P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
Reload this Page Peer-To-Peer News - The Week In Review - October 5th, '13
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 02-10-13, 08:02 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,015
Default Peer-To-Peer News - The Week In Review - October 5th, '13
Since 2002


































"Something has to be done to come up with a way to protest online that everyone doesn’t end up getting thrown in jail." – Gregg Housh


"It's not just this one technology that's the problem. It's the mic plus the drones, plus the signal processing, plus voice recognition." – Bruce Schneier






































October 5th, 2013




Dead Drops Offline P2P File Sharing Network Goes Global

More than 1,200 physical locations allow people to share thumb drive files, and their lives, anonymously
Lucas Mearian

Like some elaborate spy communications network, an art project that began three years ago by prompting people to embed USB thumb drives in structures has caught on like wildfire.

Dead Drops, as the project is called, now has more than 1,200 locations worldwide where anyone with a computer and a USB port can anonymously plug in and upload or download files -- sharing who they are or what they care about or love.

The premise: cement a thumb drive into a wall with just the port protruding, and leave its location with photos in the Dead Drops central database.

According to the creator of Dead Drops, German artist Aram Bartholl, the project is a way to "un-cloud" file sharing -- that is, remove it from the Internet in a time when governments are spying on the online public.

"Dead Drops is an anonymous, offline, peer to peer file-sharing network in public space," Dead Drops' manifesto states.

While the first Dead Drops participants tended to be music bands sharing their tracks, the project has grown to include thumb drives with movies, games, comics, and television shows. Others share poetry, family videos and photos or even art projects.

Bartholl started the Dead Drops project in 2010, while an artist in residence at the Eyebeam Art and Technology Center in Manhattan. He began by embedding 5 USB thumb drives in the walls of buildings around New York City, posting images of the locations on the photo-sharing site Flickr and an Internet home page for the project.

By word of mouth, the project began building momentum; within six months, it had spread from the U.S. to Europe.

Today, there are 1,218 Dead Drop locations worldwide, according to the project's database. The database page offers a the name of the thumb drive's location, which sometimes simply includes the participant's pseudonym, the address (including the city, state and country), and the size of the USB drive.

"It's about making people think about how we live online and how we live as social beings," Bartholl told Computerworld today. "It's to have people think about relations, what we do online every day, and how things have changed over the past 10 years [since 9/11]".

"And, it somehow turns the whole building into a drive," he added.

Bartholl's idea was based on an espionage method used by spies to pass items between two people using a secret location. The Dead Drop meant the two people never met face to face.

While Bartholl instructs participants to embed the flash drives in building walls, the locations over time have become as varied as the data stored in them. Dead Droppers now embed drives in walls, parking lot asphalt, bridge abutments and deep inside forests. One Dead Dropper embedded one in a palm tree on the campus of California Polytechnic State University in San Luis Obispo, Calif.

"I think it's attractive for large groups of people because it has the air of spying but also geo caching," Bartholl said. "It's about making people think about how we live on line and how the Internet is changing the whole sphere of how we live as human beings."

Some Dead Drop locations are in the heart of cities like New York, others are in the ruins of buildings in remote fields. Participants have gotten as creative with the locations as they have with the data they leave there.

The data stored on the drive is purely up to the person who creates the Dead Drops location. When a user plugs in, they can upload content and download some of their own, if capacity permits.

The embedded USB thumb drives run the gamut in capacity, from 64MB to tens of gigabytes. One thumb drive, inserted into a brick wall near the lakefront in Zurich, Switzerland offers 32GB of file sharing capacity. The drive is bootstrapped with a full copy of Wikipedia.

In Sydney, one participant claims to have installed a 120GB USB drive in one of brick walls on the campus of the TAFE NSW Sydney Institute. The Dead Dropper claims to be a "Chinese exchange student who is hoping to help."

Plug my computer into an anonymous thumb drive?

While Bartholl admits there are obvious security implications to plugging one's computer into a publicly accessed thumb drive, he points out that the file sharing on the Internet has similar risks.

"If I handed you a USB drive, you'd plug it in. But because it's on the street, it makes us think very differently about it," Bartholl said. "It's a lot about perception."

Dead Drops's website offers a "How To" instructional webpage for installing USB thumb drives into walls or other objects.

The page instructs people to first find or create a hole in a wall using a screw driver or some other hardened object. The USB thumb drive's plastic case is then cracked open with a flat putty knife. The USB drive's remaining memory board is wrapped in plumber's waterproof tape, and placed in the hole until only the USB port is exposed. Fast setting concrete is then used to cement the stick in the crack or hole.

"It's very easy to make one," Bartholl said. "Everyone can do it."

Not everyone involved in the Dead Drop project appears to play by the rules, but that's exactly what Bartholl had hoped -- that the project would take on a life of its own. For example, in Riverview, Fla., a Dead Drop location claims to offer 60GB of capacity through the use of an open wireless network, anonymously, of course.

"I invite hackers to come and visit my state of the art wireless drop. Just connect to the wireless network named "Dead Drop" and if you need to go to any webpage, it will redirect you to the drop's FTP and the FTP information. I'm not going to put it on here because it changes time to time," Dead Drop maker Gentoomen states on his location page.

There are now six wireless Dead Drops, including one named PirateBox, which is described as a self-contained mobile collaboration and file sharing device.

Another trend in Europe has been embedding USB drives in bridges, mirroring a romantic European trend of placing a lock on a bridge and throwing the key in the water - a symbol of everlasting love.

In order to find a Dead Drops location near you, the website offers a database with maps, street addresses and even coordinates in longitude and latitude.

"The nice thing is there's all these variations and spinffs now," Bartholl said. "The art piece itself is everybody taking part. It's like a ongoing worldwide performance."
http://www.computerworld.com/s/artic...rk_goes_global





Send Large Files: 10 of the Best Services for Sharing Big Files

Roundup Here are ten of our favourite services to share files too big for email
Craig Grannell

The kinds of documents we generate have outpaced the means to cope for some technologies. Pop back in time to the 1990s and you might have sent the odd Word document or image to a colleague. Maybe a decade ago you'd have fired the occasional MP3 someone's way (of your own recorded material, naturally).

Today though, even fairly basic documents might include many embedded images, taking them into the dozens of megabytes. And then there are movies, layered Photoshop documents, audio work files, and more.

Although there's no set maximum assigned globally regarding email, you'll often find providers, services and corporate servers bounce anything that's too big as a matter of course. 10MB is a fairly typical limit, which once would have seemed a staggering amount of data, but today doesn't exactly seem huge.

On that basis, you'll often find yourself needing to send something to a friend or colleague, and realising email just won't cut it.

For very specific types of files, you might resort to joining an appropriate service and sharing your work, at least if you often want to send it on to others, such as YouTube or Soundcloud.

Often, though, you just want to send a massive file on an ad-hoc basis. Fortunately, dozens of options exist, from cloud storage providers to one-to-one upload services. Here are some of the best…

1. Dropbox

Dropbox is so popular that we're wondering if people might soon refer to 'Dropboxing' for file-sharing/online storage in the same generic manner as 'Photoshopping' for image editing. You get 2GB for free and can share folders or links to specific files, such as archives. You can buy extra space, from $9.99 monthly for 100GB. Dropbox's widespread support (in terms of first-party and third-party apps) adds to its appeal.

2. Box

Box echoes Dropbox in terms of sharing functionality, although its free option provides a whopping 10GB of storage. The caveat is 250MB file-size limits, which can be eradicated by paying. Paid plans also provide collaboration options (including email notification regarding downloads and commenting on files), but the free option's great for secure ad-hoc sharing.

3. SugarSync

SugarSync is in some ways similar to Dropbox, although it enables you to back-up any folder to the cloud. From a sharing standpoint there are no size limitations beyond your account's size (60GB for the cheapest $7.49 per month option), and there are tools available for group collaboration and businesses.

4. MediaFire

One of the more mature entries in terms of collaboration, MediaFire gives you 10GB of space for free, limiting transfers to 200MB. Paying $2.49 per month adds long-term storage, makes sharing ad-free, and gives you a FileDrop uploader for people to send content to your account. Document editing is also available.

5. WeTransfer

We like WeTransfer a lot. The free version is ad-supported and gives you registration-free 2GB transfers as often as you like. Each upload stays live for seven days. But buy Plus (€120 annually) and you get 5GB optionally password-protected transfers, and 50GB of long-term storage. The company's breezy copywriting doesn't hurt either.

6. Hightail

Originally YouSendIt, Hightail was one of the first companies that latched on to the 'fire huge files across the internet' thing, and it's grown rapidly since being founded in 2004. The free 'lite' plan - 50MB transfers, 2GB storage - looks a touch limited these days, but the company's longevity is reassuring, and its enterprise options will appeal to corporates.

7. Adobe SendNow

If you're in the design industry, large files are a big part of life. Massive high-res images, audio, video, magazine PDFs, the works. Adobe offers SendNow for £14.65/$19.95 annually, and beyond straightforward sending, you also get file-tracking and a handy 'convert to PDF' option for your money.

8. Egnyte

Most services for sending large documents are aimed at the widest possible market, but Egnyte has concentrated on the enterprise. Security, back-up, granular permissions and speed are central to the service, which starts at $8 per employee per month for between five and 24 employees. This plan includes 1TB of storage and comes with a 2.5GB maximum file size.

9. MailBigFile

If we're honest, it was the name that first attracted us to this British company. That said, the usability of MailBigFile is also great, with a bold drop-well and handy time/upload indicators. Up to five files totalling 2GB can be sent for free, while pro accounts (£2.99 per month) up the limit to 4GB, speed up transfers, add storage and offer tracking.

10. Mega

Founded by Kim Dotcom of Megaupload fame, Mega reportedly amassed 100,000 users within its first hour live. Despite initial issues with reliability and speed, the service remained popular, in part due to content encryption happening client-side. 50GB of storage is yours for free, while pro accounts start at €9.99 per month for 500GB of storage and 1TB of bandwidth.

Bonus 11. Your local postal service

If you've a colossal amount of data you want to send to someone and a not entirely speedy web connection (or are a touch paranoid regarding government services and web interception), copy it to a USB stick and pop it in the post. With especially large files, even a couple of days via the likes of Royal Mail might work out quicker than uploading.
http://www.techradar.com/news/intern...-files-1181486





Kiwi Authors' Income 'Hurt by Illegal File Sharing'

Discovery of an educational text co-authored by a New Zealander and made available for download on Kim Dotcom’s file-sharing site Mega is just the ‘tip of the iceberg’ according to Publishers Association of New Zealand president Sam Elworthy.

The text, Using MIS (Management Information Systems) (NZ) by David M. Kroenke and Tony Hooper - a lecturer at Victoria University in Wellington, was shared via a link posted on the Facebook page of a tertiary institutions’ study group.

PANZ has issued a ‘take down’ notice to Mega to remove the files from its site and contacted Facebook to have the post removed.

"Educational texts are being illegally shared at an alarming rate and it’s hurting New Zealand authors, publishers and distributors to the point where earning a viable living is becoming increasingly threatened," Elworthy says.

"Technology makes sharing files very easy but it’s the people who put in the hard work to make and supply the texts in the first place who miss out."

The text is published by educational publisher Pearson and distributed in New Zealand by start-up business Edify. Pearson quit the New Zealand market in August this year after claiming its local business model was no longer sustainable.

"There are very few publishers now investing in publishing for the New Zealand tertiary market due to its small size. However it’s hugely important that the New Zealand context is provided to support New Zealand students in their learning of a topic," says Edify’s Adrian Keane

"To see an author and publisher who were prepared to make this investment in publishing for the New Zealand environment treated in this way is infuriating. It will only serve as a disincentive to any other author or publisher when they see the negative impact that illegal downloading has on income.

"This particular text was even available as an eText so it’s not like it was hard to access in a digital format.

"Where we have a text that’s prescribed for a course we used to be able to rely on 80% of the students buying the book. Now that figure is more like 50% which puts the viability of publishing these books under threat. It’s safe to say that illegal sharing is really hurting both our business and the incomes of New Zealand authors who spend months creating the works," Keane says.

Elworthy says the link posted on the student Facebook page went straight to the files on Mega meaning anyone could download it.

Kim Dotcom is fighting extradition to the United States on copyright and racketeering charges over the operation of his previous file locker site Megaupload.
http://www.voxy.co.nz/business/kiwi-...aring/5/169572





Piracy Isn’t Killing The Entertainment Industry, Scholars Show
Ernesto

The London School of Economics and Political Science has released a new policy brief urging the UK Government to look beyond the lobbying efforts of the entertainment industry when it comes to future copyright policy. According to the report there is ample evidence that file-sharing is helping, rather than hurting the creative industries. The scholars call on the Government to look at more objective data when deciding on future copyright enforcement policies.

Over the past years there have been ample research reports showing that file-sharing can have positive effects on the entertainment industries.

Industry lobbyists are often quick to dismiss these findings as incidents or weak research, and counter them with expensive studies they have commissioned themselves.

The London School of Economics and Political Science (LSE) jumps into the discussion this week with a media policy brief urging the UK Government to look beyond the reports lobbyists hand to them. Their report concludes that the entertainment industry isn’t devastated by piracy, and that sharing of culture has several benefits.

“Contrary to the industry claims, the music industry is not in terminal decline, but still holding ground and showing healthy profits. Revenues from digital sales, subscription services, streaming and live performances compensate for the decline in revenues from the sale of CDs or records,” says Bart Cammaerts, LSE Senior Lecturer and one of the report’s authors.

The report shows that the entertainment industries are actually doing quite well. The digital gaming industry is thriving, the publishing sector is stable, and the U.S. film industry is breaking record after record.

“Despite the Motion Picture Association of America’s (MPAA) claim that online piracy is devastating the movie industry, Hollywood achieved record-breaking global box office revenues of $35 billion in 2012, a 6% increase over 2011,” the report reads.

Even the music industry is doing relatively well. Revenue from concerts, publishing and digital sales has increased significantly since the early 2000s and while recorded music revenues show a decline, there is little evidence that piracy is the lead cause.

“The music industry may be stagnating, but the drastic decline in revenues warned of by the lobby associations of record labels is not in evidence,” the report concludes.

The authors further argue that file-sharing can actually benefit the creative industries in various ways.

The report mentions the success of the SoundCloud service where artists can share their work for free through Creative Commons licenses, the promotional effect of YouTube where copyrighted songs are shared to promote sales, and the fact that research shows that file-sharers actually spend more money on entertainment than those who don’t share.

“Within the creative industries there is a variety of views on the best way to benefit from online sharing practices, and how to innovate to generate revenue streams in ways that do not fit within the existing copyright enforcement regime,” the authors write.

Finally, the report shows that punitive enforcement strategies such as the three strikes law in France are not as effective as the entertainment industries claim.

The researchers hope that the U.K. Government will review the Digital Economy Act in this light, and make sure that it will take into account the interests of both the public and copyright holders.

This means expanding fair use and private copying exceptions for citizens, while targeting enforcement on businesses rather than individuals.

“We recommend a review of the DEA and related legislation that strikes a healthy balance among the interests of a range of stakeholders including those in the creative industries, Internet Service Providers and internet users.”

“When both [the creative industries and citizens] can exploit the full potential of the internet, this will maximize innovative content creation for the benefit of all stakeholders,” the authors write.
http://torrentfreak.com/piracy-isnt-...dustry-121003/





Symantec Seizes Part of Massive Peer-to-Peer Botnet ZeroAccess
Lucian Constantin

The cybercriminals behind ZeroAccess, one of the largest botnets in existence, have lost access to more than a quarter of the infected machines they controlled because of an operation executed by security researchers from Symantec.

According to Symantec, the ZeroAccess botnet consists of more than 1.9 million infected computers and is used primarily to perform click fraud and Bitcoin mining in order to generate revenues estimated at tens of millions of dollars per year.

ZeroAccess has a peer-to-peer architecture where every infected computer can relay files, instructions and information to other computers—peers—in the botnet. This mechanism is used by its operators for command and control (C&C), making ZeroAccess more resilient to takedown attempts than botnets that depend on dedicated C&C servers.

Bot hijack

Earlier this year, security researchers from Symantec found a practical way to liberate ZeroAccess bots from the botmasters by leveraging a known design weakness in the peer-to-peer mechanism.

However, in June the botnet’s creators started distributing a new version of the malware containing modifications to address the known flaw. This led to Symantec’s decision to launch a sinkholing operation in mid-July—an operation that involves hijacking the bots in a way that would prevent attackers from regaining control of them.

“This operation quickly resulted in the detachment of over half a million bots and made a serious dent to the number of bots controlled by the botmaster,” the Symantec researchers said Monday in a blog post.

The sinkholed bots hadn’t been updated and still have the weakness, but they were isolated to the point where they now only communicate with servers run by Symantec, said Vikram Thakur, principal security response manager at Symantec. “We do not believe that there is any way for the botmasters to regain control of these bots.”

The sinkholing operation took only a few days, but Symantec has since worked to make sure that its sinkhole is stable and shared data with ISPs (Internet service providers) and computer emergency response teams (CERTs) so they can start the process of identifying and cleaning the infected computers.

“We wanted to make sure that the foundation for remediation was solid before we announced it to the public,” Thakur said.

ISPs have been provided with traffic signatures that will help identify ZeroAccess bots on their networks, so they can act to take measures even against the bots that haven’t been sinkholed, Thakur said.

The Symantec researchers performed tests in the lab in order to estimate the botnet’s energy costs to victims and how much money it generates for its owners.

Bitcoin mining

The company estimated that the Bitcoin mining activity, which uses computational power to generate Bitcoins, a type of virtual currency, would consume an additional 1.82 kWh per day for every infected computer, if that computer would be turned on all the time.

“But multiply this figure by 1.9 million for the whole botnet and we are now looking at energy usage of 3,458,000 KWh (3,458 MWh), enough to power over 111,000 homes each day,” the Symantec researchers said. “This amount of energy is considerably greater than the output of the largest power station in Moss Landing, California, which could produce 2,484 MW and would come with a corresponding electricity bill of [US]$560,887 a day.”

Assuming that all computers in the botnet would be like the ones used by Symantec for testing—which were not very powerful and had old-generation Pentium D CPUs—the botnet would generate around $2,165 worth of Bitcoins per day. That amount doesn’t justify the energy costs, but since it’s at someone else’s expense, it’s a highly attractive proposition for the botnet operators, the Symantec researchers said.

The botnet’s click fraud activity, which involves displaying ads on infected computers and then clicking on them as if real users did, is much more profitable.

A single bot generates roughly 1,000 clicks every day and when that’s multiplied by 1.9 million, even if a single click is worth a fraction of a penny, the botnet can generate tens of millions of dollars per year, the Symantec researchers said.

The ZeroAccess botnet is maintained and controlled by a few individuals who also created the malware and have access to the source code, Thakur said. They’re earning between maybe 20 percent and 40 percent of the click fraud money generated by the botnet, but probably even less than that, he said.

A good amount of the money is going to different players in the online advertising ecosystem—ad networks, traffic brokers, publishers and others, he said. “Money is being distributed in a lot of different places.”
http://www.pcworld.com/article/20508...eroaccess.html





13 Alleged Hackers Indicted in Attacks on Sites Unkind to File Sharing, WikiLeaks
Matt Zapotosky

Federal prosecutors have charged 13 alleged members of the hacking group Anonymous in connection with cyberattacks that the collective launched in 2010 against anti-piracy groups and financial institutions unwilling to process donations to WikiLeaks.

The indictment returned Thursday in U.S. District Court in Alexandria charges the 13 men with conspiring to intentionally cause damage to protected computers. Prosecutors accused the men of participating in a series of cyberattacks that briefly disrupted Mastercard’s and Visa’s Web sites and also targeted the Web sites of anti-piracy groups across the world.

Detailed in 28 pages, the charges are the latest in the Justice Department’s effort to root out cybercrime by prosecuting hackers across the country — especially those affiliated with Anonymous. Last year, federal prosecutors charged five alleged Anonymous members who they say stole confidential information from U.S. companies and temporarily shut down government Web sites. This year, prosecutors charged a journalist who they say worked with the group to modify a story on the Los Angeles Times’ Web site.

Anonymous is a loosely knit group with no clear leaders that is generally interested in promoting a more freewheeling Internet. Those indicted Thursday range in age from 21 to 65 and are spread across the country, including one man from the D.C. area.

The allegations in this case stem from a series of cyberattacks that began in September 2010, when members of Anonymous decided to retaliate for the shuttering of Pirate Bay, a popular Sweden-based file-sharing site, according to the indictment. Dubbed “Operation Payback” by those who participated in it, the attacks drew national and international attention as the hackers briefly disrupted the Web sites for Mastercard and Visa because they had stopped processing payments to WikiLeaks.

The effort was not overly sophisticated, but it was effective. The group posted messages on online bulletin boards urging supporters to install a program called a Low Orbit Ion Cannon and then, at a specified time, unleash the program on a particular Web site’s IP address, according to the indictment. That sends an overwhelming amount of Internet traffic to the targeted site and possibly disrupts or shuts it down, according to the indictment. The technique is referred to as a Distributed Denial of Service, or DDoS, attack.

For months, according to the indictment, the hackers, who see some copyright laws as unjust, targeted the Web sites of companies and people they thought were opposed to file sharing. They attacked the sites of those that have been the faces of anti-piracy in the United States — the Recording Industry Association of America and the Motion Picture Association of America — and the sites of their equivalents worldwide. They attacked the sites of law firms helping in anti-piracy cases. They attacked the site of the U.S. Copyright Office. They even attacked the site of rocker Gene Simmons, who has spoken out against music piracy.

Gregg Housh, an Internet activist and former Anonymous member who still watches the group’s activity, said the attacks started as a protest of anti-piracy efforts but evolved as those involved learned of major companies’ refusal to process WikiLeaks donations. He said the recent indictment was unlikely to deter Anonymous hackers, but instead would “fire up the base, a lot.”

“I think it’s just going to turn into a rally of support, not people being scared,” Housh said, “and that’s exactly what they don’t want.”

Housh defended Operation Payback — of which he said he had no part — as an effort to re-create a traditional protest online. He noted that customers’ abilities to use their credit cards were not affected; only the credit card companies’ Web sites were shut down.

“Something has to be done to come up with a way to protest online that everyone doesn’t end up getting thrown in jail,” he said.

Prosecutors identified those charged as Dennis Owen Collins, 52, of Toledo; Jeremy Leroy Heller, 23, of Takoma Park; Zhiwei Chen, 21, of Atlanta; Joshua S. Phy, 27, of Gloucester, N.J.; Ryan Russell Gubele, 27, of Seattle; Robert Audubon Whitfield, 27, of Georgetown, Tex.; Anthony Tadros, 22, of Storrs Mansfield, Conn.; Geoffrey Kenneth Commander, 65, of Hancock, N.H.; Phillip Garrett Simpson, 28, of Tucson; Austen L. Stamm, 26, of Beloit, Kan.; Timothy Robert McClain, 26, of Clemson, S.C.; Wade Carl Williams, 27, of Missoula, Mont.; and Thomas J. Bell, 28, of Rockland, Mass.
http://www.washingtonpost.com/local/...523_story.html





Pirate Bay Co-Founder Cleared of Bank Hacking

Pirate Bay co-founder Gottfrid Svartholm Warg has had his sentence slashed in half after an appeals court cleared him of hacking into Swedish bank Nordea.

The court however upheld Svartholm Warg's conviction for hacking into IT firm Logica, meaning he will still spend a year behind bars.

Svartholm Warg was convicted in June to two years in prison for unlawful data breaches, aggravated fraud, and attempted aggravated fraud, in what was called Sweden's biggest-ever hacking trial.

On Wednesday, however, the Svea Court of Appeal cleared the 28-year old of all charges relating to the hacking of Nordea's computer systems, saying that it was impossible to prove that he had illegally gained access to their mainframe.

Svartholm Warg had maintained his innocence about the bank hacking charges saying that somebody else had used his computer remotely.

“The important thing is to get the higher court to review the evidence in-depth, something that the lower court definitively didn’t do,” Kristina Svartholm, the Pirate Bay co-founder's mother told website TorrentFreak prior to Wednesday's ruling.

Svartholm Warg was convicted by the Nacka District Court in June after a hacking attack against Swedish IT firm Logica through which he gained unauthorized access to the personal data of thousands of people, which he then published online.

Logica supplies public agencies in Sweden with personal data from the country's population registry.

Svartholm Warg was arrested in Cambodia and deported to Sweden in September last year due to an arrest warrant issued for him in relation to his conviction in the Pirate Bay trial.

Since December, Svartholm Warg has been held in a prison in Mariefred in central Sweden where he is serving out a prison sentence related to his activities with The Pirate Bay.

Svartholm Warg and his fellow Pirate Bay co-founders Fredrik Neij and Peter Sunde, as well as financier Carl Lundström, were all convicted in 2009 of facilitating copyright infringement and ordered to pay 46 million kronor ($6.9 million) in damages to the music and movie industry.

While Neij, Sunde, and Lundström all had their 12-month sentences reduced to between four and 10 months on appeal in late 2010, Warg did not attend his appeal hearing and his one-year sentence was upheld.
http://www.thelocal.se/50430/20130925/





BitTorrent Experiments with Secure Chat

Does the solution to secure instant messaging from prying eyes lie in how torrents work? BitTorrent thinks it might, and is testing out a server-free messaging system.
Seth Rosenblatt

The aftermath of the NSA spying revelations has people and companies scrambling for ways to create more secure communications, which has led BitTorrent to build a instant-message chat client that follows the torrenting principle of decentralized data transfer.

The first release of BitTorrent Chat is a private alpha, meaning you have to go to the BitTorrent Chat sign-up page to get an invite, which will take you to a download.

The client uses the concept of decentralized technology that's at the heart of torrents to run instant messages between people, but BitTorrent was cagey about confirming details about the program. There's no central server that stores communications, although it apparently works "similar to BitTorrent Sync, but adapted for real-time communications," said BitTorrent's communications chief Christian Averill.

Eventually, the service is expected to work with other instant-messaging accounts and be interoperable with SIP standards, but for now it requires a BitTorrent account. BitTorrent has not yet confirmed which of the three major desktop platforms of Windows, Mac, or Linux that the alpha will be available on. Mobile apps are also planned for BitTorrent Chat.

Averill was unable to provide details on how the service logs your chats, so it's not clear at this time whether message logs are stored locally, or even available as an option. BitTorrent Chat, he said, came about during one of the company's internal hackathons, which has led to BitTorrent Labs projects such as Sync.

It may have been a routine hackathon that led to BitTorrent Chat, but if it works as advertised, it would appear to be perfectly poised to take advantage of the surprising number of NSA spying revelations that have been making headlines since Edward Snowden first leaked documents to the press earlier this year. Instant-message chat logs and traffic are governed by the same legal standards as e-mail and mobile-phone text messages, so it's likely that the government has been asking for IM logs along with e-mail and other online communication services offered by companies like Google, Facebook, and Microsoft at the center of the controversy.

When asked about what BitTorrent's response would be to potential requests from government agencies like the National Security Agency for a BitTorrent Chat back door, he said, "We're not familiar with specifics of NSA programs, so it's not something we can really comment on."

"We are focused on creating something durable that does not rely on the cloud, that respects user privacy and that has real consumer benefits," he said.
http://news.cnet.com/8301-1023_3-576...h-secure-chat/





In Test Project, N.S.A. Tracked Cellphone Locations
Charlie Savage

The National Security Agency conducted a secret pilot project in 2010 and 2011 to test the collection of bulk data about the location of Americans’ cellphones, but the agency never moved ahead with such a program, according to intelligence officials.

The existence of the pilot project was reported on Wednesday morning by The New York Times and later confirmed by James R. Clapper, the director of national intelligence, at a Senate Judiciary Committee hearing. The project used data from cellphone towers to locate people’s cellphones.

In his testimony, Mr. Clapper revealed few details about the project. He said that the N.S.A. does not currently collect locational information under Section 215 of the Patriot Act, the provision the government says is the legal basis for the N.S.A.’s once-secret program under which it collects logs of all domestic calls from telephone companies.

“In 2010 and 2011, N.S.A. received samples in order to test the ability of its systems to handle the data format, but that data was not used for any other purpose and was never available for intelligence analysis purposes,” Mr. Clapper said.

He added that the N.S.A. had promised to notify Congress and seek the approval of a secret surveillance court in the future before any locational data was collected using Section 215.

An official familiar with the test project said its purpose was to see how the locational data would flow into the N.S.A.’s systems. While real data was used, it was never drawn upon in any investigation, the official said. It was unclear how many Americans’ locational data was collected as part of the project, whether the agency has held on to that information or why the program did not go forward.

But Senator Ron Wyden, an Oregon Democrat who receives classified briefings as a member of the Intelligence Committee and who has raised concerns about cellphone location tracking, said in a statement that there was more to know about the matter than the government had now declassified.

“After years of stonewalling on whether the government has ever tracked or planned to track the location of law-abiding Americans through their cellphones, once again, the intelligence leadership has decided to leave most of the real story secret — even when the truth would not compromise national security,” Mr. Wyden said.

Gen. Keith B. Alexander, the director of the N.S.A., who also testified Wednesday at the hearing, sharply criticized an article on the agency in The New York Times on Sunday. He said it was “flat wrong” that the agency was “creating dossiers on Americans from social networks.” He added that “we’re not creating social networks on our families.”

The article, based on documents leaked by the former N.S.A. contractor Edward J. Snowden, said that the agency changed a policy several years ago to allow “contact chaining” of Americans who had been in touch, directly or indirectly, with foreign intelligence suspects, using phone and e-mail logging data. It also described the process of data “enrichment,” by which other data — including information that is publicly or commercially available — is added to flesh out analysts’ understanding of people associated with various phone numbers in the social network analysis.

The article said it was not known how many Americans’ data was used in this process.

The chairman of the Senate Judiciary Committee, Senator Patrick Leahy, Democrat of Vermont, said Wednesday that he was drafting legislation to eliminate the N.S.A.’s ability to systematically obtain Americans’ calling records.

“The government has not made its case that bulk collection of domestic phone records is an effective counterterrorism tool, especially in light of the intrusion on American privacy,” Mr. Leahy said.

But Senator Dianne Feinstein of California, the chairwoman of the Senate Intelligence committee, warned that ending the bulk call records program would increase the risk of a terrorist attack.

“I so regret what is happening; I will do everything I can to prevent this program from being canceled out,” she said.

Questions about what, if anything, the agency has been doing to track Americans’ movements using cellphone location data have been simmering for years. The issue flared up again after an ambiguous exchange between Mr. Wyden and General Alexander at a Senate Intelligence Committee hearing last week.

Mr. Wyden has been a critic of domestic surveillance programs and filed legislation in 2011 and again this year to require warrants for obtaining someone’s locational data in a criminal investigation. He has not disclosed what prompted his concerns.

At the hearing last week, Mr. Wyden asked Mr. Alexander “whether the N.S.A. has ever collected or made any plans to collect Americans’ cell-site information in bulk.”

General Alexander replied that the N.S.A. was not “receiving cell-site location data and has no current plans to do so” under Section 215 of the Patriot Act, which allows the secret surveillance court to issue orders for records from businesses — like telephone companies — if the records are “relevant” to an intelligence investigation.

But General Alexander also said last week that there was other classified information that the N.S.A. had sent to the committee that provided “additional detail.”

It is unclear whether long-term tracking of people’s movements by the government raises privacy rights under the Fourth Amendment. In a 1979 case involving the small-scale collection of calling logs, the Supreme Court ruled that such records were not protected by constitutional privacy rights because people had already revealed the existence of their calls to telephone companies.

But in a 2012 case about the police’s use of a GPS tracker attached to a suspect’s car, five justices suggested that any long-term, automated collection of a person’s publicly displayed actions might raise Fourth Amendment issues.

James Risen contributed reporting.
http://www.nytimes.com/2013/10/03/us...locations.html





Silent Circle Moving Away From NIST Ciphers in Wake of NSA Revelations
Dennis Fisher

The first major domino to fall in the crypto world after the NSA leaks by Edward Snowden began was the decision by Lavabit, a secure email provider, to shut down in August rather than comply with a government order. Shortly thereafter, Silent Circle, another provider of secure email and other services, said it was discontinuing its Silent Mail offering, as well. Now, Silent Circle is going a step further, saying that it plans to replace the NIST-related cipher suites in its products with independently designed ones, not because the company distrusts NIST, but because its executives are worried about the NSA’s influence on NIST’s development of ciphers in the last couple of decades.

Jon Callas, one of the founders of Silent Circle and a respected cryptographer, said Monday that the company has been watching all of the developments and revelations coming out of the NSA leaks and has come to the decision that it’s in the best interest of the company and its customers to replace the AES cipher and the SHA-2 hash function and give customers other options. Those options, Callas said, will include non-NIST ciphers such as Twofish and Skein.

“At Silent Circle, we’ve been deciding what to do about the whole grand issue of whether the NSA has been subverting security. Despite all the fun that blogging about this has been, actions speak louder than words. Phil [Zimmermann], Mike [Janke], and I have discussed this and we feel we must do something. That something is that in the relatively near future, we will implement a non-NIST cipher suite,” Callas wrote in a blog post explaining the decision.

Twofish is a cipher suite written by Bruce Schneier and it was one of the finalists during the AES competition, but lost out to the Rijndael algorithm. It has been resistant to cryptanalysis thus far, and Callas said it also has the advantage of being an easy replacement for AES in Silent Circle’s products. The company also will be replacing SHA-2, an older NIST hash function, with Skein, which was a finalists in the recently completed SHA-3 competition.

“We are going to replace our use of the AES cipher with the Twofish cipher, as it is a drop-in replacement. We are going to replace our use of the SHA–2 hash functions with the Skein hash function. We are also examining using the Threefish cipher where that makes sense. (Full disclosure: I’m a co-author of Skein and Threefish.) Threefish is the heart of Skein, and is a tweakable, wide-block cipher. There are a lot of cool things you can do with it, but that requires some rethinking of protocols,” Callas said.

The decision by Silent Circle comes at a time when there are many unanswered questions about the NSA‘s influence on cryptographic algorithm development, specifically those standards developed by NIST. The National Institute of Standards and Technology is responsible for developing technical standards for the U.S. federal government and many of those standards are adopted by other organizations, specifically crypto standards. Recent revelations from the NSA leaks have shown that the NSA has some unspecified capabilities against certain crypto algorithms and also has been working to influence NIST standards development. In response to one of these revelations, NIST itself has advised people to stop using the Dual EC_DRBG random number generator developed under its supervision.

“The DUAL_EC_DRBG discussion has been comic. The major discussion has been whether this was evil or merely stupid, and arguing the side of evil has even meant admitting it is technologically a stupid algorithm, which sends the discussion into an amusing spiral of meta-commentary,” Callas said.

Silent Circle’s move away from AES and SHA-2 shouldn’t be seen as an indictment of those two ciphers, Callas said, but more of an indication that there are better options out there without the shadow of potential NSA influence hanging over them.

“This doesn’t mean we think that AES is insecure, or SHA–2 is insecure, or even that P–384 is insecure. It doesn’t mean we think less of our friends at NIST, whom we have the utmost respect for; they are victims of the NSA’s perfidy, along with the rest of the free world. For us, the spell is broken. We’re just moving on. No kiss, no tears, no farewell souvenirs,” he said.
https://threatpost.com/silent-circle...lations/102452





Lavabit Founder Waged Privacy Fight as F.B.I. Pursued Snowden
Nicole Perlroth and Scott Shane

One day last May, Ladar Levison returned home to find an F.B.I. agent’s business card on his Dallas doorstep. So began a four-month tangle with law enforcement officials that would end with Mr. Levison’s shutting the business he had spent a decade building and becoming an unlikely hero of privacy advocates in their escalating battle with the government over Internet security.

Prosecutors, it turned out, were pursuing a notable user of Lavabit, Mr. Levison’s secure e-mail service: Edward J. Snowden, the former National Security Agency contractor who leaked classified documents that have put the intelligence agency under sharp scrutiny. Mr. Levison was willing to allow investigators with a court order to tap Mr. Snowden’s e-mail account; he had complied with similar narrowly targeted requests involving other customers about two dozen times.

But they wanted more, he said: the passwords, encryption keys and computer code that would essentially allow the government untrammeled access to the protected messages of all his customers. That, he said, was too much.

“You don’t need to bug an entire city to bug one guy’s phone calls,” Mr. Levison, 32, said in a recent interview. “In my case, they wanted to break open the entire box just to get to one connection.”

On Aug. 8, Mr. Levison closed Lavabit rather than, in his view, betray his promise of secure e-mail to his customers. The move, which he explained in a letter on his Web site, drew fervent support from civil libertarians but was seen by prosecutors as an act of defiance that fell just short of a crime.

The full story of what happened to Mr. Levison since May has not previously been told, in part because he was subject to a court’s gag order. But on Wednesday, a federal judge unsealed documents in the case, allowing the tech entrepreneur to speak candidly for the first time about his experiences. He had been summoned to testify to a grand jury in Virginia; forbidden to discuss his case; held in contempt of court and fined $10,000 for handing over his private encryption keys on paper and not in digital form; and, finally, threatened with arrest for saying too much when he shuttered his business.

Spokesmen for the Justice Department and the F.B.I. said they had no comment beyond what was in the documents.

Mr. Levison’s battle to preserve his customers’ privacy comes at a time when Mr. Snowden’s disclosures have ignited a national debate about the proper limits of surveillance and government intrusion into American Internet companies that promise users that their digital communications are secure.

Much of the attention has been focused on Internet giants like Microsoft and Google. Lavabit, with just two employees and perhaps 40,000 regular users, was a midget by comparison, but its size and Mr. Levison’s personal pledge of security made it attractive to tech-savvy users like Mr. Snowden.

While Mr. Levison’s struggles have been with the F.B.I., hovering in the background is the N.S.A., which has worked secretly for years to undermine or bypass encrypted services like Lavabit so that their electronic message scrambling cannot obstruct the agency’s spying. Earlier in September, The New York Times, ProPublica and The Guardian wrote about the N.S.A.’s campaign to weaken encryption. Mr. Levison’s case shows how law enforcement officials can use legal tools to pry open messages, no matter how well protected.

Mr. Levison said he set up Lavabit to make it impossible for outsiders, whether governments or hackers, to spy on users’ communications. He followed the government’s own secure coding guidelines, based on the N.S.A.’s technical guidance, and engineered his systems so as not to log user communications. That way, even if he received a subpoena for a user’s communications, he would not be able to gain access to them. For added measure, he gave customers the option to pay extra to encrypt their e-mail and passwords.

Mr. Levison, who studied politics and computer science at Southern Methodist University, started Lavabit in April 2004, the same month Google rolled out Gmail. To pay his bills, he worked as a Web consultant, helping develop Web sites for major brands like Dr Pepper, Nokia and Adidas. But by 2010, the e-mail service had attracted enough paying customers to allow Mr. Levison to turn to Lavabit full time.

On occasion, he was asked to comply with government requests for specific e-mail accounts, including that of a child pornography suspect in Maryland this year. Mr. Levison said he had no qualms about cooperating with such demands, but the latest request was far broader, apparently to allow investigators to track Mr. Snowden’s whereabouts and associates. When Mr. Levison called the F.B.I. agent who had left the business card, the agent seemed interested in learning how Lavabit worked and what tools would be necessary to eavesdrop on an encrypted e-mail account.

The agent did not mention at first who the government was pursuing, and Mr. Levison will not name the targets of the government’s investigation. The name was redacted from the court order unsealed Wednesday, but the offenses listed are violations of the Espionage Act, and the timing of the government’s case coincides with its leak investigation into Mr. Snowden, which began in May when he fled Hawaii for Hong Kong carrying laptops containing thousands of classified documents.

By then, Mr. Snowden’s Lavabit e-mail address was already public. He had listed his personal Lavabit e-mail address in January 2010, and was still using a Lavabit address this July, when he summoned reporters to a news conference at the Moscow airport.

That e-mail invitation proved to be an unintended endorsement for Lavabit’s security. Before that, Mr. Levison said that, on average, Lavabit was signing up 200 new users daily. In the days after Mr. Snowden’s e-mail, more than 4,000 new customers joined each day.

But a month before the news conference, court documents show, Mr. Levison had already received a subpoena for Mr. Snowden’s encrypted e-mail account. The government was particularly interested in his e-mail metadata — with whom Mr. Snowden was communicating, when and from where. The order, from the Federal District Court in Alexandria, Va., required Mr. Levison to log Mr. Snowden’s account information and provide the F.B.I. with “technical assistance,” which agents told him meant handing over the private encryption keys, technically called SSL certificates, that unlock communications for all users, he said.

“It was the equivalent of asking Coca-Cola to hand over its secret formula,” Mr. Levison said.

By July, he said, he had 410,000 registered users. Similar services like Hushmail, a Canadian encrypted e-mail service, had lost users in 2007 after court documents revealed that the company had handed 12 CDs’ worth of decoded e-mails from three Hushmail accounts to American law enforcement officials through a mutual assistance treaty.

“The whole concept of the Internet was built on the idea that companies can keep their own keys,” Mr. Levison said. He told the agents that he would need their request for his encryption keys in writing.

A redacted version of that request, which was among the 23 documents that were unsealed, shows that the court issued an order July 16 for Lavabit’s encryption keys. Prosecutors said they had no intention of collecting any information on Lavabit’s 400,000 other customers. “There’s no agents looking through the 400,000 other bits of information, customers, whatever,” Jim Trump, one of the prosecutors, said at a closed Aug. 1 hearing.

But Mr. Levison said he spent much of the following day thinking of a compromise. He would log the target’s communications, unscramble them with the encryption keys and upload them to a government server once a day. The F.B.I. told him that was not enough. It needed his target’s communications “in real time,” he said.

“How as a small business do you hire the lawyers to appeal this and change public opinion to get the laws changed when Congress doesn’t even know what is going on?” Mr. Levison said.

When it was clear Mr. Levison had no choice but to comply, he devised a way to obey the order but make the government’s intrusion more arduous. On Aug 2, he infuriated agents by printing the encryption keys — long strings of seemingly random numbers — on paper in a font he believed would be hard to scan and turn into a usable digital format. Indeed, prosecutors described the file as “largely illegible.”

On Aug. 5, Judge Claude M. Hilton ordered a $5,000-a-day fine until Mr. Levison produced the keys in electronic form. Mr. Levison’s lawyer, Jesse R. Binnall, appealed both the order to turn over the keys and the fine.

After two days, Mr. Levison gave in, turning over the digital keys — and simultaneously closing his e-mail service, apologizing to customers on his site. That double maneuver, a prosecutor later told his lawyer, fell just short of a criminal act.

He hopes to resurrect the business he spent a decade building. “This wasn’t about one person,” Mr. Levison said. “This was about the lengths our government was willing to go to conduct Internet surveillance on one person.”
http://www.nytimes.com/2013/10/03/us...lose-data.html





NSA and GCHQ Target Tor Network that Protects Anonymity of Web Users

• Top-secret documents detail repeated efforts to crack Tor
• US-funded tool relied upon by dissidents and activists
• Core security of network remains intact but NSA has some success attacking users' computers

James Ball, Bruce Schneier and Glenn Greenwald

The National Security Agency has made repeated attempts to develop attacks against people using Tor, a popular tool designed to protect online anonymity, despite the fact the software is primarily funded and promoted by the US government itself.

Top-secret NSA documents, disclosed by whistleblower Edward Snowden, reveal that the agency's current successes against Tor rely on identifying users and then attacking vulnerable software on their computers. One technique developed by the agency targeted the Firefox web browser used with Tor, giving the agency full control over targets' computers, including access to files, all keystrokes and all online activity.

But the documents suggest that the fundamental security of the Tor service remains intact. One top-secret presentation, titled 'Tor Stinks', states: "We will never be able to de-anonymize all Tor users all the time." It continues: "With manual analysis we can de-anonymize a very small fraction of Tor users," and says the agency has had "no success de-anonymizing a user in response" to a specific request.

Another top-secret presentation calls Tor "the king of high-secure, low-latency internet anonymity".

Tor – which stands for The Onion Router – is an open-source public project that bounces its users' internet traffic through several other computers, which it calls "relays" or "nodes", to keep it anonymous and avoid online censorship tools.

It is relied upon by journalists, activists and campaigners in the US and Europe as well as in China, Iran and Syria, to maintain the privacy of their communications and avoid reprisals from government. To this end, it receives around 60% of its funding from the US government, primarily the State Department and the Department of Defense – which houses the NSA.

Despite Tor's importance to dissidents and human rights organizations, however, the NSA and its UK counterpart GCHQ have devoted considerable efforts to attacking the service, which law enforcement agencies say is also used by people engaged in terrorism, the trade of child abuse images, and online drug dealing.

Privacy and human rights groups have been concerned about the security of Tor following revelations in the Guardian, New York Times and ProPublica about widespread NSA efforts to undermine privacy and security software. A report by Brazilian newspaper Globo also contained hints that the agencies had capabilities against the network.

While it seems that the NSA has not compromised the core security of the Tor software or network, the documents detail proof-of-concept attacks, including several relying on the large-scale online surveillance systems maintained by the NSA and GCHQ through internet cable taps.

One such technique is based on trying to spot patterns in the signals entering and leaving the Tor network, to try to de-anonymise its users. The effort was based on a long-discussed theoretical weakness of the network: that if one agency controlled a large number of the "exits" from the Tor network, they could identify a large amount of the traffic passing through it.

The proof-of-concept attack demonstrated in the documents would rely on the NSA's cable-tapping operation, and the agency secretly operating computers, or 'nodes', in the Tor system. However, one presentation stated that the success of this technique was "negligible" because the NSA has "access to very few nodes" and that it is "difficult to combine meaningfully with passive Sigint".

While the documents confirm the NSA does indeed operate and collect traffic from some nodes in the Tor network, they contain no detail as to how many, and there are no indications that the proposed de-anonymization technique was ever implemented.

Other efforts mounted by the agencies include attempting to direct traffic toward NSA-operated servers, or attacking other software used by Tor users. One presentation, titled 'Tor: Overview of Existing Techniques', also refers to making efforts to "shape", or influence, the future development of Tor, in conjunction with GCHQ.

Another effort involves measuring the timings of messages going in and out of the network to try to identify users. A third attempts to degrade or disrupt the Tor service, forcing users to abandon the anonymity protection.

Such efforts to target or undermine Tor are likely to raise legal and policy concerns for the intelligence agencies.

Foremost among those concerns is whether the NSA has acted, deliberately or inadvertently, against internet users in the US when attacking Tor. One of the functions of the anonymity service is to hide the country of all of its users, meaning any attack could be hitting members of Tor's substantial US user base.

Several attacks result in implanting malicious code on the computer of Tor users who visit particular websites. The agencies say they are targeting terrorists or organized criminals visiting particular discussion boards, but these attacks could also hit journalists, researchers, or those who accidentally stumble upon a targeted site.

The efforts could also raise concerns in the State Department and other US government agencies that provide funding to increase Tor's security – as part of the Obama administration's internet freedom agenda to help citizens of repressive regimes – circumvent online restrictions.

Material published online for a discussion event held by the State Department, for example, described the importance of tools such as Tor.

"[T]he technologies of internet repression, monitoring and control continue to advance and spread as the tools that oppressive governments use to restrict internet access and to track citizen online activities grow more sophisticated. Sophisticated, secure, and scalable technologies are needed to continue to advance internet freedom."

The Broadcasting Board of Governors, a federal agency whose mission is to "inform, engage, and connect people around the world in support of freedom and democracy" through networks such as Voice of America, also supports Tor's development, and uses it to ensure its broadcasts reach people in countries such as Iran and China.

The governments of both these countries have attempted to curtail Tor's use: China has tried on multiple occasions to block Tor entirely, while one of the motives behind Iranian efforts to create a "national internet" entirely under government control was to prevent circumvention of those controls.

The NSA's own documents acknowledge the service's wide use in countries where the internet is routinely surveilled or censored. One presentation notes that among uses of Tor for "general privacy" and "non-attribution", it can be used for "circumvention of nation state internet policies" – and is used by "dissidents" in "Iran, China, etc".

Yet GCHQ documents show a disparaging attitude towards Tor users. One presentation acknowledges Tor was "created by the US government" and is "now maintained by the Electronic Frontier Foundation (EFF)", a US freedom of expression group. In reality, Tor is maintained by an independent foundation, though has in the past received funding from the EFF.

The presentation continues by noting that "EFF will tell you there are many pseudo-legitimate uses for Tor", but says "we're interested as bad people use Tor". Another presentation remarks: "Very naughty people use Tor".

The technique developed by the NSA to attack Tor users through vulnerable software on their computers has the codename EgotisticalGiraffe, the documents show. It involves exploiting the Tor browser bundle, a collection of programs, designed to make it easy for people to install and use the software. Among these is a version of the Firefox web browser.

The trick, detailed in a top-secret presentation titled 'Peeling back the layers of Tor with EgotisticalGiraffe', identified website visitors who were using the protective software and only executed its attack – which took advantage of vulnerabilities in an older version of Firefox – against those people. Under this approach, the NSA does not attack the Tor system directly. Rather, targets are identified as Tor users and then the NSA attacks their browsers.

According to the documents provided by Snowden, the particular vulnerabilities used in this type of attack were inadvertently fixed by Mozilla Corporation in Firefox 17, released in November 2012 – a fix the NSA had not circumvented by January 2013 when the documents were written.

The older exploits would, however, still be usable against many Tor users who had not kept their software up to date.

A similar but less complex exploit against the Tor network was revealed by security researchers in July this year. Details of the exploit, including its purpose and which servers it passed on victims' details to, led to speculation it had been built by the FBI or another US agency.

At the time, the FBI refused to comment on whether it was behind the attack, but subsequently admitted in a hearing in an Irish court that it had operated the malware to target an alleged host of images of child abuse – though the attack did also hit numerous unconnected services on the Tor network.

Roger Dingledine, the president of the Tor project, said the NSA's efforts serve as a reminder that using Tor on its own is not sufficient to guarantee anonymity against intelligence agencies – but showed it was also a great aid in combating mass surveillance.

"The good news is that they went for a browser exploit, meaning there's no indication they can break the Tor protocol or do traffic analysis on the Tor network," Dingledine said. "Infecting the laptop, phone, or desktop is still the easiest way to learn about the human behind the keyboard.

"Tor still helps here: you can target individuals with browser exploits, but if you attack too many users, somebody's going to notice. So even if the NSA aims to surveil everyone, everywhere, they have to be a lot more selective about which Tor users they spy on."

But he added: "Just using Tor isn't enough to keep you safe in all cases. Browser exploits, large-scale surveillance, and general user security are all challenging topics for the average internet user. These attacks make it clear that we, the broader internet community, need to keep working on better security for browsers and other internet-facing applications."

The Guardian asked the NSA how it justified attacking a service funded by the US government, how it ensured that its attacks did not interfere with the secure browsing of law-abiding US users such as activists and journalists, and whether the agency was involved in the decision to fund Tor or efforts to "shape" its development.

The agency did not directly address those questions, instead providing a statement.

It read: "In carrying out its signals intelligence mission, NSA collects only those communications that it is authorized by law to collect for valid foreign intelligence and counter-intelligence purposes, regardless of the technical means used by those targets or the means by which they may attempt to conceal their communications. NSA has unmatched technical capabilities to accomplish its lawful mission.

"As such, it should hardly be surprising that our intelligence agencies seek ways to counteract targets' use of technologies to hide their communications. Throughout history, nations have used various methods to protect their secrets, and today terrorists, cybercriminals, human traffickers and others use technology to hide their activities. Our intelligence community would not be doing its job if we did not try to counter that."
http://www.theguardian.com/world/201...ork-encryption





U.S. Opposes Tech Companies’ Requests to Disclose Surveillance
Liz Gannes

The U.S. Department of Justice is formally opposing requests by technology companies to disclose more information about the frequency with which they are contacted by the U.S. government to give up user data under the Foreign Intelligence Surveillance Act.

Responding to petitions from Google, Microsoft, Yahoo, Facebook and LinkedIn, the government shut them down, as expected, because it said disclosures would pose a risk to national security. It’s unclear when a ruling will come in the secret court inside the Justice Department headquarters where the case is being held.

“Such information would be invaluable to our adversaries, who could thereby derive a clear picture of where the Government’s surveillance efforts are directed and how its surveillance activities change over time,” the brief said. “If our adversaries know which platforms the Government does not surveil, they can communicate over those platforms when, for example, planning a terrorist attack or the theft of state secrets.”

Google said in a statement today, “We’re disappointed that the Department of Justice opposed our petition for greater transparency around FISA requests for user information. We also believe more openness in the process is necessary since no one can fully see what the government has presented to the court.”

And Microsoft: “We will continue to press for additional transparency, which is critical to understanding the facts and having an informed debate about the right balance between personal privacy and national security.”

Yahoo’s response: “”We are disappointed with the Justice Department’s decision to bar us and other Internet companies from publicly disclosing the specific number of user data requests that we receive from the U.S. Government under national security statutes. Yahoo and many other technology firms have made the commitment to share the number and type of government requests we receive for our users’ data through regular reports. The U.S. Government’s decision to block our ability to share with our users more granular information related to national security requests ultimately breeds mistrust and suspicion—both of the United States and of companies that must comply with government legal directives. As we’ve said before, the United States should lead the world when it comes to transparency, accountability, and respect of civil liberties and human rights. We urge the U.S. Government to reconsider this decision and grant our petition for greater transparency around national security requests for user data.”

And LinkedIn weighed in: “LinkedIn deeply respects and supports the U.S. government’s strong interest in, and its obligation to protect, national security. However, we believe this interest must be weighed against transparency and accountability. We firmly believe that what we are seeking — the disclosure of the number of U.S. national security-related requests that we receive — is consistent with national security interests, the law and our commitment to transparency.”

In its brief, the government rejected the companies’ arguments about First Amendment rights and said that public debate around surveillance was a justification for more transparency.

It said: “Contrary to the companies’ argument that they have a First Amendment right to disclose this sensitive national security information, it is well-settled that prohibitions on the disclosure of classified information, such as the ones contained in this Court’s orders, satisfy the First Amendment. The Government has a compelling interest in protecting such national security information from disclosure, and the prohibitions on disclosure are narrowly tailored to protect that interest.”

And, regarding all the public outcry since the Edward Snowden disclosures about widespread data collection: “Although the Government has attempted to release as much information as possible about the intelligence collection activities overseen by this court, the public debate about surveillance does not give the companies the First Amendment right to disclose information that the Government has determined must remain classified.”

Oh, and for good measure, the Justice Department also said that decisions about declaratory relief were out of the jurisdiction of the Foreign Intelligence Surveillance Court, where the dispute is being held.
http://allthingsd.com/20131002/u-s-o...-surveillance/





Security After the Death of Trust

Not just paying attention, but starting over
Simon St. Laurent

Security has to reboot. What has passed for strong security until now is going to be considered only casual security going forward. As I put it last week, the damage that has become visible over the past few months means that “we need to start planning for a computing world with minimal trust.”

So what are our options? I’m not sure if this ordering goes precisely from worst to best, but today this order seems sensible.

Stay the Course

This situation may not be that bad, right?

Apple’s adding a fingerprint scanner to the iPhone 5S last month seemed like bad timing, given recent security concerns. However, many people I respect seem completely calm about it, for reasons that make me think most of us are treating security casually:

• Rafe Colburn points out that “Security is a concept with no meaning outside the context of specific threats.” It’s not yet clear what there is to fear.

• Tim Bray suggests that the risks of many security problems only arise “if what you’re mostly worried about is a skilled, determined adversary, such as a government official.”

• James Turner has a similar take: “The game isn’t about making your house invincible; it’s about making it difficult enough to bias the thieves toward someone else’s home.”

Will security fall the way that privacy largely has? (Though Bray hopes privacy hasn’t fallen.)

Perhaps the failure of encryption is another non-problem, something only a few vocal people will notice unless something terrible happens in their immediate circle. Security has largely stayed a specialist concern, and is often amazingly casual in both the digital and physical worlds.

I suspect, however, that after a few changes of credit cards, cleaning up of stolen identities, and moments of industrial espionage, that these issues will make it harder and harder for “casual security”—even though it’s what we used to think of as fairly strong security—to remain valuable.

Abandon Digital

A different approach leaves the risks behind by leaving digital behind to the extent possible.

While a small group of people have already dropped out of the digital world, recent stories amplify the concerns that drive dropping out, or at least using less. John Gilmore suggested:

Where Big Data collection is voluntary, I do not volunteer, thus I don’t use Facebook, Google, etc. When collection is involuntary, like with NSA’s Big Data, I work to limit their power, both to collect, and to use; and then I don’t believe they will follow the rules anyway, because of all the historical evidence. So I arrange my life to not leave a big data trail: I don’t use ATMs, I pay with cash, don’t carry identification, don’t use Apple or Google or Microsoft products, etc.

Will more people follow his lead? Stepping away from easily traceable digital approaches certainly reduces exposure to digital surveillance.

Abandon Some Digital Dreams

When we assumed we could keep information secure, we were willing to take some steps we wouldn’t have otherwise. Some of that is about personal information sharing, putting potentially sensitive information in digital form. Suddenly sharing even fairly basic location information has consequences. Those risks could put a damper on many interactions.

While the default settings of software and devices may be sharing more information than we want, some efforts at security may actually have created more security hazards. Do you really want a 3G kill switch in your computer when you don’t know who might have access to it? The balance might be different for cell phones; such features certainly raise the potential cost of compromised systems, and raise the paranoia level broadly.

Two-factor authentication is a popular story lately, but multi-factor authentication might become a further option. Different systems contribute pieces to keys that let users in, but no individual system can make the connection. This adds to the complexity of systems (and what if one of them is down?), but digital security is rarely about simplicity.

It’s harder to imagine, but the “always connected, always on” model of computing may also have to go. Not for everything—it seems likely that commercial sites will stay up, as will social networks and email services. It is much harder to attack systems that are disconnected or off. Physical and network separation may not be perfect—contamination can still spread through bad code or data—but it’s an additional layer of isolation. (Of course, a 3G connection to the CPU may be harder to halt.)

Physical approaches can certainly go beyond connections between computers. Physical security has its own problems, and the ubiquity of recording devices makes “wearing a wire” seem almost quaint, but it certainly requires attackers to make a potentially expensive investment to reach their targets. Cities currently cluster groups of powerful people who prefer personal contact when possible, despite the options for dispersal that the digital world keeps expanding.

Physical and in-person approaches also make it easier to return to old models of compartmentalization and cells, where information is shared on a need to know basis rather than rough classification levels. When “need to know” information travels electronically, it’s easily intercepted, forwarded, or duplicated. Person to person contact isn’t just useful for conversation, but also for exchanging information about and keys to future messages that may travel digitally but hide in other content, require specific one-time pads or keys, or will arrive at a particular time. (And then those messages can include information about future messages, but extending the chain makes it more brittle.)

Change to Other Digital Approaches

If we don’t want to meet in person weekly to exchange keys, but aren’t comfortable just hoping that there aren’t weaknesses in our communications chain, what can we do?

I’ve always enjoyed Ronald Reagan’s classic quote “trust but verify.” In a digital world where you want to work with others you don’t always know, it serves as a minimal approach that lets you get things done without getting burned constantly. Another way of putting it, from a very different context, is Arthur Weasley’s “Never trust anything that can think for itself if you can’t see where it keeps its brain” (Harry Potter and The Chamber of Secrets, 329).

Right now, many of us are relying on code that only its creators get to see, though maybe a few privileged customers get to pay for the privilege. It may be time for that to fall, as it becomes clear that opacity hides brokenness. As Matthew Green wrote a few weeks ago:

Maybe this is a good thing. We’ve been saying for years that you can’t trust closed code and unsupported standards: now people will have to verify.

Even better, these revelations may also help to spur a whole burst of new research and re-designs of cryptographic software. We’ve also been saying that even open code like OpenSSL needs more expert eyes. Unfortunately there’s been little interest in this, since the clever researchers in our field view these problems as ‘solved’ and thus somewhat uninteresting.

What does verification mean? Most people, even most people who use cryptography, can’t read the code used to implement it. An even smaller group of people can evaluate whether that code behaves as it is supposed to. We need something like “cryptography superfriends.” The NSA used to offer those services, but that didn’t work out very well. Evaluating these tools will require a new group of inspectors, doing their work separately and making it all available for inspection.

The IETF is moving ahead with new rounds of standards, and they might be the right place for this work. After past subversion, I’m cautious, but it seems like the right place to start, at least.

I’ve always wondered how much value formally verified code might have, and I’m not sure if the kernel of a browser is enough formal code to help, but I’m also intrigued by Coq, a small browser kernel that mediates access to system resources for all other browser components. If STEED can help simplify distributed email encryption, that might also make it easier to distribute needed components.

Two weeks ago, when I wondered about whether computing could recover from this summer’s collapse of trust, ‏@QuentinJohns1 tweeted back that “transparency and openness will restore trust by its very nature.” I had my doubts—transparency isn’t always welcome, and openness makes it easy to disrupt processes. In the long run, however,
http://programming.oreilly.com/2013/...ath-trust.html





Former Microsoft Privacy Chief Says He No Longer Trusts The Company
Joel Hruska

Microsoft's onetime Chief Privacy Advisor, Caspar Bowden, has come out with a vote of no-confidence in the company's long-term privacy measures and ability or interest to secure user data in the wake of the NSA's PRISM program. From 2002 - 2011, Bowden was in charge of privacy at Microsoft, and oversaw the company's efforts in that area in more than 40 countries, but claims to have been unaware of the PRISM program's existence while he worked at the company. In the two years since leaving Microsoft, Bowden has ceased carrying a cell phone and become a staunch open source user, claiming that he no longer trusts a program unless he can see the source.

"The public now has to think about the fact that anybody in public life, or person in a position of influence in government, business or bureaucracy, now is thinking about what the NSA knows about them. So how can we trust that the decisions that they make are objective and that they aren't changing the decisions that they make to protect their career? That strikes at any system of representative government." As Bowden goes on to point out, if you aren't a US citizen, you have no protection whatsoever from PRISM.

The Foreign Angle

This is a point that has real potential consequences for any international company. The NSA claims that there are protections that keep the data of ordinary US citizens out of abusive hands, and that we should trust them with this information. Some people agree with that. Some people don't. But what no one disagrees with is the fact that foreign companies, governments, and citizens have no protections of any kind. To the contrary, some of the NSA's documentation explicitly plays up the fact that huge amounts of foreign traffic travels through the United States on a regular basis.

Much of the NSA's work is devoted to snooping on this foreign traffic to monitor and record what various groups are up to. And these groups have no protection whatsoever under US law. The bigger problem here is that due to the way the Internet routes traffic, there's no guarantee that a message from Point to Point B doesn't travel over US networks. Obviously that's not going to happen if you're sending data from one small town to another in Europe, but a message from, say, Brazil to Canada almost certainly passes through the United States. A message from South or Central America to Europe or China? Same deal.

This is a fundamental problem for nations that aren't interested in exposing their traffic to American observation, whether they're engaged in nefarious activities or not. Long term, the problem could lead to the construction of digital firewalls, in which the United States is effectively isolated behind protective nodes built by local governments to scrub and redirect traffic away from potential capture points. This is directly in opposition to the central concept of the Internet, which is a dynamic structure capable of responding to outages or damage by routing around the problem.

Traffic flows, however, can be rerouted.

It's not that Microsoft is unique, here. In fact, the situation would be simpler to solve if they were. The problem is that the access the NSA has crafted for itself applies to all companies equally. Microsoft, Yahoo, Google, Apple -- your data is as secure as the NSA decides it is, and not one jot more.
http://hothardware.com/News/Former-M...s-The-Company/





Obama Spy Panel is Loaded with Insiders, Critics Charge
Anita Kumar

After a public backlash to government spying, President Barack Obama called for an independent group to review the vast surveillance programs that allow the collections of phone and email records.

Now, weeks before the group’s first report is due, some lawmakers, technology organizations and civil liberties groups are concerned that the panel’s members are too close to the Obama administration and its mission too vague to provide a thorough scrubbing of the National Security Agency technologies that have guided intelligence gathering since the Sept. 11, 2001, terrorist attacks.

The Review Group on Intelligence and Communications Technologies works in the office of the director of national intelligence; reports to its director, James Clapper, who’s been accused of lying to Congress about the programs; and has ties to his current and former bosses, Obama and former President Bill Clinton.

“There is ample evidence now that we need an independent investigation of the impact of the NSA’s spying program on Americans’ constitutional rights and civil liberties,” said Sen. Tom Udall, D-N.M., who has advocated for NSA changes. “A task force appointed by the president, reporting to the DNI, certainly won’t inspire confidence and may simply rubber-stamp a program that is dangerously infringing on Americans’ privacy rights.”

Obama had repeatedly downplayed the scope of the surveillance programs after leaks of top-secret documents by former NSA contractor Edward Snowden, but he eventually addressed the rising public criticism. Documents showed the NSA is collecting the telephone records of tens of millions of Verizon customers as well as emails through nine companies including tech giants Microsoft, Yahoo, Google and Facebook.

He announced he would form a “high-level group of outside experts” that “protects our national security and advances our foreign policy while respecting our commitment to privacy and civil liberties” in early August, when he unveiled a series of proposals designed to provide more oversight on the government’s ability to spy on Americans. He also declassified documents, created a website to release information and name an NSA civil liberties and privacy officer.

The members of the review group are Richard Clarke, the chief counterterrorism adviser on the National Security Council for Clinton who later worked for Republican President George W. Bush; Michael Morell, Obama’s former deputy CIA director; law professor Geoffrey Stone, who has raised money for Obama and spearheads a committee hoping to build Obama’s presidential library in Chicago; law professor Cass Sunstein, administrator of information and regulatory affairs for Obama; and Peter Swire, a former Office of Management and Budget privacy director for Clinton.

“At the end of the day, a task force led by Gen. Clapper full of insiders – and not directed to look at the extensive abuse – will never get at the bottom of the unconstitutional spying,” said Mark Jaycox, a policy analyst for the Electronic Frontier Foundation, a privacy advocacy group.

The review group met with Obama in late August and with a dozen civil liberties and business groups in a pair of meetings in September. Some who attended said they raised concerns about the programs, but panel members – at least one was missing from each meeting – did not respond to them, saying in several instances they could not reveal information because it is classified.

The panel’s meetings are closed anyway after Clapper exempted it from the U.S. Federal Advisory Committee Act, which would have required it to keep the public informed and hold open meetings, for “reasons of national security,” according to a statement from the group sent from Clapper’s office. “While we are exempt from the FACA, we are conducting this review as openly and transparently as possible,” the statement says.

Sascha Meinrath, director of the Open Technology Institute and vice president at the New America Foundation, who attended one of the meetings, said the process is set up to solicit only a “modest” review that will not help restore eroding trust around the globe. “It won’t solve the problem,” he said.

Technology organizations and civil liberties groups monitoring the process say they worry the members are too focused on legal issues, not technical ones. Some members, they say, don’t know which questions to ask.

Michelle Richardson, legislative counsel with the American Civil Liberties Union who attended one of the meetings, said the review group’s membership should have been more diverse and the mission more specific. She said it’s too soon to tell how effective the group will be, but “no one is going to do a top-to-bottom review.”

The group is seeking public comment before Oct. 4. It is required to provide an interim report to Obama later this month and a final report by Dec. 15.

Caitlin Hayden, a spokeswoman for the White House National Security Council, said Obama has “full confidence” in Clapper and “looks forward to hearing from this group of experts when its work is done.”

“The DNI’s role in this case is one of facilitation, and while the DNI will not take part in the group, the DNI will support the group and the group’s report will be sent through the DNI,” Hayden said. “The members require security clearances and access to classified information, so they need to be administratively connected to the government; the DNI’s office is the right place to play that role.”

Meanwhile, Udall said he has asked the independent, congressionally created Privacy and Civil Liberties Oversight Board to investigate the NSA’s programs and issue a public report of its findings, though there is no specific timetable for that to be done.

The senator’s committee, the Appropriations Subcommittee on Financial Services and General Government, has proposed a spending bill next year that would fund that board at a level that would allow it to hire staff and fully examine surveillance programs.
http://www.mcclatchydc.com/2013/10/0...aded-with.html





NSA Stores Metadata of Millions of Web Users for Up to a Year, Secret Files Show

• Vast amounts of data kept in repository codenamed Marina
• Data retained regardless of whether person is NSA target
• Material used to build 'pattern-of-life' profiles of individuals
• What is metadata? Find out with our interactive guide

James Ball

The National Security Agency is storing the online metadata of millions of internet users for up to a year, regardless of whether or not they are persons of interest to the agency, top secret documents reveal.

Metadata provides a record of almost anything a user does online, from browsing history – such as map searches and websites visited – to account details, email activity, and even some account passwords. This can be used to build a detailed picture of an individual's life.

The Obama administration has repeatedly stated that the NSA keeps only the content of messages and communications of people it is intentionally targeting – but internal documents reveal the agency retains vast amounts of metadata.

An introductory guide to digital network intelligence for NSA field agents, included in documents disclosed by former contractor Edward Snowden, describes the agency's metadata repository, codenamed Marina. Any computer metadata picked up by NSA collection systems is routed to the Marina database, the guide explains. Phone metadata is sent to a separate system.

"The Marina metadata application tracks a user's browser experience, gathers contact information/content and develops summaries of target," the analysts' guide explains. "This tool offers the ability to export the data in a variety of formats, as well as create various charts to assist in pattern-of-life development."

The guide goes on to explain Marina's unique capability: "Of the more distinguishing features, Marina has the ability to look back on the last 365 days' worth of DNI metadata seen by the Sigint collection system, regardless whether or not it was tasked for collection." [Emphasis in original.]

On Saturday, the New York Times reported that the NSA was using its metadata troves to build profiles of US citizens' social connections, associations and in some cases location, augmenting the material the agency collects with additional information bought in from the commercial sector, which is is not subject to the same legal restrictions as other data.

The ability to look back on a full year's history for any individual whose data was collected – either deliberately or incidentally – offers the NSA the potential to find information on people who have later become targets. But it relies on storing the personal data of large numbers of internet users who are not, and never will be, of interest to the US intelligence community.

Marina aggregates NSA metadata from an array of sources, some targeted, others on a large scale. Programs such as Prism – which operates through legally compelled "partnerships" with major internet companies – allow the NSA to obtain content and metadata on thousands of targets without individual warrants.

The NSA also collects enormous quantities of metadata from the fibre-optic cables that make up the backbone of the internet. The agency has placed taps on undersea cables, and is given access to internet data through partnerships with American telecoms companies.

About 90% of the world's online communications cross the US, giving the NSA what it calls in classified documents a "home-field advantage" when it comes to intercepting information.

By confirming that all metadata "seen" by NSA collection systems is stored, the Marina document suggests such collections are not merely used to filter target information, but also to store data at scale.

A sign of how much information could be contained within the repository comes from a document voluntarily disclosed by the NSA in August, in the wake of the first tranche of revelations from the Snowden documents.

The seven-page document, titled "The National Security Agency: Missions, Authorities, Oversight and Partnerships", says the agency "touches" 1.6% of daily internet traffic – an estimate which is not believed to include large-scale internet taps operated by GCHQ, the NSA's UK counterpart.

The document cites figures from a major tech provider that the internet carries 1,826 petabytes of information per day. One petabyte, according to tech website Gizmodo, is equivalent to over 13 years of HDTV video.

"In its foreign intelligence mission, NSA touches about 1.6% of that," the document states. "However, of the 1.6% of the data, only 0.025% is actually selected for review.

"The net effect is that NSA analysts look at 0.00004% of the world's traffic in conducting their mission – that's less than one part in a million."

However, critics were skeptical of the reassurances, because large quantities of internet data is represented by music and video sharing, or large file transfers – content which is easy to identify and dismiss without entering it into systems. Therefore, the NSA could be picking up a much larger percentage of internet traffic that contains communications and browsing activity.

Journalism professor and internet commentator Jeff Jarvis noted: "[By] very rough, beer-soaked-napkin numbers, the NSA's 1.6% of net traffic would be half of the communication on the net. That's one helluva lot of 'touching'."

Much of the NSA's data collection is carried out under section 702 of the Fisa Amendments Act. This provision allows for the collection of data without individual warrants of communications, where at least one end of the conversation, or data exchange, involves a non-American located outside the US at the time of collection.

The NSA is required to "minimize" the data of US persons, but is permitted to keep US communications where it is not technically possible to remove them, and also to keep and use any "inadvertently" obtained US communications if they contain intelligence material, evidence of a crime, or if they are encrypted.

The Guardian has also revealed the existence of a so-called "backdoor search loophole", a 2011 rule change that allows NSA analysts to search for the names of US citizens, under certain circumstances, in mass-data repositories collected under section 702.

According to the New York Times, NSA analysts were told that metadata could be used "without regard to the nationality or location of the communicants", and that Americans' social contacts could be traced by the agency, providing there was some foreign intelligence justification for doing so.

The Guardian approached the NSA with four specific questions about the use of metadata, including a request for the rationale behind storing 365 days' worth of untargeted data, and an estimate of the quantity of US citizens' metadata stored in its repositories.

But the NSA did not address any of these questions in its response, providing instead a statement focusing on its foreign intelligence activities.

"NSA is a foreign intelligence agency," the statement said. "NSA's foreign intelligence activities are conducted pursuant to procedures approved by the US attorney general and the secretary of defense, and, where applicable, the foreign intelligence surveillance (Fisa) court, to protect the privacy interests of Americans.

"These interests must be addressed in the collection, retention, and dissemination of any information. Moreover, all queries of lawfully collected data must be conducted for a foreign intelligence purpose."

It continued: "We know there is a false perception out there that NSA listens to the phone calls and reads the email of everyday Americans, aiming to unlawfully monitor or profile US citizens. It's just not the case.

"NSA's activities are directed against foreign intelligence targets in response to requirements from US leaders in order to protect the nation and its interests from threats such as terrorism and the proliferation of weapons of mass destruction."
http://www.theguardian.com/world/201...year-documents





Internet Freedom on Decline Worldwide as Governments Tighten Grip – Report

Improved surveillance, takedown of opposition websites for “illegal content” and paid pro-government commentators are among the increasingly sophisticated tools used by authorities to restrict internet freedom, a new report claims.

The 2013 Freedom on the Net report, compiled by non-profit Freedom House, says that 34 out of the 60 countries it surveyed suffered a falloff in internet freedom over the past year.

Iran, Cuba, China and Syria were ranked as countries with the greatest restrictions. China, which blocks millions of websites and employs thousands-strong armies of censors, “led the way in expanding an elaborate technological apparatus for system internet censorship, while further increasing offline coercion and arrests to deter freedom of expression online.”

Iceland, Estonia and Germany took the podium places in the ranking, followed by the United States.

Nonetheless, the US was castigated for a “troubling decline” in internet freedom, largely as a result of wide-ranging surveillance practices revealed through Edward Snowden’s NSA leaks.

“Critics have raised concern that the secret NSA programs may violate the 4th Amendment of the United States Constitution, which protects people inside the US (citizens and non-citizens alike) from unreasonable search and seizure, as well as human rights enshrined in international agreements,” stated the report.

In 35 of the 60 countries examined, the government has “either obtained more sophisticated surveillance technology, increased the scope of people monitored, or passed a new law giving it greater monitoring authority.”

The authors also suspect that surveillance may have increased in other countries which are simply “better at covering their tracks.”

Many countries are also moving from technological to legal solutions in their battle against freedom of expression.

“While blocking and filtering remain the preferred methods of censorship in many countries, governments are increasingly looking at who is saying what online, and finding ways to punish them,” said Sanja Kelly, project director for Freedom on the Net at Freedom House.

“In some countries, a user can get arrested for simply posting on Facebook or for “liking” a friend’s comment that is critical of the authorities,” she added.

The report says that in 26 countries, people were arrested for posting “socially-relevant statements on social-media sites.”

Russia - which is otherwise placed in the middle of the ranking - is singled out as an “important incubator” of indirect methods of repression which are then adopted by other countries, particularly former Soviet republics.

Among the authorities’ actions is the passing of a “broadly-worded” internet ‘blacklist’ law last year that allows prosecutors to order websites offline without judicial evidence. While the law is theoretically intended to block illegal content – such as child pornography – the authors say that it has been used against opposition websites and blogs.

The government is also accused of using proxy groups, which receive public funds, “to widely engage in all kinds of digital activities, including paying commentators to post content, disseminating DDoS attacks (cyber attacks), and hijacking blog ratings.”

While the practice of paying commentators is said to have been pioneered in China and Russia, the report says that it is now being adopted in at least 22 countries on its list, such as Malaysia and Belarus.

On the whole, the tone of the report is of overwhelming concern, but in sixteen countries the situation has improved.

One major positive trend has also emerged – the rise of online activism, designed to protest laws that adversely affect the internet, or society as a whole. The report says that 11 countries – including the Philippines and Mexico – were able to repeal or soften freedom-restricting laws as a result of online campaigns.

“There is a rising public consciousness about internet freedom and freedom of expression issues. Citizens’ groups are able to more rapidly disseminate information about negative proposals and put pressure on the government,” wrote the authors.

“In addition, information technologies have started to play an important role in advocacy for positive change on other policy topics, from corruption to women’s rights.”
http://rt.com/news/internet-freedom-house-report-706/





Matchstick-Sized Sensor Can Record Your Private Chats
Jim Nash

A sensor previously used for military operations can now be tuned to secretly locate and record any single conversation on a busy street

EVERYONE knows that to have a private chat in the NSA era, you go outdoors. Phones, the internet, email and your office can all be compromised with ease. But soon even that whispered conversation in the park may no longer be safe from prying ears.

Carrying out covert audio surveillance along a city street or a wooded path, say, currently requires parabolic microphones, which look like large, clear salad bowls and need a direct, unobstructed view of the subject. Hardly 007 territory.

Now, a Dutch acoustics firm, Microflown Technologies, has developed a matchstick-sized sensor that can pinpoint and record a target's conversations from a distance.

Known as an acoustic vector sensor, Microflown's sensor measures the movement of air, disturbed by sound waves, to almost instantly locate where a sound originated. It can then identify the noise and, if required, transmit it live to waiting ears.

Conventional microphones work when sound waves make a diaphragm move, creating an electrical signal. Microflown's sensor has no moving parts. It consists of two parallel platinum strips, each just 200 nanometres deep, that are heated to 200 °C. Air molecules flowing across the strips cause temperature differences between the pair. Microflown's software counts the air molecules that pass through the gap between the strips to gauge sound intensity: the more air molecules in a sound wave, the louder the sound. At the same time, it analyses the temperature change in the strips to work out the movement of the air and calculate the coordinates of whatever generated the sound.

Until now, the military has been using an early version of the sensor to pinpoint enemy planes and rockets. A single sensor can track and identify multiple distant jets, mortar rounds and sniper rifles in any environment.

Earlier this year, Microflown's researchers discovered by chance that the device can hear, record or stream an ordinary conversation from as far away as 20 metres, says Hans-Elias de Bree, the firm's co-founder. Signal-processing software filters out unwanted noise like wind or traffic commotion. Work is now underway to increase the range.

Given a battery and a tiny antenna, the sensor could be attached to traffic lights, a shrub or park bench. Such systems can be teamed with surveillance cameras. Detecting a shout or a gunshot, the sensor can direct the camera to the precise location of trouble, the way our ears work with our eyes. It can then start recording everything that is being said in that location.

A number of countries are now testing the matchstick sensor attached to drones and crewed vehicles, says de Bree. He foresees governments placing them on small dirigibles that tail suspects or hover over political rallies.

"Not only could this work, it has worked," says Ron Barrett-Gonzalez at the University of Kansas. He has helped boost the sensor's range by 28 per cent to more than 25 metres. It will be possible to record a parade of people on a busy sidewalk all day using a camera and acoustic sensor, and tune into each conversation or voice, live or via stored files, he says.

Security technologist Bruce Schneier says this new capability is unwelcome – particularly given the recent claims about the NSA's success at tapping into our private lives. "It's not just this one technology that's the problem," Schneier says. "It's the mic plus the drones, plus the signal processing, plus voice recognition."
http://www.newscientist.com/article/...l#.UkgrVuWgTQI





Swiss War Game Envisages Invasion by Bankrupt French
Henry Samuel

Hordes of bankrupt French invade Switzerland to get their hands on their “stolen” money — such is the imaginary scenario cooked up by the Swiss military in simulations revealed over the weekend.

Carried out in August, the apparently outlandish army exercise was based on the premise of an attack by a financially stricken France split into warring regions, according to Matin Dimanche, the Lausanne-based daily.

One of these, “Saônia,” corresponding to the existing Jura region, was preparing attacks on Switzerland to retrieve money it had apparently swiped from France.

Operation “Duplex-Barbara” went as far as imagining a three-pronged invasion from points near Neufchâtel, Lausanne and Geneva, according to a map published in the Swiss newspaper.

Behind the dastardly raid was a paramilitary organisation dubbed BLD, the Dijon Free Brigade bent on grabbing back “money that Switzerland had stolen from Saônia”.

“For its credibility, the Swiss army must work (to ward against) threats of the 21st century,” Antoine Vielliard, Hauate-Savoie councillor, told Matin Dimanche.

However, Daniel Berger, captain of the Swiss armoured brigade, sought to play down the specificity of the threat.

"The exercise has strictly nothing to do with France, which we appreciate" he told the Swiss press. “It was prepared in 2012, when fiscal relations between both countries were less tense.” “French towns were cited to provide soldiers with a real scale,” he said.

Famous for its bank secrecy laws, Switzerland often comes under criticism for allowing foreign account holders to hide their wealth from tax officials at home.

But these opaque laws are coming under increasing fire as France and the US, among others, are cracking down on tax evasion during a period of economic hardship.

This is by no means the first imaginary scenario dreamed up by the Swiss army. Last year, it carried out an exercise based on the premise that a huge wave of refugees crossed into the country after the implosion of the European Single Currency and ensuing chaos across the continent.

“Stabilo Due” centered around a risk map created in 2010 and envisaged internal unrest between warring factions as well as the possibility of refugees from Greece, Spain, Italy, France, and Portugal.

Warning of an escalation of violence in Europe, defense minister Ueli Maurer said at the time: “I can’t exclude that in the coming years we may need the army.” The military is a hot topic in Switzerland, which has mandatory military service. Under Swiss law, all able-bodied men at age 19 have to undergo five months of training, followed by refresher courses of several weeks over the next decade.

A referendum held a week ago saw a large majority of Swiss voters reject plans to abolish conscription.

The current number of recruits stands at around 155, 000 — the biggest army in Europe relative to population size.

Some 73.2 per cent of Swiss said “no” to proposals by the anti-military group, Group for a Switzerland Without an Army, to have either a professional army or one made up of volunteers.

Neutral Switzerland has not been invaded since the Napoleonic Wars of the early 19th century.

Recent scholars have questioned the belief that the Swiss military’s complex of underground bunkers deterred an invasion by the Nazis during the Second World War.

Some historians argued that Adolf Hitler left the Swiss alone because he wanted to use their banks.
http://www.telegraph.co.uk/news/worl...pt-French.html





Nokia's Cheap Smartphones Drive Windows in Europe

Microsoft's Windows platform has reached a 9.2 percent share in the smartphone operating system (OS) market in key European markets, driven by Nokia's low and mid-range models, market research firm Kantar said on Monday.

During the three months to August, the Windows Phone platform reached a market share of over 10 percent for the first time in France and Britain, with 10.8 percent and 12 percent respectively, the researcher said.

Nokia, which earlier this month agreed to sell its mobile phone handset business to Microsoft, is the main user of the Windows platform and the driver behind the increase.

"Windows Phone's latest wave of growth is being driven by Nokia's expansion into the low and mid-range market with the Lumia 520 and 620 handsets," said Kantar analyst Dominic Sunnebo.

"These models are hitting the sweet spot with 16 to 24 year-olds and 35 to 49 year-olds, two key groups that look for a balance of price and functionality in their smartphone."

Google's Android, which runs on Samsung and Sony smartphones among others, remained the leading platform in key European markets, which include Britain, Germany, France, Italy and Spain.

Android's market share increased to 70.1 percent from 68.8 percent in the same period last year. Apple's iOS was the second-biggest platform with a 16.1-percent market share, 2 percentage points more than last year.

BlackBerry, which earlier this month agreed to go private, saw its market share more than halved to 2.4 percent from 5.8 percent.

(Reporting by Harro ten Wolde; editing by David Evans)
http://www.reuters.com/article/2013/...98T0RN20130930





AT&T Seeks to Defend Austin, Texas, Market with Faster Internet

AT&T Inc plans to start speeding up its Internet service in Austin, Texas, in December, to defend itself against a planned ultra high-speed Internet and television service to be launched by Google Inc in the same city next year.

Texas' capital city, with a population of 840,000, has a reputation as a high-tech industry hub.

After Google said in April that it would bring a service of 1 gigabit-per-second to Austin users, AT&T followed with a promise to match the offer if it obtained the same regulatory terms granted to Google by local authorities.

AT&T said on Tuesday that it would start by offering a 300 megabits-per-second service in December, and that by mid-2014 the speed would increase to up to 1 gigabit per second. It said this would allow users to download an entire high-definition movie in less than 2 minutes.

The AT&T service promised for December is almost seven times faster than AT&T's fastest existing home broadband offering.

Google had initially billed its first "Google Fiber" broadband offer, launched in Kansas City, Missouri, last year, as a test project to spur development of new Web services and technology.

But it has since suggested that high-speed Internet could be a viable business for the company, causing traditional broadband rivals such as AT&T to prepare a response.

AT&T's chief executive, Randall Stephenson, told investors at a conference on September 24 that AT&T was working on the Austin project and that he expected the company to do "multiple markets like this over the next few years."

AT&T said it will reach "tens of thousands of customer locations" in Austin and the surrounding areas this year with its new speeds and will expand to more neighborhoods in 2014.

Google's Fiber service, which the company says provides Internet speeds 100 times faster than today's average broadband service, will be available in Austin by mid-2014. Google began offering Fiber in Kansas City in late 2012 and will make the service available in Provo, Utah, by the end of this year.

(Reporting by Sinead Carew in New York and Alexei Oreskovic in San Francisco; editing by Matthew Lewis)
http://www.reuters.com/article/2013/...99004U20131001





Coca-Cola Plans Kiosks With Water and Internet
Donald G. McNeil Jr.

The Coca-Cola Company plans to erect 150 kiosks in 20 countries that will offer water, electricity and Internet connections; they may also sell Coke and other products.

“We’re calling it a downtown in a box,” said Serena Levy, a company spokeswoman.

The announcement was made by Coca-Cola’s chairman, Muhtar Kent, at the Clinton Global Initiative meeting.

Right now, one such kiosk exists, a pilot version in Heidelberg, South Africa. It is a shipping container with solar panels for power, a satellite dish for wireless communication and a Slingshot water distiller designed by Dean Kamen, the Segway inventor.

Setup costs are an issue; for example, the first Slingshots cost more than $100,000 to build, but Mr. Kamen has said that he hopes volume will push the price below $2,000.

Ideally, the Coca-Cola Company said, the kiosks will be run by women. Which products and services the company will charge for is under discussion; they could, for example, store vaccines and offer health education without cost while asking people to pay for water and cellphone charging.

“We’re still working on the business model,” Ms. Levy said.

Soft drink companies are often accused of contributing to the obesity epidemic and Coca-Cola has been criticized for expanding its line of sugary products into poor countries where nutrition is subpar and dental care is lacking. Coke executives have countered that their bottling plants supply clean water and small entrepreneurs make money selling their drinks.
http://www.nytimes.com/2013/10/01/he...-internet.html
















Until next week,

- js.



















Current Week In Review





Recent WiRs -

September 28th, September 21st, September 14, September 7th

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public." - Hugo Black
JackSpratts is offline   Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 02:21 PM.

Contact Us - www.p2p-zone.com - Top

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)