P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 14-08-13, 06:55 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - August 17th, '13

Since 2002


































"Director Clapper will not be a part of the group, and is not leading or directing the group’s efforts." – Caitlin Hayden, a White House spokeswoman






































August 17th, 2013




To Stop File-Sharing, One Needs to Intercept All Internet Traffic

Copyright laws are outdated and need reforming to catch up with reality, but traditional parties do not want to discuss it, states the leader of Sweden's Pirate Party, Anna Troberg.

In celebration of its 10th anniversary, the flagship pirate website The Pirate Bay has released a modified browser intended to circumvent censorship. The leader of Sweden's Pirate Party, the history of which is very closely tied to that of Pirate Bay, spoke with RT about this somewhat extraordinary voyage.

RT: You have seen all the prosecution and even persecution of the Pirate Bay. How is it still around?

Anna Troberg: It is actually quite amazing that the Pirate Bay is still alive. I mean it’s been around for 10 years and 10 years is an eternity in internet time. Also, as you said it has been persecuted by a lot of copyright industry companies - especially from America, Hollywood – and music industry. But they managed to stay alive through a lot of tricks.

Swedish Pirate party has been helping them for about three years to stay online. But I also think that the copyright industry will have a very hard time trying to close them down even in the future.

RT: Copyright lobbies are driven by the commercial impact of pirated material. The United States and the EU flourish on commerce. How can your party - which advocates less stringent copyright laws - hope to fit in?

AT: We want to reform the copyright laws because they are old now. The world has changed so much just in past 10 to 15 years since the internet really grew big not only in Europe and America but also in the rest of the world. The copyright has to be reformed: it has to be possible for people to copyright material and to share it with their friends. And it should also be of no harm to the copyright industry. Basically, copyright works as PR. So it’s a really good thing.

We want to have the copyright law that works with the time and with the users, and with people who love culture and want to share it and not work against it.

RT: At the core - your party focuses on the free flow of information. How does surveillance figure in your party's thinking?

AT: The right to personal integrity is incredibly important for the Pirate Party. It’s also very closely linked to file-sharing, because if you want to stop file-sharing, someone somewhere needs to know everything that you and me send and receive with our computers.

You all know what we do with computers today: we work over the internet, we date over the internet, we buy things, and we communicate with our friends. So, to have someone monitoring everything that you do online is a huge integrity infringement.

We had [NSA leaker] Edward Snowden revealing the American spying on the internet. And it’s a huge problem that we need to deal with – a problem that the whole world has to deal with since it’s not something that only American citizens are targeted with, but something that everyone who uses the internet is potentially targeted with.

RT: And how has this surveillance scandal in the US affected your party and its support? How much does the public care?

AT: I think the public cares a lot. The problem for my party and for other people who are interested in maintaining right to your private life and your right to personal integrity is that traditional parties do not really want to talk about these issues. They have their own surveillance scandals.

In Sweden we have something called the FRA law which also [authorizes] kind of state monitoring of, among other things, internet activity.

So, the traditional parties do not want to discuss it and that is a problem for us because in order to have a political debate you need a counterpart; you can’t debate with yourself. That is our challenge – to try and get the message out to people even though no other party in Sweden wants to discuss these things.
http://rt.com/op-edge/pirate-bay-copyright-troberg-452/





Pirate Bay’s Anti-Censorship Browser Clocks 100,000 Downloads
Ernesto

Within three days of its launch The Pirate Bay’s PirateBrowser, which allows people to bypass ISP filtering and access blocked websites, has already been downloaded more than 100,000 times. The Pirate Bay team say they never expected the browser to catch on this quickly, while noting that they are determined to provide more anti-censorship tools.

On the occasion of its 10th anniversary last Saturday, The Pirate Bay sent out a gift to its users – the PirateBrowser.

Blocked by court orders all over the world, Pirate Bay is arguably the most censored website on the Internet. The PirateBrowser software allows people to bypass these restrictions.

It appears that the browser idea is right on the money. New statistics revealed today show that blocked users have been downloading the tool en masse.

Within three days of its launch more than 100,000 people have already downloaded PirateBrowser via the direct link, and the official torrent file is being shared by more than 5,000 people at the time of publication.

While The Pirate Bay anticipated some interest it never expected PirateBrowser to generate this many downloads.

“I didn’t think it would catch on so fast,” The Pirate Bay’s Winston tells TorrentFreak. “I guess people want to see the websites their governments and courts are trying to hide from them.”

To cope with the massive demand The Pirate Bay had to upgrade the connection for the download link. Even after three days PirateBrowser is still averaging well above a thousand downloads per hour.

The browser is based on Firefox 23 bundled with a Tor client and some proxy configurations to speed up page loading. It is meant purely as a tool to circumvent censorship, but The Pirate Bay teams wants to reiterate that it doesn’t provide any anonymity for its users.

“It’s not providing anonymity and it’s not secure to hide your identity. PirateBrowser is only supposed to circumvent censoring and website blocking. If we made the browser fully anonymous it would only slow down browsing,” Winston explains.

In addition to the current Windows application, Mac and Linux versions of the PirateBrowser will be released in the near future.

The anti-censorship browser is just the first tool The Pirate Bay will release. They are currently working on a special BitTorrent-powered application, which lets users store and distribute The Pirate Bay and other websites on their own computers, making it impossible for third parties to block them.

And so the game of Whack-A-Mole continues.
http://torrentfreak.com/pirate-bays-...e-days-130813/





A New "451" Error Message Would Tell Users When Governments Are Blocking Websites
Meghan Neal

If you don't think book burning is a fair analogy for blocked websites, may I remind you that the British Library's wi-fi filter recently blocked users from accessing Hamlet due to its "violent" content. And the Shakespeare-blocking library is just the tip of the iceberg when it comes to inadvertent censorship. Over the years there's been a steady stream of reports of innocent websites getting swept up in overzealous copyright crackdowns, and free expression activists fear the same will happen under British Prime Minister David Cameron's controversial "pornwall."

To fend off the chilling effects of heavy-handed internet restriction, the UK consumer rights organization Open Rights Group wants to create a new version of the “404 Page Not Found” error message, called “451 unavailable,” to specify that a webpage wasn’t simply not there, it was ordered to be blocked for legal reasons.

In case you missed the reference, the number is shout-out to Ray Bradbury’s book-burning government censorship novel Fahrenheit 451. The campaign's hope is to increase transparency and shine a light on web censorship—both intended and inadvertent. If the group gets its way, the 451 message would include information on who initiated the block, the reasons for it, links to the relevant court documents, and steps for how to go about challenging the block.

Though the campaign’s roots are in the UK, the new HTTP code would be available globally. (The idea for a new 451 status code isn’t a new one—Google developer Tim Bray first submitted a proposal for the new code to the Internet Engineering Task Force in June, and is reportedly happy to see the rights group picking up the effort.)

Here's an example of what the 451 message would look like, according to the campaign's website:

HTTP/1.1 451 Unavailable For Legal Reasons Content-Type: text/htmlError 451:

Unavailable For Legal Reasons

Error 451: Unavailable For Legal Reasons

Access to this domain has been restricted in the United Kingdom due to the Court Order [Blocked Website]/[Case number] following the Judgment [Name of Court Case].

This Court Order was imposed under the Copyright, Designs and Patents Act 1988.

This Court Order was became valid on [Date of start of Court Order] and is currently valid until [Court Order Expiration Date].

If you believe this that this web domain has been incorrectly blocked, please contact [the appropriate legal authority] at [the appropriate legal authority] or [the address of the appropriate legal authority].


It’s certainly an area in need of clarity. The 400 range of HTTP codes indicates a client error—401 "unauthorized" and 403 "forbidden" mean you don't have permission to access the page. Beyond that, there’s no way to tell if acces is denied because authentication is required, the webpage is restricted, or if the the government ordered it go black entirely.

As of now, ISPs aren't required to publish which websites they’re ordered to block, though some of them voluntarily do, albeit not to the detailed extent Open Rights Group is proposing. While the court orders that ISPs are sent requesting to take down sites are open to the public, they can be tricky to get ahold of. According to the group, ISPs are reluctant to hand over the documents.

The lion’s share of takedown requests are for copyright infringement, but in light of the UK porn filter and subsequent cries of government censorship, the timing for a transparency push is ripe. Open Rights Group has been hot on the case: It warned that the filter would snuff out more than just smut, and petitioned to stop the prime minister from "sleepwalking the UK into censorship." “Censorship is rearing its ugly head in the UK,” the group wrote on its blog. “A number of proposals from the government and others put the free flow of information in the UK at risk, with suggestions that website blocking be used for content related to copyright infringement, terrorism and adult material.”

There isn't necessarily anything wrong with protecting intellectual property or discouraging sexual exploitation. But the fear, of course, is that it’s a slippery slope. When the government or the courts or the rights owners in Hollywood have the power to oust websites like a game of whack-a-mole, without explaining to consumers exactly why or how to contest it, what’s to stop the abuse of that power? More transparency can’t hurt.
http://motherboard.vice.com/blog/451...cking-websites





ORG Asks Court for Web Blocking Documents

Courts have not been forthcoming with access to website blocking orders, citing administrative reasons for refusing to treat them as public documents.
Jim Killock

A few weeks ago, ORG published the website 451unavailable.org to compile and analyse website blocking orders in the UK.

Our aim is to create transparency over what methods of blocking are being authorised, what blocking is being done and by whom.

Once a judge has decided that a website deserves to be blocked under Section 97A of the Copyright Act, each ISP is sent a court order describing the actions they must take to block the website. It specifies the kind of blocking to be undertaken. The court order contains other important information, including the name of the organisation responsible for mistakes and changes to the lists of clone sites to be blocked.

Publication of the orders should benefit everyone. Courts, ISPs and copyright holders stand to benefit by having this knowledge made public. Accountability, fewer errors and less confusion about what is happening should be the result.

However, ISPs are often reluctant to share the orders with us, despite the fact they are 'public documents'. Possibly they feel that copyright owners asking for the orders may find publication by an ISP provocative. This means we are obliged to ask the courts for the documents, in order that we can publish and analyse their contents.

Unfortunately, court officials so far have turned down ORG's requests for copies of the blocking orders. They have done this because, they say, 'judgment has not been entered' or 'service has not been acknowledged'.

We think court orders ought normally to be easily accessible to the public at all stages of litigation. At present the rules governing access to court documents only permit access to these orders as of right once the litigation has finished. The courts seem to be treating blocking injunctions as if they were like temporary injunctions made while proceedings are still going on. In fact the injunctions are the end of the section 97A process. Nothing more is intended to happen.

This week we therefore applied to have a procedural judge (a 'Master') in the High Court to look at our requests to gain access to the documents relating to the blocks of Fenopy, H33t and Kickass Torrents.

We hope to persuade the Master that a section 97A blocking injunction should be treated like any final judgment in court and be available to the public as of right. If we cannot do that, we will ask the Master's permission to have access to the orders.

As the orders proliferate, it is important that 451unavailable.org keeps a record of what is happening. In due course, we hope that ISPs will also link to these documents in their blocking notices, to make it clear what the legal authority for the block is.
https://www.openrightsgroup.org/blog...king-documents





Lavabit.com Owner: 'I Could be Arrested' for Resisting Surveillance Order
Michael Isikoff

The owner of an encrypted email service used by ex-NSA contractor Edward Snowden said he has been threatened with criminal charges for refusing to comply with a secret surveillance order to turn over information about his customers.

"I could be arrested for this action," Ladar Levison told NBC News about his decision to shut down his company, Lavabit LLC, in protest over a secret court order he had received from a federal court that is overseeing the investigation into Snowden.

Lavabit said he was barred by federal law from elaborating on the order or any of his communications with federal prosecutors. But a source familiar with the matter told NBC News that James Trump, a senior litigation counsel in the U.S. attorney’s office in Alexandria, Va., sent an email to Levison's lawyer last Thursday – the day Lavabit was shuttered -- stating that Levison may have "violated the court order," a statement that was interpreted as a possible threat to charge Levison with contempt of court.

Trump, who has been a lead attorney on high-profile leak investigations targeting former CIA officers John Kiriakou and Jeffrey Sterling, did not respond to a request for comment, nor did prosecutors in the U.S. Attorney’s Office, whose prosecutors have charged Snowden with violations of the Espionage Act. "We have no comment," said Andrew Ames, a spokesman for the Justice Department.

Levison, a 32-year-old entrepreneur who ran his company out of a Dallas apartment, said in a public statement last Thursday that he made "the difficult decision" to shut down Lavabit because he did not want "to become complicit in crimes against the American people."

The court order that prompted the action is believed by legal observers to be a sealed subpoena or a national security letter requiring him to cooperate in surveillance related to the Snowden investigation. Recipients of such legal orders are barred from publicly comment on them. Levison said he believes this prohibition is a violation of his First Amendment rights while the underlying request violated the Fourth Amendment rights of his customers. "I'm fighting it in every way," said Levison, adding that he is challenging the government’s action in a federal appeals court.

"Because the government has barred Lavabit from disclosing the nature of its demands, we still don't know what information the government is seeking, or why it's seeking it," said Ben Wizner, a national security lawyer for the ACLU. "It's hard to have a debate about the reasonableness of the government's actions — or Lavabit's response, for that matter — when we don't know what we're debating."

Levison said he started Lavabit 10 years ago to capitalize on public concerns about the Patriot Act, offering customers a paid service — between $8 and $16 a year — that would encrypt their emails in ways that would make it extremely difficult, if not impossible, for law enforcement agents to decipher. He said that until he shut down, his small company was generating about $100,000 in revenue annually with about 10,000 users paying for the encryption service.

One who appears to have been a customer was Snowden: When the ex-NSA contractor invited human rights groups to a press conference at the Moscow airport on July 11, his message was communicated from a Lavabit.com email address — edsnowden@lavabit.com. Snowden himself told Glenn Greenwald of the Guardian last week that he found Levison’s decision to close rather than provide information to the government "inspiring" and asked why other larger companies such as Google "aren't fighting for our interest the same way small businesses are."

Levison stressed that he has complied with "upwards of two dozen court orders" for information in the past that were targeted at "specific users" and that "I never had a problem with that." But without disclosing details, he suggested that the order he received more recently was markedly different, requiring him to cooperate in broadly based surveillance that would scoop up information about all the users of his service. He likened the demands to a requirement to install a tap on his telephone. Those demands apparently began about the time that Snowden surfaced as one of his customers, apparently triggering a secret legal battle between Levison and federal prosecutors.

Levison said he has been "threatened with arrest multiple times over the past six weeks," but that he was making a stand on principle: "I think it's important to point out that what prompted me to shut down my service wasn't access to one person's data. It was about protecting the privacy of all my users."

He has also started a legal defense fund and said he's gotten "an overwhelming response," raising more than $90,000 in the past few days. Among those now backing him is former Texas congressman and Republican presidential candidate Ron Paul, who told NBC News on Tuesday that Levison's legal battle "should be in the interests of everybody who cares about liberty."
http://investigations.nbcnews.com/_n...nce-order?lite





Mega to Fill Secure Email Gap Left By Lavabit

Summary: Kim Dotcom's privacy company Mega prepares "cutting edge" email encryption service.
Rob O’Neill

Kim Dotcom’s “privacy company” Mega is developing secure email services to run on its entirely non-US -based server network as intense pressure from US authorities force other providers to close.

Last week Lavabit, which counted NSA leaker Edward Snowdon as a user, and Silent Circle both closed. Lavabit’s owner, Ladar Levison, said it he was shutting down to avoid becoming “complicit in crimes against the American people”.

Last week Mega chief executive Vikram Kumar told ZDNet the company was being asked to deliver secure email and voice services. In the wake of the closures, he expanded on his plans.

Kumar said work is in progress, building off the end-to-end encryption and contacts functionality already working for documents in Mega.

“The biggest tech hurdle is providing email functionality that people expect, such as searching emails, that are trivial to provide if emails are stored in plain text (or available in plain text) on the server side,” Kumar said.

“If all the server can see is encrypted text, as is the case with true end-to-end encryption, then all the functionality has to be built client side. [That’s] not quite impossible but very, very hard. That’s why even Silent Circle didn’t go there.”

A big issue is handling emails to and from non-encrypted contacts when Mega’s core proposition is end-to-end encryption, Kumar said.

“On this and other fronts, Mega is doing some hugely cutting-edge stuff,” he said. “There is probably no one in the world who takes the Mega approach of making true crypto work for the masses, our core proposition.”

Kumar said Mega is taking theoretic sounding technology such as Bloom filters and making them work for the masses. Work is also under way to keep Mega secure even if SSL/TLS is compromised.

“[It’s] exciting stuff but very hard so I think it will take months more to crack it,” he said. “But Mega will never launch anything that undermines its end-to-end encryption core security proposition and doesn’t work for the mythical grandmother.”

Meanwhile Kim Dotcom has said he may have to pull parts of Mega out of New Zealand if new surveillance legislation is passed into law.

Dotcom told TorrentFreak the US government and the other Five Eyes partners, UK, Canada, Australia and New Zealand are push new spy legislation to provide backdoors into internet services.

“The NZ government is currently aggressively looking to extend its powers with the GCSB [Government Computer Services Bureau] and the [Telecommunications Interception Capabilities] Act, which will force service providers with encryption capabilities to give them secret decryption access,” Dotcom said.

He added that might force some relocation of Mega’s network to other jurisdictions, such as Iceland.

Dotcom explained that, by design, Mega doesn’t hold decryption keys to customer accounts and “never will”.

Lavabit’s Levison said: “This experience has taught me one very important lesson: without congressional action or a strong judicial precedent, I would - strongly - recommend against anyone trusting their private data to a company with physical ties to the United States.”

Kumar on his blog described the closures at “Privacy Seppuku”, a form of Japanese ritual suicide aimed to preserve honour

“These are acts of ‘Privacy Seppuku’- honourably and publicly shutting down (“suicide”) rather than being forced to comply with laws and courts intent on violating people’s privacy,” he said.
http://www.zdnet.com/mega-to-fill-se...it-7000019232/





Crypto Experts Blast German E-Mail Providers’ “Secure Data Storage” Claim

GPG developer calls move a "great marketing stunt at exactly the right time."
Cyrus Farivar

In the wake of the shutdown of two secure e-mail providers in the United States, three major German e-mail providers have banded together to say that they’re stepping forward to fill the gap. There’s just one problem: the three companies only provide security for e-mail in transit (in the form of SMTP TLS) and not actual secure data storage.

GMX, T-Online (a division of Deutsche Telekom), and Web.de—which serve two-thirds of German e-mail users—announced on Friday that data would be stored in Germany and the intiative would “automatically encrypt data over all transmission paths and offer peace of mind that data are handled in compliance with German data privacy laws.” Starting immediately, users who use these e-mail services in-browser will have SMTP TLS enabled, and starting next year, these three e-mail providers will refuse to send all e-mails that do not have it enabled.

"Germans are deeply unsettled by the latest reports on the potential interception of communication data," said René Obermann, CEO of Deutsche Telekom, in a statement. "Our initiative is designed to counteract this concern and make e-mail communication throughout Germany more secure in general. Protection of the private sphere is a valuable commodity."

These companies have dubbed this effort “E-mail made in Germany,” and tout “secure data storage in Germany as a reputable location.” In practice, that appears (Google Translate) to simply mean that starting in 2014, these providers will “only transport SSL-encrypted e-mails to ensure that data traffic over all of their transmission paths is secure.”

Germany has notoriously strong data protection laws—likely the strongest in the world. But those laws do have law enforcement exceptions for security agencies, like the BND, Germany’s equivalent to the National Security Agency. The BND likely can easily access e-mails stored unencrypted on German servers with little legal or technical interference. Clearly, forcing users (particularly less tech-savvy ones) to use SMTP TLS provides a modicum of better protection for data in transit, but it's hardly anywhere close to improved security for stored data.

Law enforcement can still get stored e-mail

German tech media and the well-respected Chaos Computer Club have lambasted this approach, dismissing it as “pure marketing.”

“The basic problem with e-mail is that it’s a postcard readable by all—[this] changes nothing,” wrote Andre Meister on the noted Netzpolitik.org blog (German).

Lukas Pitschl of GPGTools told Ars this was merely a “marketing stunt,” which would “not add real value to the security of e-mail communication.”

“If you really want to protect your e-mails from prying eyes, use OpenPGP or S/MIME on your own desktop and don't let a third-party provider have your data,” he told Ars. “No one of the ‘E-Mail made in Germany’ initiative would say if they encrypt the data on their servers so they don't have access to it, which they probably don't and thus the government could force them to let them access it.”

The Chaos Computer Club practically laughed (Google Translate) at this new announcement:

“What competitors [have had] for years as standard—a forced encryption when accessing a personal e-mail account—is now sold promotionally as a new, effective technological advancement,” the group wrote. “The NSA scandal has shown that centralized services are to be regarded as not trustworthy when it comes to access by secret [agencies].”
http://arstechnica.com/business/2013...storage-claim/





Encryption Is Less Secure Than We Thought

For 65 years, most information-theoretic analyses of cryptographic systems have made a mathematical assumption that turns out to be wrong.
Larry Hardesty

Information theory — the discipline that gave us digital communication and data compression — also put cryptography on a secure mathematical foundation. Since 1948, when the paper that created information theory first appeared, most information-theoretic analyses of secure schemes have depended on a common assumption.

Unfortunately, as a group of researchers at MIT and the National University of Ireland (NUI) at Maynooth, demonstrated in a paper presented at the recent International Symposium on Information Theory (view PDF), that assumption is false. In a follow-up paper being presented this fall at the Asilomar Conference on Signals and Systems, the same team shows that, as a consequence, the wireless card readers used in many keyless-entry systems may not be as secure as previously thought.

In information theory, the concept of information is intimately entwined with that of entropy. Two digital files might contain the same amount of information, but if one is shorter, it has more entropy. If a compression algorithm — such as WinZip or gzip — worked perfectly, the compressed file would have the maximum possible entropy. That means that it would have the same number of 0s and 1s, and the way in which they were distributed would be totally unpredictable. In information-theoretic parlance, it would be perfectly uniform.

Traditionally, information-theoretic analyses of secure schemes have assumed that the source files are perfectly uniform. In practice, they rarely are, but they’re close enough that it appeared that the standard mathematical analyses still held.

“We thought we’d establish that the basic premise that everyone was using was fair and reasonable,” says Ken Duffy, one of the researchers at NUI. “And it turns out that it’s not.” On both papers, Duffy is joined by his student Mark Christiansen; Muriel Médard, a professor of electrical engineering at MIT; and her student Flávio du Pin Calmon.

The problem, Médard explains, is that information-theoretic analyses of secure systems have generally used the wrong notion of entropy. They relied on so-called Shannon entropy, named after the founder of information theory, Claude Shannon, who taught at MIT from 1956 to 1978.

Shannon entropy is based on the average probability that a given string of bits will occur in a particular type of digital file. In a general-purpose communications system, that’s the right type of entropy to use, because the characteristics of the data traffic will quickly converge to the statistical averages. Although Shannon’s seminal 1948 paper dealt with cryptography, it was primarily concerned with communication, and it used the same measure of entropy in both discussions.

But in cryptography, the real concern isn’t with the average case but with the worst case. A codebreaker needs only one reliable correlation between the encrypted and unencrypted versions of a file in order to begin to deduce further correlations. In the years since Shannon’s paper, information theorists have developed other notions of entropy, some of which give greater weight to improbable outcomes. Those, it turns out, offer a more accurate picture of the problem of codebreaking.

When Médard, Duffy and their students used these alternate measures of entropy, they found that slight deviations from perfect uniformity in source files, which seemed trivial in the light of Shannon entropy, suddenly loomed much larger. The upshot is that a computer turned loose to simply guess correlations between the encrypted and unencrypted versions of a file would make headway much faster than previously expected.

“It’s still exponentially hard, but it’s exponentially easier than we thought,” Duffy says. One implication is that an attacker who simply relied on the frequencies with which letters occur in English words could probably guess a user-selected password much more quickly than was previously thought. “Attackers often use graphics processors to distribute the problem,” Duffy says. “You’d be surprised at how quickly you can guess stuff.”

In their Asilomar paper, the researchers apply the same type of mathematical analysis in a slightly different way. They consider the case in which an attacker is, from a distance, able to make a “noisy” measurement of the password stored on a credit card with an embedded chip or a key card used in a keyless-entry system.

“Noise” is the engineer’s term for anything that degrades an electromagnetic signal — such as physical obstructions, out-of-phase reflections or other electromagnetic interference. Noise comes in lots of different varieties: The familiar white noise of sleep aids is one, but so is pink noise, black noise and more exotic-sounding types of noise, such as power-law noise or Poisson noise.

In this case, rather than prior knowledge about the statistical frequency of the symbols used in a password, the attacker has prior knowledge about the probable noise characteristics of the environment: Phase noise with one set of parameters is more probable than phase noise with another set of parameters, which in turn is more probable than Brownian noise, and so on. Armed with these statistics, an attacker could infer the password stored on the card much more rapidly than was previously thought.

“Some of the approximations that we’re used to making, they make perfect sense in the context of traditional communication,” says Matthieu Bloch, an assistant professor of electrical and computer engineering at the Georgia Institute of Technology. “You design your system in a framework, and then you test it. But for crypto, you’re actually trying to prove that it’s robust to things you cannot test. So you have to be sure that your assumptions make sense from the beginning. And I think that going back to the assumptions is something people don’t do often enough.”

Bloch doubts that the failure of the uniformity assumption means that cryptographic systems in wide use today are fundamentally insecure. “My guess is that it will show that some of them are slightly less secure than we had hoped, but usually in the process, we’ll also figure out a way of patching them,” he says. The MIT and NUI researchers’ work, he says, “is very constructive, because it’s essentially saying, ‘Hey, we have to be careful.’ But it also provides a methodology to go back and reanalyze all these things.”
http://web.mit.edu/newsoffice/2013/e...ught-0814.html





Thai Police Want to Mine Popular Japanese App for Chat Records
Lorenzo Franceschi-Bicchierai

Online surveillance isn't confined to the NSA. Governments around the world are trying to snoop on Internet communications.

In an attempt to monitor Thai citizens who use the mobile messaging app Line, the Royal Thai Police have asked the Japanese company that owns the app for access to chat records, according to media reports.

Pisit Paoin, the chief of the Technology Crime Suppression Division (TCSD), told the Associated Press that their goal is to monitor suspects of crimes such as arms trades, prostitution, drug deals and lèse-majesté (making statements against the Thai monarchy).

"We are monitoring only those who break the law. If you're using Line and social media to break the law, then you see us, the police," Paoin said.

Line, which bears resemblance to WhatsApp, is a popular Japanese messaging app that boasts 200 million users worldwide, 15 million of which reside in Thailand.

Line isn't the only service that Thai authorities are concerned about.

"I've noticed that more criminal offenses are being committed through social networking sites I've noticed that more criminal offenses are being committed through social networking sites such as Facebook, Twitter, WhatsApp and Line," Pisit told reporters on Tuesday, according to the Bangkok Post.

Pisit told the paper that a team of police officers travelled to Japan to meet with Line developers and collected information about suspected offenders. They also met with Line operator Naver in South Korea, where some of the app's servers are located. Pisit will personally travel to Japan on Aug. 16.

The details of the information the Thai police obtained from Line is unclear, as are their plans for future collaboration. Pisit said they will send requests for information to Line on a case-by-case basis.

"Since Line Corporation has not received any official request from the Thai police, we cannot provide any answers to the questions on this issue at this point," Hazuki Yamada, a Line spokesperson, wrote in an email to Mashable.

Line has not responded to further questions regarding whether they met with Thai authorities and whether the company maintains logs of conversations. According to Line's privacy policy, the company automatically stores a user’s IP address, browser type and browser language.

The Thai police, according to Pisit, use monitoring software that searches for keywords such as "coup," "monarchy," "lèse-majesté," "drugs," "counterfeit goods" and "prostitution."

"Facebook, and Pisit threatened to charge anyone who "likes" Facebook posts. He backpedaled on that threat, but still encouraged netizens not to spread false rumors through Facebook.

Line spokesperson Yamada released the following statement regarding Line's policy when dealing with law enforcement and government requests in Japan:

Line Corporation is sometimes requested to disclose the contents of talk from police for the purposes of criminal investigation. If there is a request, LINE Corporation provides the content of chatting log to the investigating authority, within the scope of the permission form which is issued by the court. We do not provide any features or systems that allows access to user information freely to government.

The Thai police's plan to monitor Line has worried local privacy and civil liberties advocates.

"This investigation method has a high risk of violating privacy because most chat conversations involve people sharing personal information," said Amara Pongsapich, chairwoman of the Office of the National Human Rights of Thailand. "It is similar to telephone tapping and if it has to be implemented, the inspection framework must be clear and people's rights must be taken into consideration."

Plus, it's not clear whether Thai police can even request information without a court order, according to Surangkana Wayuparb, the director of the government's Electronic Transaction Development Agency (ETDA).

"Under the Computer Related Crime Act, police need to get a court order before obtaining information on suspects from service providers," he said.
http://mashable.com/2013/08/13/thai-police-line-app/





City of London Halts Recycling Bins Tracking Phones of Passers-By
Zachary M. Seward

The City of London is halting a scheme that used recycling bins to track people as they walked by with their smartphones. The head of Renew London, which was behind the operation, wrote in an email, “I can confirm that we are not currently running any trials.”

Quartz was the first to report on the tracking technology, installed in a dozen bins around London’s Square Mile. That story sparked an outcry of privacy concerns, with many Londoners expressing surprise at being monitored. The bins recorded a unique identification number for any electronic device in the area with Wi-Fi enabled.

“We have already asked the firm concerned to stop this data collection immediately, and we have also taken the issue to the Information Commissioner’s Office,” the City of London said today in a statement. ”Irrespective of what’s technically possible, anything that happens like this on the streets needs to be done carefully, with the backing of an informed public.”

Renew CEO Kaveh Memari wrote an open letter that sought to downplay what the bins could detect. “I’m afraid that, in the interest of a good headline and story, there has been an emphasis on style over substance that makes our technology trial slightly more interesting than it is,” he wrote.

Renew installed 100 high-tech recycling bins in the city before the 2012 Olympics. The bins are said to be bomb-proof, and the City of London boasted that they came “at no cost to tax payer.” For Renew, the value was in the screens on the side of each bin, where the company sells advertising space. The bins can also connect to the internet, allowing them to display up-to-date information.

A few months ago, Renew added device-tracking “Orbs” to 12 of the bins and began marketing additional services to local retailers. It sought to sell data about people walking by the bins and allow brands to target advertisements at people the bins recognized. The “orbs” were developed by another London-based company, Presence Aware, which markets the technology as providing “a cookie for the real world.”

Here is the full text of Memari’s letter:

To whom it may concern,

Thank you for your comments and your reactions are entirely understandable. I’m afraid that in the interest of a good headline and story there has been an emphasis on style over substance that makes our technology trial slightly more interesting than it is.

During our current trials, a limited number of pods have been testing and collecting annonymised and aggregated MAC addresses from the street and sending one report every three minutes concerning total footfall data from the sites. A lot of what has been extrapolated is capabilities that could be developed and none of which are workable right now. For now, we continue to count devices and are able to distinguish uniques versus repeats. It is very much like a website, you can tell how many hits you have had and how many repeat visitors, but we cannot tell who, or anything personal about any of the visitors on the website. So we cannot tell, for example, whether we have seen devices or not as we do not gather any personal details.

Future developments will however not just depend on technology, but also, most importantly, on people being comfortable with interactive technology – much as has happened over the course of the weekend on the internet. This has always and continues to be our key concern. For now, simply think of Phase I testing as a glorified counter on the street. At this stage, we are only running a pilot with extremely limited, encrypted, anonymous/aggregated data. Come the time we discuss creating the future levels of protection, we can move to an improved service where we can bring better content to people. In doing so, we may find that the law has not yet fully developed and it is our firm intention to discuss any such progressions publicly first and especially collaborate with privacy groups such as EFF to make sure we lead the charge on this as we are with the implementation of the technology. In the meantime, we appreciate your attention to this element of our company.

If this is an area that interests you, I am happy to keep you up to date with the latest as we develop and certainly welcome your thoughts and feedback.

Sincerely,
Kaveh Memari
CEO of Renew


http://qz.com/114174/city-of-london-...of-passers-by/





Wireless Devices Go Battery-Free With New Communication Technique
Michelle Ma

We might be one step closer to an Internet-of-things reality.

University of Washington engineers have created a new wireless communication system that allows devices to interact with each other without relying on batteries or wires for power.

Using ambient backscatter, these devices can interact with users and communicate with each other without using batteries. They exchange information by reflecting or absorbing pre-existing radio signals.

The new communication technique, which the researchers call “ambient backscatter,” takes advantage of the TV and cellular transmissions that already surround us around the clock. Two devices communicate with each other by reflecting the existing signals to exchange information. The researchers built small, battery-free devices with antennas that can detect, harness and reflect a TV signal, which then is picked up by other similar devices.

The technology could enable a network of devices and sensors to communicate with no power source or human attention needed.

“We can repurpose wireless signals that are already around us into both a source of power and a communication medium,” said lead researcher Shyam Gollakota, a UW assistant professor of computer science and engineering. “It’s hopefully going to have applications in a number of areas including wearable computing, smart homes and self-sustaining sensor networks.”

The researchers published their results at the Association for Computing Machinery’s Special Interest Group on Data Communication 2013 conference in Hong Kong, which began Aug. 13. They have received the conference’s best-paper award for their research.

“Our devices form a network out of thin air,” said co-author Joshua Smith, a UW associate professor of computer science and engineering and of electrical engineering. “You can reflect these signals slightly to create a Morse code of communication between battery-free devices.”

Everyday objects could be enabled with battery-free tags to communicate with each other. A couch could use ambient backscatter to let the user know where his keys were left.

Smart sensors could be built and placed permanently inside nearly any structure, then set to communicate with each other. For example, sensors placed in a bridge could monitor the health of the concrete and steel, then send an alert if one of the sensors picks up a hairline crack. The technology can also be used for communication – text messages and emails, for example – in wearable devices, without requiring battery consumption.

The researchers tested the ambient backscatter technique with credit card-sized prototype devices placed within several feet of each other. For each device the researchers built antennas into ordinary circuit boards that flash an LED light when receiving a communication signal from another device.

Groups of the devices were tested in a variety of settings in the Seattle area, including inside an apartment building, on a street corner and on the top level of a parking garage. These locations ranged from less than half a mile away from a TV tower to about 6.5 miles away.

Researchers demonstrate how one payment card can transfer funds to another card by leveraging the existing wireless signals around them. Ambient RF signals are both the power source and the communication medium.

They found that the devices were able to communicate with each other, even the ones farthest from a TV tower. The receiving devices picked up a signal from their transmitting counterparts at a rate of 1 kilobit per second when up to 2.5 feet apart outdoors and 1.5 feet apart indoors. This is enough to send information such as a sensor reading, text messages and contact information.

It’s also feasible to build this technology into devices that do rely on batteries, such as smartphones. It could be configured so that when the battery dies, the phone could still send text messages by leveraging power from an ambient TV signal.

The applications are endless, the researchers say, and they plan to continue advancing the capacity and range of the ambient backscatter communication network.

The other researchers involved are David Wetherall, a UW professor of computer science and engineering, Vincent Liu, a doctoral student in computer science and engineering, and Aaron Parks and Vamsi Talla, both doctoral students in electrical engineering.
The research was funded by the University of Washington through a Google Faculty Research Award and by the National Science Foundation’s Research Center for Sensorimotor Neural Engineering at the UW.
http://www.washington.edu/news/2013/...ion-technique/





Next Up: The Jamming Wars

Our public spaces are bristling with surveillance gear, but Washington can't seem to get around to updating its privacy laws. What's next? Look for citizens to take matters into their own hands.
Paul F Roberts

Our public spaces are bristling with surveillance gear, but Washington can't seem to get around to updating its privacy laws. What's next? Look for citizens to take matters into their own hands.

Given the rapid pace of technological change, we don't know exactly what the future holds for us. But one thing is certain: personal privacy is going to turn from a "right" to a "fight" in the next decade, as individuals take up arms against government and private sector snooping on their personal lives.

Scanning the headlines even today tells you as much. Forget about the NSA's wide ranging PRISM surveillance program, which vacuums up cell phone metadata in the name of stopping terrorist attacks- that program has attracted plenty of scrutiny. What about quieter but equally invasive technologies? There's ShotSpotter, a system of distributed acoustic sensors from the California based firm SST that is being used to pinpoint the location of gunfire in cities like Boston.

Or how about London's new wi-fi enabled trashcans from Renew Technologies? As the web site ArsTechnica reported, they use embedded technology (dubbed "ORB," interestingly enough) to capture the machine (MAC) address of wi-fi enabled smartphones as pedestrians walk by. The trash cans passively monitor and capture the "footfall" of their owners, telling advertisers who use it about the "entry (and) exit points, dwell times, places of work, places of interest, and affinity to other devices" of pedestrians in public. Without drastic changes to the law to protect individuals from this kind of snooping (well intentioned or not), privacy is on course to be the next, major civil rights battleground, as individuals (at least in countries that extend civil rights to their citizens) look for ways to staunch or at least limit the kinds of tracking that is done of them – either by "opting out" of activities that carry the cost of surveillance or other intrusions, or by taking up (digital) arms against the snoopers.

This isn't a hypothetical. Just this week, a local CBS affiliate in New York reported that a New Jersey man was tracked down by federal agents after a portable GPS jamming device he purchased to prevent his employer from tracking his movements interfered with a GPS based guidance system that was being tested at Newark Liberty Airport. The engineer, Gary Bojczak, admitted to buying and installing a portable GPS jammer to prevent his boss from tracking his movements in the company vehicle. Bojczak isn't alone. GPS jammers have become commonplace among truckers and other car-bound employees, and with motorists looking to beat GPS-enabled tolls on roadways. The devices are so common – and troublesome – that police have adopted tools that can spot cars equipped with GPS jamming gear.

And, in the wake of revelations about the PRISM program, consumers have been flocking to solutions that promise protection for everything from cell phone conversations to email. The operator of the secure, private email service Lavabit - NSA leaker Edward Snowden's choice of email provider - said that he was ceasing operation after the government issued a subpoena for information on his users. Speaking with me earlier this week, Mike Janke of the firm SilentCircle said that his firm has seen its secure voice, texting and video services grow by 400% in the last two months, as worried consumers and companies look for ways to protect their online communications.

Elsewhere, a popular thread on the news aggregation site Slashdot.org this week asked for recommendations for "non-us based email providers."

"As the scope of its various data gathering programs comes to light, it is apparent to me that the only way to avoid being watched is to use servers based in countries which are unlikely to respond to US requests for information," the author wrote.

The more technically adept are also fighting back. At the recent DEFCON hacking conference, researchers unveiled CreepyDOL, a citizen-powered mass surveillance network that used cheap, off the shelf sensors to create a mesh surveillance network on the cheap – spying on the spies, as it were. Absent the protection of the law, citizens should be expected to do what they do elsewhere: take matters into their own hands: latching onto tools and technology to give them the privacy that they aren't afforded by the legal system.

Alas, there is also concern that the easy appeal of technology "fixes" for ubiquitous surveillance may be misleading. Writing in Wired, Jathan Sadowski warns that the tendency for individuals to focus on securing their own data and communications and using technology to do may be misleading.

"The problem is that focusing on one or both of these approaches distracts from the much-needed political reform and societal pushback necessary to dig up a surveillance state at its root," Sadowski wrote.
http://www.itworld.com/security/3690...t-jamming-wars





Webcam Spying Goes Mainstream as Miss Teen USA Describes Hack

"The light didn't even go on, so I had no idea."
Nate Anderson

Webcam hacking has officially gone mainstream with yesterday's revelation that the new Miss Teen USA, Cassidy Wolf, was the victim of a "sextortion" plot in which someone slipped Remote Administration Tool (RAT) software onto her computer and used it to snap (apparently nude) pictures of Wolf in her room. "I wasn’t aware that somebody was watching me (on my webcam)," she told The Today Show. "The light (on the camera) didn’t even go on, so I had no idea."

Wolf said that the hacker tried to extort her, threatening to release the pictures publicly if she didn't follow his demands. The FBI has admitted that it is investigating the case and eventually said that has identified a suspect.

The story itself isn't remarkable—indeed, earlier this year I documented an entire community of RAT users who gather to share tips and pictures of the "slaves" whose machines they have infected—but these kinds of sextortion plots have to date been covered largely in the tech press and in local papers. (Though GQ ran a fine story on sextortionist Luis Mijangos in early 2012 that's well worth a read). Wolf has now taken the story onto the morning TV talk shows, and her interviewers appear to be amazed that such hacks are even possible.

In doing interviews this week for my new book, The Internet Police, many of the questions have focused on sextortion and the use of RAT software. These hacks are such a profound privacy violation—accessing webcams, microphones, and stored files provides the attacker with almost unfettered access to one's private life, thoughts, documents, even conversations—that they routinely generate amazement in interlocutors. As one TV host put it after hearing Wolf's story this week, "Just—wow, that is creepy... Can you believe that?" Or, as a Jezebel writer put it today, "webcam hacking—WHICH I CANNOT BELIEVE IS A REAL THING OH MY GOD."

Wolf is even making sextortion and webcam hacking one of the centerpieces of her educational efforts as Miss Teen USA—certainly a first, and a good lesson for other teens to hear. RAT software has grown so powerful and so easy to use that it's use has been surging; I heard this week by e-mail from someone who doesn't know how to remove an ex-boyfriend's RAT from her machine. Even national governments use such tools these days, since laptops now provide bugging capabilities almost unimaginable a generation ago.

So good for Wolf, who has refused to be silenced by her extortionist and who is taking on the topics of digital privacy and security, which are increasingly crucial to teens. Hopefully computer security improves over the next few years to the point where Wolf can remove the sticker she currently keeps over her laptop's webcam—but if it doesn't, at least more teens will be aware of just how dangerous a laptop can be.
http://arstechnica.com/tech-policy/2...escribes-hack/





Washington Post Hacked, Syrian Electronic Army Claims Responsibility
Lee Ferran

The Washington Post announced today it briefly fell victim to a cyber attack that suddenly forced some of its readers to the website of the Syrian Electronic Army, a pro-Assad hacker collective.

The announcement came in an Editor’s Note titled “Technical Difficulties” posted on the historic newspaper’s website. “The Post is working to resolve the issue,” the paper said. Later, the paper printed an update that said the attack was successful for about half an hour but the issue has been resolved.

A Twitter account allegedly belonging to the SEA claimed responsibility for the attack on the Washington Post as well as attacks on the websites for CNN and TIME. Those websites appeared to be functioning normally as of this report.

The SEA Twitter account claimed it was able to hit all three websites at once by attacking Outbrain, a content recommendation service that The Washington Post described as a “business partner”. Outbrian acknowledged the attack on its own Twitter feed and announced it has suspended its recommendation service.

In recent months the SEA has publicly taken credit for a series of high-profile cyber assaults including taking over the Twitter feeds of prominent organizations like The Associated Press, Reuters, The New York Post and the satirical news site The Onion.

According to published interviews with a self-proclaimed member of the group, the loose organization of college-aged hackers formed in 2011 as the country descended into civil war.

Though industry analysts have suggested the group is linked to the embattled Syrian government, the member claims they are not connected and receive no funding from the government. He said the hackers came together freely to combat what they saw as “the fabrication of facts” in Western media.

“We want to [show] the world the truth about what is happening in Syria,” the member told The Daily Beast Wednesday. “There is no revolution in Syria, but terrorist groups killing people [and] accusing the Syrian Arab Army.”

The attack on the Washington Post followed a brief period Wednesday when The New York Times website went down due to what the Times said on Twitter were “technical difficulties.” In a blog post published late Wednesday, the Times said the outage was not caused by a cyber attack, but was a failure “during regular maintenance.”
http://abcnews.go.com/blogs/headline...esponsibility/





Seeing Threats, Feds Target Instructors of Polygraph-Beating Methods
Marisa Taylor and Cleve R. Wootson Jr.

Federal agents have launched a criminal investigation of instructors who claim they can teach job applicants how to pass lie detector tests as part of the Obama administration’s unprecedented crackdown on security violators and leakers.

The criminal inquiry, which hasn’t been acknowledged publicly, is aimed at discouraging criminals and spies from infiltrating the U.S. government by using the polygraph-beating techniques, which are said to include controlled breathing, muscle tensing, tongue biting and mental arithmetic.

So far, authorities have targeted at least two instructors, one of whom has pleaded guilty to federal charges, several people familiar with the investigation told McClatchy. Investigators confiscated business records from the two men, which included the names of as many as 5,000 people who’d sought polygraph-beating advice. U.S. agencies have determined that at least 20 of them applied for government and federal contracting jobs, and at least half of that group was hired, including by the National Security Agency.

By attempting to prosecute the instructors, federal officials are adopting a controversial legal stance that sharing such information should be treated as a crime and isn’t protected under the First Amendment in some circumstances.

“Nothing like this has been done before,” John Schwartz, a U.S. Customs and Border Protection official, said of the legal approach in a June speech to a professional polygraphers’ conference in Charlotte, N.C., that a McClatchy reporter attended. “Most certainly our nation’s security will be enhanced.”

“There are a lot of bad people out there. . . . This will help us remove some of those pests from society,” he added.

The undercover stings are being cited as the latest examples of the Obama administration’s emphasis on rooting out “insider threats,” a catchall phrase meant to describe employees who might become spies, leak to the news media, commit crimes or become corrupted in some way.

The federal government previously treated such instructors only as nuisances, partly because the polygraph-beating techniques are unproven. Instructors have openly advertised and discussed their techniques online, in books and on national television. As many as 30 people or businesses across the country claim in Web advertisements that they can teach someone how to beat a polygraph test, according to U.S. government estimates.

In the last year, authorities have launched stings targeting Doug Williams, a former Oklahoma City police polygrapher, and Chad Dixon, an Indiana man who’s said to have been inspired by Williams’ book on the techniques, people who are familiar with the investigation told McClatchy. Dixon has pleaded guilty to federal charges of obstructing an agency proceeding and wire fraud. Prosecutors have indicated that they plan to ask a federal judge to sentence Dixon to two years in prison. Williams declined to comment other than to say he’s done nothing wrong.

While legal experts agree that authorities could pursue the prosecution, some accused the government of overreaching in the name of national security.

The federal government polygraphs about 70,000 people a year for security clearances and jobs, but most courts won’t allow polygraph results to be submitted as evidence, citing the machines’ unreliability. Scientists question whether polygraphers can identify liars by interpreting measurements of blood pressure, sweat activity and respiration. Researchers say the polygraph-beating techniques can’t be detected with certainty, either.

Citing the scientific skepticism, one attorney compared the prosecution of polygraph instructors to indicting someone for practicing voodoo.

“If someone stabs a voodoo doll in the heart with a pin and the victim they intended to kill drops dead of a heart attack, are they guilty of murder?” asked Gene Iredale, a California attorney who often represents federal defendants. “What if the person who dropped dead believed in voodoo?

“These are the types of questions that are generally debated in law school, not inside a courtroom. The real question should be: Does the federal government want to use its resources to pursue this kind of case? I would argue it does not.”

In his speech in June, Customs official Schwartz acknowledged that teaching the techniques _ known in polygraph circles as “countermeasures” _ isn’t always illegal and might be protected under the First Amendment in some situations.

“I’m teaching about countermeasures right now. The polygraph schools are supposed to be teaching about countermeasures,” he said. “So teaching about countermeasures in and of itself certainly is not only not illegal, it’s protected. You have a right to free speech in this country.”

But instructors may be prosecuted if they know that the people they’re teaching plan to lie about crimes during federal polygraphs, he said.

In that scenario, prosecutors may pursue charges of false statements, wire fraud, obstructing an agency proceeding and “misprision of felony,” which is defined as having knowledge of serious criminal conduct and attempting to conceal it.

“When that conspiracy occurs, both parties are guilty,” said Schwartz, a veteran federal polygrapher who heads Customs’ polygraph program. “And it makes more sense to me to try to investigate the party that’s doing the training because when you do that, you eliminate dozens or hundreds or thousands of people . . . from getting that training.”

Schwartz, who was involved in the federal investigation, cited the risk of drug traffickers infiltrating his agency as justification for prosecutors going after instructors. However, he told the crowd of law enforcement officials from across the country that he wasn’t discussing a specific case but a “blueprint” of how state and local officials might pursue a prosecution.

Urging them to join forces with his agency, he declared in a more than two-hour speech that “evil will always seek ways to hide the truth.”

“When you identify insider threats and you eliminate insider threats, then that agency is more efficient and more effective,” Schwartz said.

The Obama administration’s Insider Threat Program is intended to deter what the government condemns as betrayals by “trusted insiders” such as Edward Snowden, the former National Security Agency contractor who revealed the agency’s secret communications data-collection programs. The administration launched the Insider Threat Program in 2011 after Army Pfc. Bradley Manning downloaded hundreds of thousands of documents from a classified computer network and sent them to WikiLeaks, the anti-government secrecy group.

As part of the program, employees are being urged to report their co-workers for a wide range of “risky” behaviors, personality traits and attitudes, McClatchy reported in June. Broad definitions of insider threats also give agencies latitude to pursue and penalize a range of conduct other than leaking classified information, McClatchy found.

Customs, which polygraphs about 10,000 applicants a year, has documented more than 200 polygraph confessions of wrongdoing since Congress mandated that the agency’s applicants undergo testing more than two years ago. Many of the applicants who confessed said they either were directly involved in drug or immigrant smuggling or were closely associated with traffickers.

Ten Customs applicants were accused of trying to use countermeasures to pass their polygraphs. All were denied jobs as part of Customs’ crackdown on the methods, dubbed “Operation Lie Busters.”

“Others involved in the conspiracy were successful infiltrators in other agencies,” Customs said in a memo about the investigation.

Documents in Dixon’s case are filed under seal in federal court, and prosecutors didn’t return calls seeking comment.

Several people familiar with the investigation said Dixon and Williams had agreed to meet with undercover agents and teach them how to pass polygraph tests for a fee. The agents then posed as people connected to a drug trafficker and as a correctional officer who’d smuggled drugs into a jail and had received a sexual favor from an underage girl.

Dixon wouldn’t say how much he was paid, but people familiar with countermeasures training said others generally charged $1,000 for a one-on-one session.

Dixon, 34, also declined to provide specifics on his guilty plea but he said he’d become an instructor because he couldn’t find work as an electrical contractor. During the investigation, his house went into foreclosure.

“My wife and I are terrified,” he said. “I stumbled into this. I’m a Little League coach in Indiana. I don’t have any law enforcement background.”

Prosecutors plan to ask for prison time even though Dixon has agreed to cooperate, has no criminal record and has four young children. The maximum sentence for the two charges is 25 years in prison.

“The emotional and financial burden has been staggering,” Dixon said. “Never in my wildest dreams did I somehow imagine I was committing a crime.”

Williams, 67, has openly advertised his teachings for three decades, even discussing them in detail on “60 Minutes” and other national news programs. A self-professed “crusader” who’s railed against the use of polygraph testing, he testified in congressional hearings that led to the 1988 banning of polygraph testing by most private employers.

Some opponents of polygraph testing, including a Wisconsin police chief, said they were concerned that the federal government also might be secretly investigating them, not for helping criminals to lie but for being critical of the government’s polygraph programs. In his speech to the American Association of Police Polygraphists, Schwartz said he thought that those who “protest the loudest and the longest” against polygraph testing “are the ones that I believe we need to focus our attention on.”

McClatchy contacted Schwartz about his speech, but he refused to comment.

Some federal officials questioned whether people who taught countermeasures should be prosecuted.

Although polygraphers, who are known as examiners, are trained to identify people who are using the techniques with special equipment, “there’s absolutely nothing that’s codified about countermeasures,” said one federal security official with polygraph expertise, who asked not to be named for fear of being retaliated against. “It’s the most ambiguous thing that people can debate. If you have a guy who’s nervous about his test, the easiest way out of it for the examiner is to say it’s countermeasures, when it’s not.”

The security official described Williams as a “gadfly” who’s known for teaching ineffective methods. Polygraphers assert that one of Williams’ signature techniques produces erratic respiration patterns on a polygraph test. Demonstrating their disdain for his methods, many polygraphers call the pattern the “Bart Simpson.”

“Prosecutors are trying to make an example of him,” the official said. “It serves to elevate polygraph to something it hasn’t been before, that teaching countermeasures is akin to teaching bomb making, and that there’s something inherently disloyal about disseminating this type of information.”

Federal authorities, meanwhile, have concluded that some of the applicants who sought advice on countermeasures and were hired didn’t use the training after all. The list of people who sought out Dixon and Williams mostly comprises people who bought books or videos but didn’t hire the men for one-on-one training.

Charles Honts, a psychology professor at Boise State University, said laboratory studies he’d conducted showed that countermeasures could be taught in one-on-one sessions to about 25 percent of the people who were tested. Polygraphers have no reliable way to detect someone who’s using the techniques, he said. In fact, he concluded that a significant number of people are wrongfully accused.

Honts, a former government polygraph researcher, attributed the criminal investigation to “a growing institutional paranoia in the federal government because they can’t control all their secrets.”

Russell Ehlers, a police chief in Wisconsin, said he wouldn’t be surprised if federal authorities had scrutinized him. Schwartz cited an unnamed police chief in the Midwest who was “advertising on the Internet that he would like to teach people to pass the polygraph” as an example of someone who should be investigated. In the last several months, Ehlers said, he’s noticed what appears to be Internet visitors from the Justice Department checking out his website that advises applicants on how to get a job at a police department.

In his off-duty hours, Ehlers sold a video that discussed countermeasures, but he said he’d recently stopped selling it as a precaution after hearing about the criminal investigation. He said he’d intended it to help “good” police officer candidates pass the test because he thought that innocent people were routinely accused of lying during polygraph tests.

“Imagine you’re a 25-year-old who has dreamed of serving in the field of law enforcement,” he said. “You finally make it, only to find yourself booted out of the hiring process, the result of a false-positive exam result. In my opinion, that’s a real problem, not the sharing of information on countermeasures.”

George Maschke, a former Army Reserve intelligence officer who’s a translator and runs a website that’s critical of polygraph testing, said he also suspected he’d been targeted although he’d done nothing illegal.

In May, the translator received an unsolicited email in Persian from someone purporting to be “a member of an Islamic group that seeks to restore freedom to Iraq.”

“Because the federal police are suspicious of me, they want to do a lie detector test on me,” the email read.

The emailer asked for a copy of Maschke’s book, which describes countermeasures, and for Maschke to help “in any other way.”

Maschke said he suspected the email was a ruse by federal agents. He advised the person “to comply with applicable laws,” according to an email he showed McClatchy.

Although federal authorities haven’t contacted him, Maschke said he worried that visitors to his site, AntiPolygraph.org, would be targeted simply for looking for information about polygraph testing.

"The criminalization of the imparting of information sets a pernicious precedent,” he said. “It is fundamentally wrong, and bad public policy, for the government to resort to entrapment to silence speech that it does not approve of."
http://www.mcclatchydc.com/2013/08/1...l#.Ug-t3eValIE





NSA Broke Privacy Rules Thousands of Times Per Year, Audit Finds
Barton Gellman

The National Security Agency has broken privacy rules or overstepped its legal authority thousands of times each year since Congress granted the agency broad new powers in 2008, according to an internal audit and other top-secret documents.

Most of the infractions involve unauthorized surveillance of Americans or foreign intelligence targets in the United States, both of which are restricted by statute and executive order. They range from significant violations of law to typographical errors that resulted in unintended interception of U.S. e-mails and telephone calls.

The documents, provided earlier this summer to The Washington Post by former NSA contractor Edward Snowden, include a level of detail and analysis that is not routinely shared with Congress or the special court that oversees surveillance. In one of the documents, agency personnel are instructed to remove details and substitute more generic language in reports to the Justice Department and the Office of the Director of National Intelligence.

In one instance, the NSA decided that it need not report the unintended surveillance of Americans. A notable example in 2008 was the interception of a “large number” of calls placed from Washington when a programming error confused the U.S. area code 202 for 20, the international dialing code for Egypt, according to a “quality assurance” review that was not distributed to the NSA’s oversight staff.

In another case, the Foreign Intelligence Surveillance Court, which has authority over some NSA operations, did not learn about a new collection method until it had been in operation for many months. The court ruled it unconstitutional.

The Obama administration has provided almost no public information about the NSA’s compliance record. In June, after promising to explain the NSA’s record in “as transparent a way as we possibly can,” Deputy Attorney General James Cole described extensive safeguards and oversight that keep the agency in check. “Every now and then, there may be a mistake,” Cole said in congressional testimony.

The NSA audit obtained by The Post, dated May 2012, counted 2,776 incidents in the preceding 12 months of unauthorized collection, storage, access to or distribution of legally protected communications. Most were unintended. Many involved failures of due diligence or violations of standard operating procedure. The most serious incidents included a violation of a court order and unauthorized use of data about more than 3,000 Americans and green-card holders.

In a statement in response to questions for this article, the NSA said it attempts to identify problems “at the earliest possible moment, implement mitigation measures wherever possible, and drive the numbers down.” The government was made aware of The Post’s intention to publish the documents that accompany this article online.

“We’re a human-run agency operating in a complex environment with a number of different regulatory regimes, so at times we find ourselves on the wrong side of the line,” a senior NSA official said in an interview, speaking with White House permission on the condition of anonymity.

“You can look at it as a percentage of our total activity that occurs each day,” he said. “You look at a number in absolute terms that looks big, and when you look at it in relative terms, it looks a little different.”

There is no reliable way to calculate from the number of recorded compliance issues how many Americans have had their communications improperly collected, stored or distributed by the NSA.

The causes and severity of NSA infractions vary widely. One in 10 incidents is attributed to a typographical error in which an analyst enters an incorrect query and retrieves data about U.S phone calls or e-mails.

But the more serious lapses include unauthorized access to intercepted communications, the distribution of protected content and the use of automated systems without built-in safeguards to prevent unlawful surveillance.

The May 2012 audit, intended for the agency’s top leaders, counts only incidents at the NSA’s Fort Meade headquarters and other facilities in the Washington area. Three government officials, speaking on the condition of anonymity to discuss classified matters, said the number would be substantially higher if it included other NSA operating units and regional collection centers.

Senate Intelligence Committee Chairman Dianne Feinstein (D-Calif.), who did not receive a copy of the 2012 audit until The Post asked her staff about it, said in a statement late Thursday that the committee “can and should do more to independently verify that NSA’s operations are appropriate, and its reports of compliance incidents are accurate.”

Despite the quadrupling of the NSA’s oversight staff after a series of significant violations in 2009, the rate of infractions increased throughout 2011 and early 2012. An NSA spokesman declined to disclose whether the trend has continued since last year.

One major problem is largely unpreventable, the audit says, because current operations rely on technology that cannot quickly determine whether a foreign mobile phone has entered the United States.

In what appears to be one of the most serious violations, the NSA diverted large volumes of international data passing through fiber-optic cables in the United States into a repository where the material could be stored temporarily for processing and selection.

The operation to obtain what the agency called “multiple communications transactions” collected and commingled U.S. and foreign e-mails, according to an article in SSO News, a top-secret internal newsletter of the NSA’s Special Source Operations unit. NSA lawyers told the court that the agency could not practicably filter out the communications of Americans.

In October 2011, months after the program got underway, the Foreign Intelligence Surveillance Court ruled that the collection effort was unconstitutional. The court said that the methods used were “deficient on statutory and constitutional grounds,” according to a top-secret summary of the opinion, and it ordered the NSA to comply with standard privacy protections or stop the program.

James R. Clapper Jr., the director of national intelligence, has acknowledged that the court found the NSA in breach of the Fourth Amendment, which prohibits unreasonable searches and seizures, but the Obama administration has fought a Freedom of Information lawsuit that seeks the opinion.

Generally, the NSA reveals nothing in public about its errors and infractions. The unclassified versions of the administration’s semiannual reports to Congress feature blacked-out pages under the headline “Statistical Data Relating to Compliance Incidents.”

Members of Congress may read the unredacted documents, but only in a special secure room, and they are not allowed to take notes. Fewer than 10 percent of lawmakers employ a staff member who has the security clearance to read the reports and provide advice about their meaning and significance.

The limited portions of the reports that can be read by the public acknowledge “a small number of compliance incidents.”

Under NSA auditing guidelines, the incident count does not usually disclose the number of Americans affected.

“What you really want to know, I would think, is how many innocent U.S. person communications are, one, collected at all, and two, subject to scrutiny,” said Julian Sanchez, a research scholar and close student of the NSA at the Cato Institute.

The documents provided by Snowden offer only glimpses of those questions. Some reports make clear that an unauthorized search produced no records. But a single “incident” in February 2012 involved the unlawful retention of 3,032 files that the surveillance court had ordered the NSA to destroy, according to the May 2012 audit. Each file contained an undisclosed number of telephone call records.

One of the documents sheds new light on a statement by NSA Director Keith B. Alexander last year that “we don’t hold data on U.S. citizens.”

Some Obama administration officials, speaking on the condition of anonymity, have defended Alexander with assertions that the agency’s internal definition of “data” does not cover “metadata” such as the trillions of American call records that the NSA is now known to have collected and stored since 2006. Those records include the telephone numbers of the parties and the times and durations of conversations, among other details, but not their content or the names of callers.

The NSA’s authoritative definition of data includes those call records. “Signals Intelligence Management Directive 421,” which is quoted in secret oversight and auditing guidelines, states that “raw SIGINT data . . . includes, but is not limited to, unevaluated and/or unminimized transcripts, gists, facsimiles, telex, voice, and some forms of computer-generated data, such as call event records and other Digital Network Intelligence (DNI) metadata as well as DNI message text.”

In the case of the collection effort that confused calls placed from Washington with those placed from Egypt, it is unclear what the NSA meant by a “large number” of intercepted calls. A spokesman declined to discuss the matter.

The NSA has different reporting requirements for each branch of government and each of its legal authorities. The “202” collection was deemed irrelevant to any of them. “The issue pertained to Metadata ONLY so there were no defects to report,” according to the author of the secret memo from March 2013.

The large number of database query incidents, which involve previously collected communications, confirms long-standing suspicions that the NSA’s vast data banks — with code names such as MARINA, PINWALE and XKEYSCORE — house a considerable volume of information about Americans. Ordinarily the identities of people in the United States are masked, but intelligence “customers” may request unmasking, either one case at a time or in standing orders.

In dozens of cases, NSA personnel made careless use of the agency’s extraordinary powers, according to individual auditing reports. One team of analysts in Hawaii, for example, asked a system called DISHFIRE to find any communications that mentioned both the Swedish manufacturer Ericsson and “radio” or “radar” — a query that could just as easily have collected on people in the United States as on their Pakistani military target.

The NSA uses the term “incidental” when it sweeps up the records of an American while targeting a foreigner or a U.S. person who is believed to be involved in terrorism. Official guidelines for NSA personnel say that kind of incident, pervasive under current practices, “does not constitute a . . . violation” and “does not have to be reported” to the NSA inspector general for inclusion in quarterly reports to Congress. Once added to its databases, absent other restrictions, the communications of Americans may be searched freely.

In one required tutorial, NSA collectors and analysts are taught to fill out oversight forms without giving “extraneous information” to “our FAA overseers.” FAA is a reference to the FISA Amendments Act of 2008, which granted broad new authorities to the NSA in exchange for regular audits from the Justice Department and the Office of the Director of National Intelligence and periodic reports to Congress and the surveillance court.

Using real-world examples, the “Target Analyst Rationale Instructions” explain how NSA employees should strip out details and substitute generic descriptions of the evidence and analysis behind their targeting choices.

“I realize you can read those words a certain way,” said the high-ranking NSA official who spoke with White House authority, but the instructions were not intended to withhold information from auditors. “Think of a book of individual recipes,” he said. Each target “has a short, concise description,” but that is “not a substitute for the full recipe that follows, which our overseers also have access to.”

Julie Tate and Carol D. Leonnig contributed to this report.
http://www.washingtonpost.com/world/...125_story.html





The NSA Is Commandeering the Internet

Technology companies have to fight for their users, or they'll eventually lose them.
Bruce Schneier

It turns out that the NSA's domestic and world-wide surveillance apparatus is even more extensive than we thought. Bluntly: The government has commandeered the Internet. Most of the largest Internet companies provide information to the NSA, betraying their users. Some, as we've learned, fight and lose. Others cooperate, either out of patriotism or because they believe it's easier that way.

I have one message to the executives of those companies: fight.

Do you remember those old spy movies, when the higher ups in government decide that the mission is more important than the spy's life? It's going to be the same way with you. You might think that your friendly relationship with the government means that they're going to protect you, but they won't. The NSA doesn't care about you or your customers, and will burn you the moment it's convenient to do so.

We're already starting to see that. Google, Yahoo, Microsoft and others are pleading with the government to allow them to explain details of what information they provided in response to National Security Letters and other government demands. They've lost the trust of their customers, and explaining what they do -- and don't do -- is how to get it back. The government has refused; they don't care.

It will be the same with you. There are lots more high-tech companies who have cooperated with the government. Most of those company names are somewhere in the thousands of documents that Edward Snowden took with him, and sooner or later they'll be released to the public. The NSA probably told you that your cooperation would forever remain secret, but they're sloppy. They'll put your company name on presentations delivered to thousands of people: government employees, contractors, probably even foreign nationals. If Snowden doesn't have a copy, the next whistleblower will.

This is why you have to fight. When it becomes public that the NSA has been hoovering up all of your users' communications and personal files, what's going to save you in the eyes of those users is whether or not you fought. Fighting will cost you money in the short term, but capitulating will cost you more in the long term.

Already companies are taking their data and communications out of the US.

The extreme case of fighting is shutting down entirely. The secure e-mail service Lavabit did that last week, abruptly. Ladar Levison, that site's owner, wrote on his homepage: "I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit. After significant soul searching, I have decided to suspend operations. I wish that I could legally share with you the events that led to my decision."

The same day, Silent Circle followed suit, shutting down their email service in advance of any government strong-arm tactics: "We see the writing the wall, and we have decided that it is best for us to shut down Silent Mail now. We have not received subpoenas, warrants, security letters, or anything else by any government, and this is why we are acting now." I realize that this is extreme. Both of those companies can do it because they're small. Google or Facebook couldn't possibly shut themselves off rather than cooperate with the government. They're too large; they're public. They have to do what's economically rational, not what's moral.

But they can fight. You, an executive in one of those companies, can fight. You'll probably lose, but you need to take the stand. And you might win. It's time we called the government's actions what it really is: commandeering. Commandeering is a practice we're used to in wartime, where commercial ships are taken for military use, or production lines are converted to military production. But now it's happening in peacetime. Vast swaths of the Internet are being commandeered to support this surveillance state.

If this is happening to your company, do what you can to isolate the actions. Do you have employees with security clearances who can't tell you what they're doing? Cut off all automatic lines of communication with them, and make sure that only specific, required, authorized acts are being taken on behalf of government. Only then can you look your customers and the public in the face and say that you don't know what is going on -- that your company has been commandeered.

Journalism professor Jeff Jarvis recently wrote in The Guardian: "Technology companies: now is the moment when you must answer for us, your users, whether you are collaborators in the US government's efforts to 'collect it all' -- our every move on the internet or whether you, too, are victims of its overreach."

So while I'm sure it's cool to have a secret White House meeting with President Obama -- I'm talking to you, Google, Apple, AT&T, and whoever else was in the room -- resist. Attend the meeting, but fight the secrecy. Whose side are you on?

The NSA isn't going to remain above the law forever. Already public opinion is changing, against the government and their corporate collaborators. If you want to keep your users' trust, demonstrate that you were on their side.
http://www.theatlantic.com/technolog...ternet/278572/





Obama’s “Reform” Panel to Be Led By Clapper, Who Denied Spying to Congress

Asked if "any kind of data at all" was collected on millions, Clapper said no.
Joe Mullin

President Obama held a news conference on Friday at which he promised reform—but groups who wanted to see real reform in the surveillance area were understandably skeptical.

Obama made promises that he would "work with Congress" to produce better oversight, but he treated the recent leaks about NSA spying as more of a PR problem than anything else. The leaks had been revealed "in the most sensationalized manner," he stressed. But Obama maintained that the programs were not being abused. Notably, the president didn't suggest he would reduce the amount of surveillance taking place in any way.

But the "high level group of outside experts" that Obama promised to convene is unlikely to change any hearts and minds, unless its composition changes. Today it was announced the "outside" committee would report to James Clapper, the Director of National Intelligence—one of the officials most scorned by reformers.

Dept. of Defense

It was Clapper who dissembled in front of a Congressional committee when he was questioned directly by NSA critic Sen. Ron Wyden (D-OR) back in 2011. Wyden asked if "any kind of data at all" was being collected on millions of Americans. "No sir," said Clapper at the time.

Now, with at least some of the facts about widespread surveillance making headlines, Clapper maintains he thought Wyden was just talking about e-mail and that "mistakes will happen." Wyden's question, of course, was about "any data at all"—which is not only the phrase Wyden used, but the question that was sent to Clapper the day before.

Clapper is even one of four officials named in a new ACLU lawsuit claiming the spying program is unconstitutional.

The review group's job, according to a White House letter published today, is to assess whether the US "employs its technical collection capabilities in a manner that optimally protects our national security and advances our foreign policy while appropriately accounting for other policy considerations, such as the risk of unauthorized disclosure and our need to maintain the public trust."

As Techdirt points out, the group is actually set up to report to Clapper and not directly to the president or Congress. If the president's goal is to make any critics believe he's serious about this reform effort, Clapper is not the right person to put in a command position.
http://arstechnica.com/tech-policy/2...g-to-congress/




White House Denies Intel Chief Will Lead NSA Surveillance Review
Brendan Sasso

The Obama administration is denying that James Clapper, the director of national intelligence, will control a review of the government's surveillance programs.

Privacy advocates expressed dismay on Monday after President Obama directed Clapper to establish a group that will provide recommendations for reforming the controversial surveillance programs.

The review is part of the president's push to restore public trust in the programs, but the privacy activists argue that the group can't be independent if it is led by the administration's top intelligence official.

"Director Clapper will not be a part of the group, and is not leading or directing the group’s efforts," Caitlin Hayden, a White House spokeswoman, told The Hill on Tuesday.

"The White House is selecting the members of the Review Group, consulting appropriately with the Intelligence Community," she said, adding that the administration expects to announce the members of the group soon.

Shawn Turner, a spokesman for the director of national intelligence, also said that the group will "not be under the direction of or led by" Clapper.

"The members will have access to classified information so they need to be administratively attached to a government element but the review process and findings will be their own," Turner said.

President Obama announced a series of steps on Friday to enhance oversight of the National Security Agency's (NSA) surveillance programs.

Among other actions, Obama said an "independent group" made up of a "high-level group of outside experts" would review the programs and prepare a report on its findings.

"They'll consider how we can maintain the trust of the people, how we can make sure that there absolutely is no abuse in terms of how these surveillance technologies are used, ask how surveillance impacts our foreign policy — particularly in an age when more and more information is becoming public," Obama said.

He sent a memo to Clapper on Monday, directing him to establish the group. The memo said the group will brief the president on its findings and issue a report "through" the director of national intelligence.

Privacy activists expressed fear that Clapper, a vocal defender of NSA surveillance, would prevent the group from conducting rigorous oversight.

"If this was about 'restoring the trust' of the American people that the government isn't pulling a fast one over on them, President Obama sure has a funny way of trying to rebuild that trust," Mike Masnick wrote on his blog TechDirt. "This seems a lot more like giving the concerns of the American public a giant middle finger."

Amie Stepanovich, an attorney for the Electronic Privacy Information Center, said she still doubts the group can be independent with Clapper playing a central coordinating role.

"It's just inherently not independent, and it's not likely to solicit any meaningful results," she said.

She noted that Clapper has apologized for stating in a Senate hearing in March that the NSA does not collect any data on millions of people in the United States. The NSA has since acknowledged collecting records on virtually all U.S. phone calls.

Clapper said his answer was the "least untruthful" one he could give at the time.

"We have a man who has confessed to lying to Congress, and in doing so, he has publicly exhibited his disdain for the oversight process that he is now coordinating," Stepanovich said.

Michelle Richardson, a legislative counsel for the American Civil Liberties Union, said she believes the review group can produce meaningful results if it includes privacy advocates, academics and other people who are independent from the surveillance agencies.

"We really want this to be a fresh set of eyes who are going to look at this top to bottom," she said. "We don't want it to be the same old folks having the same old conversation about programs they've already endorsed."
http://thehill.com/blogs/hillicon-va...ead-nsa-review





Photocopying Michelle Obama's Diary, Just in Case

Barack Obama's analogy about washing dishes doesn't capture the NSA controversy nearly as well as this one.
Conor Friedersdorf

President Obama settled on a surprising analogy last week while explaining his theory of the NSA surveillance controversy to reporters. "The question is how do we make the American people more comfortable?" he said. "If I tell Michelle that I did the dishes -- now, granted, in the White House, I don't do the dishes that much -- and she's a little skeptical, well, I'd like her to trust me, but maybe I need to bring her back and show her the dishes and not just have her take my word for it."

The analogy has been widely panned, and for good reason. Almost as soon as I heard it, I thought of a different analogy that does a much better job of capturing the actual issues at play.

Let's stick with Barack and Michelle's home life -- but instead of dirty dishes, they're at odds over personal privacy. See, Barack snuck into Michelle's closet one day, dug through her belongings until he found her diary, and photocopied it. Then he replaced the original, locked the copy in his desk, and didn't think about it much until she found out months later and furiously confronted him.

"What? You stole my diary?"

"No Michelle, I didn't 'steal' it. But I am going to find a cage for whoever told you that I photocopied it."

"I can't believe you took it and made a copy -- you invaded my privacy."

"Listen, Michelle. I did not invade your privacy. I have no interest in reading your diary. I merely set aside a copy in case I have a legitimate reason for reading it at some undetermined point in the future."

"That's still outrageous! And how do I know you haven't read it?"

"That's unfair. You have no evidence that I read it. This conversation needs to be a little bit more informed and responsible."

"And who knows who might get ahold of it now that you've stashed a copy somewhere!"

"There are very strict safeguards around who can get into my desk, Michelle, you know that."

"What about when it's Joe's desk, or Hillary's? Eww, what if Bill reads my diary. I can't believe you did this. And what if you get tempted to read it yourself a year from now, if you haven't already?"

"You just have to trust me, Michelle. This is for your own good. Ultimately, I'm the decider."

"Oh my God, you're even starting to sound like him."

Admittedly, that isn't a perfect analogy either, but it comes a lot closer than Obama did to capturing the actual stakes in this debate, and the reason so many Americans are angry at him.
http://www.theatlantic.com/politics/...n-case/278567/





How Laura Poitras Helped Snowden Spill His Secrets
Peter Maass

This past January, Laura Poitras received a curious e-mail from an anonymous stranger requesting her public encryption key. For almost two years, Poitras had been working on a documentary about surveillance, and she occasionally received queries from strangers. She replied to this one and sent her public key — allowing him or her to send an encrypted e-mail that only Poitras could open, with her private key — but she didn’t think much would come of it.

The stranger responded with instructions for creating an even more secure system to protect their exchanges. Promising sensitive information, the stranger told Poitras to select long pass phrases that could withstand a brute-force attack by networked computers. “Assume that your adversary is capable of a trillion guesses per second,” the stranger wrote.

Before long, Poitras received an encrypted message that outlined a number of secret surveillance programs run by the government. She had heard of one of them but not the others. After describing each program, the stranger wrote some version of the phrase, “This I can prove.”

Seconds after she decrypted and read the e-mail, Poitras disconnected from the Internet and removed the message from her computer. “I thought, O.K., if this is true, my life just changed,” she told me last month. “It was staggering, what he claimed to know and be able to provide. I just knew that I had to change everything.”

Poitras remained wary of whoever it was she was communicating with. She worried especially that a government agent might be trying to trick her into disclosing information about the people she interviewed for her documentary, including Julian Assange, the editor of WikiLeaks. “I called him out,” Poitras recalled. “I said either you have this information and you are taking huge risks or you are trying to entrap me and the people I know, or you’re crazy.”

The answers were reassuring but not definitive. Poitras did not know the stranger’s name, sex, age or employer (C.I.A.? N.S.A.? Pentagon?). In early June, she finally got the answers. Along with her reporting partner, Glenn Greenwald, a former lawyer and a columnist for The Guardian, Poitras flew to Hong Kong and met the N.S.A. contractor Edward J. Snowden, who gave them thousands of classified documents, setting off a major controversy over the extent and legality of government surveillance. Poitras was right that, among other things, her life would never be the same…

More





Q. & A.: Edward Snowden Speaks to Peter Maass

In the course of reporting his profile of Laura Poitras, Peter Maass conducted an encrypted question-and-answer session, for which Poitras served as intermediary, with Edward J. Snowden. Below is a full transcript of that conversation.

Peter Maass: Why did you seek out Laura and Glenn, rather than journalists from major American news outlets (N.Y.T., W.P., W.S.J. etc.)? In particular, why Laura, a documentary filmmaker?

Edward Snowden: After 9/11, many of the most important news outlets in America abdicated their role as a check to power — the journalistic responsibility to challenge the excesses of government — for fear of being seen as unpatriotic and punished in the market during a period of heightened nationalism. From a business perspective, this was the obvious strategy, but what benefited the institutions ended up costing the public dearly. The major outlets are still only beginning to recover from this cold period.

Laura and Glenn are among the few who reported fearlessly on controversial topics throughout this period, even in the faceof withering personal criticism, and resulted in Laura specifically becoming targeted by the very programs involved in the recent disclosures. She had demonstrated the courage, personal experience and skill needed to handle what is probably the most dangerous assignment any journalist can be given — reporting on the secret misdeeds of the most powerful government in the world — making her an obvious choice.

P.M.: Was there a moment during your contact with Laura when you realized you could trust her? What was that moment, what caused it?

E.S.: We came to a point in the verification and vetting process where I discovered Laura was more suspicious of me than I was of her, and I’m famously paranoid. The combination of her experience and her exacting focus on detail and process gave her a natural talent for security, and that’s a refreshing trait to discover in someone who is likely to come under intense scrutiny in the future, as normally one would have to work very hard to get them to take the risks seriously.

With that putting me at ease, it became easier to open up without fearing the invested trust would be mishandled, and I think it’sthe only way she ever managed to get me on camera. I personally hate cameras and being recorded, but at some point in the working process, I realized I was unconsciously trusting her not to hang me even withmy naturally unconsidered remarks. She’s good.

P.M.: Were you surprised that Glenn did not respond to your requests and instructions for encrypted communication?

E.S.: Yes and no. I know journalists are busy and had assumed being taken seriously would be a challenge, especially given the paucity of detail I could initially offer. At the same time, this is 2013, and a journalist who regularly reported on the concentration and excess of state power. I was surprised to realize that there were people in news organizations who didn’t recognize any unencrypted message sent over the Internet is being delivered to every intelligence service in the world. In the wake of this year’s disclosures, it should be clear that unencrypted journalist-source communication is unforgivably reckless.

P.M.: When you first met Laura and Glenn in Hong Kong, what was your initial reaction? Were you surprised by anything in the way they worked and interacted with you?

E.S.: I think they were annoyed that I was younger than they expected, and I was annoyed they had arrived too early, which complicated the initial verification. As soon as we were behind close doors, however, I think everyone was reassured by the obsessive attention to precaution and bona fides. I was particularly impressed by Glenn’s ability to operate without sleep for days at a time.

P.M.: Laura started filming you from nearly the start. Were you surprised by that? Why or why not?

E.S.: Definitely surprised. As one might imagine, normally spies allergically avoid contact with reporters or media, so I was a virgin source — everything was a surprise. Had I intended to skulk away anonymously, I think it would have been far harder to work with Laura, but we all knew what was at stake. The weight of the situation actually made it easier to focus on what was in the public interest rather than our own. I think we all knew there was no going back once she turned that camera on, and the ultimate outcome would be decided by the world.
http://www.nytimes.com/2013/08/18/ma...ranscript.html





Assange Stays Mum Over Swedish Sex Crime Case

WikiLeaks founder Julian Assange said on Wednesday that he would not be addressing the Swedish sexual assault and rape allegations against him in his run for office in Australia, as "Australian men don't like to talk about their private lives".

Assange, standing for election to the upper house in September 7 national polls, also said Australian men did not bad-mouth their lovers, when asked whether he would explain himself to voters on the sex crime claims that have seen him holed up in London's Ecuadoran embassy for more than a year.

"Unfortunately, to a degree, I am an Australian and therefore Australian men don't like talking about their private lives," the former computer hacker said in an online election forum published by Fairfax Media on Thursday.

"They don't like saying bad things about their lovers. I'm not going to do that."

Assange has been living inside Ecuador's embassy since June 2012 as he fights extradition from Britain to Sweden, where authorities want to question him over alleged sex crimes.

The activist has voiced fears that he will be sent on to the United States to be tried over huge leaks of sensitive diplomatic correspondence and material on the Iraq and Afghanistan wars.

He told the Fairfax forum, conducted Wednesday, he had "nothing to hide" on the Sweden allegations and there was "extensive information about the case" available at the site justice4assange.com.

"I have not been charged. It's an extraordinary situation that someone could be detained for three years without charge. That's part of the abuses in this case," he said.

Assange acknowledged that he is not a typical politician, with questions over whether he will even be able to assume his Senate seat if he wins given his status in the embassy, but said he still felt that he could connect with voters.

"As an individual I haven't just been an activist... I understand what it's like to be a father, to start small businesses, to have problems of many different kinds," he said.

"I think Australians can relate to that sort of character. Even though I'm in a very unusual position for sure, I've also had the life experiences that many Australians have had."

Assange is one of seven candidates running for election to the Senate for his WikiLeaks Party, which has vowed to be an "independent scrutineer of government activity" on a range of issues including tax reform, asylum-seekers and climate change policy.

The Australian whistle blower believes he stands a good chance of winning his seat, saying this week that polling numbers are positive.
http://www.thelocal.se/49522/20130808/





Exclusive: After Multiple Denials, CIA Admits to Snooping on Noam Chomsky
John Hudson

For years, the Central Intelligence Agency denied it had a secret file on MIT professor and famed dissident Noam Chomsky. But a new government disclosure obtained by The Cable reveals for the first time that the agency did in fact gather records on the anti-war iconoclast during his heyday in the 1970s.

The disclosure also reveals that Chomsky's entire CIA file was scrubbed from Langley's archives, raising questions as to when the file was destroyed and under what authority.

The breakthrough in the search for Chomsky's CIA file comes in the form of a Freedom of Information Act (FOIA) request to the Federal Bureau of Investigation. For years, FOIA requests to the CIA garnered the same denial: "We did not locate any records responsive to your request." The denials were never entirely credible, given Chomsky's brazen anti-war activism in the 60s and 70s -- and the CIA's well-documented track record of domestic espionage in the Vietnam era. But the CIA kept denying, and many took the agency at its word.

Now, a public records request by FOIA attorney Kel McClanahan reveals a memo between the CIA and the FBI that confirms the existence of a CIA file on Chomsky.

Dated June 8, 1970, the memo discusses Chomsky's anti-war activities and asks the FBI for more information about an upcoming trip by anti-war activists to North Vietnam. The memo's author, a CIA official, says the trip has the "ENDORSEMENT OF NOAM CHOMSKY" and requests "ANY INFORMATION" about the people associated with the trip.

After receiving the document, The Cable sent it to Athan Theoharis, a professor emeritus at Marquette University and an expert on FBI-CIA cooperation and information-gathering.

"The June 1970 CIA communication confirms that the CIA created a file on Chomsky," said Theoharis. "That file, at a minimum, contained a copy of their communication to the FBI and the report on Chomsky that the FBI prepared in response to this request."
The evidence also substantiates the fact that Chomsky's file was tampered with, says Theoharis. "The CIA's response to the FOIA requests that it has no file on Chomsky confirms that its Chomsky file was destroyed at an unknown time," he said.

It's worth noting that the destruction of records is a legally treacherous activity. Under the Federal Records Act of 1950, all federal agencies are required to obtain advance approval from the national Archives for any proposed record disposition plans. The Archives is tasked with preserving records with "historical value."

"Clearly, the CIA's file, or files, on Chomsky fall within these provisions," said Theoharis.

It's unclear if the agency complied with protocols in the deletion of Chomsky's file. The CIA declined to comment for this story.

What does Chomsky think? When The Cable presented him with evidence of his CIA file, the famous linguist responded with his trademark cynicism.

"Some day it will be realized that systems of power typically try to extend their power in any way they can think of," he said. When asked if he was more disturbed by intelligence overreach today (given the latest NSA leaks) or intelligence overreach in the 70s, he dismissed the question as an apples-to-oranges comparison.

"What was frightening in the ‘60s into early ‘70s was not so much spying as the domestic terror operations, COINTELPRO," he said, referring to the FBI's program to discredit and infiltrate domestic political organizations. "And also the lack of interest when they were exposed."

Regardless,, the destruction of Chomsky's CIA file raises an even more disturbing question: Who else's file has evaporated from Langley's archives? What other chapters of CIA history will go untold?

"It is important to learn when the CIA decided to destroy the Chomsky file and why they decided that it should be destroyed,'" said Theoharis. "Undeniably, Chomsky's was not the sole CIA file destroyed. How many other files were destroyed?"
http://thecable.foreignpolicy.com/po...noam_chomsk y





Exclusive: Met Investigating Rupert Murdoch Firm News International as 'Corporate Suspect' Over Hacking and Bribing Offences

New twist in hacking scandal threatens global media empire as senior figures were questioned by officers at Scotland Yard
Tom Harper

Scotland Yard is investigating News International as a “corporate suspect” over hacking and bribing offences, it can be revealed.

The Independent has learnt the Metropolitan Police has opened an “active investigation” into the corporate liabilities of the UK newspaper group – recently rebranded News UK – which could have serious implications for the ability of its parent company News Corp to operate in the United States. One of Rupert Murdoch’s most senior lawyers has been interviewed under caution on behalf of the company and two other very senior figures have been officially cautioned for corporate offences. John Turnbull, who works on News Corp’s Management and Standards Committee (MSC) which co-ordinates the company’s interactions with the Metropolitan Police, answered formal questions from detectives earlier this year.

The development has caused pandemonium at the upper echelons of the Murdoch media empire. Shortly afterwards, executives in America ordered that the company dramatically scale back its co-operation with the Metropolitan Police.

A News Corp analysis of the effects of a corporate charge, produced in New York, said the consequences could “kill the corporation and 46,000 jobs would be in jeopardy”.

Lawyers for the media behemoth have pleaded with the Met and the Crown Prosecution Service not to prosecute the company as it would not be in the “public interest” to put thousands of jobs at risk. Gerson Zweifach, the group general counsel of News Corp, flew in to London for emergency talks with the Met last year. According to Scotland Yard, he told police: “Crappy governance is not a crime. The downstream effects of a prosecution would be apocalyptic. The US authorities’ reaction would put the whole business at risk, as licences would be at risk.”

The Independent can reveal that Scotland Yard warned News Corp that its UK subsidiary, which publishes The Sun and used to publish the now-defunct News of the World, was under formal investigation on 18 May last year.

A month later, Rupert Murdoch announced he was splitting the global empire he spent six decades building up into one of the most powerful companies in the world. The 82-year-old hived off the highly profitable television and film assets, including 21st Century Fox and Fox News, into a separate entity from the troubled newspaper group in what was widely perceived as an attempt to isolate any contagion from the phone-hacking scandal.

Tom Watson, the campaigning Labour MP, said: “This comes as no surprise. Parliament has already found Rupert Murdoch unfit to run an international company.

“He is responsible for the corporate culture that allowed this scandal to damage his global empire. I hope that other jurisdictions like Russia will begin to investigate the activities of News Corp around the world.

“The doom-laden internal analysis that the thousands of people who actually add value to the company may lose their jobs is bogus. If News Corp wants to clean up its act, it can easily do so by replacing the Murdochs with people who understand corporate social responsibility.”

Lawyers for the Metropolitan Police identified News International as “suspects” as long ago as October 2011.

But the company did not appear to become aware of its status as a potential “corporate defendant” until April 2012 when Met detectives asked the MSC for “minutes of board meetings”. The request triggered behind-the-scenes negotiations which eventually led to former Deputy Assistant Commissioner Sue Akers writing to the MSC a month later.

In a letter to the chairman Lord Grabiner, she said there was “an active investigation into the corporate liability of News International”. The company immediately changed the terms of its co-operation with the police.

In an unpublished statement submitted to the Leveson Inquiry a month later, seen by The Independent, Lord Grabiner outlined the position of the company. He indicated it would be a “dereliction of duty” to continue co-operating with Scotland Yard if the police were planning a “corporate charge” against News International.

“At no point prior to May 2012 did the Met inform News International or the MSC that any corporate entity was a suspect,” he said.

“It was only in early May 2012, following requests by the Metropolitan Police for information and documents that did not seem relevant to the matters understood to be under investigation in relation to individuals, that it appeared to the MSC the focus of the investigation had shifted to include the companies [News International and News Group Newspapers] without either company having been advised of this fact.

Later he added: “A suspect which is being asked to provide material for use in the investigation into its own liability is entitled to be advised that it is under suspicion in order that it can be advised of its rights and make informed decisions.”

Lord Grabiner said that, following the disclosure, the company was still “co-operating” but felt “obliged to proceed with some care”.

A senior Scotland Yard source said that after Ms Akers’ letter there was a “suspension in co-operation” whilst the UK lawyers “took advice” from the board directors in New York.

He added: “They subsequently resumed co-operation, but on a more challenging, legal-led basis resulting in delays.”

Lawyers for News Corp then continued to plead with the police not to pursue the company, raising the recent case involving Southwark Council, which avoided corporate manslaughter charges by providing full co-operation with an investigation into a fire that ripped through a dilapidated tower block, killing six people.

Since News Corp was informed of the development, a string of senior UK executives have left the company.

According to CPS guidelines, there appears to be no legal provision for dropping a corporate prosecution simply because a company under suspicion also happens to be a major employer.

However, the former Prime Minister Tony Blair ordered the cessation of a three-year Serious Fraud Office investigation into BAE Systems in 2006 as it would affect “thousands of British jobs”. Citing the “public interest”, Mr Blair said the defence giant should not be prosecuted for paying bribes worth hundreds of millions of pounds to the Saudi royal family in order to secure the multibillion-pound al-Yamamah arms contract.

When members of the Saudi government found out that the SFO was probing their personal Swiss bank accounts, they also threatened to cut off all intelligence to Britain.

Last night a spokesman for News UK said: “We have co-operated with all relevant authorities throughout the process and our history of assistance is a matter of record in Lord Justice Leveson’s report.”

A Scotland Yard spokesman said: “We are not prepared to discuss this.”

The Crown Prosecution Service can treat a company as a “legal person” who is “capable of being prosecuted”.

Any organisation at the centre of a criminal investigation “should not be treated differently from an individual because of its artificial personality”, according to the CPS.

The latest guidelines state: “A thorough enforcement of the criminal law against corporate offenders, where appropriate, will have a deterrent effect, protect the public and support ethical business practices.

“Prosecuting corporations, where appropriate, will capture the full range of criminality involved and thus lead to increased public confidence in the criminal justice system.”

A company can be found guilty if any potential offender can be established as the “directing mind and will” of the organisation.

The Independent asked the CPS to explain what the possible penalties were for a corporate charge, including fines and custodial sentences, but the press office refused to discuss “hypotheticals”.

Lawyers for News Corp believe the law on corporate prosecutions is a “mess” and have told the Met and CPS that any charge against the company will be vigorously challenged in court.

It appears the company is most concerned about the effect of corporate charges on the ability of News Corp to obtain unspecified “licences” in the United States.

A senior News Corp source said the “licences” are now under the domain of 21st Century Fox, the TV and film arm that was split from the newspaper group in June this year.

Timeline: Hacking saga

January 2007 Original phone-hacking prosecutions result in two convictions.

January 2011 Scotland Yard launches new investigation into phone hacking after embarrassing disclosures. Material seized years earlier is re-examined.

July 2011 Milly Dowler hacking scandal breaks. News Corp establishes Management and Standards Committee (MSC) to co-operate with police.

October 2011 The Metropolitan Police internally identifies News International as corporate “suspect”.

November 2011 Leveson Inquiry starts.

April 2012 Met asks MSC for “minutes of board meetings”.

May 2012 Deputy Assistant Commissioner Sue Akers tells MSC that company is under “active investigation”. News Corp’s co-operation with police dramatically scaled back.

June 2012 Rupert Murdoch announces plan to split News Corp in two. MSC tells Leveson Inquiry it would be a “dereliction of duty” to continue co-operating with Scotland Yard if police were planning a “corporate charge”.

December 2012 Leveson Inquiry concludes.

March 2013 Rupert Murdoch is secretly recorded telling staff that “payments for news tips from cops” have been “going on a hundred years”.
http://www.independent.co.uk/news/uk...s-8771560.html





The Internet’s Verbal Contrarian
Noam Cohen

For every revolution, there is a counterrevolutionary. And so the digital one has brought us Evgeny Morozov.

A 29-year-old émigré from Belarus, Mr. Morozov has quickly become the most prominent, most multiplatformed critic of the utopian promises coming from Silicon Valley. His first book, “The Net Delusion,” looked skeptically at the belief that social networks were responsible for fomenting political change across the globe, and in the new “To Save Everything, Click Here” he has expanded that critique to question whether the Internet has improved anything.

With the recent revelations about National Security Agency surveillance, Mr. Morozov is taking a victory lap of sorts. In an essay last month, he finds vindication for his pessimistic views about the Internet, as the world turns on the United States over its spying on overseas digital communications and as oppressive governments are emboldened to crack down: “This is the real tragedy of America’s ‘Internet freedom agenda’: It’s going to be the dissidents in China and Iran who will pay for the hypocrisy that drove it from the very beginning.”

Mr. Morozov has written for a long list of publications, including London Review of Books, The New York Times and The New Republic. In addition to the sheer volume of Mr. Morozov’s writings, there is his sheer volume. His style is aggressive and frequently accusatory, with a litany of digital idealists and organizations that he uses as punching bags. These include Facebook, Google, the publisher and writer Tim O’Reilly and the City University of New York professor and new-media guru Jeff Jarvis, whose book “Public Parts” Mr. Morozov savaged in a 6,000-word review in The New Republic, which included the memorable line, “This is a book that should’ve stayed a tweet.”

The aggressive, barroom quality of his writing has earned him plenty of admirers, as well as detractors who consider him a childish contrarian. But after becoming such a public, public intellectual by his mid-20s, Mr. Morozov has made a curious decision: to further his education. During the semester you could find him finishing his coffee upstairs at a Starbucks before making the walk across Harvard Yard for his seat at a seminar on the history of psychoanalysis as a first-year Harvard doctoral candidate in the history of science.

“I have more influence than I ought to have,” he said in the train to New York City from Boston, adding that he had a nagging feeling that his criticisms were too shallow. “The idea of the Internet allowed me to cut too many corners, intellectually.”

His new thinking is evident in “To Save Everything,” released in March. In the book Mr. Morozov puts quotation marks around every reference to “the Internet,” and with that tic he makes a larger point: readers should stop and question everything they have been taught about technology, including that the Internet exists.

Without such skepticism, Mr. Morozov and his supporters say, the public easily succumbs to the slick promises and catchwords of online entrepreneurs or TED talks — “open” or “generative” or “transparent” or “participatory.” And those words lead to real beliefs, with real consequences, he argues — for example, that privacy is just an archaic notion, or that information “wants to be free.”

Critics have generally welcomed “To Save Everything” for its contrary take, if not always how that take is expressed. Writing in The Times’s Book Review, Ellen Ullman, a novelist and former computer programmer, says Mr. Morozov “is taking up the cause of human values against those of the machine,” though she adds that his “polemical tone is wearying.”

Tim Wu, the Columbia Law School professor and frequent Morozov target, writes that the book was more of the same and that his attacks appear to be “mainly designed to build Morozov’s particular brand of trollism; one suspects he aspires to be a Bill O’Reilly for intellectuals.”

In person, too, Mr. Morozov can quickly turn adversarial, and not only when he threatens to stop talking because his interlocutor’s knowledge “is too limited.” He is as likely to spot a contradiction in his own thinking, saying something like, “You are going to catch me here, but who cares?”

Beyond his gnawing arguments and the way he delivers them, Mr. Morozov has benefited from growing public doubts in the prevailing belief in a “high-tech, techno-libertarian utopia,” said Ian Bogost, a professor of digital media at Georgia Tech and among the few writers in the field Mr. Morozov counts as a friend and ally. “This anxiety is one that needs voices who can identify it and find other paths. The reason why it is him is that he has been willing to pull no punches and be as brazen and direct as his targets.”

Mr. Morozov was born in Soligorsk, a small mining city whose name means “mountains of salt.” His quick answer to the question of why he wanted to come to the United States: “Do you know anything about Belarus?”

He said he had his epiphany about technology while working for Transitions, an organization that promotes the development of independent journalism in Europe and Central Asia. “I would show up in Tajikistan with this PowerPoint and tell them about Wikipedia and Flickr and YouTube, they were like: ‘Dude, we have no electricity. What are you talking about?’ ”

The lesson was clear: These ideas had a logic that was divorced from the people being asked to live with them.

After leaving Transitions, he got the first of an annual fellowship from the Open Society Institute (now Open Society Foundations) to live in New York and work on what would become “Net Delusion.” After time as a visiting scholar at Georgetown and Stanford, he is back to being a student.

“If my idea was just to maintain a certain lifestyle, there would be no need to get a Ph.D.,” he said. “But I do care very deeply about the idea side as well.”

At Harvard Mr. Morozov is branching out and letting down his guard, he said. He has followed a regimen of diet and exercise — “read, write and row,” as his friend, Mr. Bogost, put it — that has transformed his appearance.

By studying the history of science, Mr. Morozov said, “I acknowledge my ignorance from the very beginning.” But he hasn’t abandoned the skepticism of technology.

For all his rage against the servers and their handlers, Mr. Morozov has been masterly in exploiting the Internet. He has more than 40,000 followers on Twitter, where he promotes his latest print pieces with devilish glee — “TNR will publish one of those Jarvis-esque critical reviews I love to write.”

He has already planned his dissertation, which is set to be a book published by Farrar, Straus & Giroux — what he calls a history of the Internet intellectual movements like cybernetics that laid the groundwork for current approaches.

“It is easy to be seen as either a genius or a crank,” he said. “If you have a Ph.D., at least you somewhat lower the chances that you will be seen as a crank.”
http://www.nytimes.com/2013/08/15/bu...ontrarian.html





What Does It Really Matter If Companies Are Tracking Us Online?

A scholar argues that the core issue is protecting consumers from corporations that are developing ever more sophisticated techniques for getting people to part with their money.
Rebecca J. Rosen

Say you, like me, went to bed a little early last night. And when you woke up this morning, you decided to catch the episode of the Daily Show that you missed. So you pointed your browser over to thedailyshow.com, and there, as you expected, is John Oliver. But there's something else there too, at least if you're me: flashing deals for hotels in Annapolis, which just so happens to be where I've been planning a weekend away.

We all are familiar at this point with the targeted ads that follow us around the web, linked to our browsing history. In this case, Google (who served me this ad) only got it half right: I had already booked a place.

And yet, I am planning a trip to Annapolis, and Google "knows" this, and is using this information to try to sell me stuff, a practice commonly criticized as "creepy." But as philosopher Evan Selinger asserted in Slate last year, the word "creepy" isn't particularly illuminating. What, really, is wrong with ad tracking? Why does it bother us? What is the problem?

A new paper by professor Ryan Calo at the University of Washington goes the furthest I have seen in elucidating the potential harms of digital-ad targeting. And his argument basically boils down to this: This isn't about the sanctity of the individual or even, strictly speaking, about privacy. This is about protecting consumers from profit-seeking corporations, who are gaining an insurmountable edge in their efforts to get people to part with their money.

But those are my words. Here are Calo's:

The digitization of commerce dramatically alters the capacity of firms to influence consumers at a personal level. A specific set of emerging technologies and techniques will empower corporations to discover and exploit the limits of each, individual consumer's ability to pursue his or her own self-interest. Firms will increasingly be able to trigger irrationality or vulnerability in consumers -- leading to actual and perceived harms that challenge the limits of consumer protection law, but which regulators can scarcely ignore.

Calo is taking the long view here. Digital marketing techniques haven't quite gotten sophisticated enough to take advantage of a consumer's idiosyncratic irrationalities. Right now, he writes, digital advertising's main strategy is relevance: putting the relevant ad in front of the right person. But Calo foresees a much more personalized approach down the road -- not just the right good, but a customized pitch, delivered late at night, when the company knows you, particularly, have a tendency to make impulse purchases.

This, of course, is not all bad. Calo describes many potential upsides to a marketplace in which companies have much, much more information about their customers. "Firms," he writes, "have incentives to look for ways to exploit consumers, but they also have powerful incentives to look for ways to help and delight them." So perhaps website will appear in color palettes that are highly appealing to you, or a hotel you book at will know about your allergies and prepares your room with a hypoallergenic pillow, or, most obviously, Google will serve you an ad for just the right hotel, at just the right price, before you've already booked elsewhere. And consumers too are getting more information about the products they are considering buying: There's Amazon reviews, apps that scan bar codes for price comparisons, and sites like TripAdvisor and Yelp that will help you avoid rip-offs of all kinds.

But that said, Calo still sees an imbalance in how this will play out, and that's because consumers are not perfectly rational, as the field of behavioral economics has demonstrated over and over. This leaves them vulnerable to persuasion to make decisions that are counter to their own self-interest. Oftentimes, this has negative but ultimately small consequences: "Maybe a consumer pays a little extra for a product, for instance, or purchases an item on impulse," Calo writes.

But the possibilities for exploiting those vulnerabilities are amplified dramatically when bolstered by the kinds of data Google and other firms have access to. Marketing has always been about getting consumers to spend money, but Calo argues that data tracking enables a level of sophistication that is different in kind, not just degree. "Digital market manipulation combines, for the first time, a certain kind of personalization with the intense systemization made possible by mediated consumption," he explains.

This is not a problem when the interests of firms and consumers align, as in the above examples, but, as Calo writes, "it would be highly surprising were every use to which a company placed intimate knowledge of its consumer in fact a win-win." It's where interests diverge, and actual harms are incurred, that the trouble lies.

So where does that trouble lie? What are those actual harms? Calo outlines three distinct types of damages. The first are economic: market failures, not unlike others that the government has decided merit corrective regulatory measures in the past, such as the regulation of cigarette ads. But in the case of digital marketing, Calo says, the inefficiencies aren't going to be such clear cases. Rather, the failures will come in the form of consumers being systematically charged more than they would have been had less information about that particular consumer.

Sometimes, that will mean exploiting people who are not of a particular class, say upcharging men for flowers if a computer recognizes that that he's looking for flowers the day after his anniversary. But other times there could be troubling equity concerns. For example, Calo points to the work of NYU professor Oren Bar-Gill who has shown how companies can use complexity in credit-card contracts, mortgages, and cell-phone contracts to "hinder or distort competition and impose outsized burden on the least sophisticated consumers." Calo says such price-discrimination tactics, applied en masse online, could "lead to regressive distribution effects," also known as preying on the vulnerable.

But perhaps you think those inefficiencies will be balanced out at the level of the aggregate market. Calo says there is still reason to be concerned at the level of the individual. He writes, "Even if we do not believe the economic harm story at the level of the market, the mechanism of harm at the level of the consumer is rather clear: The consumer is shedding information that, without her knowledge or against her wishes, will be used to charge her as much as possible, to sell her a product or service she does not need or needs less of, or to convince her in a way that she would find objectionable were she aware of the practice." There may be nothing particularly embarrassing or personal about my vulnerabilities as a consumer, but I do not especially want to share them with companies so that I can be manipulated for their financial gain. For Calo, that discomfort, the feeling I experience knowing that my vulnerabilities are being tracked in order to be used, is a violation of my privacy, the second area of harm Calo sees.

This is closely related to Calo's third area of concern: autonomy, which in the context of the consumer means, he says, "the absence of vulnerability, i.e., the capacity to act upon the market in our self-interest." When corporations purposely seek out a consumer's vulnerabilities and use them to direct her dollars back to them, that is a violation of that person's autonomy.

(It should be clear that Calo here is only looking at corporate data tracking techniques for the purpose of selling goods and services. This, while troubling for the reasons detailed above, is "not tantamount to massive surveillance by the government. Firms do not have a monopoly on coercion and their motive -- profit -- is discernible, stable, and relatively acceptable when compared with the dangers that attend tyranny.")

The practices Calo describes may be unprecedented, but the harms are familiar, and consumer protection is something courts and legislatures have had to deal with before. They've had to "decide what makes a contract term 'unconscionable,' what kinds of enrichments are 'unjust,' when influence is 'undue,' what constitutes 'fair' dealing, where strategic behavior becomes 'bad faith,' when interest rates becomes 'usury' or higher prices 'gauging,' and on and on," Calo writes. "Such line drawing is endemic to consumer protection and other areas of the law concerned with basic notions of fair play."

That line drawing will undoubtedly be complicated and uneven. How can we know what someone's autonomous consumption desires are? When does consumption slip from autonomously directed to manipulated? (I for one am not even convinced people have ex-ante consumption desires that are identifiable beyond what marketers somewhere have shaped, though Calo's point is specifically about certain big-data-enabled strategies, not kludgy, old-fashioned marketing.) But despite the complexities, regulation is one route, and, if done well, will not suppress the online ad industry in general -- only the predatory practices at its margins.

But Calo also offers another option: "Imagine," he writes, "if major platforms such as Facebook and Google were obligated, as a matter of law or best practice, to offer a paid version of their service." Web companies do need revenue, after all. Fees may be the best way to both protect consumers and fund the tools we all use online. There may be other hazards with such an approach (e.g. will this systematically relegate poorer people to lesser version of these services?), but Calo says that there would be ways to address them.

But I'm getting ahead of myself. There will be time and processes for sorting out how to protect consumers in such a landscape. The value of Calo's paper is not in laying out where we should go from here but in disentangling the mess of problems related to identity and privacy online, and extracting from that mess a set of issues that are recognizable: consumer protection. In doing so, he gives, finally, a shape and a texture to that creepiness we know so well, but have understand so poorly.
http://www.theatlantic.com/technolog...online/278692/





Meet the Hackers Who Want to Jailbreak the Internet
Klint Finley

One guy is wearing his Google Glass. Another showed up in an HTML5 t-shirt. And then there’s the dude who looks like the Mad Hatter, decked out in a top hat with an enormous white flower tucked into the brim.

At first, they look like any other gaggle of tech geeks. But then you notice that one of them is Ward Cunningham, the man who invented the wiki, the tech that underpins Wikipedia. And there’s Kevin Marks, the former vice president of web services at British Telecom. Oh, and don’t miss Brad Fitzpatrick, creator of the seminal blogging site LiveJournal and, more recently, a coder who works in the engine room of Google’s online empire.

Packed into a small conference room, this rag-tag band of software developers has an outsized digital pedigree, and they have a mission to match. They hope to jailbreak the internet.

They call it the Indie Web movement, an effort to create a web that’s not so dependent on tech giants like Facebook, Twitter, and, yes, Google — a web that belongs not to one individual or one company, but to everyone. “I don’t trust myself,” says Fitzpatrick. “And I don’t trust companies.” The movement grew out of an egalitarian online project launched by Fitzpatrick, before he made the move to Google. And over the past few years, it has roped in about 100 other coders from around the world.

On any given day, you’ll find about 30 or 40 of them on an IRC chat channel, and each summer, they come together in the flesh for this two-day mini-conference, known as IndieWebCamp. They hack. They demonstrate. They discuss. They strive to create a new set of tools that can give you greater control over the stuff you post to the net — the photos, the status updates, the blog posts, the comments. “The Indie Web is a community of folks interested in owning their own content — and identity — online,” says Tantek Çelik, another developer at the heart of the movement.

They ask questions like: What happens if Yahoo freezes your online account, loses your data, or goes out of business? What happens if you decide to move all your Facebook photos to another site? What if you want to reply to someone on Twitter using Google+? And then they build software that answers these questions.

At this year’s camp, Fitzpatrick and fellow Googler Bret Slatkin showed off Camlistore, an open source alternative to cloud storage services like Google Drive. The aim is to give people software that works like Google Drive — that gives you instant access to your files from any machine — but that doesn’t lock you into the Google way of doing things, and that always plays nicely with other services across the web.

That may seem like an odd undertaking for two people employed by Google. But this is how many Googlers think, harboring the unshakably idealistic view that the needs of the web as a whole are more important even than those of the web company they work for.

The Indie Web movement isn’t about sticking it to Google or Facebook or Twitter. It’s about creating a web that behaves like a single entity. After Fitzpatrick and Slatkin uncloaked their creation, a third Googler, Will Norris, showed off a WordPress plugin that lets you instantly grab posts from the open source blog platform and move them onto Google+, the search giant’s social network.

Many people who work for Google, Facebook and Twitter, Norris says, “live the Indie Web.”

A Web You Can Call Your Own

IndieWebCamp began in 2011, but the movement harkens back to the spirit of the early social web. Back in 2001, when Fitzpatrick open sourced the code for LiveJournal, giving anyone the power to run the blogging tool on their own computer servers.

This is a fundamental tenet of the Indie Web movement: You should always have the option of running a web service on machines that belong to you. These days it’s unusual, but in 2001, before social media was big business, it was a common courtesy.

The trick is to do this without cutting yourself off from the rest of the net. To do that, you need a way of trading data with other sites and services. So, in 2005, Fitzpatrick went a step further, letting people leave comments on multiple LiveJournal sites without creating a separate account on each one.

At the time, Six Apart, the social media company that owned LiveJournal, offered a service that could have provided this sort of “single sign-on” for all LiveJournal sites, but Fitzpatrick started from scratch. “I wanted a system that no company controlled,” he says. That’s another tenet of the Indie Web movement.

The result was OpenID, software that could provide a single sign-on for any site willing to use it. It was adopted not only by LiveJournal, but by Google, Yahoo, and others and arguably marked the beginning of of the modern Indie Web.

It only went so far, as companies like Facebook introduced their own single-sign-on tools. But others pushed new ideas along the same lines. There was Control Yourself, an open source Twitter alternative now known as StatusNet, and DiSo, short for Distributed Social Networking, another social network outside the clutches of a Twitter or a Facebook.

Çelik, one of the organizers of IndieWebCamp, joined the DiSo project in 2009. “I was frustrated with Twitter being down all the time,” he says.

By the end of 2010, the movement seemed on the verge of critical mass. As commercial operations shuttered older sites like Vox, Pownce, and Geocities, many called for a new way. Diaspora, an open source alternative to Facebook, raised more than $200,000 on Kickstarter, thanks to growing concerns about Facebook’s privacy policies. Google’s social network, Buzz, adopted many open standards meant to increase communication with other services. And many like-minded souls convened at a Federated Social Web Summit to discuss the future of this new take on social networking.

Revolution Remade

The future wasn’t as bright as many expected. Google soon shut down Buzz and replaced it with the less open Google+. And projects like Diaspora couldn’t attract the numbers they needed to compete with the Twitters and Facebooks. Diaspora had 600,000 users at its peak, according to Vice, while Facebook now boasts 669 million daily active users, according to its most recent earnings report.

Sadly, Diaspora co-founder Ilya Zhitomirskiy killed himself in November 2011. Some blamed the stress of the project, though others insisted there was no connection. The site is still out there, but it has no hope of truly challenging Mark Zuckerberg and company, and the rest of the original Diaspora team is now working on Mark.io, a very different project.

Çelik now believes it’s a mistake to try and replace sites like Twitter and Facebook, sites known in the Indie Web world as “silos,” because they keep your data from moving from place to place. “The silos don’t have to go away in order for us to be successful,” he says.

That’s the key difference between today’s IndieWebCamp philosophy and the thinking that swirled around the Federated Social Web Summit. Like most Indie Webbers, Çelik still uses sites like Twitter. “We want to keep in touch with our friends,” he says. “It’s not practical to go live alone on an island.”

In other words, the Indie Web movement has scaled back its ambitions and redefined success. Rather than trying to replace the silos, their aim is to build tools that let you not only house data on your own machines, but also share that data with other sites across the net. They call this POSSE, short for “Publish (on your) Own Site, Syndicate Elsewhere.” Will Norris’s WordPress plugin is a prime example.

The rub is that data syndication method doesn’t protect you from hacks or government surveillance programs that target commercial social networks. Anything you cross-post to Facebook or Twitter is still subject to their rules. But that’s the reality of the modern web.

The Future in a Box

Çelik admits that the Indie Web is very much a fringe movement. “Mass adoption has never been our focus,” he says. “It’s more about enabling people who are already interested.” He’d rather the Indie Webbers lead by example than hype projects that aren’t ready yet.

In many ways, the Indie Web projects aren’t ready yet. Just ask Shanley Kane, a tech product manager in San Francisco. “I used to maintain my own blog using an open source blogging framework,” she says. “But ultimately, I’m blogging to write and to share what I’ve written. Maintaining my own implementation, trying to keep the design current on my own, dealing with things when they broke, and hosting it myself was a distraction from that goal.”

Kane ditched her open source blog and moved to Medium, an online publishing service created by Twitter co-founders Evan Williams and Biz Stone. “While I have the privilege of having had some programming and design training, most of the people in the world don’t have access to those skills,” she says. “One of the most compelling aspects of mainstream publishing platforms like Twitter is that they lower the bar to publishing online.”

But people like Çelik envision a world where open source software lowers the bar just as easily. They see a pocket-sized web server pre-loaded with all the Indie Web applications you could possibly need.

At this year’s camp, Jack Senechal, Augustin Bralley, and Harlan Wood took a first step in that direction in building a 1 terabyte file server that can fit in the palm of your hand. They cobbled it together using a Raspberry Pi, a portable hard drive, and the Camlistore software built by Fitzpatrick and Slatkin. Even with help from Fitzpatrick and Slatkin, they didn’t quite get it working by the end of camp, but that’s only appropriate. The movement is unfinished.
http://www.wired.com/wiredenterprise/2013/08/indie-web/





Meet The Dread Pirate Roberts, The Man Behind Booming Black Market Drug Website Silk Road
Andy Greenberg

An entrepreneur as professionally careful as the Dread Pirate Roberts doesn’t trust instant messaging services. Forget phones or Skype. At one point during our eight-month preinterview courtship, I offer to meet him at an undisclosed location outside the United States. “Meeting in person is out of the question,” he says. “I don’t meet in person even with my closest advisors.” When I ask for his name and nationality, he’s so spooked that he refuses to answer any other questions and we lose contact for a month.

All my communications with Roberts are routed exclusively through the messaging system and forums of the website he owns and manages, the Silk Road. Accessing the site requires running the anonymity software Tor, which encrypts Web traffic and triple-bounces it among thousands of computers around the world. Like a long, blindfolded ride in the back of some guerrilla leader’s van, Tor is designed to prevent me–and anyone else–from tracking the location of Silk Road’s servers or the Dread Pirate Roberts himself. “The highest levels of government are hunting me,” says Roberts. “I can’t take any chances.”

If Roberts is paranoid, it’s because very powerful people really are out to get him. In the last two and a half years Silk Road has grown into the Web’s busiest bazaar for heroin, methamphetamines, crack, cocaine, LSD, ecstasy and enough strains of marijuana to put an Amsterdam coffee shop to shame. The Drug Enforcement Agency won’t comment on whether it’s investigating Silk Road but wrote in a statement that it’s aware of the site and is “very proactive in keeping abreast” of the digital underground’s “ever-evolving technological advancements.” Senator Chuck Schumer has demanded Silk Road be shut down and called it “the most brazen attempt to peddle drugs online that we have ever seen … by light-years.”

Anyone can download and run Tor, exchange some dollars or euros for the digital currency Bitcoin and go shopping on Silk Road for drugs that are vacuum-sealed and discreetly mailed via the U.S. Postal Service, right under the federal government’s nose. By the measure of Carnegie Mellon researcher Nicolas Christin, Roberts’ eBay-like service was grossing $1.2 million a month in the first half of 2012. Since then the site has doubled its product listings, and revenue now hits an annual run-rate of $30 million to $45 million by FORBES’ estimate. One analysis of the Tor network performed by a student at Dublin’s Trinity College found that Silk Road received around 60,000 visits a day, mostly users seeking to buy or sell drugs, along with other illicit items including unregulated cigarettes and forged documents. Silk Road takes a commission on all of its sales, starting at 10% and scaling down for larger transactions. Given that those commissions are collected in Bitcoins, which have appreciated close to 200-fold against the dollar since Silk Road launched in 2011, the Dread Pirate Roberts and any other stakeholders in Silk Road have likely amassed millions in profits.

Despite the giant DEA crosshairs painted on his back and growing signs that the feds are probing the so-called “dark Web” that Silk Road and other black market sites inhabit, Roberts spoke with FORBES in his first-ever extended public interview for a reason: As with physical drug dealing, a turf war has emerged. Competitors, namely a newly launched site called Atlantis with a real marketing budget and a CEO with far less regard for his privacy, are stealing Roberts’ spotlight.

“Up until now I’ve done my best to keep Silk Road as low profile as possible … letting people discover [it] through word of mouth,” Roberts says. “At the same time, Silk Road has been around two and a half years. We’ve withstood a lot, and it’s not like our enemies are unaware any longer.”

Roberts also has a political agenda: He sees himself not just as an enabler of street-corner pushers but also as a radical libertarian revolutionary carving out an anarchic digital space beyond the reach of the taxation and regulatory powers of the state–Julian Assange with a hypodermic needle. “We can’t stay silent forever. We have an important message, and the time is ripe for the world to hear it,” says Roberts. “What we’re doing isn’t about scoring drugs or ‘sticking it to the man.’ It’s about standing up for our rights as human beings and refusing to submit when we’ve done no wrong.”

“Silk Road is a vehicle for that message,” he writes to me from somewhere in the Internet’s encrypted void. “All else is secondary.”

While Roberts waxes philosophical, his competitors are finding motivation enough in grabbing some of Silk Road’s lucrative drug trade. On June 26 a video ad for Atlantis appeared on YouTube telling the story of “Charlie,” a friendly-looking cartoon hipster. Charlie, according to text that popped up around the video’s frame as jingly music played, is a “stoner” who moves to a new city for work and can’t find any marijuana. That is, until he discovers Atlantis’ “virtual black market,” orders some pot and gets “high as a damn kite.”

YouTube removed the video within days for violating its terms of service but not before it had received close to 100,000 views and pulled the new Bitcoin-based black market into the public Internet’s awareness. Atlantis’ ad took a direct shot at Silk Road, calling itself “the world’s best anonymous online drug marketplace.”

The next day, an employee of Atlantis named “Heisenberg” held a group chat with reporters where he described the site as the “Facebook to [Silk Road's] Myspace.” In comments now deleted from an ask-me-anything session on the social news site Reddit, Atlantis’ chief executive, who goes by the name “Vladimir,” listed advantages over Silk Road like less downtime and smaller fees for sellers. “The road has more users,” he wrote, “but our site is better (to put it bluntly).”

The battle for the Web’s drug corner is on.

***

THE DREAD PIRATE ROBERTS isn’t shy about naming Silk Road’s active ingredient: The cryptographic digital currency known as Bitcoin. “We’ve won the State’s War on Drugs because of Bitcoin,” he writes.

Bitcoin, which came into widespread use around the same time as Silk Road’s creation, isn’t exactly the financial-privacy panacea some believe it to be–its transactions can be traced using the same mechanisms that prevent fraud and counterfeiting within the Bitcoin economy. But unlike with dollars, euros or yen, the integrity of the nearly $1 billion worth of Bitcoins floating around the Internet is maintained by the distributed computing power of thousands of users who run the crypto-currency’s software, not by any bank or government. That means careful users never have to tie their accounts to their real-world identity. As a result Bitcoin-funded services deep within the dark Web, masked by anonymity tools like Tor, claim to offer everything from cyberattacks to weapons and explosives to stolen credit cards.

Mix up your coins in one of many available laundering services–Silk Road runs one automatically for all transactions on the site–and it becomes very difficult to follow the money. Even the FBI, according to one of the bureau’s leaked internal reports, worries that Bitcoin’s complexity and lack of a central authority “present distinct challenges” for tracking criminal funds. The result is a currency as convenient as PayPal and theoretically as anonymous as cash.

“We’re talking about the potential for a monumental shift in the power structure of the world,” Roberts writes. “The people now can control the flow and distribution of information and the flow of money. Sector by sector the State is being cut out of the equation and power is being returned to the individual.”

Of course, Roberts’ lofty words on individual liberties provide a convenient veneer to justify his profitable business selling illegal, dangerous and addictive substances. But Roberts argues that if his users want heroin and crack, they should have the freedom to buy it and deal with the consequences. Unlike other Bitcoin-based underground sites, Silk Road bans all but what Roberts defines as victimless contraband. He won’t permit the sale of child pornography, stolen goods or weapons, though the latter is a gray area. The site has experimented with selling guns and may yet reintroduce them, Roberts says.

Aside from the thorny ethics of the Bitcoin underground economy, the currency’s wild fluctuations present a more practical problem. Silk Road allows the site’s dealers to peg their Bitcoin prices to the dollar, so that a typical gram of heroin on the site costs around $200 regardless of whether Bitcoins are worth 50 cents apiece, as in early 2011, or $266, at their precrash peak in April 2013. (They’re around $100 today.) The site also offers a currency hedging system that protects dealers against swings in Bitcoin’s value while their drugs are in transit.

Bitcoin did more than enable the modern online black market, Roberts says. It also brought him and Silk Road together. Roberts isn’t actually the site’s founder, he revealed in our interview. He credits Silk Road’s creation to another, even more secretive entrepreneur whom he declined to tell me anything about and who may have used the “Dread Pirate Roberts” nom de guerre before it was assumed by the person I interviewed. The current Roberts discovered the site shortly after its creation in early 2011. Around that time, he says, he found a security flaw in the “wallet” software that stored Silk Road’s funds. The bug could have allowed a hacker to identify the site’s hardware and steal its Bitcoins. Instead of exploiting the weakness, he helped the site’s founder fix it, gained his trust and became an active partner in the business. Eventually, the current Roberts says, he bought out Silk Road’s creator and assumed full control. “It was his idea to pass the torch, in fact,” says Roberts. “He was well compensated.”

In February 2012 a post appeared on Silk Road’s forums proclaiming that the site’s administrator would henceforth be known as the Dread Pirate Roberts, a name taken from the dashing, masked protagonist in the fantasy film The Princess Bride –tellingly, a persona that is passed down in the film from one generation of pirate to another. He soon began to live up to his colorful alter ego, posting lofty manifestos about Silk Road’s libertarian political ideals and love letters to his faithful users and vendors; he’s even hosted a Dread Pirate Roberts Book Club where he moderated discussions on authors from the Austrian school of free market economics. Commenters on the site describe Roberts as a “hero,” a “job creator,” “our own Che Guevara” and a “name [that] will live [on] among the greatest men and women in history as a soldier of justice and freedom.”

When I ask Roberts how he defines his role at Silk Road–CEO? Owner?–he tells me that he considers himself “a center of trust” between the site’s buyers and sellers, a tricky task given that all parties want to remain anonymous. Silk Road has slowly demonstrated to users that it isn’t a typical counterfeit-drug scam site or a law enforcement trap. It’s made wise use of the trust mechanisms companies like eBay and Airbnb have popularized, including seller ratings and an escrow that releases payment to sellers only after customers receive their merchandise.

“Silk Road doesn’t really sell drugs. It sells insurance and financial products,” says Carnegie Mellon computer engineering professor Nicolas Christin. “It doesn’t really matter whether you’re selling T-shirts or cocaine. The business model is to commoditize security.”

With millions flowing into Silk Road, the “vast majority” of which Roberts says is reinvested back in its booming black market, the Dread Pirate brushes off questions about his wealth and lifestyle. He says he carefully limits his spending to keep a low profile but admitted in one forum post to partaking in a few “first-world pleasures.” The only such pleasure he would describe to me is smoking “a bowl of sticky indica buds at the end of a long day.”

“As far as my monetary net worth is concerned, the future value of Silk Road as an organization dwarfs its and my liquid assets. … I wouldn’t sell out for less than 10 figures, maybe 11,” he writes with a dash of vainglory. “At some point you’re going to have to put Dread Pirate Roberts on that list you all keep over at Forbes. ;)”

***

IT’S A RULE AS TIMELESS as black markets: Where illegal money goes, violence follows. In a digital market that violence is virtual, but it’s as financially real as torching your competitor’s warehouse.

In late April Silk Road went offline for nearly a week, straining under a sustained cyberattack that left its sensitive data untouched but overwhelmed its servers. The attack, according to Roberts, was the most sophisticated in Silk Road’s history, taking advantage of previously unknown vulnerabilities in Tor and repeatedly shifting tactics to avoid the site’s defenses.

The sabotage occurred within weeks of rival site Atlantis’ launch. Commenters on the Reddit forum devoted to Silk Road suggested that Roberts’ customers and vendors switch to Atlantis during the downtime, leading to gossip that the newcomer had engineered the attack.

“Rumors, nothing more than that,” says Atlantis’ CEO Vladimir when I interview him in an encrypted chat room. (Like Roberts, Vlad doesn’t share much about himself, other than a background in software development, some experience as a small-time pot dealer and a love of psychedelics.) “I have suspicions [about whether] an attack ever took place. It’s far more likely they were having infrastructure issues.”

Roberts, for his part, won’t comment on the April attack’s source. He tells me he’s happy to see competition in the Web drug market, even as Atlantis boasted in June that it surpassed $500,000 in cumulative transactions. Roberts points out that another site, Black Market Reloaded, has long copied Silk Road’s model–even offering a wider variety of merchandise, including illegal firearms–while still attracting only a small fraction of Roberts’ customers. “I like having them nipping at my heels,” Roberts tells me. “Keeps me motivated.”

In a comment on “copycats” posted to Silk Road’s forums a few days after Atlantis released its video ad, however, Roberts seemed to fire back. “If you take someone’s invention, tweak one little thing and then go around telling everyone that you are ‘better,’ you get zero respect from me,” he wrote. Though the rest of the message focused on the difference between Bitcoin and a newer crypto-currency called Litecoin, users interpreted the comment as a thinly veiled dig at Atlantis.

Meanwhile, Silk Road has also been adopting some of Atlantis’ marketing tactics: In addition to Roberts’ first real interview, he’s created a new public site at SilkRoadLink.com that serves as an online guide to accessing Silk Road, bringing his business, at least tentatively, outside Tor’s obscured network.

Competition aside, Roberts has chosen a risky time to raise his profile, as law enforcement tightens its net. Dealers in South Carolina and Australia have been arrested after allegedly selling on Silk Road, although both may have also been dealing in the physical world. In May the proprietors of a Bitcoin-like digital currency system called Liberty Reserve were indicted and accused of helping to launder $6 billion. That same month the biggest Bitcoin currency exchange, Tokyo’s Mt. Gox, announced it would require identification for anyone seeking to trade in real world currencies. Then, last month, the FBI exploited a vulnerability in Tor to capture the alleged administrator of a child pornography site in Ireland. And, perhaps most threatening to Roberts, the NSA has been revealed to have fed intelligence to the DEA and other law enforcement agencies.

All of that gives Roberts good reason to distrust any means of communication and payment that could possibly be cracked by law enforcement. In 2012 the operators of a Silk Road-like site known as the Farmer’s Market were identified and indicted in a DEA operation called “Adam Bomb.” Though they had used Tor to hide their domain, they had communicated with one another using the encrypted e-mail service Hushmail, a service known to cooperate with law enforcement, and had accepted payments through PayPal instead of Bitcoin. Just days after Atlantis’ Vladimir insisted that he and his “chief operating officer” communicate with me using an encrypted IM program called Cryptocat, a bug in the program was revealed that could have allowed all of our communications to be read.

Despite his caution, Roberts’ personal security remains an open question. But the potential lifetime in prison he might face if identified hasn’t slowed down his growing illegal empire. “We are like a little seed in a big jungle that has just broken the surface of the forest floor,” he wrote in one speech posted to the site’s forums last year. “It’s a big scary jungle with lots of dangerous creatures, each honed by evolution to survive in the hostile environment known as human society. But the environment is rapidly changing, and the jungle has never seen a species quite like the Silk Road.”
http://www.forbes.com/sites/andygree...ite-silk-road/





Craigslist Has Cost U.S. Newspapers $5 Billion
Agence France-Presse

The online classified service Craigslist has cost US newspapers at least $5 billion in revenue since 2000, researchers say.

The study, to be published in the journal Management Science covering the period 2000 to 2007, found Craigslist has had a huge impact on local US newspapers, which have in the past relied heavily on classifieds.

The $5 billion over the 2000 to 2007 period is a conservative figure, “and if we extended the study to 2012 it would probably be a lot higher,” said Robert Seamans of New York University’s Stern School of Business, and a co-author of the study.

Over that period the researchers noted a 20.7 percent drop in classified ad rates, a 3.3 percent increase in subscription prices and a 4.4 percent decrease in circulation, according to a summary of the research released this week by New York University.

“We ascribe this impact to Craigslist,” Seamans told AFP.

“When Craigslist enters a market, the effect on a newspaper’s classified ads is almost immediate,” he added.

While sites like Craigslist have long been blamed for declining newspaper revenues, there has been little data on this impact.

Seamans and Feng Zhu at Harvard Business School estimated that classified ad buyers saved $5 billion from 2000-2007 as a result of Craigslist entering the market, savings which directly impacted newspaper revenues.

Seamans said Craigslist is one of a number of things hurting US newspapers, but has had a major impact.

“Your average newspaper in the past received around 40 percent of its revenue from classified and that has basically disappeared due to Craigslist and other online ad sites,” Seamans said.

“But we don’t believe newspapers are dying or that Craigslist is leading to the death of newspapers. Newspapers are changing their business models.”
http://www.rawstory.com/rs/2013/08/1...ers-5-billion/





German Court Throws Liberty Global Takeover of KabelBW Into Doubt

A German higher regional court reversed an approval by the country's cartel office for Liberty Global's 3.16 billion euro ($4.2 billion) acquisition of KabelBW, throwing the now-completed merger into doubt.

The court in Duesseldorf ruled that the German antitrust regulator will have to look at the case again, to either block it or approve the purchase applying stricter conditions than previously.

The ruling could ultimately mean that the whole merger, which was approved in 2011 and completed in early 2012, has to be unwound.

It rattles a sector already undergoing major changes.

Vodafone in June agreed to buy Kabel Deutschland for 7.7 billion euros ($10 billion) and Dutch telecoms group KPN last month agreed to sell its German unit to Telefonica for 8.

The cartel office, which said it would study the ruling before deciding about any next steps, had approved the acquisition at the end of 2011 only after imposing far-reaching conditions because Liberty already owns Germany's second-largest cable operator UnityMedia.

Germany's biggest telecoms group Deutsche Telekom had challenged the approval decision. The court had already voiced concerns over the deal in a June hearing.

The court did not allow for an appeal of the decision, but UnityMedia can file a complaint with a higher court, Germany's Federal Court of Justice, to be allowed to appeal.

"The merger implies that KabelBW as the only potential competitor has been taken out of the market," the court's presiding judge Juergen Kuehnen said. "Potential competition has been eliminated."

UnityMedia said it would use all legal means available to fight the court's decision.

DRAMATIC CONSEQUENCES

According to antitrust lawyer Frederik Wiemer of German law firm Heuking Kuehn Lueer Wojtek, who is not involved in this case, the court looked at several regional markets within Germany while the cartel office had mainly considered the national market.

"Certainly this ruling will have dramatic consequences," he said. "If this decision is upheld by a higher court, the merger will have to be unwound. I wonder whether this is actually possible."

Liberty Global and German cable industry leader Kabel Deutschland have been winning customers from Deutsche Telekom with their expansion into broadband.

Their cable lines, designed to deliver TV to homes, have been upgraded to carry voice calls and Internet at speeds often five times faster than competing services offered by Deutsche Telekom and others.

Liberty has been the most active buyer in Europe in the last few months, snapping up Britain's Virgin Media in February and increasing its stake in Dutch group Ziggo.

In February, Germany's competition regulator blocked Kabel Deutschland's bid to take over smaller Berlin-based cable group Tele Columbus for 618 million euros.

In prior German cable deals regulators have required remedies to consolidation such as making it easier for housing associations to switch TV providers and ending the encryption on cable delivery of free-to-view terrestrial television programs. ($1 = 0.7555 euros)

(Reporting by Matthias Inverardi, Peter Maushagen and Harro ten Wolde, Editing by Thomas Atkins)
http://www.reuters.com/article/2013/...97D0G820130814





A Major American City is Officially Fed Up with Comcast
Brad Reed

Comcast has the lowest customer satisfaction rating of any ISP in the United States and now it’s exhausted the patience of an entire city. The Baltimore Business Journal reports that Baltimore’s city government is hiring “a broadband Internet consultant that would help the city develop a plan for expanding Internet service provider options for businesses and residents.”

At issue is the fact that Comcast has held what amounts to a monopoly in the Baltimore area for years now after it signed a cable franchise agreement in 2004 that won’t expire until the end of 2016. City officials now seem to regret signing this deal and are knocking Comcast for providing what they say is a service that’s both too slow and too expensive.

“I’m paying more here for lesser service, so I think one of the things we want to try to do is look at that, look at what [current companies] offer and try to incentivize people to offer more,” said Baltimore CIO Chris Tonjes, who previously worked as the CIO of Washington, D.C.’s public library system. “In the short-term, we’re going to do a study. In the medium run, we’re going to try to renegotiate the cable franchise agreement. In the longer run we want to make it more profitable for providers to come in here and offer the expanded service.”

Baltimore is still in the exploratory stages of the initiative but the city will likely build out some of its own fiber infrastructure that it will use to lure new competitors to the area. Jason Hardebeck, the executive director of the Greater Baltimore Technology Council, tells the Business Journal that the city may also consider making its own municipal Wi-Fi network that will be run more like a public utility.
http://bgr.com/2013/08/15/baltimore-...-alternatives/





Blacked Out in 3 Cities, CBS Still Wins Ratings Race
Bill Carter

Last week, the first full week of blocked service for more than three million Time Warner customers, the network topped its competitors in total viewers and in all the ratings categories important to advertisers.

One reason perhaps: RadioShack reported Monday a “double-digit” increase in sales of high-definition antennas in the three big cities being blacked out — New York, Los Angeles and Dallas. (The company provided no specific numbers.)

Time Warner Cable has been suggesting that customers try watching CBS the old-fashioned way – on a broadcast signal to an antenna — since it removed the network from its cable systems on Aug. 2 in a dispute over what are known as retransmission fees.

CBS has maintained that it is seeking fair value for its content, but at the same time said the loss of Time Warner viewers would have minimal impact on its ratings – an assertion that was surely meant to reassure its advertisers.

Last week’s ratings would seem to bolster that argument. For the week, CBS averaged 5.51 million viewers, which was up 34 percent over the same week a year ago. Two weeks ago, before the blackout, CBS averaged a similar number, 5.78 million viewers; but August weeks traditionally are lower than July weeks.

CBS also ranked first last week among the broadcast networks with a 1.2 rating in viewers between the ages of 18 and 49 (up 20 percent over 2012) and a 1.6 rating among viewers between the ages of 25 and 54 (up 23 percent.) Those age categories are the two most attractive to television advertisers.

Much of the network’s improvement this summer has been tied to the drama “Under the Dome,” which continues to win its hour every Monday, though this week it declined to its lowest performances so far.
http://www.nytimes.com/2013/08/14/bu...ings-race.html

















Until next week,

- js.



















Current Week In Review





Recent WiRs -

August 10th, August 3rd, July 27th, July 20th

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 01:25 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)