P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 08-07-15, 06:56 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - July 11th, '15

Since 2002


































"The former attorney general’s recognition that Snowden’s actions led to meaningful changes is welcome. This is significant … I don’t think we’ve seen this kind of respect from anybody at a Cabinet level before." – Ben Wizner


"[FBI director Jim] Comey says all he wants is a 'debate' about the issue. Well, we’ve had the debate. We had it for 20 years. The debate is over – embrace encryption to protect our security. Don’t outlaw it for marginal gains at the expense of everyone." – Trevor Timm






































July 11th, 2015




Pirate Bay Founders 'Cleared of Copyright Crimes' in Belgium

Furious Flems case founders on facts, we're told
Iain Thomson

The four founders of the Pirate Bay have been cleared of copyright infringement in a Belgian court – after it was found that they couldn’t be held responsible for the site after selling it in 2006, it is reported.

The Pirate Bay's cofounders Gottfrid Svartholm and Fredrik Neij, former site spokesman Peter Sunde, and site financier Carl Lundström, were charged with criminal (rather than civil) copyright infringement and abuse of electronic communications, according to Belgian newspaper De Standaard (via TorrentFreak.)

We're told the prosecutors said they were able to download copyrighted material from the site between September 2011 and November 2013, and held the four guys responsible for allowing that to happen. But the case fell apart when the foursome showed that they had had nothing to do with Pirate Bay since the site was sold to outside investors in 2006, it was reported on Friday.

Furthermore, the court was informed that Svartholm couldn't possibly have had any involvement in the claimed crimes as he had the perfect alibi – he was in a Swedish prison serving a two-year sentence for hacking into the Swedish arm of IT services firm Logica at the time.

"Technically speaking, we agree with the court," said Olivier Maeterlinck, the director of the Belgian Entertainment Association.

Meanwhile, there's no sign that Hollywood will be getting any money out of the foursome, despite being awarded 30 million Swedish crowns ($3.58m) in a 2009 trial. No money has been received and the amount owed has now nearly doubled with interest and additional fines.

The Pirate Bay's financer Carl Lundström, despite inheriting a multi-million dollar fortune and making revenue from the sale of the website, certainly isn't paying up. In 2013 he declared personal bankruptcy, after being thought to have signed over his assets to his wife.

He now lives with his family in a several hundred square meter villa in the Swiss town of Wetzikon. Earlier this week he told Swedish newspaper Expressen that he has no plans to return to the land of his birth any time soon.

"I have it good," he told the paper.
http://www.theregister.co.uk/2015/07...yright_crimes/





Pirate Bay Founders: FBI has Prenda Law Under Investigation

Sunde and Neij were questioned about Prenda while in prison.
Joe Mullin

A federal judge referred the lawyers behind the Prenda Law "copyright trolling" scheme to investigators in 2013. Since then, there's been no indication of what stage an investigation is at, or if it's happening at all.

Now, two co-founders of The Pirate Bay have said they have reason to believe that an investigation is underway. Peter Sunde and Fredrik Neij each independently told the website TorrentFreak that Swedish authorities questioned them during their recent imprisonment.

The Prenda Law strategy was to sue large numbers of Internet users for downloading pornography and then settle fast for several thousand dollars. The scheme netted millions over the years, but it was shut down in 2013 after sanctions from US District Judge Otis Wright. Other judges have punished Prenda since then. The harsh results were appealed, but to no avail.

One of the more serious allegations against Prenda was that the pirated material had actually been planted on The Pirate Bay as a kind of "honeypot." The honeypot theory would obliterate any right to enforce copyright, since they had initiated the sharing. Prenda wasn't protecting other people's pornography—the copyright troll had essentially become its own client.

The Pirate Bay provided records they believed showed the honeypot theory was true, and that's what the police questioning was about. An expert hired by defense lawyers connected a Pirate Bay account called "sharkmp4" to Prenda mastermind John Steele, but Steele denied involvement.

The Pirate Bay founders' statements published today suggest that it's a trail the FBI is trying to re-trace.

"I was told that Prenda Law has been under investigation for over a year, and from the printouts they showed me, I believe that," Sunde told TorrentFreak. "They asked many questions about the TPB backups and logs. I told them that even if they have one of the backups that it would be nearly impossible to decrypt."

“They wanted to know if I could verify the accuracy of the IP-address logs, how they were stored, and how they could be retrieved,” Neij added.

Neither Neij and Sunde could help with the request, since they no longer run the site. The officers also asked about just who is running the Pirate Bay these days, so it's not clear what the real motive of the questioning was. Both men were interviewed by Swedish police, but the Swedish officers said they were "sent on behalf of the FBI."

Neij flouted a Swedish arrest warrant but was arrested near the Thai-Laos border in 2014. He served two-thirds of a 10-month prison term and was released last month. Sunde was arrested last year as well and spent five months in prison.
http://arstechnica.com/tech-policy/2...investigation/





TPP Partners Plot Milder Copyright Takedown Rules

Still hostile to users, says EFF
Richard Chirgwin

A leaked copy of Trans Pacific Partnership (TPP) negotiating text from May seems to show the US trying to mollify the other countries finagling over the deal.

The leak, obtained by Politico, isn't yet posted anywhere, but the Electronic Frontiers Foundation reckons the newly-revealed draft shows America is backing away from a wholesale export of its DCMA regime to other countries.

In particular, the EFF's information is that America is bending to demands it recognises safe-harbour schemes in place in various TPP nations.

The EFF cites Canada's notification scheme, which doesn't impose automatic takedowns; and Chile's system of judicial review.

Australia's new Internet filter, in which rights-holders will ask courts for take-downs of infringing sites, would probably pass muster if the US position is softening.

However, the EFF notes that the horse-trading that let Canada retain its current regime under the TPP involved accepting greater liability for intermediaries, and a requirement for search engines to delete infringing links from their caches.

Other apparent improvements in the text include:

• Penalties for false notices or false counter-notices;
• Restoration of content if a valid counter-notice is received; and
• ISPs don't have to monitor uploads on their networks to receive safe-harbour protection.

In addition, the EFF says, an ISP's failure to satisfy safe-harbour requirements doesn't result in automatic liability for a user's infringement. Liability would, instead, still have to be proven in court.

Politico notes that the pharmaceutical provisions in the chapter it's seen are also onerous on countries with more generous healthcare systems than America.
http://www.theregister.co.uk/2015/07...akedown_rules/





‘Tapers’ at the Grateful Dead Concerts Spread the Audio Sacrament
Joe Coscarelli

Between his first Grateful Dead show in 1988, at the age of 15, and the death of Jerry Garcia in 1995, William Walker saw the band about 130 times, a modest number in the Deadhead universe. But Mr. Walker has experienced many, many more of the band’s concerts through his passion for live audience taping, collecting thousands of cassettes and terabytes-worth of digital audio, while also contributing his own recordings to the seemingly endless archive.

So when he scored passes earlier this year to be one of the few fans allowed to record the final shows at Soldier Field, culminating on Sunday, “I completely freaked out all the animals in my house — jumping, screaming and running around,” Mr. Walker said of his two dogs and two cats.

A proud member of the increasingly obsolete jam-band fan contingent known as “tapers,” Mr. Walker drove 900 miles from New Orleans armed with equipment he would lug from show to show — an intricate rig he estimated to be worth least $8,500, including furry microphones, a hydra-headed stand, tangles of wires, a Tascam digital recorder and a plastic protractor straight out of a high school geometry class. One custom-made cable alone cost him $400.

Although there would be fewer than three dozen approved bootleggers in what’s known as the taper’s section each night in a crowd of more than 70,000, it wouldn’t be a Dead show without them. Not content to relive the performances via the on-demand, high-quality video streams available immediately, the concert replays from local and satellite radio, or the band’s own commemorative 12-CD, seven-DVD box set, scheduled for release this fall, tapers like Mr. Walker still — in 2015 — insist on doing it themselves, for reasons both practical and traditional.

“This is the last big taper section,” Mr. Walker, whose digital recordings are typically available online within hours of the encore, said of the Dead’s “Fare Thee Well” 50th-anniversary shows. “It’s legitimately the end of an era.”

Introduced to taper culture by his older cousins, Mr. Walker, 42, sees his continued dedication as a carrying of the torch for previous generations of Deadheads. Despite taping at so many shows that he has lost count, “I still consider myself a novice — an up-and-comer,” he said, estimating that most of the remaining tapers (the vast majority of whom are men) are in their 50s or 60s.

Officially approved for noncommercial recording by the Grateful Dead since the early 1980s, tapers are a subculture within a subculture — spreaders of audio sacrament among a famously evangelical following. While the band never matched the record sales of its classic-rock peers, the Dead thrived as a freewheeling live act thanks in part to a word-of-mouth trade network of concert recordings, a system it passed down to its spiritual children such as Phish and Widespread Panic.

“The band was very farsighted — it reified an informal practice that had been going for many years,” said David Gans, the host of “The Grateful Dead Hour,” a nationally syndicated radio show. “In time, it proved to be one of the most efficient marketing mechanisms.”

Authorizing the tapers and giving them their own section in the crowd had a less business-minded rationale, too, said Dennis McNally, the band’s former spokesman and the author of “A Long Strange Trip: The Inside History of the Grateful Dead.”

“To stop it would require security measures so draconian that it would ruin the ambience of the show,” and the Dead “hated being cops,” he said. Corralling tapers behind the soundboard, where they remain today, allowed the band’s longtime audio engineer, Dan Healy, as well the audience, to see the stage instead of being blocked by microphone stands, he added.

David Lemieux, the Dead’s official archivist, was a hard-core taper between 1989 and 1991. “I did it specifically because I had no patience,” he said. “I wanted to walk out of that show and drive back to my hotel listening to what I’d just seen.

“There was nothing more thrilling than getting two or three padded envelopes in the mail every day,” he said, recalling the camaraderie he felt with strangers as they created copies of their favorite shows to share. “We would plan our days around 46-minute intervals” — the length of one cassette side — “so you could be back to flip the tape. I remember sleeping and setting alarms every 45 minutes.”

Even as its necessity has faded, with bands like Phish offering a free MP3 download of every show to attendees straight from the venue’s soundboard, the seemingly archaic hobby has thrived thanks to technological advances. Most tapers switched to digital recording in the ’90s — although there was at least one analog holdout at Soldier Field, Mr. Walker said — and sites like etree.org, taperssection.com and the Live Music Archive, part of the archive.org, offer meticulously organized, easily downloadable databases.

Alex Whitney, a Deadhead with taper tickets to all five farewell shows, including those in late June in Santa Clara, said tapers are similar to wine connoisseurs: “They know the vineyard, they know the grapes, they know the farmer, they know the vendor,” he said. “Deadheads who are uploading stuff to archive.org are including every tape deck, every cable, every microphone, every preamplifier.”

Mr. Whitney added that while the Dead’s studio albums are “decent enough, they don’t really capture the sound quality of the live experience.”

It’s all about the ambience, Mr. Walker concurred: “There are some recordings of shows where you can almost feel how hot the room was. That just doesn’t transfer to a soundboard recording.”

Yet he knows it’s a dying art. “It’s built on this culture of sharing,” he said of taping. “Younger people don’t really understand the effort that people put into it, and that’s a bummer.”

When his sister graduated from college, Mr. Walker gifted her about 4,000 hours of live music, including Phish and the Dead, on tape — “a significant portion of my analog collection,” he said. The rest of his cassettes were destroyed in Hurricane Katrina. But he is committed to carrying taping through the digital age, even helping to spread “the entire opus” of the Grateful Dead online — more than 10,000 recordings, including multiple sources for some shows, across 12 terabytes of data.

Of having his own microphones at the farewell shows, Mr. Walker said, “I don’t want to sound sappy, but this is the closing chapter to a part of my life.”
http://www.nytimes.com/2015/07/06/ar...sacrament.html





Chrome Blocks Access to Torrent Sites
Mark Wilson

Chrome users who download torrents may be thinking about switching to a different browser. Google's web browser is now blocking access to a number of big name torrent sites. This is not a case of Google taking the moral high ground about the rights and wrongs of torrenting, but part of the search giant's security program to protect users from "harmful programs".

Starting yesterday, downloaders found that access was blocked to ExtraTorrent and KickassTorrents, although the block was later lifted. The block remains in place for other torrent sites including kat.cr. Upon attempting to visit an affected site, would-be torrenters are greeted by a red, full-screen security warning that advises of the potential danger of the site in question.

As reported by TorrentFreak, Chrome users started to discover that their favorite sites were no longer accessible. ExtraTorrent found that Google had incorrectly labelled something as malware, and after contacting the company, the block was lifted. But for kar.cr visitors and users of some other torrent sites, access is not guaranteed. Try to visit a site that Google has taken objection to and the following warning appears:

The site ahead contains harmful programs

Attackers on kat.cr might attempt to trick you into installing programs that harm your browsing experience (for example, by changing your homepage or showing extra ads on sites you visit).


While it is possible to click through and ignore the warning, the option to do so is slightly obfuscated. A small and easily-missed Details link needs to be clicked followed by another link that indicates your wiliness to take the risk and continue to your intended destination. Another option is to disable Chrome's built-in malware protection.

Google has not said that it is particularly targeting torrent sites at the moment, and it seems that the blocks are just part of an on-going security program. It does, however, seems that the blocks are contagious. TorrentFreak reports that some Firefox users are now complaining of similar problems getting to certain torrent sites.
http://betanews.com/2015/07/11/chrom...torrent-sites/





Time Warner Cable Owes $229,500 to Woman it Would Not Stop Calling
Jonathan Stempel

Many people dislike receiving robocalls. Araceli King disliked receiving 153 of them from a single company.

Time Warner Cable Inc must pay the insurance claims specialist $229,500 for placing 153 automated calls meant for someone else to her cellphone in less than a year, even after she told it to stop, a Manhattan federal judge ruled on Tuesday.

King, of Irving, Texas, accused Time Warner Cable of harassing her by leaving messages for Luiz Perez, who once held her cellphone number, even after she made clear who she was in a seven-minute discussion with a company representative.

The calls were made through an "interactive voice response" system meant for customers who were late paying bills.

Time Warner Cable countered that it was not liable to King under the federal Telephone Consumer Protection Act, a law meant to curb robocall and telemarketing abuses, because it believed it was calling Perez, who had consented to the calls.

But in awarding triple damages of $1,500 per call for willfully violating that law, U.S. District Judge Alvin Hellerstein said "a responsible business" would have tried harder to find Perez and address the problem.

He also said 74 of the calls had been placed after King sued in March 2014, and that it was "incredible" to believe Time Warner Cable when it said it still did not know she objected.

"Defendant harassed plaintiff with robo-calls until she had to resort to a lawsuit to make the calls stop, and even then TWC could not be bothered to update the information in its IVR system," Hellerstein wrote.

The last 74 calls, he added, were "particularly egregious violations of the TCPA and indicate that TWC simply did not take this lawsuit seriously."

A trial had been scheduled for July 27. Time Warner Cable spokeswoman Susan Leepson said the New York-based company is reviewing the decision.

"Companies are using computers to dial phone numbers," King's lawyer Sergei Lemberg said in a phone interview. "They benefit from efficiency, but there is a cost when they make people's lives miserable. This was one such case."

Charter Communications Inc agreed in May to buy Time Warner Cable for $56 billion. The merger has yet to close.

The case is King v Time Warner Cable, U.S. District Court, Southern District of New York, No. 14-02018.

(Reporting by Jonathan Stempel; Editing by Lisa Shumaker)
http://www.reuters.com/article/2015/...0PH2H920150707





101 US Cities Have Pledged to Build Their Own Gigabit Networks
Clinton Nguyen

The US has a big and rather complicated internet speed problem. Its broadband infrastructure is woefully behind in speed and price compared to a broad swath of other countries, and much of this has to do with its tenacious commitment to maintaining the status quo: that is, giving big telecommunications companies a lot of our money without being able to demand a fair amount in return.

But here’s a change: 101 cities are have agreed to band together to bring their residents gigabit-speed internet connections, even if they have to build it themselves. They’re part of the Next Century Cities coalition, which promises to help cities make sense of how to tackle the mess of making all this possible. The coalition took shape last October with an inaugural 32 members after the FCC decided that cities can build their own broadband networks despite some states’ efforts to ban or restrict municipal internet services.

“Since launching Next Century Cities in October, we've seen incredible demand from cities looking to lead the conversation about the crucial role next-generation Internet plays in helping communities thrive,” Deb Socia, executive director for Next Century Cities, said in a statement.

The coalition wouldn’t just lay down the infrastructure, but also bargain with federal and state authorities to modify existing laws to make network regulations fairer to citizens. Their agenda also has something of a populist bent: the coalition wants to anchor networks in churches and schools, become a hot topic for activists, and in general give more fair and transparent access to better internet speeds to underserved communities.

Obviously, the cities involved will have to jump a lot of hurdles and fight companies with much deeper pockets to make the endgame a reality. Telecom companies already have strong presences in major cities (with no real competition between them; one provider usually dominates a city) and it’ll continue to stay this way so long as the infrastructure continues to stay in those companies’ hands.

Not only that, but it’ll be physically hard to get all the right materials in place. The US isn’t densely packed, meaning that it’ll take significant investments to bring fiber speeds out to rural areas. Compare that to South Korea, which still holds the status for highest average internet speed in the world. The country has embraced infrastructure sharing and doesn’t face the same density problem the US has—cables can just snake up high-rises rather than trail miles down country paths.

It may well be a long battle to fight, considering that Google Fiber’s own expansion has been slow, with three cities set up and five planned its five-year existence. At this rate, it might disappear from public attention before it even hits a megacity like New York or Los Angeles.

Municipal and self-started broadband networks can be the future, but who knows how far off this particular future really is?
http://motherboard.vice.com/read/101...gabit-networks





Electronic Voting: They Raided the Home of a Technician Who Exposed Flaws in the System

It is Joaquín, a computer technician who said he could be sent false information to the scrutiny of Sunday night. Metropolitan experts kidnapped several teams that were in the home.
Google Translate

Joaquín Sorianello, a computer technician who said he detected flaws in the electronic voting tomorrow the locals used to elect the next head of government, reported that last night the Metropolitan Police raided his home in horse and took the place electronic equipment.

According to Clarin knew the crackdown began near the 22 and ended after midnight. The order was given by Judge Maria Luisa Escrich, news agency Telam reported during the morning.

The coach was the one who through his Twitter unveiled what was happening at home. And soon, his statements were replicated through the same network. "After finding a serious vulnerability in the electronic voting system are paving #MSA my home, computer crime," he wrote the coach, who was in Bariloche while the operation was taking place. And on another occasion, he said: "I am told that they are raiding homes of more people who denounced the farce of # VotoElectrónico".

During the raid they were seized electronic equipment such as computers, kindles and devices to store information.

Joaquin's complaint about the failure in the electronic voting system states that were published on the Internet the "certified terminals that send the data from those schools to the datacenter." And thus "any malicious person could send these SSL certificates scrutiny false results and may also perform a denial-of-service attack. That is, transmitting many results that make the system can not process the genuine counts".

As detailed in Telam, the single ballot system Electronics (BUE) on Sunday will be implemented using two machines: one is the voting terminal interacting with voters and counted. The other is used to transmit data to scrutiny from each school computer center.

This second machine is connected to the Internet and is the one obtained by the SSL certificates could be cloned.
https://translate.google.com/transla...387661308.html





Hacking Team Hacked, Attackers Claim 400GB in Dumped Data

Firm made famous for helping governments spy on their citizens left exposed

On Sunday, while most of Twitter was watching the Women's World Cup – an amazing game from start to finish – one of the world's most notorious security firms was being hacked.

Note: This story is the first of two on the Hacking Team incident. A follow-up has been posted here.

Specializing in surveillance technology, Hacking Team is now learning how it feels to have their internal matters exposed to the world, and privacy advocates are enjoying a bit of schadenfreude at their expense.

Hacking Team is an Italian company that sells intrusion and surveillance tools to governments and law enforcement agencies.

The lawful interception tools developed by this company have been linked to several cases of privacy invasion by researchers and the media.

Reporters Without Borders has listed the company on its Enemies of the Internet index due largely to Hacking Teams' business practices and their primary surveillance tool Da Vinci.

It isn't known who hacked Hacking Team; however, the attackers have published a Torrent file with 400GB of internal documents, source code, and email communications to the public at large.

In addition, the attackers have taken to Twitter, defacing the Hacking Team account with a new logo, biography, and published messages with images of the compromised data.

Salted Hash will continue to follow developments and update as needed.

Update 1: Christopher Soghoian says that based on the Torrent's file listing, Hacking Team's customers include South Korea, Kazakhstan, Saudi Arabia, Oman, Lebanon, and Mongolia. Yet, the company maintains that it does not do business with oppressive governments.

Update 2: Researchers have started to post items from the released Torrent file. One such item is this invoice for 58,000 Euro to Egypt for Hacking Team's RCS Exploit Portal.

Update 3: The video below is a commercial for Hacking Team's top tool Da Vinci.

Update 4:

An email from a person linked to several domains allegedly tied to the Meles Zenawi Foundation (MZF), Ethiopia's Prime Minister until his death in 2012, was published Sunday evening as part of the cache of files taken from Hacking Team.

In the email, Biniam Tewolde offers his thanks to Hacking Team for their help in getting a high value target.

Around the time the email was sent, which was eight months after the Prime Minister's death, Tewolde had registered eight different MZF related domains. Given the context of the email and the sudden appearance (and disappearance) of the domains, it's possible all of them were part of a Phishing campaign to access the target. Who the high value target is, remains unknown.

An invoice leaked with the Hacking Team cache shows that Ethiopia paid $1,000,000 Birr (ETB) for Hacking Team's Remote Control System, professional services, and communications equipment.

Update 5:

Hacking Team currently has, based on internal documents leaked by the attackers on Sunday evening, customers in the following locations:

Egypt, Ethiopia, Morocco, Nigeria, Sudan

Chile, Colombia, Ecuador, Honduras, Mexico, Panama, United States

Azerbaijan, Kazakhstan, Malaysia, Mongolia, Singapore, South Korea, Thailand

Uzbekistan, Vietnam, Australia, Cyprus, Czech Republic, Germany, Hungary

Italy, Luxemburg, Poland, Russia, Spain, Switzerland, Bahrain, Oman

Saudi Arabia, UAE

The list, and subsequent invoice for 480,000 Euro, disproves Hacking Team's claims that they have never done business with Sudan. According to Human Rights Watch, Sudanese security forces have repeatedly and violently suppressed protestors demonstrating against the government, with more than 170 killed in 2013.

Update 6: Is Hacking Team awake yet?

It's 0100 EST, so sometime soon, as Krypton Security's Khalil Sehnaoui put it, someone in Italy is about to have very a bad day.

Late Sunday evening, the Twitter account used by Hacking Team was defaced, and a link to a 400GB Torrent file was posted. The file contains a number of newsworthy items, particularly when it comes to the questionable business relationships between Hacking Team and nations that aren't known for their positive outlook on basic human rights.

New developments in the Hacking Team incident include the release of a document outlining the maintenance agreement status of various customers. The document, shared by SynAckPwn with Salted Hash, lists Russia and Sudan as clients, but instead of an 'active' or 'expired' flag on their account, the two nations are listed as "Not officially supported"

The list of clients in the maintenance tracker is similar to the client list provided in the previous update. It's worth mentioning that the Department of Defense is listed as not active, while the Drug Enforcement Agency (DEA) has a renewal in progress. The document notes that the FBI had an active maintenance contract with Hacking Team until June 30, 2015.

The 2010 contact between Hacking Team and the National Intelligence Centre (CNI) of Spain was released as part of the cache. According to records, they are listed as an active EU customer with a maintenance contract until 31 January 2016. At the time the contract was signed, the total financial consideration to Hacking Team is listed at 3.4 million Euros.

Hacking Team's Christian Pozzi was personally exposed by the incident, as the security engineer's password store from Firefox was published as part of the massive data dump. The passwords in the file are of poor quality, using a mix of easily guessed patterns or passwords that are commonly known to security engineers and criminal hackers. The websites indexed include social media (Live, Facebook, LinkedIn), financial (banks, PayPal), and network related (routers with default credentials).

However, Pozzi wasn't the only one to have passwords leaked. Clients have had their passwords exposed as well, as several documents related to contracts and configurations have been circulating online. Unfortunately, the passwords that are circulating are just as bad as the ones observed in the Firefox file.

Here are some examples:

HTPassw0rd

Passw0rd!81

Passw0rd

Passw0rd!

Pas$w0rd

Rite1.!!

Update 7:

Among the leaked documents shared by @SynAckPwn are client details, including a number of configuration and access documents. Based on the data, it appears that Hacking Team told clients in Egypt and Lebanon to use VPN services based in the United States and Germany.
http://www.csoonline.com/article/294...mped-data.html





Encryption's Holy Grail is Getting Closer, One Way or Another

Working with encrypted data without decrypting it first sounds too good to be true, but it's becoming possible.
Stilgherrian

Whether it's a reaction to the Snowden revelations, a reaction to the continual news of massive data breaches, or just the obvious need to secure data in the cloud -- or all of the above -- new technologies for working directly on encrypted data are getting plenty of attention.

"Yes, it is a very, very hot area," Raluca Ada Popa, one of the creators of CryptDB, told ZDNet last Friday. Her new startup, Prevail, building on CryptDB's successor Mylar, is just part of the buzz.

When Popa and her Google- and Citigroup-funded team at MIT first published their paper CryptDB: Protecting Confidentiality with Encrypted Query Processing (PDF) in 2011, it was a breakthrough -- the first practical system for manipulating encrypted data without decrypting it first.

"It works by executing SQL queries over encrypted data using a collection of efficient SQL-aware encryption schemes," the paper said.

"CryptDB can also chain encryption keys to user passwords, so that a data item can be decrypted only by using the password of one of the users with access to that data. As a result, a database administrator never gets access to decrypted data, and even if all servers are compromised, an adversary cannot decrypt the data of any user who is not logged in."

We've had encrypted databases before, of course, which take care of encrypting the data at rest. But that data still had to be decrypted before it could be used, and that decrypted data could potentially be read from a server's memory. Not so with CryptDB.

"The main issue it's addressing is if you have a database in the cloud, for example, and you want to protect against attackers who break into the cloud, or you want to protect against employees of the cloud," Popa told ZDNet. It's also a defence against a server being stolen or otherwise physically compromised.

The ultimate goal -- encryption's holy grail, some have called it -- is something called fully homomorphic encryption, where the entire system works on encrypted data, and returns an encrypted result. The only point in the process where data would be decrypted would be when the user wanted to see the result, and that would presumably happen in the application or client software, not in the database server in the cloud.

The first fully homomorphic encryption system was developed in 2009 by cryptographer Craig Gentry at IBM, and he put together a working implementation with Shai Halevi the following year. However, this and other early fully homomorphic encryption systems have a problem.

"Fully homomorphic encryption handles any function you can imagine, so you could run any function on the encrypted data, but that would be nine orders of magnitude slower than the regular computation -- that's really not something practical," Popa said.

For those who prefer their database queries to return a result this century, CryptDB made two key compromises in functionality and security.

"We support six basic functions: Addition, multiplication, greater than, equality, search, and nesting these functions, and we show that with these functions, you can actually implement a lot of interesting database applications, web applications, and so forth," Popa said.

Popa's team showed that using CryptDB in a variety of applications had a performance overhead of just 14.5 to 26 percent, compared with an unmodified MySQL database.

"It was really low ... and that was in a situation in which you encrypt absolutely all the data. But if you look at a lot of realistic applications, not everything is sensitive," Popa said.

"If you just take the things that are considered to be more sensitive and encrypt them, then you'll have even less performance overhead. You can get 3 or 4 percent, almost not noticeable."

The security compromise is that performing some operations reveals a "little bit" about the encrypted data.

"The order operation, for example, leaks, because you want the server to be able to order encrypted data. And when the server orders encrypted data, and knows what's the first item, which is the smallest, it doesn't know the value, but it knows, OK, this is the smallest value, because it's the first one in the ordered relation," Popa said.

Despite these compromises, CryptDB represented a significant advance, and it has inspired plenty of work elsewhere.

Google's Encrypted BigQuery client is based on CryptDB, for example. SAP has implemented SEEED, a system for searching over encrypted data, in its HANA database management system. Several startups are applying CryptDB techniques to Oracle databases. And Lincoln Laboratory has added the CryptDB design on top of its D4M Accumulo NoSQL system.

Popa followed up CryptDB in 2014 with Mylar, applying a similar vision to web applications rather than databases.

Mylar allowed the server to perform keyword search over encrypted documents, even if the documents were encrypted with different keys. Mylar ensured that client-side application code was authentic, even if the server was malicious.

A Mylar prototype was deployed as part of a medical application at Newton-Wellesley Hospital in Boston. The results were promising. Porting six applications required changing just 35 lines of code on average, and the performance overheads were a 17 percent loss in throughput and, for example, a 50-millisecond latency increase for sending a chat message.

"It got an incredible amount of press, because even though that was not the main target of our paper, it does protect against government attacks too, because even if the government subpoenas the servers in the cloud, the cloud just doesn't have data, it just has encrypted data," Popa said.

But while the Mylar code is available online, and is "decent" quality, Popa said it isn't being maintained.

"We are researchers, and it takes years to produce a product with all the details worked out, and all the customer stuff worked out, and we didn't do that for Mylar for sure. Neither did we do that for CryptDB."

That's about to change.

In July, Popa will return to the US after spending time as a postdoctoral researcher at ETH Zurich. She'll be joining the University of California at Berkeley as an assistant professor, and she'll soon be launching a startup called Prevail.

"Just now, [as] part of the startup, we're building a version of Mylar for certain kinds of applications, so that's one thing where we're building a real product," Popa told ZDNet.

While Prevail and others pursue the homomorphic dream, others are taking the zero-knowledge route, where the database server knows nothing about the data being stored -- not even the ordering information that CryptDB leaks.

One such startup is ZeroDB, a Silicon Valley company founded just weeks ago in March 2015, which is currently in closed beta.

"We're pushing all of the query logic, encryption and decryption, and compression to the client. And so we're basically turning the database server into just a simple data store. The idea is you never give keys to the server, so it has no understanding or insight into the data that it's storing," ZeroDB co-founder MacLane Wilkison told ZDNet on Thursday.

"So now you can run your database server up on AWS or Azure or some other cloud provider, and you don't have to worry about that cloud provider knowing what your data is, or, more likely, an attacker of that cloud provider getting access to your underlying data."

The key difference from CryptDB's approach is that ZeroDB does in fact decrypt the data and run computations in the client -- but that still means the data in the cloud is encrypted at rest and in transit.

"So this way, we are able to not share information with the server, but we have a little bit more of network communications," ZeroDB co-founder Mikhail Egorov told ZDNet.

"That said, when we do that, we offload these computations from the server, so I can imagine certain situations when our [system] has actually better performance [than CryptDB]."

Wilkison said ZeroDB is currently running pilots with several companies.

"We don't have a public implementation freely available for anyone to go and just pull down the code and download, but we're working with financial, technology startups, a couple of healthcare startups," he said. They're looking at an official launch around August.

While there's no indication yet as to what ZeroDB's business model might be, one proposed feature gives a hint: Direct sharing of encrypted data in the cloud with software-as-a-service (SaaS) vendors using technology called proxy re-encryption.

"If you have a database in the cloud, encrypted under your private key, and you want to share that with Salesforce, you can take Salesforce's public key and then your private key on the client, you take those two and create what's called a transformation key, and you send that transformation key to the cloud, and then cloud can actually apply that transformation function onto your encrypted data, and then it will be subsequently encrypted under Salesforce's key," Wilkison said.

"You can do all of that in the cloud without exposing any of the private keys."

Egorov admitted that the technology isn't "super new". "It exists. Our IP here is probably how to apply it properly to pieces of the database. But other than that, it kind of existed on the level of algorithms," he said.

Just like Prevail and Mylar -- and, for that matter, just like IBM -- ZeroDB is participating in a race to turn algorithms and prototypes into robust products and services that people will pay for. And according to Wilkison, regulation may well be a driver.

"We actually even have an EU government that's using [ZeroDB]," he said.

"I think the new EU data privacy Act is going to be -- or is already -- a big driver for us, because that imposes a lot of regulations around what happens if you're storing customer data and that gets compromised."
http://www.zdnet.com/article/encrypt...ay-or-another/





Bruce Schneier: David Cameron's Proposed Encryption Ban Would 'Destroy the Internet'
Rob Price

A highly respected cryptographer and security expert is warning that David Cameron's proposed ban on strong encryption threatens to "destroy the internet."

Last week, the British Prime Minister told Parliament that he wants to "ensure that terrorists do not have a safe space in which to communicate."

Strong encryption refers to the act of scrambling data in such a way that it cannot be understood by anyone without the correct key or password — even law enforcement with a warrant, or the software manufacturer itself. It's used in some of the most popular tech products in the world, including the iPhone, WhatsApp messenger, and Facebook.

But amid heightened terror fears, Cameron says "we must look at all the new media being produced and ensure that, in every case, we are able, in extremis and on the signature of a warrant, to get to the bottom of what is going on."

The Prime Minister first indicated that he would try and clamp down on secure communications that could not be decrypted by law enforcement even with a warrant back in January, in the aftermath of the Charlie Hebdo shootings in Paris. His comments sparked an immediate flurry of condemnation from privacy and security activists, but his recent statements show he's not backing down. (Number 10 has not responded to requests for clarification about Cameron's comments.)

Business Insider reached out to Bruce Schneier to discuss the feasibility of Cameron' proposed ban on "safe spaces" online. Schneier is a widely respected cryptography and security expert and fellow at the Berkman Centre for Internet and Society at Harvard Law School, serves on the board of digital liberties pressure group the Electronic Frontier Foundation, and writes frequently on encryption and security. He didn't hold back.

BUSINESS INSIDER: What was your immediate reaction to Cameron's proposals?

Bruce Schneier: My immediate reaction was disbelief, followed by confusion and despair. When I first read about Cameron's remarks, I was convinced he had no idea what he was really proposing. The idea is so preposterous that it was hard to imagine it being seriously suggested. But while Cameron might not understand what he's saying, surely he has advisers that do. Maybe he didn't listen to them. Maybe they aren't capable of telling him that what he's saying doesn't make sense. I don't understand UK politics sufficiently well to know what was going on in the background. I don't know anything about Cameron's tech background. But the only possibly explanation is that he didn't realize the full extent of what he was saying.

Then I wondered why he would even wish for such a thing? Does he realize that this is the sort of thing that only authoritarian governments do? Again, my knowledge of the UK is limited, but I assume they are a free country that champions liberty.

BI: Do you think they are even possible?

BS: Of course not. No one does. Sure, he can keep law-abiding non-technical people from using strong encryption. He can ensure that UK businesses are vulnerable to attack. But he cannot hope to prevent bad actors from using encryption to hide themselves from the police.

It's simply not possible to ban strong encryption within a country and software that uses strong encryption from crossing its borders. It's simply not possible to prevent people from installing the software they want on the computing devices they own. Countries like Iran, Syria, Pakistan, Russia, Kazakhstan, and Belarus have tried it and failed. China has tried before and is trying again. I wonder if Cameron is aware of the kind of company he is associating himself with.

BI: Let's say the UK government was determined to try and implement an encryption ban — how would it go about trying to do this?

BS: It gets draconian pretty fast. UK citizens would be banned from using secure software, and UK companies be banned from producing secure software. The government would have to enforce Internet censorship: people couldn't download secure software, search engines couldn't answer queries about secure software, and every packet would be inspected to ensure it isn't being encrypted with secure systems. Closed computing systems like iPhone would ban their users from installing secure software, and open computing systems like Microsoft Windows would be redesigned to prohibit users from installing secure software. Free software would be banned. Anyone entering the UK with a phone or computer would have them conform to UK standards, and border control would seize any devices that fail to do so. UK researchers would be prohibited from researching secure systems.

Pretty horrible and totally infeasible. And even if Cameron turned the UK into the police state required to even attempt this sort of thing, he still wouldn't get what he claims he wants. That's the worst of it: it wouldn't work, and trying would destroy the Internet.

BI: What sort of effect would this have on the UK economy and businesses?

BS: My guess is that it would be a disaster. When the US tried to ban strong cryptography in the 1990s, hundreds of foreign companies sprang up to fill the gap in what the market demanded. And that was before so much of our day-to-day lives relied on the Internet. Today, security is vitally important in everything we do online, and this law would put UK businesses and citizens under an enormous disadvantage. UK citizens would be screwed, of course, and most wouldn't be able to do anything about it. But foreign customers would avoid UK products if possible, and foreign users would avoid entrusting their data and communications to UK systems.

This isn't entirely speculative. Already security companies are moving out of the UK to avoid draconian surveillance laws, and more are talking about it. (Yahoo is the big company that comes to mind.) Cameron's proposal would only make things worse.

BI: Are American and other foreign businesses likely to comply with such a ban, if it were enforced?

BS: If the UK government starts throwing people who violate the ban in jail, businesses will either 1) comply, or 2) put themselves in a position where the UK government cannot throw their people in jail. I expect some of each would occur. Certainly many companies would pull out of the UK market rather than compromise the security of their global customers and users.

BI: Is there really no way to keep users' data secure while providing backdoors to law enforcement?

BS: Yes, there really is no way.

Think of it like this. Technically, there is no such thing as a "backdoor to law enforcement." Backdoor access is a technical requirement, and limiting access to law enforcement is a policy requirement. As an engineer, I cannot design a system that works differently in the presence of a particular badge or a signed piece of paper. I have two options. I can design a secure system that has no backdoor access, meaning neither criminals nor foreign intelligence agencies nor domestic police can get at the data. Or I can design a system that has backdoor access, meaning they all can. Once I have designed this less-secure system with backdoor access, I have to install some sort of policy overlay to try to ensure that only the police can get at the backdoor and only when they are authorized. I can design and build procedures and other measures intended to prevent those bad guys from getting access, but anyone who has followed all of the high-profile hacking over the past few years knows how futile that would be.

There is an important principle here: we have one world and one Internet. Protecting communications means protecting them from everybody. Making communications vulnerable to one group means making them vulnerable to all. There just isn't any way around that.

BI: Won't the proliferation of encryption help terrorists?

BS: No. It's the exact opposite: encryption is one of the things that protects us from terrorists, criminals, foreign intelligence, and every other threat on the Internet, and against our data and communications. Encryption protects our trade secrets, our financial transactions, our medical records, and our conversations. In a world where cyberattacks are becoming more common and more catastrophic, encryption is one of our most important defenses.

In 2010, the US Deputy Secretary of Defense William Lynn wrote: "Although the threat to intellectual property is less dramatic than the threat to critical national infrastructure, it may be the most significant cyberthreat that the United States will face over the long term." Encryption protects against intellectual property theft, and it also protects critical national infrastructure.

ISIS Islamic State IraqAPISIS might use encryption, but that's okay.

What you're asking is much more narrow: won't terrorists be able to use encryption to protect their secrets? Of course they will. Like so many other aspects of our society, the benefits of encryption are general and can be enjoyed by both the good guys and the bad guys. Automobiles benefit both long-distance travelers and bank robbers. Telephones benefit both distant relatives and kidnappers. Late-night all-you-can-eat buffets benefit both hungry students and terrorists plotting their next moves.

This is simply reality. And there are two reasons it's okay. One, good people far outnumber bad people in society, so we manage to thrive nonetheless. And two, the bad guys trip themselves up in so many other ways that allowing them access to automobiles, telephones, late-night restaurants, and encryption isn't enough to make them successful.

Most of the time we recognize that harming the overwhelming number of honest people in society to try to harm the few bad people is a dumb trade-off. Consider an analogy: Cameron is unlikely to demand that cars redesign their engines so as to limit their speeds to 60 kph so bank robbers can't get away so fast. But he doesn't understand the comparable trade-offs in his proposed legislation.

BI: Are there any less obvious ways in which encryption helps people on a day-to-day basis?

BS: Encryption secures everything we do on the Internet. It secures our commerce. It secures our communications. It secures our critical infrastructure. It secures our persons from criminal attack, and it secures our countries from nation-state attack. In many countries, it helps journalists, dissidents, and human rights workers stay alive. In a world of pretty bad computer security, it is the one thing that works well.

BI: What encryption products would you recommend our readers to protect their communications online?

BS: I am a fan of Off-the-Record for encrypting IM conversations on your computer, and Signal for encrypting both text and voice conversations on your smart phone. The encryption built in to the iPhone for both iMessage and FaceTime is also very good.

I strongly recommend turning disk encryption on wherever you can: on your computer, on your smart phone, everywhere. When you browse the Internet, use TLS on the web whenever you can. Download the plug-in HTTPS Everywhere. GPG is the best e-mail encryption program, but my advice is to stick to text and voice.
http://www.businessinsider.com/bruce...nternet-2015-7





Security Experts Oppose Government Access to Encrypted Communication
Nicole Perlroth

An elite group of security technologists has concluded that the American and British governments cannot demand special access to encrypted communications without putting the world’s most confidential data and critical infrastructure in danger.

A new paper from the group, made up of 14 of the world’s pre-eminent cryptographers and computer scientists, is a formidable salvo in a skirmish between intelligence and law enforcement leaders, and technologists and privacy advocates. After Edward J. Snowden’s revelations — with security breaches and awareness of nation-state surveillance at a record high and data moving online at breakneck speeds — encryption has emerged as a major issue in the debate over privacy rights.

That has put Silicon Valley at the center of a tug of war. Technology companies including Apple, Microsoft and Google have been moving to encrypt more of their corporate and customer data after learning that the National Security Agency and its counterparts were siphoning off digital communications and hacking into corporate data centers.

Yet law enforcement and intelligence agency leaders argue that such efforts thwart their ability to monitor kidnappers, terrorists and other adversaries. In Britain, Prime Minister David Cameron threatened to ban encrypted messages altogether. In the United States, Michael S. Rogers, the director of the N.S.A., proposed that technology companies be required to create a digital key to unlock encrypted data, but to divide the key into pieces and secure it so that no one person or government agency could use it alone.

The encryption debate has left both sides bitterly divided and in fighting mode. The group of cryptographers deliberately issued its report a day before James B. Comey Jr., the director of the Federal Bureau of Investigation, and Sally Quillian Yates, the deputy attorney general at the Justice Department, are scheduled to testify before the Senate Judiciary Committee on the concerns that they and other government agencies have that encryption technologies will prevent them from effectively doing their jobs.

The new paper is the first in-depth technical analysis of government proposals by leading cryptographers and security thinkers, including Whitfield Diffie, a pioneer of public key cryptography, and Ronald L. Rivest, the “R” in the widely used RSA public cryptography algorithm. In the report, the group said any effort to give the government “exceptional access” to encrypted communications was technically unfeasible and would leave confidential data and critical infrastructure like banks and the power grid at risk.

Handing governments a key to encrypted communications would also require an extraordinary degree of trust. With government agency breaches now the norm — most recently at the United States Office of Personnel Management, the State Department and the White House — the security specialists said authorities could not be trusted to keep such keys safe from hackers and criminals. They added that if the United States and Britain mandated backdoor keys to communications, China and other governments in foreign markets would be spurred to do the same.

“Such access will open doors through which criminals and malicious nation-states can attack the very individuals law enforcement seeks to defend,” the report said. “The costs would be substantial, the damage to innovation severe and the consequences to economic growth hard to predict. The costs to the developed countries’ soft power and to our moral authority would also be considerable.”

A spokesman for the F.B.I. declined to comment ahead of Mr. Comey’s appearance before the Senate Judiciary Committee hearings on Wednesday. Mr. Comey recently told CNN, “Our job is to find needles in a nationwide haystack, needles that are increasingly invisible to us because of end-to-end encryption.”

A Justice Department official, who spoke on the condition of anonymity before the hearing, said that the agency supported strong encryption, but that certain uses of the technology — notably end-to-end encryption that forces law enforcement to go directly to the target rather than to technology companies for passwords and communications — interfered with the government’s wiretap authority and created public safety risks.

Paul Kocher, the president of the Rambus Cryptography Research Division, who did not write the paper, said it shifted the debate over encryption from how much power intelligence agencies should have to the technological underpinnings of gaining special access to encrypted communications.

The paper “details multiple technological reasons why mandatory government back doors are technically unworkable, and how encryption regulations would be disastrous for computer security,” Mr. Kocher said. “This report ought to put to rest any technical questions about ‘Would this work?’ ”

The group behind the report has previously fought proposals for encryption access. In 1997, it analyzed the technical risks and shortcomings of a proposal in the Clinton administration called the Clipper chip. Clipper would have poked a hole in cryptographic systems by requiring technology manufacturers to include a small hardware chip in their products that would have ensured that the government would always be able to unlock scrambled communications.

The government abandoned the effort after an analysis by the group showed it would have been technically unworkable. The final blow was the discovery by Matt Blaze, then a 32-year-old computer scientist at AT&T Bell Laboratories and one of the authors of the new paper, of a flaw in the system that would have allowed anyone with technical expertise to gain access to the key to Clipper-encrypted communications.

Now the group has convened again for the first time since 1997. “The decisions for policy makers are going to shape the future of the global Internet and we want to make sure they get the technology analysis right,” said Daniel J. Weitzner, head of the MIT Cybersecurity and Internet Policy Research Initiative and a former deputy chief technology officer at the White House, who coordinated the latest report.

In the paper, the authors emphasized that the stakes involved in encryption are much higher now than in their 1997 analysis. In the 1990s, the Internet era was just beginning — the 1997 report is littered with references to “electronic mail” and “facsimile communications,” which are now quaint communications methods. Today, the government’s plans could affect the technology used to lock data from financial and medical institutions, and poke a hole in mobile devices and countless other critical systems that are moving rapidly online, including pipelines, nuclear facilities and the power grid.

“The problems now are much worse than they were in 1997,” said Peter G. Neumann, a co-author of both the 1997 report and the new paper, who is a computer security pioneer at SRI International, the Silicon Valley research laboratory. “There are more vulnerabilities than ever, more ways to exploit them than ever, and now the government wants to dumb everything down further.”

Other authors of the new paper include Steven M. Bellovin, a computer science professor at Columbia University; Harold Abelson, a computer science professor at MIT; Josh Benaloh, a leading cryptographer at Microsoft; Susan Landau, a professor of cybersecurity at Worcester Polytechnic Institute and formerly a senior privacy analyst at Google; and Bruce Schneier, a fellow at the Berkman Center for Internet and Society at Harvard Law School and a widely read security author.

“The government’s proposals for exceptional access are wrong in principle and unworkable in practice,” said Ross Anderson, a professor of security engineering at the University of Cambridge and the paper’s sole author in Britain. “That is the message we are going to be hammering home again and again over the next few months as we oppose these proposals in your country and in ours.”
http://www.nytimes.com/2015/07/08/te...unication.html





FBI: Bring Us A Unicorn. Techies: They Don't Exist. Senator: Stop Complaining & Tell Us Where The Unicorn Is
Mike Masnick

We've already discussed the ridiculousness of yesterday's Senate hearings with Jim Comey on "going dark" and the desire to backdoor encryption. But one thing that came out in the discussions that deserves further scrutiny is the fact that Comey repeatedly admitted that he had no proposed solution to the question of how to do this. He admits that computer scientists say it's not possible, but he insists it's because they're "not trying hard enough" to figure it out. And whenever Senators suggested different possible legislative fixes, Comey would sort of throw up his hands and say "well, we're not making any proposals here, we just want a conversation."

And there's a good reason for this, which was actually admitted after the hearings by former NSA top lawyer (and proud Techdirt disliker) Stewart Baker (who recently argued that Blackberry failed because it had too much encryption) when he went on PBS Newshour to say that the government won't put forth a proposal, knowing that it will immediately get shot full of holes by actual experts.

In the segment, Susan Landau, one of the experts who has explained why this whole idea is stupid and won't work, points out that there are no proposals being put forth because it's impossible to actually do this in a way that doesn't create massive problems:

SUSAN LANDAU: The issue is that the government is saying exceptional access, without explaining how they want this done, and all security matters in the details.

And, immediately, Baker shoots back the admission that no one else has been willing to make that, of course the government won't come up with a plan, because then all the experts can give details for why that plan would be a disaster:

STEWART BAKER: So, I think one of the things that's clear is the government isn’t trying to say this is exactly how we want you to do it, because I’m sure that Susan Landau would be saying, well, that won’t work and we have got these objections to being told how to do it.

The amazing thing is that Baker doesn't even seem to realize what he's admitting, as he then immediately shifts to saying that the government just wants the industry to solve this problem. But the whole point is that there is no solution that doesn't make lots of other things much worse.

The fact that the government refuses to put forth any solution should be seen as a massive problem. But, incredibly, during the Senate Intelligence Committee hearing yesterday, Senator Barbara Mikulski blamed privacy advocates for not offering up a solution to the impossible (starting around the 58 minute mark).

In our briefing materials I read letters from the ACLU, whose views we so value, the Software Alliance, and I saw a lot of criticism of what we're pursuing here for some type of opportunity to not go dark. But I didn't see any solutions. I saw a lot of criticisms. I saw a lot of critiques. But I didn't see solutions. Now I believe, as Senator Heinrich said and others, we have tremendous technical know-how, and I believe that the people in Silicon Valley are indeed very patriotic people, and they don't want drug dealers and international traffickers and child pornographers to be able to get away with nefarious things. So, if we could perhaps actually get from those as well as the civil liberties community how we could start working to a solution that would actually be great.

This is the point at which you should be banging your head on whatever wall or desk is closest. All of those patriotic folks in Silicon Valley have been going into great detail about how there is no good way to backdoor encryption, highlighting many explanations of how it actually makes online security much, much worse. To then say that the people pointing out how there are no good solutions should be the ones responsible for offering up a solution, rather than the government, which is insisting that something must be done, is ridiculous.

It takes quite an incredible train of thought to argue that the people telling you that magic fairy dust doesn't exist need to be the ones to tell you how to make magic fairy dust, rather than the naive folks who believe in magic fairy dust. And yet, that's exactly what Senator Mikulski did. And that's because, as Stewart Baker rightfully points out, if the government actually produced a plan for magic fairy dust, actual experts would quickly point out that it's not magical fairy dust, and actually makes people ill.

How is it that these people are in positions of power and influence?
https://www.techdirt.com/articles/20...icorn-is.shtml





The FBI Doesn't Want to Have to Force Tech Companies to Weaken Encryption

The director just wants every device and software manufacturer to volunteer to create backdoors for the government to snoop on Americans
Trevor Timm

It’s never a good sign when you have to declare during a debate that “I really am not a maniac.”

But that’s what FBI director Jim Comey found himself saying in advance of his testimony to the senate on Wednesday where he once again argued that tech companies need to figure out a way to install backdoors in all their communications tools so that there’s never an email, text or phone call that the US government can’t get its hands on.

Ever since Apple commendably announced last September that it would increase the security protecting millions of iPhones so that only the user - and not the company - would be able to unlock them, Comey has spent months arguing that this could spell disaster for the FBI trying to access what is on suspects’ phones. Since then, other popular messaging services like WhatsApp have followed in Apple’s footsteps and encrypted user’s chats “end-to-end.”

Since his initial objection to tech companies enabling end-to-end encryption, Comey has rightly been bombarded with criticism from security experts, cryptographers and engineers, who have at various times called his backdoor proposal technically impossible, an enormous setback for cybersecurity, an invitation for countries like China to mandate the same, potentially devastating to the economy and not needed. (Comey admitted Tuesday he has no specific data to back up his claim that encryption has prevented the FBI from solving crimes.)

Notably, just one day before Comey’s testimony, an all-star group of leading technical experts released a paper running through, in specific detail, the myriad of problems mandated backdoors in encryption would cause for the public. The paper posed dozens of technical questions about how such backdoors would work in practice, which the FBI has so far not even attempted to answer. The scale of the questions – and the fact that many of them will never have clear answers – shows just how ill-thought out the FBI’s idea really is.

The criticism seems to have forced the FBI to scale back its ambitious and dangerous rhetoric. Comey kept emphasizing Wednesday that he “was not an expert,” does not prefer a “one size fits all” law anymore, and that he wanted to work with tech companies – so they weaken our security voluntarily. He also claimed he doesn’t want the government to hold those master keys to everyone’s communications, he just wants companies to hold them and hand over data to the government when asked.

But no matter who holds the keys, the same problems persist. The FBI – and apparently many senators, judging by Wednesday’s hearings – think that all you need to do is force a bunch of smart people to get into a room and they’ll be able to wave their hands to magically to solve one of the hardest unsolved problems that has vexed computer engineers for decades.

Here’s a question for the FBI director – or UK Prime Minister David Cameron, who is pushing a similar proposal in Britain – which no one seems to ask: can you name a single security engineer or technical expert who thinks this is even remotely a good idea? So far those experts have universally lined up against it. If Comey is really interested in a debate, he should bring in a technical expert to argue the case, instead of throwing up his hands every time the conversation starts veering into specifics.

The entire premise of the debate that the FBI is “going dark” and can no longer read the communications of criminals – which they have been claiming for 20 years, by the way – is false, as the law professor Peter Swire later told the same senate panel. We are living in “the golden age of surveillance,” Swire argued, and we can look no further than the countless stories about NSA mass surveillance that have come out in the past two years, which by the way, could not be done without the FBI’s close assistance.

Comey says all he wants is a “debate” about the issue. Well, we’ve had the debate. We had it for 20 years. The debate is over – embrace encryption to protect our security. Don’t outlaw it for marginal gains at the expense of everyone.
http://www.theguardian.com/commentis...encryption-bad





Senate Advances Secret Plan Forcing Internet Services to Report Terror Activity

Legislation modeled on 2008 law requiring Internet companies to report child porn.
David Kravets

The Senate Intelligence Committee secretly voted on June 24 in favor of legislation requiring e-mail providers and social media sites to report suspected terrorist activities.

ISIS supporters preferred tweeting with Android over iPhone and Blackberry.

The legislation, approved 15-0 in a closed-door hearing, remains "classified." The relevant text is contained in the 2016 intelligence authorization, a committee aide told Ars by telephone early Monday. Its veil of secrecy would be lifted in the coming days as the package heads to the Senate floor, the aide added.

The proposal comes as the Islamic State and other terror groups have taken to the Internet to gain converts across the globe, including in the United States. The FBI issued a public warning in March about American teens being susceptible to the Islamic State's online recruitment tactics. And the Brookings Institute estimated in March that there were as many as 70,000 pro-Islamic State Twitter accounts. Twitter has removed tens of thousands of these terror propaganda accounts, which violate its terms of service.

"Our nation is facing more threats every day. America's security depends on our intelligence community’s ability to detect and thwart attacks on the homeland, our personnel and interests overseas, and our allies. This year’s legislation arms the intelligence community with the resources they need and reinforces congressional oversight of intelligence activities," Intelligence Committee Chairman Richard Burr, a Republican of North Carolina, said in a statement about the bill.

Senator Dianne Feinstein (D-CA), who sponsored the Internet services provision, did not return a call seeking comment.

The legislation is modeled after a 2008 law, the Protect Our Children Act. That measure requires Internet companies to report images of child porn, and information identifying who trades it, to the National Center for Missing and Exploited Children. That quasi-government agency then alerts either the FBI or local law enforcement about the identities of online child pornographers.

The bill, which does not demand that online companies remove content, requires Internet firms that obtain actual knowledge of any terrorist activity to "provide to the appropriate authorities the facts or circumstances of the alleged terrorist activity," wrote The Washington Post, which was able to obtain a few lines of the bill text. The terrorist activity could be a tweet, a YouTube video, an account, or a communication.

Twitter, Google, and Facebook haven't publicly taken a position on the new legislation.
http://arstechnica.com/tech-policy/2...rror-activity/





Amnesty International Seeks Explanation for 'Absolutely Shocking' Government Surveillance
Mark Wilson

A court recently revealed via email that the UK government had been spying on Amnesty International. GCHQ had put Amnesty under surveillance -- despite this having previously been denied -- and now the human rights organization wants answers.

In a letter to the UK Prime Minister David Cameron, Amnesty International asks for an explanation for the surveillance. The Investigatory Powers Tribunal's (IPT) email made it clear that GCHQ had been intercepting, accessing and storing communications, something that Amnesty International's Secretary General, Salil Shetty believes "makes it vividly clear that mass surveillance has gone too far".

Amnesty International explains to Mr Cameron that it is deeply concerned about the revelations. The letter says that the victims of human rights abuses that the organization helps will have cause to believe that not only has the government intercepted data about them, but that it may have been shared with foreign governments. More importantly, perhaps, it's something that will be of concern to those considering seeking help from the organization.

Kate Allen, Amnesty UK’s Director said:

It’s absolutely shocking that Amnesty International’s private correspondence was deemed fair game to UK spooks, who have clearly lost all sense of what is proportionate or appropriate. A key measure of a free society is how it treats its charities and NGOs (Non-Governmental Organizations). If Amnesty International is being spied on, then is anyone safe?

The letter calls for a full independent inquiry into the surveillance of human rights organizations, as well as requesting that existing reports into spying be published.

As well as writing to the Prime Minister, Amnesty International has also written to the Guardian. Here, Kate Allen and others point out that the only reason the surveillance came to light is because GCHQ broke rules about how long data could be retained -- if this had not happened, we might have been none the wiser about what had been going on. The letter, co-signed by Shami Chakrabarti, director of Liberty, and Gus Hosein, executive director of Privacy International, asks:

Which other organisations are being spied on? What confidential information was GCHQ looking at? Why was it of interest? Who read it? Was it shared? Is it still going on? How did it come to this?
http://betanews.com/2015/07/10/amnes...-surveillance/





An Attack on Press Freedom

SPIEGEL Targeted by US Intelligence

Revelations from WikiLeaks published this week show how boundlessly and comprehensively American intelligence services spied on the German government. It has now emerged that the US also conducted surveillance against SPIEGEL.

Walks during working hours aren't the kind of pastime one would normally expect from a leading official in the German Chancellery. Especially not from the head of Department Six, the official inside Angela Merkel's office responsible for coordinating Germany's intelligence services.

But in the summer of 2011, Günter Heiss found himself stretching his legs for professional reasons. The CIA's station chief in Berlin had requested a private conversation with Heiss. And he didn't want to meet in an office or follow standard protocol. Instead, he opted for the kind of clandestine meeting you might see in a spy film.

Officially, the CIA man was accredited as a counsellor with the US Embassy, located next to Berlin's historic Brandenburg Gate. Married to a European, he had already been stationed in Germany once before and knew how to communicate with German officials. At times he could be demanding and overbearing, but he could also be polite and courteous. During this summer walk he also had something tangible to offer Heiss.

The CIA staffer revealed that a high-ranking Chancellery official allegedly maintained close contacts with the media and was sharing official information with reporters with SPIEGEL.

The American provided the name of the staffer: Hans Josef Vorbeck, Heiss' deputy in Department Six. The information must have made it clear to Heiss that the US was spying on the German government as well as the press that reports on it.

The central Berlin stroll remained a secret for almost four years. The Chancellery quietly transferred Vorbeck, who had until then been responsible for counterterrorism, to another, less important department responsible dealing with the history of the BND federal intelligence agency. Other than that, though, it did nothing.

Making a Farce of Rule of Law

Officials in the Chancellery weren't interested in how the CIA had obtained its alleged information. They didn't care to find out how, and to which degree, they were being spied on by the United States. Nor were they interested in learning about the degree to which SPIEGEL was being snooped on by the Americans. Chancellery officials didn't contact any of the people in question. They didn't contact members of the Bundestag federal parliament sitting on the Parliamentary Control Panel, the group responsible for oversight of the intelligence services. They didn't inform members of the Office for the Protection of the Constitution, the agency responsible for counterintelligence in Germany, either. And they didn't contact a single public prosecutor. Angela Merkel's office, it turns out, simply made a farce of the rule of law.

As a target of the surveillance, SPIEGEL has requested more information from the Chancellery. At the same time, the magazine filed a complaint on Friday with the Federal Public Prosecutor due to suspicion of intelligence agency activity.

Because now, in the course of the proceedings of the parliamentary investigative committee probing the NSA's activities in Germany in the wake of revelations leaked by whistleblower Edward Snowden, details about the event that took place in the summer of 2011 are gradually leaking to the public. At the beginning of May, the mass-circulation tabloid Bild am Sonntag reported on a Chancellery official who had been sidelined "in the wake of evidence of alleged betrayal of secrets through US secret services."

Research conducted by SPIEGEL has determined the existence of CIA and NSA files filled with a large number of memos pertaining to the work of the German newsmagazine. And three different government sources in Berlin and Washington have independently confirmed that the CIA station chief in Berlin was referring specifically to Vorbeck's contacts with SPIEGEL.

An Operation Justified by Security Interests?

Obama administration sources with knowledge of the operation said that it was justified by American security interests. The sources said US intelligence services had determined the existence of intensive contacts between SPIEGEL reporters and the German government and decided to intervene because those communications were viewed as damaging to the United States' interests. The fact that the CIA and NSA were prepared to reveal an ongoing surveillance operation to the Chancellery underlines the importance they attached to the leaks, say sources in Washington. The NSA, the sources say, were aware that the German government would know from then on that the US was spying in Berlin.

As more details emerge, it is becoming increasingly clear that representatives of the German government at best looked away as the Americans violated the law, and at worst supported them.

Just last Thursday, Günter Heiss and his former supervisor, Merkel's former Chief of Staff Ronald Pofalla, were questioned by the parliamentary investigative committee and attempted to explain the egregious activity. Heiss confirmed that tips had been given, but claimed they hadn't been "concrete enough" for measures to be taken. When asked if he had been familiar with the issue, Pofalla answered, "Of course." He said that anything else he provided had to be "in context," at which point a representative of the Chancellery chimed in and pointed out that could only take place in a meeting behind closed doors.

In that sense, the meeting of the investigative committee once again shed light on the extent to which the balance of power has shifted between the government and the Fourth Estate. Journalists, who scrutinize and criticize those who govern, are an elementary part of the "checks and balances" -- an American invention -- aimed at ensuring both transparency and accountability. When it comes to intelligence issues, however, it appears this system has been out of balance for some time.

Government Lies

When SPIEGEL first reported in Summer 2013 about the extent of NSA's spying on Germany, German politicians first expressed shock and then a certain amount of indignation before quickly sliding back into their persona as a loyal ally. After only a short time and a complete lack of willingness on the part of the Americans to explain their actions, Pofalla declared that the "allegations are off the table."

But a number of reports published in recent months prove that, whether out of fear, outrage or an alleged lack of knowledge, it was all untrue. Everything the government said was a lie. As far back as 2013, the German government was in a position to suspect, if not to know outright, the obscene extent to which the United States was spying on an ally. If there hadn't already been sufficient evidence of the depth of the Americans' interest in what was happening in Berlin, Wednesday's revelations by WikiLeaks, in cooperation with Süddeutsche Zeitung, filled in the gaps.

SPIEGEL's reporting has long been a thorn in the side of the US administration. In addition to its reporting on a number of other scandals, the magazine exposed the kidnapping of Murat Kurnaz, a man of Turkish origin raised in Bremen, Germany, and his rendition to Guantanamo. It exposed the story of Mohammed Haydar Zammar, who was taken to Syria, where he was tortured. The reports triggered the launch of a parliamentary investigative committee in Berlin to look also into the CIA's practices.

When SPIEGEL reported extensively on the events surrounding the arrest of three Islamist terrorists in the so-called "Sauerland cell" in Germany, as well as the roles played by the CIA and the NSA in foiling the group, the US government complained several times about the magazine. In December 2007, US intelligence coordinator Mike McConnell personally raised the issue during a visit to Berlin. And when SPIEGEL reported during the summer of 2009, under the headline "Codename Domino," that a group of al-Qaida supporters was believed to be heading for Europe, officials at the CIA seethed. The sourcing included a number of security agencies and even a piece of information supplied by the Americans. At the time, the station chief for Germany's BND intelligence service stationed in Washington was summoned to CIA headquarters in Langley, Virginia.

The situation escalated in August 2010 after SPIEGEL, together with WikiLeaks, the Guardian and the New York Times, began exposing classified US Army reports from Afghanistan. That was followed three months later with the publication of the Iraq war logs based on US Army reports. And in November of that year, WikiLeaks, SPIEGEL and several international media reported how the US government thinks internally about the rest of the world on the basis of classified State Department cables. Pentagon officials at the time declared that WikiLeaks had "blood on its hands." The Justice Department opened an investigation and seized data from Twitter accounts, e-mail exchanges and personal data from activists connected with the whistleblowing platform. The government then set up a Task Force with the involvement of the CIA and NSA.

Not even six months later, the CIA station chief requested to go on the walk in which he informed the intelligence coordinator about Vorbeck and harshly criticized SPIEGEL.

Digital Snooping

Not long later, a small circle inside the Chancellery began discussing how the CIA may have got ahold of the information. Essentially, two possibilities were conceivable: either through an informant or through surveillance of communications. But how likely is it that the CIA had managed to recruit a source in the Chancellery or on the editorial staff of SPIEGEL?

The more likely answer, members of the circle concluded, was that the information must have been the product of "SigInt," signals intelligence -- in other words, wiretapped communications. It seems fitting that during the summer of 2013, just prior to the scandal surrounding Edward Snowden and the documents he exposed pertaining to NSA spying, German government employees warned several SPIEGEL journalists that the Americans were eavesdropping on them.

At the end of June 2011, Heiss then flew to Washington. During a visit to CIA headquarters in Langley, the issue of the alleged contact with SPIEGEL was raised again. Chancellery staff noted the suspicion in a classified internal memo that explicitly names SPIEGEL.

One of the great ironies of the story is that contact with the media was one of Vorbeck's job responsibilities. He often took part in background discussions with journalists and even represented the Chancellery at public events. "I had contact with journalists and made no secret about it," Vorbeck told SPIEGEL. "I even received them in my office in the Chancellery. That was a known fact." He has since hired a lawyer.

It remains unclear just who US intelligence originally had in its scopes. The question is also unlikely to be answered by the parliamentary investigative committee, because the US appears to have withheld this information from the Chancellery. Theoretically, at least, there are three possibilities: The Chancellery -- at least in the person of Hans Josef Vorbeck. SPIEGEL journalists. Or blanket surveillance of Berlin's entire government quarter. The NSA is capable of any of the three options. And it is important to note that each of these acts would represent a violation of German law.

Weak Arguments

So far, the Chancellery has barricaded itself behind the argument that the origin of the information had been too vague and abstract to act on. In addition, the tip had been given in confidentiality, meaning that neither Vorbeck nor SPIEGEL could be informed. But both are weak arguments, given that the CIA station chief's allegations were directed precisely at SPIEGEL and Vorbeck and that the intelligence coordinator's deputy would ultimately be sidelined as a result.

And even if you follow the logic that the tip wasn't concrete enough, there is still one committee to whom the case should have been presented under German law: the Bundestag's Parliamentary Control Panel, whose proceedings are classified and which is responsible for oversight of Germany's intelligence services. The nine members of parliament on the panel are required to be informed about all intelligence events of "considerable importance."

Members of parliament on the panel did indeed express considerable interest in the Vorbeck case. They learned in fall 2011 of his transfer, and wanted to know why "a reliable coordinator in the fight against terrorism would be shifted to a post like that, one who had delivered excellent work on the issue," as then chairman of the panel, Social Demoratic Party politician Thomas Oppermann, criticized at the time.

But no word was mentioned about the reasons behind the transfer during a Nov. 9, 2011 meeting of the panel. Not a single word about the walk taken by the CIA chief of station. Not a word about the business trip to Washington taken by Günter Heiss afterward. And not a word about Vorbeck's alleged contacts with SPIEGEL. Instead, the parliamentarians were told a myth -- that the move had been made necessary by cutbacks. And also because he was needed to work on an historical appraisal of Germany's foreign intelligence agency, the BND.

Deceiving Parliament

Officials in the Chancellery had decided to deceive parliament about the issue. And for a long time, it looked as though they would get away with it.

The appropriate way of dealing with the CIA's incrimination would have been to transfer the case to the justice system. Public prosecutors would have been forced to follow up with two investigations: One to find out whether the CIA's allegations against Vorbeck had been true -- both to determine whether government secrets had been breached and out of the obligation to assist a longtime civil servant. It also would have had to probe suspicions that a foreign intelligence agency conducted espionage in the heart of the German capital.

That could, and should, have been the case. Instead, the Chancellery decided to go down the path of deception, scheming with an ally, all the while interpreting words like friendship and partnership in a highly arbitrary and scrupulous way.

Günter Heiss, who received the tip from the CIA station chief, is an experienced civil servant. In his earlier years, Heiss studied music. He would go on as a music instructor to teach a young Ursula von der Leyen (who is Germany's defense minister today) how to play the piano. But then Heiss, a tall, slightly lanky man, switched professions and instead pursued a career in intelligence that would lead him to the top post in the Lower Saxony state branch of the Office for the Protection of the Constitution. Even back then, the Christian Democrat was already covering up the camera on his laptop screen with tape. At the very least "they" shouldn't be able to see him, he said at the time, elaborating that the "they" he was referring to should not be interpreted as being the US intelligence services, but rather the other spies - "the Chinese" and, "in any case, the Russians." For conservatives like Heiss, America, after all, is friendly territory.

'Spying Among Friends Not Acceptable'

If there was suspicion in the summer of 2011 that the NSA was spying on a staff member at the Chancellery, it should have set off alarm bells within the German security apparatus. Both the Office for the Protection of the Constitution, which is responsible for counter-intelligence, and the Federal Office for Information Security should have been informed so that they could intervene. There also should have been discussions between the government ministers and the chancellor in order to raise government awareness about the issue. And, going by the maxim the chancellor would formulate two years later, Merkel should have had a word with the Americans along the lines of "Spying among friends is not acceptable."

And against the media.

If it is true that a foreign intelligence agency spied on journalists as they conducted their reporting in Germany and then informed the Chancellery about it, then these actions would place a huge question mark over the notion of a free press in this country. Germany's highest court ruled in 2007 that press freedom is a "constituent part of a free and democratic order." The court held that reporting can no longer be considered free if it entails a risk that journalists will be spied on during their reporting and that the federal government will be informed of the people they speak to.

"Freedom of the press also offers protection from the intrusion of the state in the confidentiality of the editorial process as well as the relationship of confidentiality between the media and its informants," the court wrote in its ruling. Freedom of the press also provides special protection to the "the secrecy of sources of information and the relationship of confidentiality between the press, including broadcasters, and the source."

Criminalizing Journalism

But Karlsruhe isn't Washington. And freedom of the press is not a value that gives American intelligence agencies pause. On the contrary, the Obama administration has gained a reputation for adamantly pursuing uncomfortable journalistic sources. It hasn't even shied away from targeting American media giants.

In spring 2013, it became known that the US Department of Justice mandated the monitoring of 100 telephone numbers belonging to the news agency Associated Press. Based on the connections that had been tapped, AP was able to determine that the government likely was interested in determining the identity of an important informant. The source had revealed to AP reporters details of a CIA operation pertaining to an alleged plot to blow up a commercial jet.

The head of AP wasn't the only one who found the mass surveillance of his employees to be an "unconstitutional act." Even Republican Senators like John Boehner sharply criticized the government, pointing to press freedoms guaranteed by the Bill of Rights. "The First Amendment is first for a reason," he said.

But the Justice Department is unimpressed by such formulations. New York Times reporter James Risen, a two-time Pulitzer Prize winner, was threatened with imprisonment for contempt of court in an effort to get him to turn over his sources -- which he categorically refused to do for seven years. Ultimately, public pressure became too intense, leading Obama's long-time Attorney General Eric Holder to announce last October that Risen would not be forced to testify.

The Justice Department was even more aggressive in its pursuit of James Rosen, the Washington bureau chief for TV broadcaster Fox. In May 2013, it was revealed that his telephone was bugged, his emails were read and his visits to the State Department were monitored. To obtain the necessary warrants, the Justice Department had labeled Rosen a "criminal co-conspirator."

The strategy of criminalizing journalism has become something of a bad habit under Obama's leadership, with his government pursuing non-traditional media, such as the whistleblower platform WikiLeaks, with particular aggression.

Bradley Manning, who supplied WikiLeaks with perhaps its most important data dump, was placed in solitary confinement and tormented with torture-like methods, as the United Nations noted critically. Manning is currently undergoing a gender transition and now calls herself Chelsea. In 2013, a military court sentenced Manning, who, among other things, publicized war crimes committed by the US in Iraq, to 35 years in prison.

In addition, a criminal investigation has been underway for at least the last five years into the platform's operators, first and foremost its founder Julian Assange. For the past several years, a grand jury in Alexandria, Virginia has been working to determine if charges should be brought against the organization.

Clandestine Proceedings

The proceedings are hidden from the public, but the grand jury's existence became apparent once it began to subpoena witnesses with connections to WikiLeaks and when the Justice Department sought to confiscate data belonging to people who worked with Assange. The US government, for example, demanded that Twitter hand over data pertaining to several people, including the Icelandic parliamentarian Brigitta Jonsdottir, who had worked with WikiLeaks on the production of a video. The short documentary is an exemplary piece of investigative journalism, showing how a group of civilians, including employees of the news agency Reuters, were shot and killed in Baghdad by an American Apache helicopter.

Computer security expert Jacob Appelbaum, who occasionally freelances for SPIEGEL, was also affected at the time. Furthermore, just last week he received material from Google showing that the company too had been forced by the US government to hand over information about him - for the time period from November 2009 until today. The order would seem to indicate that investigators were particularly interested in Appelbaum's role in the publication of diplomatic dispatches by WikiLeaks.

Director of National Intelligence James Clapper has referred to journalists who worked with material provided by Edward Snowden has his "accomplices." In the US, there are efforts underway to pass a law pertaining to so-called "media leaks." Australia already passed one last year. Pursuant to the law, anyone who reveals details about secret service operations may be punished, including journalists.

Worries over 'Grave Loss of Trust'

The German government isn't too far from such positions either. That has become clear with its handling of the strictly classified list of "selectors," which is held in the Chancellery. The list includes search terms that Germany's foreign intelligence agency, the BND, used when monitoring telecommunications data on behalf of the NSA. The parliamentary investigative committee looking into NSA activity in Germany has thus far been denied access to the list. The Chancellery is concerned that allowing the committee to review the list could result in uncomfortable information making its way into the public.

That's something Berlin would like to prevent. Despite an unending series of indignities visited upon Germany by US intelligence agencies, the German government continues to believe that it has a "special" relationship with its partners in America -- and is apparently afraid of nothing so much as losing this partnership.

That, at least, seems to be the message of a five-page secret letter sent by Chancellery Chief of Staff Peter Altmaier, of Merkel's Christian Democrats, to various parliamentary bodies charged with oversight. In the June 17 missive, Altmaier warns of a "grave loss of trust" should German lawmakers be given access to the list of NSA spying targets. Opposition parliamentarians have interpreted the letter as a "declaration of servility" to the US.

Altmaier refers in the letter to a declaration issued by the BND on April 30. It notes that the spying targets passed on by the NSA since 2005 include "European political personalities, agencies in EU member states, especially ministries and EU institutions, and representations of certain companies." On the basis of this declaration, Altmaier writes, "the investigative committee can undertake its own analysis, even without knowing the individual selectors."

Committee members have their doubts. They suspect that the BND already knew at the end of April what WikiLeaks has now released -- with its revelations that the German Economics Ministry, Finance Ministry and Agriculture Ministry were all under the gaze of the NSA, among other targets. That would mean that the formulation in the BND declaration of April 30 was intentionally misleading. The Left Party and the Greens now intend to gain direct access to the selector list by way of a complaint to Germany's Constitutional Court.

The government in Berlin would like to prevent exactly that. The fact that the US and German intelligence agencies shared selectors is "not a matter of course. Rather, it is a procedure that requires, and indicates, a special degree of trust," Almaier writes. Should the government simply hand over the lists, Washington would see that as a "profound violation of confidentiality requirements." One could expect, he writes, that the "US side would significantly restrict its cooperation on security issues, because it would no longer see its German partners as sufficiently trustworthy."

Altmaier's letter neglects to mention the myriad NSA violations committed against German interests, German citizens and German media.
http://www.spiegel.de/international/...a-1042023.html





Shaming Spy Chiefs by Plastering Them All Over the World
Laura Mallonee

You’ve heard of Edward Snowden. And the name Keith Alexander probably rings a bell. But what about James Comey? As head of the FBI, he pressed for a law that would require American smartphone companies to decrypt citizens’ phones on request. Ever heard of Avril Haines? She was deputy director of the CIA when that agency was engaged in many of the activities Snowden exposed.

Italian artist Paolo Cirio has been stenciling “unauthorized” portraits of these folks, and six other high-ranking officials at three-letter agencies, on walls throughout cities around the world. This rogue’s gallery of spooks and spies grin unwittingly from posters and murals in places more typically reserved for television stars and lingerie models.

“I find it interesting to turn these intelligence officials into pop celebrities, bringing them from the dark of top secrecy programs to the spotlight of the art circus,” Cirio says.

Some of the people he singles out are more famous—infamous?—than others. Michael Hayden led the NSA when it created its notorious bulk data collection program. Alexander presided over the National Security Agency when, among many other things, it launched PRISM, the surveillance program Snowden risked so much to expose. He also led US Cyber Command. James Clapper was director of national intelligence.

All of these people were architects, or at least overseers, of the vast surveillance apparatus that Snowden exposed. He’s been forced into exile in Russia, while many of these people still pull the levers of power. Cirio sees these portraits as a way to shame, if not punish, them by denying them the anonymity their agencies seem happy to take from us.

The artist, whose previous work has angered more than a few multinational corporations, The Financial Times and Facebook — bases them on personal, sometimes private photos. He finds them on social media using open-source intelligence—data easily obtained from social media, public records and other easily obtained info. Plugins like Photo Hack for Facebook can reveal selfies and other candid photographs. (Interestingly, these tools are far less effective against British intelligence officials, who seem to be a bit more cautious than their US counterparts.)

Next, Cirio runs the images through a custom script that converts them into files compatible with a laser cutter. He then prints four stencils for each person, each perforated with hundreds of tiny triangles reminiscent of Roy Lichtenstein’s Ben-Day dots. Layered together with cyan, magenta, yellow, and black acrylic spray paint, they form immaculate reproductions of the subjects’ faces.

The resulting portraits look like pop silkscreens from the 1960s, an eye-candy aesthetic that belies their serious undertone. “These are portraits of high-ranking war generals, the Napoleons of today, somehow marking their historical role in attempting to build a dangerous cyber-empire,” Cirio says. But beyond bringing these people out of the shadows, the artists wants them to know that, despite their job titles, they’re as digitally vulnerable and overexposed as the rest of us.

Paolo Cirio’s Overexposed is on display at Nome until July 20.
http://www.wired.com/2015/07/shaming...stering-world/





Eric Holder: The Justice Department Could Strike Deal with Edward Snowden
Michael Isikoff

Former Attorney General Eric Holder said today that a “possibility exists” for the Justice Department to cut a deal with former NSA contractor Edward Snowden that would allow him to return to the United States from Moscow.

In an interview with Yahoo News, Holder said “we are in a different place as a result of the Snowden disclosures” and that “his actions spurred a necessary debate” that prompted President Obama and Congress to change policies on the bulk collection of phone records of American citizens.

Asked if that meant the Justice Department might now be open to a plea bargain that allows Snowden to return from his self-imposed exile in Moscow, Holder replied: “I certainly think there could be a basis for a resolution that everybody could ultimately be satisfied with. I think the possibility exists.”

Holder’s comments came as he began a new job as a private lawyer at Covington & Burling, the elite Washington law firm where he worked before serving as the nation’s top law enforcement officer from February 2009 until last April.

In that capacity, Holder presided over an unprecedented crackdown on government leakers, including the filing of a June 2013 criminal complaint against Snowden, charging him with three felony violations of the Espionage Act for turning over tens of thousands of government documents to journalists.

Holder had previously said — in a January 2014 interview with MSNBC — that the U.S. would be willing to “engage in conversation” with Snowden and his lawyers were he willing to return to the United States to face the charges, but ruled out any granting of clemency.

But his remarks to Yahoo News go further than any current or former Obama administration official in suggesting that Snowden’s disclosures had a positive impact and that the administration might be open to a negotiated plea that the self-described whistleblower could accept, according to his lawyer Ben Wizner.

“The former attorney general’s recognition that Snowden’s actions led to meaningful changes is welcome,” said Wizner. “This is significant … I don’t think we’ve seen this kind of respect from anybody at a Cabinet level before.”

Holder declined to discuss what the outlines of a possible deal might consist of, saying that as the former attorney general, it would not be “appropriate” for him to discuss it.

It’s also not clear whether Holder’s comments signal a shift in Obama administration attitudes that could result in a resolution of the charges against Snowden. Melanie Newman, chief spokeswoman for Attorney General Loretta Lynch, Holder’s successor, immediately shot down the idea that the Justice Department was softening its stance on Snowden.

“This is an ongoing case so I am not going to get into specific details but I can say our position regarding bringing Edward Snowden back to the United States to face charges has not changed,” she said in an email.

Three sources familiar with informal discussions of Snowden’s case told Yahoo News that one top U.S. intelligence official, Robert Litt, the chief counsel to Director of National Intelligence James Clapper, recently privately floated the idea that the government might be open to a plea bargain in which Snowden returns to the United States, pleads guilty to one felony count and receives a prison sentence of three to five years in exchange for full cooperation with the government.

Litt declined to comment. A source close to Litt said any comments he made were personal and did not represent the position of the U.S. government. The source also said Litt has made clear to Snowden’s representatives that “nothing is going to happen unless he comes in and moves off this idea, ‘I’m entitled to a medal.’”

But Wizner, Snowden’s lawyer, said any felony plea by Snowden that results in prison time would be unacceptable to his client. “Our position is he should not be reporting to prison as a felon and losing his civil rights as a result of his act of conscience,” he said.

Moreover, any suggestion of leniency toward Snowden would likely run into strong political opposition in Congress as well as fierce resistance from hard-liners in the intelligence community who remain outraged over his wholesale disclosure of highly classified government documents. Those feelings have, in some ways, been exacerbated by Snowden’s worldwide celebrity that recently prompted him to enter into an arrangement with a speaker’s bureau that has allowed him to give paid talks to worldwide audiences via Skype from his apartment in Moscow.

“I’m quite stunned that we would be considering any return of Snowden to this country other than to meet a jury of his peers, period,” said Michael Hayden, former director of both the NSA and CIA under President George W. Bush, when asked about Holder’s comments.

What Snowden did, however, “was the greatest hemorrhaging of legitimate American secrets in the history of the republic, no question about it,” Hayden added.

Whatever happens, Snowden’s legal fate won’t be in Holder’s hands. In the interview, he said he planned to concentrate on giving “strategic advice” to corporate clients at Covington — but no lobbying — while also engaging in significant pro bono work, including starting a foundation to promote issues such as criminal justice reform.

Holder also said he has already had “interactions” with Hillary Clinton’s presidential campaign and expects to be helpful, including possibly speaking at campaign events and providing advice. “That will be up to the campaign,” he said. “Whatever the nominee wants.”
https://www.yahoo.com/politics/eric-...393663066.html

















Until next week,

- js.



















Current Week In Review





Recent WiRs -

July 4th, June 27th, June 20th, June 13th

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 30th, '11 JackSpratts Peer to Peer 0 27-07-11 06:58 AM
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 02:51 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)