes Mr. Lawrence, age 20:

In the past if you wanted a Primus key, you had to go through Schlage. Now you just need the information contained in the key, and somewhere to 3D-print it. You can take a high security ‘non-duplicatable’ key and basically take it to a virtual hardware store to get it copied.

All you need is a friend that works there, or to take a picture of their key, or even a picture of the key hanging off their belt. Pirating keys is becoming like pirating movies. Someone still has to get the information in the first place, but then everyone can get a copy. Our message is that you can do this for any high-security key. It didn’t take that much work. In the future there will be models available online for almost any kind of key you’re looking for. There’s no way of getting the cat back in the bag when you can print a New York city fire elevator key. Those files won’t go away.


Mr. Lawrence is referring to a set of keys sold in 2012 by a retired New Jersey locksmith to an undercover reporter with The NY Post. The keys were capable of shutting down elevators, opening subway gates and even getting into electric circuit breaker boxes all over New York City. The NY Post briefly printed a picture of the keys taken Tamara Beckwith, but has since taken it down, realizing it could be used by locksmiths to create illicit copies. However, that image still lingers on the internet, such as the version below which we found at The Huffington Post.

The 3D-printing hack is the latest controversy over the hot do-it-yourself manufacturing technology. Thus far the greatest debate has surrounded the rise of self-printed plastic guns like "The Liberator", which the Obama administration's justice wing has eyed warily and begun to crack down on.

One of the first demoes of using the technology to "hack" keys was given by "Ray", a German lockpicking expert who spoke at HOPE 2012 ("Hope Number Nine"), held in New York City, New York. He used 3-D printing and laser cutters to reproduce high-security handcuff keys, which are interchangeable to allow any officer to unlock a suspect's handcuffs. The presenter suggested would-be criminals could smuggle a set on their person and use it to escape if they were detained.
http://www.dailytech.com/MIT+Researc...ticle33112.htm





Gehan Gunasekara: Let's Lead the Spooks a Merry Dance

Surveillance laws can be countered by effective civil disobedience, says Gehan Gunasekara.

For the Government it is the perfect privacy storm: the Snowden disclosures about massive NSA internet and phone surveillance continue to pour in, a journalist's phone records and swipe card logs have been inappropriately accessed, and earlier revelations through the Dotcom affair showed illegal spying by the GCSB of New Zealand residents - at the very time the Government is attempting to legitimise the illegal spying by pushing through new surveillance legislation against the wishes of the vast majority of citizens.

The issue has brought together citizens all around the world including those in the United States who have, it appears, finally turned against the surveillance state set up since September 11, 2001. Legislation outlawing the NSA spying was only narrowly defeated in Congress by the Obama Administration which has been under some pressure due to the Snowden revelations.

Companies such as Facebook and Google are losing market share as consumers flock to alternative websites promising greater security against state intrusion (whether or not that is credible) and greater respect for privacy.

Corporate concern is on this occasion lined up with consumers and against government, a powerful combination. Governments worldwide are on the back foot.

The tens of thousands here and overseas marching against assaults on privacy give the lie to the sentiment that "privacy is dead". Obviously, most people do care deeply about who has access to their personal information.

Information they choose to put on social networks such as photos and "likes" are one thing but "metadata" such as phone and internet records of every call made or website visited are another entirely - especially when subjected to mining and analysis by unknown and unverified algorithms that could come back to affect them, and their contacts, much later. Despite this, our Government seems hell-bent on carrying through the unpopular legislation.

People often ask me what they should do, given these developments. Should they retreat to the pre-internet age, go off-line and resort to snail mail (NZ Post would be delighted) or carrier pigeon? This might be counter-productive, although it would put further pressure on those internet companies prompting them to lobby governments. There is, however, another strategy, one that uses the very technology itself to send a message. This is civil disobedience, and it is quite legal.

Let me explain what I have in mind. Start sending random emails to people and encourage them to do the same to everyone they know. Don't use obvious words like "explosive" or "jihad" or names such as "Akhmed". Be more clever than that. Refer to vague and indeterminate "projects", courses and trips overseas and meetings with John and Sally or whoever.

Make up hypothetical "friends" and refer to totally fictitious trips you have made or are planning. Ask random strangers you meet if they will join your protest and allow you to send them emails. Visit radical websites, even Islamist or anarchist ones - nothing illegal in this. From time to time talk about "doing something" to stop Western policies. Set up multiple online identities.

Pretty soon everyone in New Zealand will have to be under surveillance. This is the nature of civil disobedience. For example, Gandhi's famous "salt march" encouraged everyone to make salt and highlighted the state's ultimate failure to stop it by arresting the entire population. The Prime Minister's scare tactics of pointing to al-Qaeda operatives in our midst is just that. Such people are few and easily identifiable in a small population such as ours. Target them but do not put all of us under surveillance because of them.

It is time to resist the assault on our privacy by fighting fire with fire.
http://www.nzherald.co.nz/opinion/ne...ectid=10908579





The 26-Year-Old Montana Legislator Fighting for Your Online Privacy
Lorenzo Franceschi-Bicchierai

The face of online privacy rights in the U.S. could very well be a 26-year-old Montana republican representative who posts his votes on Facebook, has a Russian last name, and a father who was born in Iran. His name is Daniel Zolnikov, and he's the unlikely politician who sparked a trend that could sweep through the nation.

In April, Zolnikov sponsored a bill that later became the first law in the United States to require police to get a warrant if they want to access cellphone location data. By doing that, as the American Civil Liberties Union put it, Montana "made history."

"A government entity may not obtain the location information of an electronic device without a search warrant issued by a duly authorized court," reads the bill, HB 603.

With the recent revelations of widespread NSA surveillance, Zolnikov's bill seems almost prescient, as it came at a time where online privacy and, specifically, access to cellphone location, wasn't on everybody's minds. What's more, Zolnikov actually had far more ambitious goals than just location privacy.

"That was an afterthought in comparison with what we were trying to do," he told Mashable in an interview on Friday.

What Zolnikov wanted was to enact privacy protection laws comparable to the strict ones that exist in Germany. The first privacy bill he introduced in the House, HB 400, was a data protection bill that had the goal of giving consumers the control over their personal data. The bill gave citizens the right to consent to companies collecting their personal data to prevent them from reselling it behind consumers' backs, a business that's still somewhat conducted in secret.

This bill never got out of committee. Mainly because the business lobby, including big retailers, insurers, and bankers, didn't like it, labeling it as anti-business. Some groups even started calling him, "The Mad Russian," as Zolnikov recalled at a talk he gave along with his friend Eric Fulton at the hacking conference Def Con on Saturday.

“Protecting people's rights is bad? Well then, I guess I'll be bad,” Zolnikov said.

Zolnikov is a self described "pro-rights individual," and his ideology stems from his father's background and understanding of the reasons why he came to the United States. His father was Russian, and his father's parents moved to Iran to escape the fall of the Czar, and the rise of communism. Zolnikov's dad was born in Iran, but shortly thereafter moved to the U.S.

The young representative's understanding of his past has given him a certain loyalty to civil liberties. Though his privacy initiatives were inspired by his family's personal background, they came to fruition when his friend Fulton, who is CEO at a Montana Internet security company, suggested he took a look at online privacy issues. (Fulton also helped Zolnikov on the data protection bill that failed.)

After that bill died, Zolnikov was worn out from the defeat, but Anders Blewett, a Montana state senator and a democrat, approached him with the idea of sponsoring a privacy bill that focused solely on requiring a search warrant to obtain cellphone data. Zolnikov liked the idea immediately, and quickly found the support of other civil liberties-minded republicans, as well as more left-leaning democrats and the Montana ACLU, in an unlikely alliance.

The bill easily passed through the legislatives bodies. The State Senate voted 96-4 in favor, and the governor signed it into law. It paved the way for Maine to pass similar legislation, and courts around the country have ruled that law enforcement needs a search warrant when requesting phone companies release customers' location data.

At the federal level, the issue isn't yet regulated. And in several criminal cases, the Department of Justice has argued that there's no expectation of privacy on location data, since the customer surrenders his or her data to the telephone company — the so-called "third-party" doctrine.

Despite the legislative victory, Zolnikov still remembers the failure of his first bill, which he deemed much more important than the one that passed. In fact, the cellphone privacy bill is just the start for him.

When Montana's legislature reconvenes in 2015, Zolnikov has big plans — some even unusual, like officially recognizing Bitcoin in Montana. Perhaps more realistically, he wants to prevent police to use automatic license plate readers to track cars, an issue that privacy organizations are working against in other states, and ban face recognition from surveillance cameras.

These last two technologies aren't even used in Montana, but Zolnikov wants to stay ahead of the curve, just like he did with his cellphone location tracking bill.

"What we're trying to do is be ahead of technology that's ahead of us," he said.
http://mashable.com/2013/08/03/zolni...nline-privacy/

















Until next week,

- js.



















Current Week In Review





Recent WiRs -

August 3rd, July 27th, July 20th, July 13th

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 03:15 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)