P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 21-08-13, 07:34 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - August 24th, '13

Since 2002


































"You’ve had your debate. There’s no need to write any more." – UK Secret Service


"The closing of Groklaw demonstrates how central the right to privacy is to free expression. The mere threat of surveillance is enough to [make people] self-censor." – Privacy International


"I have never spoken with, worked with, or provided any journalistic materials to the Independent." – Edward Snowden






































August 24th, 2013




Firm Accused of Uploading Porn, Shaking Down People Who Download It
Andrea Peterson and Timothy B. Lee

Prenda Law is one of the Internet’s most prolific copyright trolls: firms that catch users downloading content from peer-to-peer networks, threaten them with lawsuits and then offer to “settle” for less than the cost of defending a lawsuit. The tactic is particularly effective for pornographic works because many users are afraid to have their name associated with titles like “In Love with Jynx Maze”, “Sexual Obsessions” and “Look What I Found in the Street 5″ in public court documents.

But Prenda has repeatedly been accused of cutting legal and ethical corners. In one case last year, a Minnesota man sued Prenda for alleged identity theft after the man’s name was listed as the CEO of a Prenda shell company without his permission. The allegations have led to tens of thousands of dollars in fines against the company.

This week Prenda faces fresh allegations of unethical conduct. TorrentFreak says it obtained documents that appear to show that someone associated with Prenda uploaded some of the copyrighted pornographic films that it subsequently threatened users for downloading.

Earlier this summer, an expert report filed by a Bittorrent monitoring company associated with a suit involving Prenda suggested that one user who allegedly uploaded many of the videos, sharkmp4, may have been associated with Prenda itself. The file-sharing site the Pirate Bay, then jumped in and identified several IP addresses that it said were used by sharkmp4.

Now Comcast says it has confirmed the association. In response to a subpoena, Comcast said that one of the IP addresses revealed by the Pirate Bay was registered by Steele Hansmeier, a defunct law firm whose principals are the masterminds behind Prenda’s litigation campaign.

That means that someone associated with Prenda would have uploaded pornographic films, waited for users to download them and then threatened to sue those users for copyright infringement if they didn’t pay Prenda several thousand dollars.

Obviously, this could complicate Prenda’s litigation campaign. A copyright lawsuit is based on the assumption that content distribution is unauthorized, but that may not be so clear if the video was uploaded to the network in the first place by the legitimate copyright holder. Even worse for Prenda, judges may not look kindly on the firm’s failure to disclose the fact that it uploaded the videos. The firm has already faced scathing criticism from judges for its “lack of candor.”

An attorney for the Prenda-linked plaintiff in the case didn’t return our call seeking comment.
http://www.washingtonpost.com/blogs/...o-download-it/





Comcast Threatens to Sue TorrentFreak for Copyright Infringement
Ernesto

Comcast has sent TorrentFreak a cease and desist letter, claiming copyright over contents of an article which revealed that Prenda Law was involved in operating a pirate honeypot. Failure to comply will result in a lawsuit in which the Internet provider will seek damages, a Comcast representative informs us. In addition, Comcast also alerted our hosting provider, who is now threatening to shut down our server.

Over the past several years we have covered many copyright disputes, but now we have become part of one ourselves.

Last week we wrote a news article based on public court records, revealing that Prenda Law has been involved in operating a honeypot in order to lure Internet users into downloading copyrighted material.

This revelation came to light after Comcast returned a subpoena linking the IP-address of Pirate Bay uploader “Sharkmp4″ to the infamous law firm, and has since been published by several other news outlets since we broke the news.

It was an article like any other, we thought, but on Monday we learned that Comcast was not happy with our coverage. Through the brand protection company Cyveillance they sent a cease and desist letter for an alleged copyright infringement, demanding that we take the article offline, or face legal action.

The threats are clear. If we fail to comply with the takedown notice within five days Comcast will file a lawsuit seeking immediate injunctive relief, compensatory damages, statutory damages, punitive damages, attorneys’ fees and costs of the suit.

Unfortunately, the email above provides no indication of what we have done wrong. It simply states that we infringed on Comcast’s copyrights without explaining what the actual infringement entails.

To find out more we contacted Cyveillance with a request for additional information. In a quick response, the company informed us that the copy of the subpoena response was the problem.

“The thing that we would like you to remove from you post is the copy of the subpoena form that contains Comcast subscriber’s information, The rest of the post can stay,” we were told.

While the response is clear, it still doesn’t explain what the actual infringement is. According to our knowledge court records are public domain and can be freely used by reporters, especially when they are the center of a news piece.

When we pointed this out to Cyveillance the company suddenly informed us that Comcast told them to “hold off on working on the removal of the post in question.” Baffled by the situation, and unclear how to proceed we asked for further details. However, everything went silent and several follow-up emails sent by us since Monday afternoon have gone unanswered.

Meanwhile, the situation further deteriorated when we learned that our hosting provider LeaseWeb received the same cease and desist notice. LeaseWeb alerted us to this problem on Tuesday and stated that our IP-address would be blocked if the issue was not resolved within 24 hours.

We contacted Cyveillance and alerted them to this issue, but again, no response.

TorrentFreak has consulted several legal experts who agree that we’ve done nothing wrong here. Also, Comcast has not asked the court to seal the filing in question and it can still be accessed through the court records.

While we generally refrain from writing about Internal issues, we believe this copyright claim is a matter is in the public interest and one they should be aware of. We hope that Comcast can clarify its stance eventually, and that our server remains online in the meantime.

Update 7pm CET: A Comcast spokesperson responded to an inquiry we sent to the company’s lawyers:

“(I) am replying to let you know that the cease and desist was sent in error, and you may disregard it. We apologize for any confusion this may have caused.”
http://torrentfreak.com/comcast-thre...gement-130821/





Newest YouTube User to Fight a Takedown is Copyright Guru Lawrence Lessig

EFF has filed a second lawsuit over a "bogus" takedown, hoping for better results.
Joe Mullin

Illegitimate or simply unnecessary copyright claims are, unfortunately, commonplace in the Internet era. But if there's one person who's probably not going to back down from a claim of copyright infringement, it's probably Larry Lessig, one of the foremost writers and thinkers on digital-age copyright. Lessig has been advocating for reforms to copyright for many years now.

If Liberation Music was thinking they'd have an easy go of it when they demanded that YouTube take down a 2010 lecture of Lessig's entitled "Open," they were mistaken. Lessig has teamed up with the Electronic Frontier Foundation to sue Liberation, claiming that its overly aggressive takedown violates the DMCA and that it should be made to pay damages.

Liberation Music owns the exclusive license to "Lisztomania" by the French band Phoenix, and snippets of that song featured prominently in Lessig's lecture. According to the complaint, Lessig showed clips of different groups of amateurs dancing to the song in Brazil, Israel, Brooklyn, Latvia, and Kenya. His point was such spontaneous outbreaks of online culture are "the latest in the time-honored 'call and response' tradition of communication."

The lecture was from 2010, but Lessig posted it in June of this year.

Lessig's lawsuit runs through the checklist of fair use, making a case for why his lecture is obviously falls under that distinction: he used a small proportion of the song, his lecture doesn't compete with the market for the song in any way, and his lecture is an entirely new creation. Phoenix wanted its song to entertain and make money; Lessig's lecture was educational, and neither he nor Creative Commons, the sponsor, made any profit.

The EFF and Lessig are hoping Liberation Music will have to pay damages under 512(f), the section of the DMCA that requires copyright owners to pay damages when they go too far in issuing a takedown. Hardly any copyright owner has ever had to pay damages under 512(f). The EFF's one lawsuit in this area has been the incredibly long-lasting Lenz v. Universal "dancing baby" lawsuit. That case, filed in 2007, is just now lumbering towards an appeal court, and EFF has seen mixed results in that case.

The foundation is hoping for a better outcome here. Universal immediately backed down over the Lenz video, but still got slapped with an EFF lawsuit. Liberation, by contrast, threatened Lessig with a suit and forced him to keep his video offline.

"I have the opportunity, with the help of EFF, to challenge this particular attack," said Lessig in a press release. "I am hopeful the precedent this case will set will help others avoid such a need to fight."
http://arstechnica.com/tech-policy/2...wrence-lessig/





Half of 2011 Papers Now Free to Read

Boost for advocates of open-access research articles.
Richard Van Noorden

Search the Internet for any research article published in 2011, and you have a 50–50 chance of downloading it for free. This claim — made in a report1 produced for the European Commission — suggests that many more research papers are openly available online than was previously thought. The finding, released on 21 August, is heartening news for advocates of open access. But some experts are raising their eyebrows at the high numbers.

There has been a steady move over the past few years towards getting research papers that are funded by government money into the public domain, and the best estimates2, 3 for the proportion of papers free online run at around 30%. But these are underestimates, argues Éric Archambault, the founder and president of Science-Metrix, a consultancy in Montreal, Canada, that conducted the analysis for the European Commission.

The firm initially asked a team led by Stevan Harnad, an open-access campaigner and cognitive scientist at the University of Quebec in Montreal, to check a random sample of 20,000 papers published in 2008 (from the Scopus database of papers run by Elsevier). It used a program designed by Yassine Gargouri, a computer scientist at the same university, to find free articles. The team found that 32% of the papers that it downloaded in December 2012 were freely available. But when Archambault’s group checked 500 of these papers manually using Google and other search engines and repositories, the figure rose to 48%.

On the basis of this initial test, Science-Metrix applied its own automated software, or ‘harvester’, to 320,000 papers downloaded from2004 to 2011; the tool searches publishers’ websites, institutional archives, repositories such as arXiv and PubMed Central, and sites such as the academic networking site ResearchGate and the search engine CiteSeerX.

It found that an average of 43% of articles published during 2008–11 are available online for free, with the results varying by country and discipline (see ‘Freedom online’). But the true figure is probably higher, because the harvester does not pick up every free paper. When the incompleteness is adjusted for, the proportion of free articles from 2011 rises to about 50%, says Archambault.

The report “confirms my optimism”, says Peter Suber, director of the Office for Scholarly Communication at Harvard University in Cambridge, Massachusetts, and a proponent of open access to research. He thinks that it reflects the experiences of working scientists today. “When researchers hit a paywall online, they turn to Google to search for free copies — and, increasingly, they are finding them,” he says.

The rise of open-access journals is part of the explanation: the share of papers published in these journals rose from 4% in 2004 to 12% by 2011, the report found — agreeing with figures published last year by Bo-Christer Björk, who studies information systems at the Hanken School of Economics in Helsinki.

But the number of peer-reviewed manuscripts made free by other means has also increased, the report says. That includes those eventually made free — often a year after publication, and sometimes on a temporary promotional basis — by publishers that charge for subscription. But it also includes manuscripts that researchers themselves archive online on repositories and personal websites. Some of the articles, although free to read, may not meet formal definitions of open access because, for example, they do not include details on whether readers can freely reuse the material.

The report does not try to distinguish between types of manuscript, nor where and how they were posted, says Archambault. “The situation is so complex that it’s very hard to measure.”

Björk says that the latest measurements seem to have been carefully done, although he adds that because he does not have details of the robotic harvester’s code, he cannot evaluate its method. “Experts on the subject would probably agree that the open-access share of papers, measured around a year and a half after publication, is currently at least 30%,” he says. “Anything above that is dependent on ways of measuring, with this new study representing the highest estimate.”

The report, which was not peer reviewed, calls the 50% figure for 2011 a “tipping point”, a rhetorical flourish that Suber is not sure is justified. “The real tipping point is not a number, but whether scientists make open access a habit,” he says.

Harnad thinks that the next step should be to obtain more accurate measures of when papers become free. “It’s hardly a triumph if articles are only accessible after a one-year embargo,” he says. Greater measurement accuracy is tricky to achieve, he adds, because Google routinely blocks all robotic harvesters. He believes that research on the growth of open access should be given special concessions.

The proportion of free online papers is likely to increase in the next few years. The European Commission says that, from 2014, the results of all research funded by the European Union must be open access. And in February, the US White House announced that government-funded research should be made free to read within 12 months of publication (see Nature 494, 414–415; 2013). Federal agencies are due to submit their plans for achieving this to the US Office of Science and Technology Policy by 22 August.
http://www.nature.com/news/half-of-2...o-read-1.13577





Government Seeks Input as to Copyright Policy for Digital Age

The United States Department of Commerce Internet Policy Task Force has issued a 122-page paper which, among other things, calls for comment as to changes which should be made in the copyright law to accommodate the technological advances of the digital age, entitled "COPYRIGHT POLICY, CREATIVITY, AND INNOVATION IN THE DIGITAL ECONOMY." In a blog post about the paper, issued by the United States Patent & Trademark Office, entitled "We Want to Hear from You on Copyright Policies in the Digital Economy", Chief Policy Officer and Director for International Affairs Shira Perlmutter writes:

“The Green Paper calls for new public input on critical policy issues that are central to our nation’s economic growth, cultural development and job creation..... [W]e will soon be reaching out to the public for views on a variety of topics. Please stay tuned for announcements about how to share your thoughts, insights, and recommendations.

In recent years, the debates over copyright have become increasingly contentious. Too often copyright and technology policies are seen as pitted against each other, as if a meaningful copyright system is antithetical to the innovative power of the Internet, or an open Internet will result in the end of copyright. We do not believe such a dichotomy is necessary or appropriate.....

By intention, the Green Paper does not set out substantive policy recommendations, except where the administration is already on record with a stated position. Rather, it seeks to provide a thorough and objective review of the lay of the land—describing changes that have already occurred, identifying areas where more work should be done, and setting out paths to move that work forward..... ...

In the coming weeks, we will begin to move forward on the specific items outlined in the paper for IPTF action:

Establishing a multistakeholder dialogue on improving the operation of the notice and takedown system for removing infringing content from the Internet under the Digital Millennium Copyright Act (DMCA).

Soliciting public comment and convening roundtables on:

The legal framework for the creation of remixes—user-generated content that uses portions of copyrighted works in creative ways.

The relevance and scope of the first sale doctrine in the digital age.

The appropriate calibration of statutory damages in the context of (1) individual file sharers and (2) secondary liability for large-scale infringement.

Whether and how the government can facilitate the further development of a robust online licensing environment, including access to comprehensive public and private databases of rights information.”
- See more at: http://recordingindustryvspeople.blo....v5SO8LyX.dpuf
http://recordingindustryvspeople.blo...copyright.html





Most of U.S. Is Wired, But Millions Aren’t Plugged In
Edward Wyatt

The Obama administration has poured billions of dollars into expanding the reach of the Internet, and nearly 98 percent of American homes now have access to some form of high-speed broadband. But tens of millions of people are still on the sidelines of the digital revolution.

“The job I’m trying to get now requires me to know how to operate a computer,” said Elmer Griffin, 70, a retired truck driver from Bessemer, Ala., who was recently rejected for a job at an auto-parts store because he was unable to use the computer to check the inventory. “I wish I knew how, I really do. People don’t even want to talk to you if you don’t know how to use the Internet.”

Mr. Griffin is among the roughly 20 percent of American adults who do not use the Internet at home, work and school, or by mobile device, a figure essentially unchanged since Barack Obama took office as president in 2009 and initiated a $7 billion effort to expand access, chiefly through grants to build wired and wireless systems in neglected areas of the country.

Administration officials and policy experts say they are increasingly concerned that a significant portion of the population, around 60 million people, is shut off from jobs, government services, health care and education, and that the social and economic effects of that gap are looming larger. Persistent digital inequality — caused by the inability to afford Internet service, disinterest or a lack of computer literacy — is also deepening racial and economic disparities in the United States, experts say.

“As more tasks move online, it hollows out the offline options,” said John B. Horrigan, a senior research fellow at the Joint Center for Political and Economic Studies. “A lot of employers don’t accept offline job applications. It means if you don’t have the Internet, you could be really isolated.”

Seventy-six percent of white American households use the Internet, compared with 57 percent of African-American households, according to the “Exploring the Digital Nation,” a Commerce Department report released this summer and based on 2011 data.

The figures also show that Internet use over all is much higher among those with at least some college experience and household income of more than $50,000.

Low adoption rates among older people remain a major hurdle. Slightly more than half of Americans 65 and older use the Internet, compared with well over three-quarters of those under 65.

In addition, Internet use is lowest in the South, particularly in Mississippi, Alabama and Arkansas.

Willa Ohnoutka, 78, who has lived in the same house in suburban Houston for 40 years, said she did not use the Internet at all. “I use my telephone,” Ms. Ohnoutka said. “I get news on the TV. I’m just not comfortable involving myself with that Internet.”

Others cite expense as the reason they do not use the Internet.

“I am cheap,” said Craig Morgan, 23, a self-employed carpenter from Oxford, Miss. So far, he has made do without the Internet at home, but while he has used a smartphone to connect, that has limitations, he said.

“When we came home from the hospital with our new baby two months ago,” the hospital “took pictures and put them online,” he said. “We had to go to my in-laws to order them.”

Gloria Bean, 41, an elementary school teaching assistant from Calhoun City, Miss., said cost was also a reason she had not had Internet access at home for three years.

“I just couldn’t afford it,” she said. Being cut off, she said, “has affected me and my children.”

“They have to have it for school to do research for a paper or something they need for class,” Ms. Bean said.

As a result, she added, she often rushes from her job at school to pick up her children and take them to the library, where there are 10 computers.

The Obama administration allocated $7 billion to broadband expansion as part of the 2009 economic stimulus package. Most of it went to build physical networks. About half of those infrastructure programs have been completed, with Internet availability growing to 98 percent of homes from fewer than 90 percent.

About $500 million from the package went toward helping people learn to use the Internet. Those programs were highly successful, though on a small scale, producing more than half a million new household subscribers to Internet service, Commerce Department statistics show.

“We recognize more work needs to be done to ensure that no Americans are left behind,” said John B. Morris Jr., director of Internet policy at the National Telecommunications and Information Administration, part of the Commerce Department. “Increasing the level of broadband adoption is a complex, multifaceted challenge with no simple, one-size-fits-all solution.”

The percentage of people 18 years and older in the United States who have adopted the Internet over the past two decades has grown at a rate not seen since the popularization of the telephone, soaring nearly fivefold, from 14 percent in 1995. Although that growth slowed in more recent years, it had still moved close to 80 percent of the population by the beginning of the Obama administration in 2009, according to several academic and government studies.

Since then, however, the number has not budged, shifting between 74 percent and 79 percent through 2011, according to one study, by the Pew Internet and American Life Project. Pew’s most recent research shows the figure fluttering this year between 81 percent and 85 percent, a slight uptick that experts attribute to the still-growing popularity of smartphones. Most smartphone users also have home connections, however, and do not face the affordability or digital literacy problems that have caused Internet adoption to remain stagnant.

Even at that level of Internet adoption, however, the United States, with the world’s largest economy by far, ranked seventh among 20 major global economies in 2012, down from fourth in 2000, according to the International Telecommunication Union, a United Nations agency. Ranking ahead of the United States were Britain, Canada, South Korea, Germany, France and Australia, as well as nearly every other smaller country in Western Europe.

Aaron Smith, a senior researcher at the Pew Project, said that when the center asked nonusers if they believed they were missing out or were disadvantaged by not using the Internet, most of the older Americans said no, it was not relevant to them. “But when you excluded the seniors,” he added, “most people said, ‘Yeah, I feel like I’m not getting the access to all the things that I need.’ ”

Researchers say the recent recession probably contributed to some of the flattening in Internet adoption, just as the Great Depression stalled the arrival of home telephone service. But a significant portion of nonusers cite their lack of digital literacy skills as a discouraging factor.

Some programs, like the federally financed Smart Communities, have shown promising results. Smart Communities, a $7 million effort in Chicago that was part of the administration’s $7 billion investment, provided basic Internet training in English and Spanish for individuals and small businesses. Between 2008 and 2011, the Smart Communities participants registered a statistically significant 15 percentage-point increase in Internet use compared with that in other Chicago community areas.

The Federal Communications Commission and some Internet providers have started programs to make Internet service more affordable for low-income households. Comcast’s two-year-old Internet Essentials program, which offers broadband service for $10 a month to low-income families, has signed up 220,000 households out of 2.6 million eligible homes in Comcast service areas.

Those types of programs hold promise, administration officials say, but they remain unsatisfied. “I’ve seen enough to know that we’re making good progress,” said Thomas C. Power, the administration’s deputy chief technology officer for telecommunications. “But I also know we need to make more progress.”

Cynthia Howle, Glenny Brock and Alan Blinder contributed reporting.
http://www.nytimes.com/2013/08/19/te...-internet.html





Facebook Launching Project to Make Internet More Affordable

Facebook Inc's (FB.O) Chief Executive Mark Zuckerberg has enlisted Samsung Electronics Co Ltd (005930.KS), Qualcomm Inc (QCOM.O) and four other companies for a project aimed at bringing Internet access to people around the world who can't afford it, mirroring efforts by Google Inc (GOOG.O) and others.

The project is called Internet.org and will be launched Wednesday. It focuses on enabling the next 5 billion people without access to come online, Zuckerberg said.

"The goal of Internet.org is to make Internet access available to the two-thirds of the world who are not yet connected and to bring the same opportunities to everyone that the connected third of the world has today," said Zuckerberg.

Other players in the project include Ericsson (ERICb.ST), MediaTek Inc (2454.TW), Nokia (NOK1V.HE), and Opera Software ASA (OPERA.OL).

The partnership will develop lower-cost, higher-quality smartphones and deploy Internet access in underserved communities, Facebook said. (link.reuters.com/zen52v)

Google said in June that it had launched a small network of balloons over the Southern Hemisphere in an experiment it hopes could bring reliable Internet access to the world's most remote regions.

That pilot program, Project Loon, took off in June from New Zealand's South Island, using solar-powered, high-altitude balloons that ride the wind about 12.5 miles, or twice as high as airplanes, above the ground, Google said.

(Reporting by Ashutosh Pandey and Krithika Krishnamurthy in Bangalore)
http://www.reuters.com/article/2013/...97K04P20130821





Conn. Police: Cable Outage Not 911-Worthy
AP

A Connecticut police department wants people to know that missing your favorite show isn't an emergency.

Fairfield police say they received numerous 911 calls about a cable outage that hit parts of southwestern Connecticut on Sunday night.

The message on the department's Facebook page says the outage is "neither an emergency or a police related concern."

The post warns that 911 should be used for life-threatening emergencies only and misuse of the 911 system may result in an arrest.

The Twitter account for Cablevision's Optimum cable service initially said the problem would be fixed by 11 p.m. but later said there was no estimated time for service to be restored.
http://www.nytimes.com/aponline/2013...911-calls.html





Here’s What You Find When You Scan The Entire Internet in an Hour
Timothy B. Lee

Until recently, scanning the entire Internet, with its billions of unique addresses, was a slow and labor-intensive process. For example, in 2010 the Electronic Frontier Foundation conducted a scan to gather data on the use of encryption online. The process took two to three months.

A team of researchers at the University of Michigan believed they could do better. A lot better. On Friday, at the Usenix security conference in Washington, they announced ZMap, a tool that allows an ordinary server to scan every address on the Internet in just 44 minutes.

The EFF team used a tool called Nmap that sends a request to a machine and then listens for the recipient to reply. These requests can be conducted in parallel, but keeping records for each outstanding request still creates a lot of overhead, which slows down the scanning process.

In contrast, ZMap is “stateless,” meaning that it sends out requests and then forgets about them. Instead of keeping a list of oustanding requests, ZMap cleverly encodes identifying information in outgoing packets so that it will be able to identify responses. The lower overhead of this approach allows ZMap to send out packets more than 1,000 times faster than Nmap. So while an Internet-wide scan with Nmap takes weeks, ZMap can (with a gigabit network connection) scan the entire Internet in 44 minutes.

The ability to rapidly and cheaply scan the entire Internet opens up some fascinating new possibilities for Internet-wide research. Here are some of the interesting things the Michigan team did with their new toy.

The increasingly encrypted Web

More and more Web sites are using the encrypted HTTPS version of the Web’s fundamental protocol. How quickly are organizations switching? In the past, getting even a single estimate was a slow and expensive process. But ZMap can not only answer the question in under an hour, but through regular scanning it can track the growing popularity of HTTPS over time.

Using ZMap, the Michigan researchers found that over the last year, HTTPS use by the top 1 million Web sites (the red line) has increased by about 23 percent, and the number of HTTPS overall (the blue line) increased by almost 20 percent.

How hurricanes damage the Internet

When major natural disasters strike, they can force computers offline. That provides a clever way to measure the extent of damage. From Oct. 29-31 of last year, as Hurricane Sandy was pounding the East Coast of the United States, the researchers conducted Internet-wide scans every two hours. After linking IP addresses to geographic locations, they could observe which areas saw the most severe disruptions. This map shows “locations with more than a 30 percent decrease in the number of listening hosts.”

The Internet’s sleep cycle

When scans took weeks, it didn’t really matter when you started a scan. But when they take less than an hour, it does. So when is the best time to conduct a network-wide scan? To investigate this question, the researchers conducted scans at different times of the day and observed how many responses they got. Here’s what they found:

There are a couple of possible explanations for this pattern. It’s possible that some online services are only available at certain times of day. But a more likely explanation has to do with congestion. By default, ZMap only sends one packet to each host. If a packet is sent during a period of high network congestion, the packet, or the recipient’s response, is more likely to get lost. In any event, the best time to scan the Internet, at least from Michigan, seems to be early in the morning. The worst time is in the early evening.

Widespread security flaws

Security researchers regularly discover security flaws in existing software, forcing manufacturers to hastily put out bug fixes. But how long does it take for users to actually apply the fixes? ZMap provides a quick and efficient way to find out. In one experiment, the team scanned the Internet for a major vulnerability discovered earlier this year in a technology known as Universal Plug and Play. A couple of weeks after the vulnerability was discovered, the researchers scanned the Internet to find out how many hosts had failed to upgrade. Out of 15.7 UPnP devices, they found 2.56 million (16.7 percent) had not yet upgraded.

In another experiment, the researchers scanned the Internet for encryption keys known to have one of two problems, discovered in 2008 and 2011, respectively. The graphs at right show the results of repeated scans between June 2012 and June 2013. This is somewhat encouraging. Only a small fraction of encryption keys suffer from either vulnerability, and in both cases the number of vulnerable keys has been trending downward. But there are still 2743 hosts with the “Debian weak key” vulnerability, and 44,600 hosts with “factorable RSA keys.”

The ability to rapidly find computers with security vulnerabilities can be a good thing if it allows ethical security researchers and software vendors to find and notify systems administrators about problems before information is released to the general public. But ZMap could also be used for evil. A malicious hacker could use the tool to rapidly identify computers that have unpatched vulnerabilities and compromise them in parallel, creating a million-machine botnet in a matter of hours.
http://www.washingtonpost.com/blogs/...et-in-an-hour/





"Jekyll" Test Attack Sneaks Through Apple App Store, Wreaks Havoc On iOS

Like a Transformer robot, Apple iOS app re-assembles itself into attacker
John Cox

Acting like a software version of a Transformer robot, a malware test app sneaked through Apple’s review process disguised as a harmless app, and then re-assembled itself into an aggressive attacker even while running inside the iOS “sandbox” designed to isolate apps and data from each other.

The app, dubbed Jekyll, was helped by Apple’s review process. The malware designers, a research team from Georgia Institute of Technology’s Information Security Center (GTISC), were able to monitor their app during the review: they discovered Apple ran the app for only a few seconds, before ultimately approving it. That wasn’t anywhere near long enough to discover Jekyll’s deceitful nature.

The name is a reference to the 1886 novella by Robert Louis Stevenson, called “The Strange Case of Dr Jekyll and Mr Hyde.” The story is about the two personalities within Dr. Henry Jekyll: one good, but the other, which manifests as Edward Hyde, deeply evil.

Jekyll’s design involves more than simply hiding the offending code under legitimate behaviors. Jekyll was designed to later re-arrange its components to create new functions that couldn’t have been detected by the app review. It also directed Apple’s default Safari browser to reach out for new malware from specific Websites created for that purpose.

“Our research shows that despite running inside the iOS sandbox, a Jekyll-based app can successfully perform many malicious tasks, such as posting tweets, taking photos, sending email and SMS, and even attacking other apps – all without the user’s knowledge,” says Tielei Wang, in a July 31 press release by Georgia Tech. http://www.gatech.edu/newsroom/release.html?nid=225501 Wang led the Jekyll development team at GTISC; also part of the team was Long Lu, a Stony Brook University security researcher.

Some blogs and technology sites picked up on the press release in early August. But wider awareness of Jekyll, and its implications, seems to have been sparked by an August 15 online story in the MIT Technology Review, by Dave Talbot, who interviewed Long Lu for a more detailed account.

Jekyll “even provided a way to magnify its effects, because it could direct Safari, Apple’s default browser, to a website with more malware,” Talbot wrote.

A form of Trojan Horse malware, the recreated Jekyll, once downloaded, reaches out to the attack designers for instructions. “The app did a phone-home when it was installed, asking for commands,” Lu explained. “This gave us the ability to generate new behavior of the logic of that app which was nonexistent when it was installed.”

Sandboxing is a fundamental tenet of secure operating systems, intended to insulate apps and their associated data from each other, and avoid the very attacks and activities that Jekyll was able to carry off. It’s also explicitly used as a technique for detecting malware by running code in a protected space where it can be automatically analyzed for traits indicative of a malicious activity. The problem is that attackers are well aware of sandboxing and are working to exploit existing blind spots. [See “Malware-detecting 'sandboxing' technology no silver bullet”]

“The Jekyll app was live for only a few minutes in March, and no innocent victims installed it, Lu says,” according to Talbot’s account. “During that brief time, the researchers installed it on their own Apple devices and attacked themselves, then withdrew the app before it could do real harm.”

“The message we want to deliver is that right now, the Apple review process is mostly doing a static analysis of the app, which we say is not sufficient because dynamically generated logic cannot be very easily seen,” Lu says.

The results of the new attack, in a paper titles “Jekyll on iOS: when benign apps become evil,” was scheduled to be presented in a talk last Friday at the 22nd Usenix Security Symposium, in Washington, D.C. The full paper is available online. In addition to Wang and Lu, the other co-authors are Kangjie Lu, Simon Chung, and Wenke Lee, all with Georgia Tech.

Apple spokesman Tom Neumayr said that Apple “some changes to its iOS mobile operating system in response to issues identified in the paper,” according to Talbot. “Neumayr would not comment on the app-review process.”

Oddly the same July 31 Georgia Tech press release that revealed Jekyll also revealed a second attack vector against iOS devices, via a custom built hardware device masquerading as a USB charger. Malware in the charger was injected into an iOS device. This exploit, presented at the recent Black Hat Conference, was widely covered (including by Network World’s Layer8 blog) while Jekyll was largely overlooked.
http://www.networkworld.com/news/201...gh-272947.html





Millions Stolen from US Banks After 'Wire Payment Switch' Targeted
Danielle Walker

Criminals have recently hijacked the wire payment switch at several US banks to steal millions from accounts, a security analyst says.

Gartner vice president Avivah Litan said at least three banks were struck in the past few months using "low-powered" distributed denial-of-service (DDoS) attacks meant to divert the attention and resources of banks away from fraudulent wire transfers simultaneously occurring.

The loses “added up to millions [lost] across the three banks", she said.

"It was a stealth, low-powered DDoS attack, meaning it wasn't something that knocked their website down for hours."

The attack against the wire payment switch -- a system that manages and executes wire transfers at banks -- could have resulted in even far greater loses, Litan said.

It differed from traditional attacks which typically took aim at customer computers to steal banking credentials such as login information and card numbers.

While it was unclear how the attackers gained access to the wire payment switch, fraudsters could have targeted bank staff with phishing emails to plant malware on bank computers.

RSA researcher Limor Kessem said she had not seen the wire payment switch attacks in the wild, but the company had received reports of the attacks from customers.

"The service portal is down, the bank is losing money and reliability, and the security team is juggling the priorities of what to fix first," she said.

"That's when the switch attack – which is very rare because those systems are not easily compromised [and require] high-privilege level in a more advanced persistent threat style case – takes place."

Litan declined to name the victim banks but said that the attacks did not appear linked to recent hacktivist-launched DDoS attacks against US banks since they were entirely financially driven.

Researchers at Dell SecureWorks in April detailed how DDoS attacks were used as a cover for fraudulent attacks against banks.

The researchers said fraudsters were using Dirt Jumper, a $200 crimeware kit that launches DDoS attacks, to draw bank employees' attention away from fraudulent wire and ACH transactions ranging from $180,000 to $2.1 million in attempted transfers.

Last September, the FBI, Financial Services Information Sharing and Analysis Center, and the Internet Crime Complaint Center, issued a joint alert about the Dirt Jumper crimeware kit being used to prevent bank staff from identifying fraudulent transactions.

In the alert, the organisations said criminals used phishing emails to lure bank employees' into installing remote access trojans and keystroke loggers that stole their credentials.

In some incidents, attackers who gained the credentials of multiple employees were able to obtain privileged access rights and “handle all aspects of a wire transaction, including the approval,” the alert said – a feat that sounds daringly similar to recent attacks on the wire hub at banks.

“In at least one instance, actors browsed through multiple accounts, apparently selecting the accounts with the largest balance."

Litan suggested that financial institutions "slow down" their money transfer system when experiencing DDoS attacks in order to minimise the impact of such threats.
http://www.scmagazine.com.au/News/35...-targeted.aspx





Ditch Your Passwords -- US Gov To Issue Secure Online IDs

SecureKey, based in Toronto, today announced it has been awarded a contract by the USPS to provide a cloud-based authentication infrastructure.
Tom Groenfeldt

Get ready for a new set of abbreviations — this is part of some federal programs that have been underway for several years, mostly below the radar — at least this is the first I have heard of it despite being an avid reader of tech publications. But apparently a lot of people have been working on this — some of the relevant Web sites and information sources are listed below.

The Federal Cloud Credential Exchange (FCXX) is designed to enable individuals to securely access online services —such as health benefits, student loan information, and retirement benefit information—at multiple federal agencies without the need to use a different password or other digital identification for each service. The first federal agency to use it will be the Veterans Administration.

SecureKey already operates a trusted identity service in Canada. Andre Boysen, chief marketing officer for SecureKey Technologies, said that Canadians using identification keys provided by one of five participating Canadian banks, can connect with 120 government programs online with no additional user names or passwords for everything from benefits queries to fishing licenses. He compared the identification network concept to payment networks.

“Like payment networks, you have providers and subscribers, and it provides an easier way for consumers to get benefits.” he said. “The challenge for governments is they can’t authenticate because they can’t see the users.”

This is part of implementing President Obama’s National Strategy for Trusted Identities in Cyberspace (NSTIC) and the federal government’s policies and procedures under its Identity, Credential and Access Management (ICAM) program.

The identity gurus have an active organization and Web site at www.idecosystem.org which posted this note:

“The National Strategy for Trusted Identities in Cyberspace (NSTIC), signed by the President in April 2011, states, ‘A secure cyberspace is critical to our prosperity.’ This powerful declaration makes clear that securing cyberspace is absolutely essential to increasing the security and privacy of transactions conducted over the Internet. The Identity Ecosystem envisioned in the NSTIC is an online environment that will enable people to validate their identities securely, but with minimized disclosure of personal information when they are conducting transactions.”

For more information on NSTIC and ICAM go to nist.gov/nstic/ or idmanagement.gov/approved-identity-providers.
SecureKey is also in pilots with government organizations in the UK.

SecureKey said it was chosen by the USPS for its innovative federated authentication platform, SecureKey briidge.net Exchange. This cloud-based authentication and credential brokerage service is at the heart of the Federal credential program, enabling it to easily and cost-effectively broker user credential management capabilities instead of having to create and manage an authentication infrastructure robust enough to handle tens of millions of citizens by itself.

The cloud-based service follows federal guidelines to protect privacy, said SecureKey, although exactly what that means after the Snowden revelations is not clear. The credential exchange will be designed to transmit credential information securely without knowing users’ actual identities. It will also limit the ability of third-party credential providers and the federal agencies relying on their credentials to track citizens’ transactions among agencies.

The SecureKey program is designed to connect identity providers—such as banks, governments, healthcare organizations, and others—with consumers’ favorite online services though a cloud-based broker service. The platform allows identity providers and online services to integrate once, reducing the integration and business complexity otherwise incurred in establishing many-to-many relationships. The company said it reduces credential management costs for online service providers, while removing user sign-up barriers, preserving user privacy, and providing convenience.

One agency that could see large benefits is the IRS. A study (http://www.nist.gov/director/plannin...report13-2.pdf) by the National Institute of Standards and Technology (NIST) estimated

Boysen said the IRS is a great example of the value of a single user credential usable across multiple agencies. Most people interact with the IRS just once a year, so remembering a user name and password would be difficult. Meanwhile the IRS estimates it loses $5 billion a year to fraud such as paying out rebates to stolen identities.

By using third-party authentication like SecureKey rather than developing its own program, the IRS would save $40 million to $111 million in adoption costs and another $2 million to $19 million in annual maintenance costs, the study estimates.

The study did not claim it would save the IRS from identity fraud but said it would make it much easier for the agency to identify citizens and exchange information with them without subjecting them to identity theft. Identity theft affected over 8 million Americans and cost over $30 billion, according to a 2011 Javelin study.

“Public and private sector organizations are spending billions of dollars trying to prevent unauthorized access to their IT systems and to mitigate the damage when unauthenticated access occurs.”
The study said users are tired of all the requests for registration from Web sites. One report found that 77 percent of users change their behavior when asked to register online, with 60 percent leaving the site.

“Beyond being frustrating to internet users, this situation also represents a loss of business for companies.”

The UAE has a similar program to develop secure IDs for its citizens. I wrote about it for Banking Technology magazine (http://www.bankingtech.com/142841/id...s-event/)after a conference in Dubai earlier this year.
http://www.forbes.com/sites/tomgroen...re-online-ids/





Why Google's Now Encrypting Data In The Cloud
Selena Larson

In what seems to be a response to increased anxiety about the privacy of data stored online among both consumers and businesses following revelations of extensive spying by US government agencies, Google announced that Google Cloud Storage, a service used by third-party developers to build cloud apps, now automatically encrypts all data before it is written to disk. Google is not charging anything extra for the service.

Users of Cloud Storage do not need to configure or modify the way they access the service—though if developers were previously managing their own encryption, they may want to reprogram their apps to save themselves the work.

The data is encrypted automatically with a unique key under the 128-bit Advanced Encryption Standard (AES-128). Users who prefer to manage their own keys are encouraged to continue encrypting their data personally before writing it to the cloud. This new feature is active on all new data written to the cloud. Older data will be encrypted over the next few months.

Google’s announcement comes on the heels of concerns that the National Security Agency and other US agencies overstepped their legal authorities in conducting surveillance over data networks. But Google is also playing catch-up with other cloud-storage platforms like Amazon. That company implemented server-side encryption on its Amazon S3 storage service in 2011.
http://readwrite.com/2013/08/16/goog...ion-cloud-data





Switching To Gmail May Leave Reporters' Sources At Risk
Steve Henn

In the digital world, almost everything you do to communicate leaves a trace. Often, emails are stored on servers even after they're deleted. Phone calls create logs detailing which numbers connected, when and for how long. Your mobile phone can create a record of where you are.

If you're a journalist trying to protect a confidential source, this is a very difficult world to work in.

"I have been running around in my newsroom, screaming about this ... for years," says Julia Angwin, who covers computer security and privacy at The Wall Street Journal. "There's so much evidence now that journalists are being targeted, that our communications are vulnerable and, mostly, that our sources are being put in jail."

It's in this context that The New York Times decided to outsource its email to Google. This summer, the paper moved all of its reporters onto corporate Gmail accounts. Before the switch, Times emails were stored on servers it owned; now those messages are in Google's digital filing cabinet.

'A Sense Of Nervousness'

Unlike the free Gmail used by millions of consumers, corporate Gmail accounts cost money and offer greater privacy protections. But that protection is not complete, and the move could leave Times reporters and their sources with fewer legal protections if they are the subject of a government investigation.

Angwin says one of the reasons that so many journalists have been unable to protect their sources is that records about whom they are talking to are collected by third parties. Last year, when the Department of Justice was investigating a leak about a foiled terrorism plot in Yemen, it didn't subpoena reporters at the Associated Press. Instead, it went to Verizon and asked for the records of calls going into and out of the AP's bureaus.

Prosecutors also go after journalists' private email accounts. And often investigative requests to companies like Google and Verizon come with gag orders.

"I find that all of this, including the AP revelations, contributed to a sense of nervousness among sources," says Jennifer Valentino-DeVries, also of The Wall Street Journal. "Even people who are not discussing particularly sensitive information with me will comment about the possibility of my emails and phone calls being tapped. And I think that's been disconcerting."

"I worry a lot about the outsourcing of email at a news organization. We only have two layers of protection, right? One is technological and one is legal," Angwin says. "So certainly our lawyers at a news organization are gonna fight to protect our emails. But, if they don't fully control them technically, they can't mount a very good argument.

"If Gmail is handling our emails, then we have to rely on them to mount our legal arguments," she adds. "And that's not a situation that news organizations have been in, in the past."

Investigations And Gag Orders

The New York Times isn't the only media organization to outsource its email. In a statement, it said it had discussed the legal issues involved in detail and the company is confident that its deal with Google, combined with precautions its journalists are now taking, has enhanced the protection of sensitive information. Right now, the Times believes hackers are a bigger security threat than government investigations or gag orders.

Fred Cate, the director of the Center for Applied Cybersecurity Research at Indiana University, says a large email service provider like Google may very well offer better security. Still, Cate says, when it comes to mounting a legal defense against a leak investigation, the Times is making itself vulnerable.

"There will be a gap. There is no question that there's going to be a gap," Cate says. "Because previously you would have had to serve that piece of paper on The New York Times."

Now, an investigator would serve Google. And if the request comes with a gag order, the Times might never know.
http://www.npr.org/blogs/alltechcons...ources-at-risk





Britain Detains Partner of Reporter Tied to Leaks
Charlie Savage and Michael Schwirtz

The partner of Glenn Greenwald, the journalist for The Guardian who has been publishing information leaked by the former National Security Agency contractor Edward J. Snowden, was detained for nine hours by the British authorities under a counterterrorism law while on a stop in London’s Heathrow Airport during a trip from Germany to Brazil, Mr. Greenwald said Sunday.

Mr. Greenwald’s partner, David Michael Miranda, 28, is a citizen of Brazil. He had spent the previous week visiting Laura Poitras, a documentary filmmaker who has also been helping to disseminate Mr. Snowden’s leaks, in Berlin, to assist Mr. Greenwald. The trip had been paid for by The Guardian, Mr. Greenwald said, and Mr. Miranda was on his way home to Rio de Janeiro, where they live.

Mr. Miranda, Mr. Greenwald said, was told that he was being detained under Section 7 of the British Terrorism Act, which allows the authorities to detain someone for up to nine hours for questioning and to conduct a search of personal items, often without a lawyer, to determine possible ties to terrorism. More than 97 percent of people stopped under the provision are questioned for under an hour, according to the British government.

“What’s amazing is this law, called the Terrorism Act, gives them a right to detain and question you about your activities with a terrorist organization or your possible involvement in or knowledge of a terrorism plot,” Mr. Greenwald said. “The only thing they were interested in was N.S.A. documents and what I was doing with Laura Poitras. It’s a total abuse of the law.”

He added: “This is obviously a serious, radical escalation of what they are doing. He is my partner. He is not even a journalist.”

London’s Metropolitan Police Service, which had jurisdiction over the case, said in a statement that Mr. Miranda had been lawfully detained under the Terrorism Act and later released, without going into detail.

“Holding and properly using intelligence gained from such stops is a key part of fighting crime, pursuing offenders and protecting the public,” the statement said.

The Guardian published a report on Mr. Miranda’s detainment on Sunday afternoon.

Mr. Greenwald said he received a call early on Sunday from someone who identified himself as a security official from Heathrow Airport who informed him that Mr. Miranda had been detained, at that point for three hours. The British authorities, he said, told Mr. Miranda that they would obtain permission from a judge to arrest him for 48 hours, but he was released at the end of the 9 hours, around 1 p.m. Eastern time.

The British authorities seized all of his electronic media — including video games, DVDs, and data storage devices — and have not returned them, Mr. Greenwald said. Mr. Miranda was scheduled to board a return flight later on Sunday.

A spokesman for the British Foreign Ministry said the episode was a “police matter” and would provide no further comment.

Civil rights groups in Britain have criticized Section 7 of the Terrorism Act, accusing the authorities of using the provision to arbitrarily stop and detain travelers, particularly Muslims. The British Home Office has said it is reviewing the provision in an effort to address the concerns.

A lawyer for The Guardian in London was working on trying to understand what had happened, as were foreign-affairs officials for Brazil both in that country and in London, Mr. Greenwald said. He said that he received a call from the Brazilian foreign minister about 40 minutes after alerting the Brazilian government, and that the Brazilian authorities were outraged.

Sergio Danese, the under secretary for consular affairs at Brazil’s Foreign Ministry, said he did not know why Mr. Miranda had been detained. He said Brazil’s consul general and embassy officials in London worked to resolve the situation. As of Sunday afternoon, Mr. Miranda was en route to Brazil, he said.

“We were satisfied with him being liberated,” Mr. Danese said.

Charlie Savage reported from Washington, and Michael Schwirtz from New York.
http://www.nytimes.com/2013/08/19/wo...-to-leaks.html





David Miranda Detention: MP Asks Police for Explanation

David Miranda: "I was kept in a room with six agents... asking me about everything."
BBC

Pressure is mounting on police to justify the detention of a journalist's partner under terror laws.

Senior politicians and an independent reviewer have said police must explain why David Miranda was detained for nine hours at Heathrow Airport.

Mr Miranda's partner is a journalist who published documents leaked by US whistleblower Edward Snowden.

Police have not said why Mr Miranda was held, but he said he was kept in a room and quizzed by "six agents".

Keith Vaz, chairman of the Home Affairs Select Committee, and shadow home secretary Yvette Cooper said police must explain why terrorism powers were used.

Brazil's foreign minister Antonio Patriota said he would call his UK counterpart William Hague to tell him the detention of Mr Miranda - a Brazilian national - was "not justifiable" and ask him to ensure it "won't happen again".

Questions 'about everything'

Mr Miranda, 28, was held at Heathrow on Sunday on his way from Berlin to Rio de Janeiro, where he lives with his partner, Guardian journalist Glenn Greenwald.

"I remained in a room, there were six different agents coming and going, talking to me," Mr Miranda said.

"They asked questions about my entire life, about everything.

"They took my computer, video game, mobile phone, my memory cards, everything."

In Germany, Mr Miranda had been staying with US film-maker Laura Poitras, who has also been working on the Snowden files with Mr Greenwald and the Guardian, according to the newspaper.

His flights were being paid for by the Guardian. A spokesman said he was not an employee of the newspaper but "often assists" with Mr Greenwald's work.

Mr Miranda was detained under schedule 7 of the Terrorism Act 2000. This allows police to hold someone at an airport for up to nine hours for questioning about whether they have been involved with acts of terrorism.

Anyone detained must "give the examining officer any information in his possession which the officer requests". Any property seized must be returned after seven days.

The Independent Reviewer of Terrorism Legislation, David Anderson QC, said it was very unusual for someone to be held for the full nine hours, and he wanted to "get to the bottom" of what had happened.

He said he had asked the Home Office and Scotland Yard for a full briefing.

'Bullying'

The Guardian said it was "dismayed" by the detention and was "urgently seeking clarification from the British authorities" as to why it had happened.

Glenn Greenwald greeted Mr Miranda when he arrived in Brazil earlier

The Metropolitan Police confirmed a 28-year-old man was held from 08:05 BST until 17:00 BST on Sunday under schedule 7 and was not arrested.

According to the Home Office, more than 97% of examinations under schedule 7 last less than an hour.

Mr Greenwald said the British authorities' actions in holding Mr Miranda amounted to "bullying" and linked it to his writing about Mr Snowden's revelations concerning the US National Security Agency (NSA).

He said it was "clearly intended to send a message of intimidation to those of us who have been reporting on the NSA and [UK intelligence agency] GCHQ".

He told the BBC police did not ask Mr Miranda "a single question" about terrorism but instead asked about what "Guardian journalists were doing on the NSA stories".

Mr Greenwald said he would respond by writing reports "much more aggressively than before".

"I have lots of documents about the way the secret services operate in England," he said.

"I think they are going to regret what they did."

'Extraordinary'

Mr Snowden, who has been granted temporary asylum in Russia, leaked details of extensive internet and phone surveillance by American intelligence services.

According to the Guardian, he passed "thousands of files" to Mr Greenwald, who has written a series of stories about surveillance by US and UK authorities.

Mr Vaz said police must "of course" question people if they have "concerns" about what they are doing in the UK.

"What is extraordinary is they knew he was the partner [of Mr Greenwald] and therefore it is clear not only people who are directly involved are being sought but also the partners of those involved," he said.

Former NSA contractor Edward Snowden leaked documents to Mr Greenwald

"Bearing in mind it is a new use of terrorism legislation to detain someone in these circumstances... I will write to the police to ask for the justification of the use of terrorism legislation - they may have a perfectly reasonable explanation."

Ms Cooper said the situation must be "investigated and clarified urgently", adding: "The public support for these powers must not be endangered by a perception of misuse."

In a statement, the Liberal Democrats said police should use schedule 7 powers "proportionately and for good reason".

Journalism 'not terrorism'

Dr David Low, a former counter-terrorist detective, said the length of the detention might be explained by the "volume of documentation" carried by Mr Miranda.

He said the amount of information revealed by Mr Snowden to the Guardian was not yet known, but police might have kept Mr Miranda for the full nine hours allowed because they had lots of data to go through.

Dr Low also said Mr Miranda might have been targeted because of the "top secret" information police thought he was carrying, rather than because of his relationship with Mr Greenwald.

But journalists' groups have accused authorities of misusing terrorism laws.

Bob Satchwell, of the Society of Editors, said the incident was "another example of the dangerous tendency" for authorities to "assume that journalists are bad when in fact they play an important part in any democracy."

He added: "Journalism may be embarrassing and annoying for governments but it is not terrorism."
http://www.bbc.co.uk/news/world-latin-america-23750289





Britain Can Look at Data from Snowden Reporter's Partner, Court Says

The British authorities can sift through documents seized from the partner of a reporter who wrote about the leaks by Edward Snowden to protect national security and investigate any possible links to terrorism, a court ruled on Thursday.

David Miranda, partner of U.S. journalist Glenn Greenwald, was questioned for nine hours on Sunday at London's Heathrow Airport before being released without charge, prompting calls for an explanation of why anti-terrorism powers were used to detain the Brazilian citizen.

Miranda, who was in transit from Berlin to Rio de Janeiro, was released without charge minus his laptop, phone and memory sticks.

His lawyer has requested an injunction to prevent the authorities from examining any data seized from Miranda and has also started legal action to ask judges to rule that his detention was illegal.

Two judges at Britain's High Court said the authorities could continue to look at the information from Miranda for the defense of national security and for the purposes of investigating whether the claimant is a person who is or has been concerned with the commission, preparation or instigation of acts of terrorism.

The judges gave the British authorities until August 30 to sift through what a police lawyer said were thousands of documents.

(Reporting by Costas Pitas, writing by Guy Faulconbridge, editing Kate Holton)
http://www.reuters.com/article/2013/...97L0K420130822





Guardian Says Britain Made it Destroy Snowden Material
Estelle Shirbon and Michael Holden

The British authorities forced the Guardian newspaper to destroy material leaked by Edward Snowden, its editor has revealed, calling it a "pointless" move that would not prevent further reporting on U.S. and British surveillance programs.

In a column on Tuesday, Alan Rusbridger said he had received a call from a government official a month ago who told him: "You've had your fun. Now we want the stuff back." The paper had been threatened with legal action if it did not comply.

Later, two "security experts" from the secretive Government Communications Headquarters (GCHQ) had visited the paper's London offices and watched as computer hard drives containing Snowden material were reduced to mangled bits of metal.

Rusbridger said the "bizarre" episode and the detention at London's Heathrow airport on Sunday of the partner of Guardian journalist Glenn Greenwald showed press freedom was under threat in Britain.

The nine-hour detention under an anti-terrorism law of David Miranda, Greenwald's Brazilian partner, has caused a furor with Brazil, British opposition politicians, human rights lawyers and press freedom watchdogs among those denouncing it.

Greenwald was the first journalist to publish U.S. and British intelligence secrets leaked by Snowden, the former U.S. National Security Agency (NSA) contractor who is wanted in the United States and has found temporary asylum in Russia.

Under mounting pressure to explain itself, Britain's Home Office, or interior ministry, defended Miranda's detention.

"If the police believe that an individual is in possession of highly sensitive stolen information that would help terrorism, then they should act and the law provides them with a framework to do that," it said in a statement.

London's Metropolitan Police said Miranda's detention had been "legally and procedurally sound".

Miranda, who was in transit on his way from Berlin to Rio de Janeiro where he lives with Greenwald, was questioned for nine hours before being released without charge minus his laptop, mobile phone and memory sticks.

He had been ferrying materials obtained from Snowden between Greenwald and Laura Poitras, an independent film-maker based in Berlin who has also published reports based on Snowden material.

"PUBLIC INTEREST"

"This law shouldn't be given to police officers. They use it to get access to documents or people that they cannot get the legal way through courts or judges. It's a total abuse of power," Miranda told the Guardian after returning home.

The White House said on Monday Washington was given a "heads up" ahead of Miranda's detention but had not requested it.

Britain's opposition Labour party said on Tuesday that meant senior British ministers must have been involved.

Government ministers "need to explain who authorized the use of terrorism legislation in this case and what the justification was," said lawmaker Yvette Cooper, the Labour spokeswoman on interior affairs.

Staff at the prime minister's office said they would not comment on the Guardian allegations because it was an "operational matter". GCHQ also declined to comment.

Dunja Mijatovic, media freedoms chief at the Organization for Security and Cooperation in Europe, a 57-nation human rights and security watchdog, said she had written to the British authorities to express concerns about Miranda's detention.

"The detention can be interpreted as putting pressure on Glenn Greenwald after his recent reporting on security issues in the Guardian ... the whole situation sends a worrying message to any member of the media transiting through the UK," she wrote.

Britain also came under attack from press freedom group Index on Censorship, which denounced the forced destruction of computers revealed by Rusbridger in his Tuesday column.

"Using the threat of legal action to force a newspaper into destroying material is a direct attack on press freedom in the UK," the group's Chief Executive Kirsty Hughes said.

"It is clear that the Snowden and NSA story is strongly in the public interest ... It seems that the UK government is using, and quite literally misusing, laws to intimidate journalists and silence its critics."

Rusbridger said the destruction of the computer material would not stop the Guardian from pursuing Snowden stories.

"It felt like a particularly pointless piece of symbolism that understood nothing about the digital age," the Guardian editor said.

"We will continue to do patient, painstaking reporting on the Snowden documents. We just won't do it in London. The seizure of Miranda's laptop, phones, hard drives and camera will similarly have no effect on Greenwald's work."

(Additional reporting by Mark Hosenball in Washington and Andrew Osborn, Michael Holden and Guy Faulconbridge in London; Editing by Peter Graff)
http://www.reuters.com/article/2013/...97I10E20130820





Cameron Was Behind UK Attempt to Halt Snowden Reports: Sources
Andrew Osborn and Estelle Shirbon

British Prime Minister David Cameron ordered his top civil servant to try to stop revelations flowing from the Guardian newspaper about U.S. and British surveillance programs, two sources with direct knowledge of the matter said.

News that Cabinet Secretary Jeremy Heywood had contacted the Guardian drags Cameron into a storm over Britain's response to media coverage of secrets leaked by fugitive U.S. intelligence contractor Edward Snowden.

Guardian editor Alan Rusbridger said on Tuesday that he had been approached by "a very senior official claiming to represent the views of the prime minister" after his paper had published a series of exposes based on the Snowden material.

The sources named the official as Heywood, who is Cameron's most senior policy adviser. "The prime minister asked the Cabinet Secretary to deal with this matter, that's true," one source told Reuters.

Government supporters say information leaked by Snowden, who has obtained asylum in Russia, could threaten national security. However, rights groups have accused the government of an assault on press freedom over a series of incidents.

These include the detention of a Guardian reporter's partner, and news that the paper had been forced to destroy computer files containing information from Snowden under threat of government legal action.

A Downing Street spokeswoman said: "We won't go into specific cases but if highly sensitive information was being held insecurely we have a responsibility to secure it."

Cameron is on holiday in southwestern England.

The government had tried to distance itself from Rusbridger's allegation that the Guardian was made to destroy the computer hard drives, and from the detention of David Miranda, partner of reporter Glenn Greenwald who has led the paper's coverage of the Snowden leaks.

It has argued that these were operational security matters.

On Tuesday a White House spokesman said he could not comment on the destruction of Snowden material. But spokesman John Earnest said he could not see U.S. authorities destroying an American media company's hard drives to protect national security. "That's very difficult to imagine a scenario in which that would be appropriate," he said told reporters.

Britain says its security agencies act within the law and that Snowden's leaks are a grave threat to national security.

"STOLEN INFORMATION"

Miranda was held for nine hours on Sunday under an anti-terrorism law at Heathrow airport, where he was in transit on his way from Germany to his native Brazil.

He was released without charge minus his laptop, phone and memory sticks. He had been ferrying documents between Greenwald and a Berlin-based journalist contact of Snowden.

Brazil has said Miranda's detention had "no justification", while Miranda has launched legal action against the police and the government, accusing them of abusing anti-terrorism powers to get hold of sensitive journalistic material.

Home Secretary Theresa May, the British interior minister, said on Tuesday police were right to detain Miranda if they thought he was "in possession of highly sensitive, stolen information that could help terrorists, that could risk lives".

But the controversy over Miranda's detention has been fuelled by Rusbridger's revelations on Tuesday about events several weeks ago, when the paper came under pressure to hand back or destroy intelligence material obtained from Snowden.

Rusbridger described conversations with the official now said to be Heywood and with "shadowy Whitehall figures", a reference to the seat of government, and said he was told: "You've had your fun. Now we want the stuff back."

Later, two agents from the secretive Government Communications Headquarters (GCHQ) came to the paper's offices and watched while Guardian staff destroyed hard drives containing files obtained from Snowden.

Rusbridger said he agreed to this because there were other copies of the documents elsewhere. He said neither Miranda's detention nor the destruction of the material would stop the Guardian from publishing more of Snowden's leaks as it could conduct its reporting work outside of Britain.

(Additional reporting by Mark Hosenball in Washington, writing by Estelle Shirbon; editing by Guy Faulconbridge and David Stamp)
http://www.reuters.com/article/2013/...97K0G920130821





Exclusive: UK’s Secret Mid-East Internet Surveillance Base is Revealed in Edward Snowden Leaks

Data-gathering operation is part of a £1bn web project still being assembled by GCHQ
Duncan Campbell, Oliver Wright, James Cusick, Kim Sengupta

Britain runs a secret internet-monitoring station in the Middle East to intercept and process vast quantities of emails, telephone calls and web traffic on behalf of Western intelligence agencies, The Independent has learnt.

The station is able to tap into and extract data from the underwater fibre-optic cables passing through the region.

The information is then processed for intelligence and passed to GCHQ in Cheltenham and shared with the National Security Agency (NSA) in the United States. The Government claims the station is a key element in the West’s “war on terror” and provides a vital “early warning” system for potential attacks around the world.

The Independent is not revealing the precise location of the station but information on its activities was contained in the leaked documents obtained from the NSA by Edward Snowden. The Guardian newspaper’s reporting on these documents in recent months has sparked a dispute with the Government, with GCHQ security experts overseeing the destruction of hard drives containing the data.

The Middle East installation is regarded as particularly valuable by the British and Americans because it can access submarine cables passing through the region. All of the messages and data passed back and forth on the cables is copied into giant computer storage “buffers” and then sifted for data of special interest.

Information about the project was contained in 50,000 GCHQ documents that Mr Snowden downloaded during 2012. Many of them came from an internal Wikipedia-style information site called GC-Wiki. Unlike the public Wikipedia, GCHQ’s wiki was generally classified Top Secret or above.

The disclosure comes as the Metropolitan Police announced it was launching a terrorism investigation into material found on the computer of David Miranda, the Brazilian partner of The Guardian journalist Glenn Greenwald – who is at the centre of the Snowden controversy.

Scotland Yard said material examined so far from the computer of Mr Miranda was “highly sensitive”, the disclosure of which “could put lives at risk”.

The Independent understands that The Guardian agreed to the Government’s request not to publish any material contained in the Snowden documents that could damage national security.

As well as destroying a computer containing one copy of the Snowden files, the paper’s editor, Alan Rusbridger, agreed to restrict the newspaper’s reporting of the documents.

The Government also demanded that the paper not publish details of how UK telecoms firms, including BT and Vodafone, were secretly collaborating with GCHQ to intercept the vast majority of all internet traffic entering the country. The paper had details of the highly controversial and secret programme for over a month. But it only published information on the scheme – which involved paying the companies to tap into fibre-optic cables entering Britain – after the allegations appeared in the German newspaper Süddeutsche Zeitung. A Guardian spokeswoman refused to comment on any deal with the Government.

A senior Whitehall source said: “We agreed with The Guardian that our discussions with them would remain confidential”.

But there are fears in Government that Mr Greenwald – who still has access to the files – could attempt to release damaging information.

He said after the arrest of Mr Miranda: “I will be far more aggressive in my reporting from now. I am going to publish many more documents. I have many more documents on England’s spy system. I think they will be sorry for what they did.”

One of the areas of concern in Whitehall is that details of the Middle East spying base which could identify its location could enter the public domain.

The data-gathering operation is part of a £1bn internet project still being assembled by GCHQ. It is part of the surveillance and monitoring system, code-named “Tempora”, whose wider aim is the global interception of digital communications, such as emails and text messages.

Across three sites, communications – including telephone calls – are tracked both by satellite dishes and by tapping into underwater fibre-optic cables.

Access to Middle East traffic has become critical to both US and UK intelligence agencies post-9/11. The Maryland headquarters of the NSA and the Defence Department in Washington have pushed for greater co-operation and technology sharing between US and UK intelligence agencies.

The Middle East station was set up under a warrant signed by the then Foreign Secretary David Miliband, authorising GCHQ to monitor and store for analysis data passing through the network of fibre-optic cables that link up the internet around the world

The certificate authorised GCHQ to collect information about the “political intentions of foreign powers”, terrorism, proliferation, mercenaries and private military companies, and serious financial fraud.

However, the certificates are reissued every six months and can be changed by ministers at will. GCHQ officials are then free to target anyone who is overseas or communicating from overseas without further checks or controls if they think they fall within the terms of a current certificate.

The precise budget for this expensive covert technology is regarded as sensitive by the Ministry of Defence and the Foreign Office.

However, the scale of Middle East operation, and GCHQ’s increasing use of sub-sea technology to intercept communications along high-capacity cables, suggest a substantial investment.

Intelligence sources have denied the aim is a blanket gathering of all communications, insisting the operation is targeted at security, terror and organised crime.
http://www.independent.co.uk/news/uk...s-8781082.html





Snowden: UK Government Now Leaking Documents About Itself

The NSA whistleblower says: 'I have never spoken with, worked with, or provided any journalistic materials to the Independent.'
Glenn Greenwald

The Independent this morning published an article - which it repeatedly claims comes from "documents obtained from the NSA by Edward Snowden" - disclosing that "Britain runs a secret internet-monitoring station in the Middle East to intercept and process vast quantities of emails, telephone calls and web traffic on behalf of Western intelligence agencies." This is the first time the Independent has published any revelations purportedly from the NSA documents, and it's the type of disclosure which journalists working directly with NSA whistleblower Edward Snowden have thus far avoided.

That leads to the obvious question: who is the source for this disclosure? Snowden this morning said he wants it to be clear that he was not the source for the Independent, stating:

I have never spoken with, worked with, or provided any journalistic materials to the Independent. The journalists I have worked with have, at my request, been judicious and careful in ensuring that the only things disclosed are what the public should know but that does not place any person in danger. People at all levels of society up to and including the President of the United States have recognized the contribution of these careful disclosures to a necessary public debate, and we are proud of this record.

"It appears that the UK government is now seeking to create an appearance that the Guardian and Washington Post's disclosures are harmful, and they are doing so by intentionally leaking harmful information to The Independent and attributing it to others. The UK government should explain the reasoning behind this decision to disclose information that, were it released by a private citizen, they would argue is a criminal act."


In other words: right as there is a major scandal over the UK's abusive and lawless exploitation of its Terrorism Act - with public opinion against the use of the Terrorism law to detain David Miranda - and right as the UK government is trying to tell a court that there are serious dangers to the public safety from these documents, there suddenly appears exactly the type of disclosure the UK government wants but that has never happened before. That is why Snowden is making clear: despite the Independent's attempt to make it appears that it is so, he is not their source for that disclosure. Who, then, is?

The US government itself has constantly used this tactic: aggressively targeting those who disclose embarrassing or incriminating information about the government in the name of protecting the sanctity of classified information, while simultaneously leaking classified information prolifically when doing so advances their political interests.

One other matter about the Independent article: it strongly suggests that there is some agreement in place to restrict the Guardian's ongoing reporting about the NSA documents. Speaking for myself, let me make one thing clear: I'm not aware of, nor subject to, any agreement that imposes any limitations of any kind on the reporting that I am doing on these documents. I would never agree to any such limitations. As I've made repeatedly clear, bullying tactics of the kind we saw this week will not deter my reporting or the reporting of those I'm working with in any way. I'm working hard on numerous new and significant NSA stories and intend to publish them the moment they are ready.

Related question

For those in the media and elsewhere arguing that the possession and transport of classified information is a crime: does that mean you believe that not only Daniel Ellsberg committed a felony, but also the New York Times reporters and editors did when they received, possessed, copied, transported and published the thousands of pages of top-secret documents known as the Pentagon Papers?

Do you also believe the Washington Post committed felonies when receiving and then publishing top secret information that the Bush administration was maintaining a network for CIA black sites around the world, or when the New York Times revealed in 2005 the top secret program whereby the NSA had created a warrantlesss eavesdropping program aimed at US citizens?

Or is this some newly created standard of criminality that applies only to our NSA reporting? Do media figures who are advocating that possessing or transmitting classified information is a crime really not comprehend the precedent they are setting for investigative journalism?

UPDATE

The Independent's Oliver Wright just tweeted the following:

"For the record: The Independent was not leaked or 'duped' into publishing today's front page story by the Government."

Leaving aside the fact that the Independent article quotes an anonymous "senior Whitehall source", nobody said they were "duped" into publishing anything. The question is: who provided them this document or the information in it? It clearly did not come from Snowden or any of the journalists with whom he has directly worked. The Independent provided no source information whatsoever for their rather significant disclosure of top secret information. Did they see any such documents, and if so, who, generally, provided it to them? I don't mean, obviously, that they should identify their specific source, but at least some information about their basis for these claims, given how significant they are, would be warranted. One would think that they would not have published something like this without either seeing the documents or getting confirmation from someone who has: the class of people who qualify is very small, and includes, most prominently and obviously, the UK government itself.
http://www.theguardian.com/commentis...-military-base





Orders To Destroy Guardian Hard Drives Came Directly From PM David Cameron
Tim Cushing

More details continue to emerge on the UK government's two recent anti-journalist actions. The Guardian reports that the order to (pointlessly) smash up Guardian hardware came from the top.

A spokesman for Clegg made clear that Heywood was acting on the authority of both the prime minister and his deputy. The spokesman said: "We understand the concerns about recent events, particularly around issues of freedom of the press and civil liberties. The independent reviewer of terrorism legislation is already looking into the circumstances around the detention of David Miranda and we will wait to see his findings.

"On the specific issue of records held by the Guardian, the deputy prime minister thought it was reasonable for the cabinet secretary to request that the Guardian destroyed data that would represent a serious threat to national security if it was to fall into the wrong hands.

"The deputy prime minister felt this was a preferable approach to taking legal action. He was keen to protect the Guardian's freedom to publish, whilst taking the necessary steps to safeguard security.

"It was agreed to on the understanding that the purpose of the destruction of the material would not impinge on the Guardian's ability to publish articles about the issue, but would help as a precautionary measure to protect lives and security."


So, let's get this straight. The UK government "understands the concerns" about its recent actions, but apparently wouldn't change a thing if it had to do it all over again.

The usual justification presents itself repeatedly: security uber alles.

The government forced (statement says "request" but we know how these things work) the Guardian to destroy hard drives containing content that was "a serious threat to national security" but still existed elsewhere. The government knew this and still forced the issue and then has the temerity to claim the pointless show of force was about "safeguarding security."

Look at how many times that empty word shows up in this brief statement.

"...serious threat to national security…"

"...taking the necessary steps to safeguard security…"

"...a precautionary measure to protect lives and security…"


None of this was "necessary" or "precautionary." It did nothing. The data that might "threaten national security" is still out there. The government knows because its own defensive statement says the action "wouldn't impinge on the Guardian's ability to publish articles." It was pure muscle-flexing. This security-heavy statement pretty much says precisely that while expending many more words.

There's also this:

The deputy prime minister felt this was a preferable approach to taking legal action.

Awesome. The government would rather throw its weight around than pursue any sort of process that might have allowed the Guardian to dispute the order. How telling. How utterly and vilely telling. Of course the government felt this "approach" was "preferable." Screw the adversarial process. We've got the nation's "security" at stake. Everything else is secondary, including the public's outdated ideals about a free press and a government willing to respect the rights of its citizens.
http://www.techdirt.com/articles/201...-cameron.shtml





Michael Grunwald, Time Magazine Reporter, Sends Out Shocking Tweet About Julian Assange
Braden Goyette

A TIME magazine reporter caused ire on Twitter Saturday night when he said that he "can't wait to write a defense of the drone strike that takes out" Wikileaks founder Julian Assange.

Michael Grunwald's tweet, since deleted, was quickly met with outrage and bewilderment. Glenn Greenwald, who recently broke several revelations about NSA surveillance programs based on documents provided to him by leaker Edward Snowden, was particularly vocal in expressing his disgust with Grunwald's statement.

Grunwald deleted his tweet after a follower argued that it would only encourage Assange supporters.

But that didn't stop the incredulous responses.

As the backlash against Grunwald's tweet kept coming, he retweeted some of the more aggressive responses on his account.

One person tweeted a caricature of a man with an exaggerated hook nose rubbing his hands together, which also appears to have since been deleted, with the words "found this picture of you."

Shortly afterwards Grunwald apologized for the tweet, calling it "stupid."

Grunwald's employer distanced itself from the substance of his tweet. "Michael Grunwald posted an offensive tweet from his personal Twitter account that is in no way representative of TIME's views," a TIME spokesperson said. "He regrets having tweeted it, and he removed it from his feed."

The reporter had previously criticized the opposition to drone strikes. In March, Grunwald tweeted that he doesn't understand why people were concerned about the death of Anwar al-Awlaki, a U.S. citizen, by drone strike in Yemen.

In April, Grunwald wrote a piece for TIME criticizing libertarians and defending the government's efforts to fight terrorism:
But while the “stand with Rand” worldview is quite consistent — against gun restrictions, traffic-light cameras, drone strikes, antidiscrimination laws, antipollution laws and other Big Brother intrusions into our private lives — it’s wrong. And most of us know it’s wrong, which is why we celebrate our first responders, our soldiers, our law enforcers. They’re from the government, and they’re here to help. We know our government is fallible, because it’s made up of people, but we still count on it to protect us from terrorists, from psychos with guns, from exploding factories. We also need it to protect us from floods and wildfires, from financial meltdowns and climate change. We can’t do that kind of thing ourselves.
http://www.huffingtonpost.com/2013/0...n_3773981.html





How Ron Wyden Nearly Became an NSA Leaker
Brian Fung

One of the intelligence community’s most outspoken critics says he considered talking about the National Security Agency’s bulk surveillance program on the Senate floor.

In an interview with Rolling Stone, Sen. Ron Wyden (D-Ore.) said he felt pressure from others to disclose the classified information in a way that would have protected him from prosecution. Under the Speech or Debate Clause of the U.S. Constitution, lawmakers receive immunity from lawsuits or trials for acts committed during the process of legislating. If Wyden had spoken out about the NSA, his comments would have become part of the Congressional Record:

There are very significant limits [on what you can and cannot say], and they are very cumbersome and unwieldy. If you want to play a watchdog role, you try to work within the rules. This is a sensitive subject. A lot of people have just said to me, “Well, you feel so strongly about [these issues] – when you knew this, why didn’t you just go to the floor of the United States Senate and just, you know, read it all [into the record]?” And, of course, anybody who does this kind of work thinks a lot about that. You think about it all the time. I can see why plenty of people would criticize me – progressives and others. I can understand why plenty of people who have views similar to mine would say they would have done it differently.

Wyden has spent years dropping hints that Americans were being spied upon. But despite his outrage, he appears to have chosen to color within the lines.
http://www.washingtonpost.com/blogs/...an-nsa-leaker/





“The Internet Police” Shines a Light on the Online Surveillance State
Nick Kolakowski

Nate Anderson details the unending battle between law enforcement, government, anarchists, and libertarians for the future of the Web.

When Ars Technica editor Nate Anderson sat down to write The Internet Police (W.W. Norton & Company, 320 pp.), Edward Snowden hadn’t yet decided to add some excitement to the National Security Agency’s summer by leaking a trove of surveillance secrets to The Guardian.

As a result, Anderson’s book doesn’t mention Snowden’s escapade, which will likely become the security-and-paranoia story of the year, if not the decade. For anyone unaware of the vast issues highlighted by Snowden’s leak, however, The Internet Police is a handy guide to the slow and unstoppable rise of the online security state, as well as the libertarian and criminal elements that have done their level best to counter that surveillance.

Anderson starts off his book in 2000, with an exploration of HavenCo. The people behind HavenCo had a fascinating idea: build a datacenter on a rusting naval fort in the North Sea, and use it to hold data for customers concerned about the government sniffing around. But the company’s dream of constructing a “true libertarian paradise” eventually sank, thanks to a toxic combination of infighting and infrastructure challenges.

HavenCo was an early entrant in a longtime attempt to place a large swath of the Web beyond the reach of governments and corporations, and it definitely wasn’t the last: from Silk Road to MegaUpload, the properties dedicated to a “liberated Net” have proliferated in recent years. Some people founded such sites out of high principle; others for the LULZ; and many because they simply wanted to download movies and music and possibly highly illegal drugs for free.

Anderson does an excellent job of tracing the push-and-pull between these Websites and various government and corporate entities. People form peer-to-peer networks to swap copyrighted content, and corporations sue to shut them down; others set up networks to trade pornography or drugs, and law-enforcement agencies unleash all sorts of surveillance tools to track down the perpetrators; spam networks rise, and governments pass legislation (boosted by corporations) to nuke them off the Web, with varying degrees of success. These attempts at control usually prove successful, at least until new and improved versions of those Websites rise from the smoking ruins of the old.

To his credit, Anderson wears his journalist hat to the proceedings, never tipping his sympathies to one side or the other. He acknowledges that government and law enforcement really do want to keep people safe above all else, even as certain legislatures and police departments run roughshod over citizens’ privacy; he also details how many software creators built their security and privacy tools out of a genuine desire for people to have as much freedom as possible online, only to watch as criminals and others twisted those tools to their own nefarious ends.

Anderson’s conclusion is that society needs an Internet police in order to keep some degree of peace, but that “we need to keep a close eye on them.” In this post-Snowden era, when it seems increasingly clear that governments have the ability to monitor virtually every single aspect of our electronic lives, this bit of advice seems more important than ever.
http://slashdot.org/topic/cloud/the-...illance-state/





Groklaw Legal Site Shuts Over Fears of NSA Email Snooping

Pamela Jones shuts award-winning site, saying concerns that messages could be read mean that 'there is now no shield from forced exposure'
Charles Arthur

The award-winning legal analysis site Groklaw is shutting because its founder says that "there is no way" to continue to run it without using secure email - and that the threat of NSA spying means that could be compromised.

"There is now no shield from forced exposure," writes the site's founder, Pamela Jones, an American paralegal who has run the site from its start in 2003, in a farewell message on the site (below).

Jones cites the revelations that the US National Security Agency (NSA) can capture any email, and can store encrypted email for up to five years, as having prompted her decision to shutter the site: "the simple truth is, no matter how good the motives might be for collecting and screening everything we say to one another, and no matter how "clean" we all are ourselves from the standpont of the screeners, I don't know how to function in such an atmosphere. I don't know how to do Groklaw like this," she writes.

The abrupt decision - which Jones had not hinted at in any previous article since the revelations about the extent of the NSA's surveillance first came out in June - shocked people.

Privacy International criticised the climate that had led to Jones's decision. "The closing of Groklaw demonstrates how central the right to privacy is to free expression. The mere threat of surveillance is enough to [make people] self-censor", it said in a statement.

"Andrea", a core developer on the Tor project - which provides anonymous communication online - said on Twitter: "This is exactly how it begins - chilling effects accumulate until the few who still speak out are easy targets."

Jones cited the warning from the founder of the Lavabit encrypted email service, who earlier this month closed it down rather than comply with an NSA order, as being a key part of her decision. "There is now no shield from forced exposure. Nothing in that parenthetical thought list is terrorism-related, but no one can feel protected enough from forced exposure any more to say anything the least bit like that to anyone in an email, particularly from the US out or to the US in, but really anywhere. You don't expect a stranger to read your private communications to a friend."

Groklaw relied in some cases on email tips from readers and other anonymous sources. Its name was meant to indicate that it would help people to "grok" - understand deeply - legal issues relating to technology law topics.

Posted at 2.40am EDT on Tuesday, Jones's move comes just hours after Guardian editor Alan Rusbridger revealed that the UK government threatened court action to force the paper to surrender material it had obtained relating to UK and US surveillance. GCHQ experts monitored the destruction of computers and hard drives in the Guardian's offices.

On Groklaw, Jones writes: "I'm not a political person, by choice, and I must say, researching the latest developments convinced me of one thing -- I am right to avoid it." She says that her reasoning about the closedown is the risk of exposure for people sending her information: "They tell us that if you send or receive an email from outside the US, it will be read. If it's encrypted, they keep it for five years, presumably in the hopes of tech advancing to be able to decrypt it against your will and without your knowledge. Groklaw has readers all over the world."

Set up in May 2003, Groklaw first came to fame through its analysis of a case involving SCO, a technology company which claimed that the free Linux operating system infringed a number of patents that it owned.

More recently, it has focussed on the multiple patent fights being fought between Samsung and Apple, and was a vociferous critic of the jury deliberations in the Apple-Samsung legal case fought in California in which Apple was awarded $1bn in damages.

The site won a number of awards for blogging and was nominated a number of times for awards by organisations including the Electronic Frontier Foundation and American Bar Administration.

Jones confirmed the move in a tweet from the Groklaw Twitter account: "This is the last Groklaw article. Thank you for all you've done. I will never forget you and our work together."
http://www.theguardian.com/technolog...a-surveillance





Forced Exposure
~pj

Tuesday, August 20 2013 @ 02:40 AM EDT

The owner of Lavabit tells us that he's stopped using email and if we knew what he knew, we'd stop too.

There is no way to do Groklaw without email. Therein lies the conundrum.

What to do?

What to do? I've spent the last couple of weeks trying to figure it out. And the conclusion I've reached is that there is no way to continue doing Groklaw, not long term, which is incredibly sad. But it's good to be realistic. And the simple truth is, no matter how good the motives might be for collecting and screening everything we say to one another, and no matter how "clean" we all are ourselves from the standpont of the screeners, I don't know how to function in such an atmosphere. I don't know how to do Groklaw like this.

Years ago, when I was first on my own, I arrived in New York City, and being naive about the ways of evil doers in big cities, I rented a cheap apartment on the top floor of a six-floor walkup, in the back of the building. That of course, as all seasoned New Yorkers could have told me, meant that a burglar could climb the fire escape or get to the roof by going to the top floor via the stairs inside and then through the door to the roof and climb down to the open window of my apartment.

That is exactly what happened. I wasn't there when it happened, so I wasn't hurt in any way physically. And I didn't then own much of any worth, so only a few things were taken. But everything had been pawed through and thrown about. I can't tell how deeply disturbing it is to know that someone, some stranger, has gone through and touched all your underwear, looked at all your photographs of your family, and taken some small piece of jewelry that's been in your family for generations.

If it's ever happened to you, you know I couldn't live there any more, not one night more. It turned out, by the way, according to my neighbors, that it was almost certainly the janitor's son, which stunned me at the time but didn't seem to surprise any of my more-seasoned neighbors. The police just told me not to expect to get anything back. I felt assaulted. The underwear was perfectly normal underwear. Nothing kinky or shameful, but it was the idea of them being touched by someone I didn't know or want touching them. I threw them away, unused ever again.

I feel like that now, knowing that persons I don't know can paw through all my thoughts and hopes and plans in my emails with you.

They tell us that if you send or receive an email from outside the US, it will be read. If it's encrypted, they keep it for five years, presumably in the hopes of tech advancing to be able to decrypt it against your will and without your knowledge. Groklaw has readers all over the world.

I'm not a political person, by choice, and I must say, researching the latest developments convinced me of one thing -- I am right to avoid it. There is a scripture that says, It doesn't belong to man even to direct his step. And it's true. I see now clearly that it's true. Humans are just human, and we Gro don't know what to do in our own lives half the time, let alone how to govern other humans successfully. And it shows. What form of government hasn't been tried? None of them satisfy everyone. So I think we did that experiment. I don't expect great improvement.

I remember 9/11 vividly. I had a family member who was supposed to be in the World Trade Center that morning, and when I watched on live television the buildings go down with living beings inside, I didn't know that she had been late that day and so was safe. Does it matter, though, if you knew anyone specifically, as we watched fellow human beings hold hands and jump out of windows of skyscrapers to a certain death below or watched the buildings crumble into dust, knowing there were so many people just like us being turned into dust as well?

I cried for weeks, in a way I've never cried before, or since, and I'll go to my grave remembering it and feeling it. And part of my anguish was that there were people in the world willing to do that to other people, fellow human beings, people they didn't even know, civilians uninvolved in any war.

I sound quaint, I suppose. But I always tell you the truth, and that is what I was feeling. So imagine how I feel now, imagining as I must what kind of world we are living in if the governments of the world think total surveillance is an appropriate thing?

I know. It may not even be about that. But what if it is? Do we even know? I don't know. What I do know is it's not possible to be fully human if you are being surveilled 24/7.

Harvard's Berkman Center had an online class on cybersecurity and internet privacy some years ago, and the resources of the class are still online. It was about how to enhance privacy in an online world, speaking of quaint, with titles of articles like, "Is Big Brother Listening?"

And how.

You'll find all the laws in the US related to privacy and surveillance there. Not that anyone seems to follow any laws that get in their way these days. Or if they find they need a law to make conduct lawful, they just write a new law or reinterpret an old one and keep on going. That's not the rule of law as I understood the term.

Anyway, one resource was excerpts from a book by Janna Malamud Smith,"Private Matters: In Defense of the Personal Life", and I encourage you to read it. I encourage the President and the NSA to read it too. I know. They aren't listening to me. Not that way, anyhow. But it's important, because the point of the book is that privacy is vital to being human, which is why one of the worst punishments there is is total surveillance:

One way of beginning to understand privacy is by looking at what happens to people in extreme situations where it is absent. Recalling his time in Auschwitz, Primo Levi observed that "solitude in a Camp is more precious and rare than bread." Solitude is one state of privacy, and even amidst the overwhelming death, starvation, and horror of the camps, Levi knew he missed it.... Levi spent much of his life finding words for his camp experience. How, he wonders aloud in Survival in Auschwitz, do you describe "the demolition of a man," an offense for which "our language lacks words."...

Our function of privacy is to provide a safe space away from terror or other assaultive experiences. When you remove a person's ability to sequester herself, or intimate information about herself, you make her extremely vulnerable....

The totalitarian state watches everyone, but keeps its own plans secret. Privacy is seen as dangerous because it enhances resistance. Constantly spying and then confronting people with what are often petty transgressions is a way of maintaining social control and unnerving and disempowering opposition....

And even when one shakes real pursuers, it is often hard to rid oneself of the feeling of being watched -- which is why surveillance is an extremely powerful way to control people. The mind's tendency to still feel observed when alone... can be inhibiting. ... Feeling watched, but not knowing for sure, nor knowing if, when, or how the hostile surveyor may strike, people often become fearful, constricted, and distracted.


I've quoted from that book before, back when the CNET reporters' emails were read by HP. We thought that was awful. And it was. HP ended up giving them money to try to make it up to them. Little did we know.

Ms. Smith continues:

Safe privacy is an important component of autonomy, freedom, and thus psychological well-being, in any society that values individuals. ... Summed up briefly, a statement of "how not to dehumanize people" might read: Don't terrorize or humiliate. Don't starve, freeze, exhaust. Don't demean or impose degrading submission. Don't force separation from loved ones. Don't make demans in an incomprehensible language. Don't refuse to listen closely. Don't destroy privacy. Terrorists of all sorts destroy privacy both by corrupting it into secrecy and by using hostile surveillance to undo its useful sanctuary.

But if we describe a standard for treating people humanely, why does stripping privacy violate it? And what is privacy? In his landmark book, Privacy and Freemom, Alan Westin names four states of privacy: solitude, anonymity, reserve, and intimacy. The reasons for valuing privacy become more apparent as we explore these states....

The essence of solitude, and all privacy, is a sense of choice and control. You control who watches or learns about you. You choose to leave and return. ...

Intimacy is a private state because in it people relax their public front either physically or emotionally or, occasionally, both. They tell peresonal stories, exchange looks, or touch privately. They may ignore each other without offending. They may have sex. They may speak frankly using words they would not use in front of others, expressing ideas and feelings -- positive or negative -- that are unacceptable in public. (I don't think I ever got over his death. She seems unable to stop lying to her mother. He looks flabby in those running shorts. I feel horny. In spite of everything, I still long to see them. I am so angry at you I could scream. That joke is disgusting, but it's really runny.) Shielded from forced exposure, a person often feels more able to expose himself.


I hope that makes it clear why I can't continue. There is now no shield from forced exposure. Nothing in that parenthetical thought list is terrorism-related, but no one can feel protected enough from forced exposure any more to say anything the least bit like that to anyone in an email, particularly from the US out or to the US in, but really anywhere. You don't expect a stranger to read your private communications to a friend. And once you know they can, what is there to say? Constricted and distracted. That's it exactly. That's how I feel.

So. There we are. The foundation of Groklaw is over. I can't do Groklaw without your input. I was never exaggerating about that when we won awards. It really was a collaborative effort, and there is now no private way, evidently, to collaborate.

I'm really sorry that it's so. I loved doing Groklaw, and I believe we really made a significant contribution. But even that turns out to be less than we thought, or less than I hoped for, anyway. My hope was always to show you that there is beauty and safety in the rule of law, that civilization actually depends on it. How quaint.

If you have to stay on the Internet, my research indicates that the short term safety from surveillance, to the degree that is even possible, is to use a service like Kolab for email, which is located in Switzerland, and hence is under different laws than the US, laws which attempt to afford more privacy to citizens. I have now gotten for myself an email there, p.jones at mykolab.com in case anyone wishes to contact me over something really important and feels squeamish about writing to an email address on a server in the US. But both emails still work. It's your choice.

My personal decision is to get off of the Internet to the degree it's possible. I'm just an ordinary person. But I really know, after all my research and some serious thinking things through, that I can't stay online personally without losing my humanness, now that I know that ensuring privacy online is impossible. I find myself unable to write. I've always been a private person. That's why I never wanted to be a celebrity and why I fought hard to maintain both my privacy and yours.

Oddly, if everyone did that, leap off the Internet, the world's economy would collapse, I suppose. I can't really hope for that. But for me, the Internet is over.

So this is the last Groklaw article. I won't turn on comments. Thank you for all you've done. I will never forget you and our work together. I hope you'll remember me too. I'm sorry I can't overcome these feelings, but I yam what I yam, and I tried, but I can't.
http://www.groklaw.net/article.php?s...30818120421175





Facial Scanning Is Making Gains in Surveillance
Charlie Savage

The federal government is making progress on developing a surveillance system that would pair computers with video cameras to scan crowds and automatically identify people by their faces, according to newly disclosed documents and interviews with researchers working on the project.

The Department of Homeland Security tested a crowd-scanning project called the Biometric Optical Surveillance System — or BOSS — last fall after two years of government-financed development. Although the system is not ready for use, researchers say they are making significant advances. That alarms privacy advocates, who say that now is the time for the government to establish oversight rules and limits on how it will someday be used.

There have been stabs for over a decade at building a system that would help match faces in a crowd with names on a watch list — whether in searching for terrorism suspects at high-profile events like a presidential inaugural parade, looking for criminal fugitives in places like Times Square or identifying card cheats in crowded casinos.

The automated matching of close-up photographs has improved greatly in recent years, and companies like Facebook have experimented with it using still pictures.

But even with advances in computer power, the technical hurdles involving crowd scans from a distance have proved to be far more challenging. Despite occasional much-hyped tests, including one as far back as the 2001 Super Bowl, technical specialists say crowd scanning is still too slow and unreliable.

The release of the documents about the government’s efforts to overcome those challenges comes amid a surge of interest in surveillance matters inspired by the leaks by Edward J. Snowden, the former National Security Agency contractor. Interest in video surveillance was also fueled by the attack on the Boston Marathon, where suspects were identified by officials looking through camera footage.

In a sign of how the use of such technologies can be developed for one use but then expanded to another, the BOSS research began as an effort to help the military detect potential suicide bombers and other terrorists overseas at “outdoor polling places in Afghanistan and Iraq,” among other sites, the documents show. But in 2010, the effort was transferred to the Department of Homeland Security to be developed for use instead by the police in the United States.

After a recent test of the system, the department recommended against deploying it until more improvements could be made. A department official said the contractor was “continuing to develop BOSS,” although there is no sign of when it may be done. But researchers on the project say they made progress, and independent specialists say it is virtually inevitable that someone will make the broader concept work as camera and computer power continue to improve.

“I would say we’re at least five years off, but it all depends on what kind of goals they have in mind” for such a system, said Anil Jain, a specialist in computer vision and biometrics engineering at Michigan State University who was not involved in the BOSS project.

The effort to build the BOSS system involved a two-year, $5.2 million federal contract given to Electronic Warfare Associates, a Washington-area military contractor with a branch office in Kentucky. The company has been working with the laboratory of Aly Farag, a University of Louisville computer vision specialist, and the contract was steered to the firm by an earmark request in a 2010 appropriations bill by Senator Mitch McConnell of Kentucky, the Republican leader.

Significant progress is already being made in automated face recognition using photographs taken under ideal conditions, like passport pictures and mug shots. The Federal Bureau of Investigation is spending $1 billion to roll out a Next Generation Identification system that will provide a national mug shot database to help local police departments verify identities.

But surveillance of crowds from a distance — in which lighting and shadows vary, and faces tend to be partly obscured or pointed in random directions — is still not reliable or fast enough. The BOSS research is intended to overcome those challenges by generating far more information for computers to analyze.

The system consists of two towers bearing “robotic camera structures” with infrared and distance sensors. They take pictures of the same subject from slightly different angles. A computer then processes the images into a “3-D signature” built from data like the ratios between various points on someone’s face to be compared against data about faces stored in a watch-list database, the documents show.

The Homeland Security Department hired the Pacific Northwest National Laboratory to test the BOSS system at an arena in Kennewick, Wash. The plan, according to a “privacy impact assessment,” was to use 30 volunteers whose facial data would be mingled in a database among 1,000 mug shots to see whether the system could reliably recognize when any of the volunteers were present.

The agency set up six tests to determine the technology’s overall accuracy, determining afterward that “it was not ready for a D.H.S. customer” — meaning that police departments should not buy it.

In interviews, Ed Tivol of Electronic Warfare Associates and Dr. Farag both suggested that as computer processing becomes ever faster the remaining obstacles will fall away.

Mr. Tivol said the goal was to provide a match with an 80 percent to 90 percent certainty from a range of up to 100 meters, something “that has never been done.” While the system continued to have problems with light and shading in some tests, he said, in others the goal had been achieved at closer distances. Farther away, he said, the accuracy has fallen to 60 percent to 70 percent.

“The results were increasingly positive,” he said. There was a “significant improvement” in speed, too, he said. At first, it took the system six to eight minutes to process images, but it now takes under 30 seconds.

Still, he and Dr. Farag said, the officials overseeing the testing wanted a quicker turnaround. That might be easier with the more powerful computers available to the military, they said, but the government wanted them to use processors available off the shelf for civilian applications.

Several independent biometric specialists, given a description of the project’s test results, agreed that the system was not yet ready. They said 30 seconds was far too long to process an image for security purposes, and that its accuracy numbers would result in the police going out to question too many innocent people.

Several of the specialists also suggested that similar technology may be progressing more quickly in other laboratories that have not received taxpayer financing. A spokesman for Mr. McConnell stressed that while he requested that the contract go to Electronic Warfare Associates, it was “competitively bid.” Federal records show the firm was the only one to submit a bid.

Ginger McCall, a privacy advocate who obtained the documents under the Freedom of Information Act and provided them to The New York Times, said the time was now — while such technology is still maturing and not yet deployed — to build in rules for how it may be used.

“This technology is always billed as antiterrorism, but then it drifts into other applications,” Ms. McCall said. “We need a real conversation about whether and how we want this technology to be used, and now is the time for that debate.”

In particular, she said, there should be limits on whose faces are loaded into them when they are ready for deployment. Ms. McCall said it would be acceptable to use it for terrorism watch lists, but she feared any effort to systematically track everyone’s public movements by using a comprehensive database of driver’s license photographs.

Still, Dr. Farag said, that kind of system is still very far off because it would take far too much computer processing power to load millions of images into a system and try to identify everyone at once, as opposed to sorting images in search of only a comparatively small number of faces on a watch list.

“Disappointments come when you are overambitious,” he said.

Kitty Bennett contributed research.
http://www.nytimes.com/2013/08/21/us...veillance.html





Newest Spy Court Pick Is a Democrat But Not a Liberal
Charlie Savage

Chief Justice John G. Roberts Jr., who has filled a secret court that oversees surveillance almost entirely with Republican-appointed judges, has named Judge José A. Cabranes, a Democratic appointee, to the panel that hears rare appeals of the surveillance court’s rulings.

Although Judge Cabranes was appointed to United States Court of Appeals for the Second Circuit by President Bill Clinton, he is considered among the more conservative-leaning Democratic appointees on crime and security issues. In 2005, some supporters — including Michael Mukasey, who later became President George W. Bush’s attorney general — floated his name as a potential Supreme Court nominee.

“Of the Democratic appointees, he is more of a centrist than most,” said Daniel Richman, a Columbia professor who specializes in criminal law.

Chief Justice Roberts appointed Judge Cabranes, a member of the appeals court in New York, on Aug. 9, a court spokesman said, although it was not announced until Monday. His term expires in May 2020.

His appointment was announced as some lawmakers were working to change the Foreign Intelligence Surveillance Act, or FISA, which gives chief justices unilateral power to assign federal judges to the 11-member Foreign Intelligence Surveillance Court and its 3-member review panel, to provide greater ideological balance.

The court hears arguments on surveillance matters from the Justice Department, with no opposing lawyers to offer contrary views or file appeals.

Chief Justice Roberts, more than his predecessors, has tended to assign judges who were appointed by a Republican, as he was, or executive branch veterans like former prosecutors. Of the 14 judges on the FISA court or its review panel, two were Democratic appointees, and both are considered to be centrists or conservative-leaning.

One was the favored choice of a Republican senator for a judgeship during a fight over nominations in Pennsylvania. The other was a career Justice Department official in the Reagan and first Bush administrations who urged the Supreme Court to overturn the 1973 Roe v. Wade abortion decision and to broaden exceptions to the Fourth Amendment warrant requirement.

Philip Heymann, a Harvard law professor and a deputy attorney general in the Clinton administration, criticized Chief Justice Roberts for not doing more to restore public trust in the FISA court process, which he said was crucial if secret intelligence operations are to have credibility.

Mr. Heymann declined to comment specifically on Judge Cabranes, citing personal ties. But as a broader matter, he said, the best choices for “a court that is not trusted in general and that has an overwhelming conservative bias” would be liberals who are outspoken on privacy issues.

“The chief justice may not know it,” he said, “but his responsibility is to start to build up legitimate institutions in the area of intelligence gathering, and he can be credibly accused of having gone just the opposite direction over the years.”

Through a spokeswoman, Chief Justice Roberts declined to comment.

Judge Cabranes, who has never served in the executive branch, is not a liberal counterweight to conservatives on privacy rights, legal experts said.

In 2009, he was on a panel that dismissed a Freedom of Information Act lawsuit filed by a group of lawyers seeking to know whether they had been wiretapped under the Bush administration’s warrantless surveillance program.

While his opinion did not say whether the program was legal, he wrote that there was “no evidence” that the National Security Agency was keeping the information secret “for the purpose of concealing activities that violate the Constitution or are otherwise illegal.”

And in 2008, Judge Cabranes was part of a panel that allowed evidence from a warrantless wiretap and physical search of an American citizen abroad, Wadih El-Hage, to be used in his trial related to Al Qaeda’s 1998 embassy bombings in Africa.

“While the intrusion on El-Hage’s privacy was great, the need for the government to so intrude was even greater,” Judge Cabranes wrote.

Orin Kerr, a law professor at George Washington University who noted the latter case on Twitter, said that Judge Cabranes was “generally considered a conservative among Democratic nominees, and the 2008 opinion was a strong endorsement of the Bush administration’s view.”

The only Democratic appointee on the main FISA court, Judge Mary McLaughlin of the Eastern District of Pennsylvania, was appointed by Mr. Clinton in 2000. Her candidacy was pushed by Senator Arlen Specter of Pennsylvania, then a Republican, said Lisa Graves, who worked on judicial nominations in the Clinton administration.

Senators had the power to block hearings for nominees from their states. Pennsylvania’s two Republican senators at the time — Mr. Specter, who later switched parties, and Rick Santorum — cut a deal with the White House to allow nominations to go forward in return for getting to pick some. Judge McLaughlin, who had served as a special counsel to Mr. Specter, was his choice, Ms. Graves said.

“She was well regarded, but was obviously someone who had worked closely with a Republican senator,” Ms. Graves said.

Still, Eleanor Acheson, who worked on judicial nominations for the Clinton White House, said Judge McLaughlin was respected by practicing lawyers in Philadelphia and had already been on the administration’s radar as a potential nominee.

On the FISA review panel, Judge Cabranes is joining another Democratic appointee, Judge William C. Bryson of the United States Court of Appeals for the Federal Circuit. Before his appointment by Mr. Clinton in 1994, Judge Bryson spent 16 years as a Justice Department official, and worked as a deputy to the first President Bush’s solicitor general, Kenneth Starr, along with Chief Justice Roberts.

Judge Bryson had been a clerk for Justice Thurgood Marshall, a liberal, in 1974-75. Judge Bryson won respect in the Clinton administration, Ms. Acheson said, and his nomination was “completely defined by the merits.”

Still, he thrived in the Reagan-Bush Justice Department, for whom he signed a Supreme Court brief calling for Roe v. Wade to be overturned.

Judge Bryson also signed a brief arguing for a broad interpretation of subpoenas seeking business records that might be “relevant” to an investigation, foreshadowing a legal dispute in the N.S.A. program that is keeping logs of all domestic calls.

And he signed briefs in cases seeking to solidify exceptions to the warrant requirement in searches and seizures, including the authorities’ stopping a bus and asking to search luggage, conducting random traffic sobriety checkpoints, and searching a house guest.
http://www.nytimes.com/2013/08/21/us...spy-court.html





District Court Holds That Intentionally Circumventing IP Address Ban Is “Access Without Authorization” Under the CFAA
Orin Kerr

During the debate over the Aaron Swartz case, one of the legal issues was whether Swartz had committed an unauthorized access under the CFAA when he changed his IP address to circumvent IP address blocking imposed by system administrators trying to keep Swartz off the network. There was significantly more to the CFAA charges than that, to be clear, including circumventing a subsequent MAC address block and (most significantly) entering an MIT storage closet to install his computer directly. But changing IP addresses to get around IP address blocking was at least one of the possible grounds of unauthorized access. On Friday, Judge Breyer of the Northern District of California handed down the first decision directly addressing the issue. Judge Breyer ruled that changing IP addresses to get around a block is an unauthorized access in violation of the CFAA. The decision is here: Craigslist v. 3taps, Inc..

The facts of the case are very simple. 3taps aggregates and republishes ads from the popular Craigslist website by scraping data from Craigslist. Craigslist responded by sending 3taps a cease-and-desist letter and by blocking the IP addresses associated with 3taps’s computers. 3taps continued to access Craigslist by changing the IP addresses by which its computers accessed Craigslist’s servers. Craigslist then sued 3taps, alleging claims including copyright, state law violations, and the CFAA. For its CFAA claims, Craigslist argued that 3taps violated the CFAA by (a) violating Craigslist’s Terms of Service, which prohibited scraping; and (b) circumventing the IP address block after receiving a cease-and-desist letter.

In an earlier decision, Judge Breyer had indicated that that violating the Craiglist’s Terms of Service did not trigger a CFAA violation. See Craigslist Inc. v. 3Taps Inc. — F.Supp.2d —-, 2013 WL 1819999 (N.D.Cal. April 30, 2013). In the new opinion issued on Friday, however, Breyer ruled that the same was not true with 3taps’s circumventing the IP address block. To be sure, Craigslist had granted authorization to everyone by setting up a public website that anyone could access. But when Craigslist had sent the cease-and-desist letter and then blocked 3taps’s IP addresses, Breyer ruled, Craigslist had exercised its “power to revoke, on a case-by-case basis, the general permission it granted to the public to access the information on its website.”

Here, under the plain language of the statute, 3Taps was “without authorization” when it continued to pull data off of Craigslist’s website after Craigslist revoked its authorization to access the website. As the “ordinary, contemporary, common meaning” of the word indicates, and as Brekka expressly held, “authorization” turns on the decision of the “authority” that grants — or prohibits — access. In Brekka, the authority was the employer. Here, it is Craigslist. Craigslist gave the world permission (i.e., “authorization”) to access the public information on its public website. Then, just as Brekka instructed that an “authority” can do, it rescinded that permission for 3Taps. Further access by 3Taps after that rescission was “without authorization.”

Judge Breyer distinguished the circumvention of IP blocking after receiving a letter from violating Terms of Service (not covered by the CFAA) on the ground that a person who has received a letter and then had an IP address blocked has clear notice that their right to access the website has been revoked:

The banned user has to follow only one, clear rule: do not access the website. The notice issue becomes limited to how clearly the website owner communicates the banning. Here, Craigslist affirmatively communicated its decision to revoke 3Taps’ access through its cease-and-desist letter and IP blocking efforts. 3Taps never suggests that those measures did not put 3Taps on notice that Craigslist had banned 3Taps; indeed, 3Taps had to circumvent Craigslist’s IP blocking measures to continue scraping, so it indisputably knew that Craigslist did not want it accessing the website at all.

Nor does prohibiting people from accessing websites they have been banned from threaten to criminalize large swaths of ordinary behavior. It is uncommon to navigate contemporary life without purportedly agreeing to some cryptic private use policy governing an employer’s computers or governing access to a computer connected to the internet. In contrast, the average person does not use “anonymous proxies” to bypass an IP block set up to enforce a banning communicated via personally-addressed cease-and-desist letter. See Compl. ¶ 84. Thus, a meaningful distinction exists between restricting uses of a website for a certain purpose and selectively restricting access to a website altogether.


Further, an IP address block imposed a technological barrier whereas Terms of Service do not:

Here, it is possible to distinguish the kind of restriction in place from Craigslist’s motivation for imposing that restriction. Craigslist made a complete access restriction when it told 3Taps that it could not access Craigslist’s website “for any reason,” and then put in place a technological barrier designed to completely cut off 3Taps’ ability to view the site. That it did so because of how 3Taps used Craigslist’s information is true, but beside the point, because as discussed above, true access restrictions do not present the same notice and breadth issues that come with the criminalization of use policies.

. . .
IP blocking may be an imperfect barrier to screening out a human being who can change his IP address, but it is a real barrier, and a clear signal from the computer owner to the person using the IP address that he is no longer authorized to access the website.[/i]
. . . .

To be sure, later cases may confront difficult questions concerning the precise contours of an effective “revocation” of authorization to access a generally public website. This Court cannot and does not wade into that thicket, except to say that under the facts here, which include the use of a technological barrier to ban all access, 3Taps’ deliberate decision to bypass that barrier and continue accessing the website constituted access “without authorization” under the CFAA.[/i]

A few thoughts:

1) I’ve long argued that circumventing some kind of technological barrier is required to violate the CFAA, and this opinion seems consistent with that. Once you accept that premise, though, you run into the issue of what counts as a technological barrier. Judge Breyer sees IP blocking as sufficient. But it’s unfortunate that Breyer doesn’t give the issue more analysis, as I think it’s a really interesting question. The counterargument runs like this. IP addresses are very easily changed, and most people use the Internet from different IP addresses every day. As a result, attempting to block someone based on an IP address doesn’t “block” them except in a very temporary sense. It pauses them for a few seconds more than actually blocks them. It’s a technological barrier in the very short term but not in the long term. Is that enough to constitute a technological barrer?

2) Judge Breyer’s opinion appears to mix up two different aspects of the CFAA. The first aspect is the prohibition on unauthorized access, and the second is its associated mental state element of intent. The CFAA only prohibits intentional unauthorized access; merely knowingly or recklessly accessing without authorization is not prohibited. So whatever unauthorized access means, the person must be guilty of doing that thing (the act of unauthorized access) intentionally to trigger the statute. Breyer seems to mix up those elements by focusing heavily on the fact that 3taps knew that Craigslist didn’t want 3taps to access its site. According to Judge Breyer, the clear notice meant that the case before him didn’t raise all the notice and vagueness issues that prompted the Ninth Circuit’s decision in Nosal.

I think this analysis is somewhat misdirected. In my view, the fact that 3taps was on notice that Craiglist did not want them to access the Craigslist website is only relevant to show intent. From that perspective, Judge Breyer should have been clearer that the cease-and-desist letter couldn’t make visiting the website an “unauthorized access.” The letter is just a written statement of the owner’s wishes as to who can visit the site, just like Terms of Service. In my view, whether the facts of the 3taps case amount to an unauthorized access hinges on the circumvention of IP blocking. If so, then the cease-and-desist letter shows that the act of unauthorized access was intentional; if not, then the letter does not have any relevance to the CFAA.

Anyway, it’s a very interesting case. By way of full disclosure, I have discussed this case with the defendant’s side but my analysis here remains my independent opinion.

UPDATE: I have fiddled with the post a bit shortly after putting it up to make my argument more clear.
http://www.volokh.com/2013/08/18/dis...nder-the-cfaa/





US Court Rules Masking IP Address to Access Blocked Website Violates Law

Summary: But the verdict is probably far narrower in its implications that some believe. Still, it's a troubling decision about a controversial law.
Steven J. Vaughan-Nichols

U.S. District Judge Charles Breyer in Northern District of California has ruled that avoiding an IP address block to connect to a Website is a breach of the Computer Fraud and Abuse Act (CFAA). Some have taken this decision to mean that the court's broad interpretation of the law may mean accessing Websites that are accessible only to some users by proxy servers , virtual private networks (VPN)s, or Tor may be illegal.

This decision arose from a case that all started because, unlike many other popular sites, Craigslist does not provide an application programming interface (API) for third party services to use its data. Indeed, in the summer of 2012, Craigslist briefly claimed the copyright over everything posted on Craigslist.

Craig Newmark, founder of Craigslist, who says that he's merely a "customer support representative" for the company, told Ars Technica last year that "I can say that our culture has always been community-driven, and what they tell us, in large numbers and for years, [is] that their posts are not to be used by others for profit." One of Craiglist's sources of income is charging for commercial apartment listings.

The case in question, Craigslist vs. 3Taps, revolved around a copyright infringement claim by Craigslist against data gathering company 3Taps. 3Taps had been scraping Craigslist rental apartment ads and then feeding the data via an API to the apartment listing company PadMapper. This business, in turn, used the data to create interactive maps using Google Maps for would-be renters. Craigslist claimed that this violated its terms of service (ToS).

So typical of a ToS legal disagreement, PadMapper and 3Taps came up with a workaround. Craigslist retaliated with a copyright claim against the two companies.

As is so often the case in circumstances like this, 3Taps countersued, claiming that Craigslist was trying to create a monopoly by squeezing out other would-be online classified advertising businesses.

Craigslist then blocked 3Taps Internet Protocol (IP) addresses from accessing its site. 3Taps continued, however, to pull Craigslist's data by concealing its identity with different IP addresses and proxy servers. Craigslist then argued that the 3Taps' subterfuge violated the CFAA which prohibits the intentional access of a computer without authorization that results in the capture of information from a protected computer.

Craiglist's CFAA claim bothered many experts.

The Electronic Frontier Foundation (EFF) in an amicus curiae to the Court stated that the CFAA had "been stretched to cover all sorts of non-hacking behavior. (PDF Link) This case perhaps represents the zenith of this trend: plaintiff Craigslist, Inc. (“Craigslist”) alleges defendant 3Taps Inc. (“3Taps”) violated the CFAA and Penal Code § 502 by copying data on Craigslist’s publicly available website and then republishing that information on its own website. Imposing CFAA liability under these circumstances means that it can now become criminal to copy and paste data from a publicly available website intended to be seen by as many people as possible on the Internet. A person using Craigslist to look for an apartment is authorized to write notes on a pen and paper, or manually plot apartment listings on a paper map. The same behavior should not be treated as criminal simply because it was done with a computer."

3Taps tried to have this CFAA claim thrown out but Breyer ruled that "This Court cannot grant an exception on to the statute (the CFAA) with no basis in the law’s language or this circuit’s interpretive precedent. Accordingly, the Court DENIES 3Taps’ motion." (PDF Link).

Orin S. Kerr, a professor of law at the George Washington University, believes Judge Breyer's decision is the first to directly address the issue that changing IP addresses to get around a block is an unauthorized access in violation of the CFAA. It's not a decision, he's happy with.

Kerr wrote, "IP addresses are very easily changed, and most people use the Internet from different IP addresses every day. As a result, attempting to block someone based on an IP address doesn’t 'block' them except in a very temporary sense. It pauses them for a few seconds more than actually blocks them."

Another legal expert, who doesn't wish to be named, doesn't see this decision having any broad effect. He summarized the decision as "The defendant moves to dismiss a CFAA complaint because the operator of a publicly-available Website cannot, it says, ban any particular user and use CFAA to enforce the ban. The court says it can't dismiss the complaint on that ground, because there's no support for the claimed immunity in the specific wording of the statute. The court says it isn't criminalizing widespread conduct, because the question involved (whether CFAA liability can attach for accessing websites one has been specifically banned from) doesn't involve those ordinary forms of cloaking," such as proxies, VPNs, or Tor.

In short, this is a decision applying only to a narrow, specific circumstance.

Hanni M. Fakhoury, staff attorney for the EFF, disagrees with the decision, "The court held that since everyone is 'authorized' to access a publicly accessible website under the CFAA, a party (here Craigslist) has to prove that this authorization was somehow revoked. In this case, the court said Craigslist's act of blocking 3Taps IP address and the cease and desist letter were enough to 'revoke' the authorization. We disagree that IP address blocking is a sufficient type of technological circumvention to prove 'access with authorization' under the CFAA since (1) its common and easy to mask your IP address; and (2) there are legitimate reasons to do so."

But could this decision affect you and your use of such IP masking technologies? Fakhoury replied, "As to whether it would impact other technologies like Tor, etc., the decision doesn't criminalize those steps in isolation. The opinion only says that if you use one of these techniques to work around the revocation of your access, there's a CFAA claim." So, while not a correct decision, it's still rather narrow in its potential application.
http://www.zdnet.com/us-court-rules-...aw-7000019701/





Four Ways the Guardian Could Have Protected Snowden – By THE NSA

Spooks' own advice lays out exactly how this crypto wypto hypto thing works
Chris Williams

Analysis The Guardian's editor-in-chief Alan Rusbridger fears journalists – and, by extension, everyone – will be reduced to using pen and paper to avoid prying American and British spooks online.

And his reporters must fly around the world to hold face-to-face meetings with sources ("Not good for the environment, but increasingly the only way to operate") because they believe all their internet and phone chatter will be eavesdropped on by the NSA and GCHQ.

"It would be highly unadvisable for … any journalist … to regard any electronic means of communication as safe," he wrote.

El Reg would like to save The Guardian a few bob, and reduce the jet-setting lefty paper's carbon footprint, by suggesting some handy tips – most of them based on the NSA's own guidance.

(It's quite possible the Graun's able staffers have already thought of all this, and whistleblower Edward Snowden eventually taught his contacts how to use PGP, but allow us to throw it out there anyway for everyone to consider.)

1. Encryption: It's not hard

David Miranda – the boyfriend of Glenn Greenwald, the journalist at the centre of Edward Snowden scoops about the NSA and GCHQ – was held at London Heathrow airport this week during a stopover from Berlin to Brazil. Miranda was carrying encrypted information in a laptop and USB drives, having visited Laura Poitras, the US filmmaker who worked with Greenwald on his NSA scandal stories.

You have to wonder why the Brazilian was being used as a data mule, for want of a better word, when there are other ways to securely transfer leaked documents without triggering the frankly unsettling schedule seven of the UK's Terrorism Act. Although, he may have been stopped even if he was carrying nothing but his phone.

It's reported that journalists, even tech journos, are woefully ill-equipped to deal with encrypted leaks: so let's put a stop to this digital fumbling in the dark, and let the record show that some of us have an idea of how it all works.

First of all, take the NSA's own advice [PDF] and grab a copy of the open-source cryptography toolkit GnuPG. Compile it for your favourite operating system (or trust a pre-built download having checked its integrity), and then generate a private-public key pair: data encrypted using the public key is decrypted using the private key. So your source encrypts her sneaked-out files using your public key, sends you those scrambled bytes and you reconstruct the original using the private key.

Why use key pairs, otherwise known as asymmetric encryption? Because it saves you having to whisper shared passwords to one another, essentially divulging secrets that if intercepted by an enemy would be catastrophic to your project.

With public-private keys there's no need to reveal pass-phrases or drop off nondescript packages containing password code books, as exciting as that may sound. Instead, you can freely reveal your public key: it's only good for encrypting stuff. (Technically speaking, the data is encrypted using a randomly generated one-off session key and a chosen cipher; asymmetric key encryption is computationally expensive, so a symmetric cipher and the session key is used to do all the heavy lifting. The asymmetric key pairs are used to encrypt the session key.)

Again, following the NSA's own advice, in your chosen PGP software, generate a Diffie-Hellman/DSS (or RSA if you're paranoid) key pair that's 4,096 bits in length, set to expire in one year (or less if you're planning a short whistle-blowing career), using AES-256 as the encryption cipher and SHA-2-512 as the hash function.
Keep your private key secret, encrypted and in one place (eg, not a police interrogation room)

Keep your generated private key somewhere safe and hidden, such as on a TrueCrypt-encrypted thumb drive, rather than at rest on a disk, and whatever you do, don't take it through customs. Use steganography to hide it in a picture of a cat.

Don't put yourself in a position where the police can demand it under the Regulation of Investigatory Powers Act. Don't keep the key, data and the computers you are using anywhere the Powers That Be, having obtained a warrant, expect to physically find them. You need to have transferred the goods before anyone realises.

While David Miranda insists he didn't know anything about the contents of the electronic documents he was carrying, he did hand over the passwords to his equipment to the plod after being threatened with imprisonment.

Thus, one only hopes any sensitive files he was carrying were encrypted using a second secret, one he couldn't possibly divulge because he didn't know it. However, that will not have impressed the cops, who may have thrown him in the cooler for a couple of years or until someone could provide that second key. This has happened in the past.

A good lawyer could get your mule off the hook if the brief argued that your bod didn't know the key nor the contents of the files (and thus was no more complicit in any wrongdoing than a Royal Mail worker delivering brown envelopes of leaked material). In this case, Miranda knew something and eight hours under the spotlight was enough for him.

In short, don't use data mules known to the authorities, and certainly not across guarded borders, unless you've got a bang-up lawyer (and pots of cash to pay for it) and a personal courier willing to spend hours, days or perhaps months detained.

(PS: Handing over account-level passwords, rather than decryption keys, is bad enough, though, for the poor bod intercepted; there is no doubt investigators will try to use this information to inspect email inboxes, instant messaging clients, social network accounts and anything else they could get hold of in search of wrongdoing. More determined operatives could use this sort of access to get a better idea of the chap's friends and associates for follow-up surveillance.)

Your source should also create her own public-private key pair, following the same steps above; this is needed to sign messages, or in other words cryptographically prove that the data hasn't been tampered with in transit and that it was created by the person who claims to have sent it.
Meet the Advanced Encryption Standard

As an aside: the AES-256 cipher, as mandated above, is recommended in the NSA's own advice [PDF]. Uncle Sam's spooks are told to use AES (Advanced Encryption Standard) and 128-bit keys to protect material designated "SECRET". "TOP SECRET" – the highest security level available and usually reserved for compartmentalised information distributed on a strict need-to-know basis – requires 256-bit keys.

The standard – developed in 1998 by Belgians Vincent Rijmen and Joan Daemen – is considered unbreakable and spook-proof by all but the very, very paranoid; decrypting the data without knowing the key will require an infeasible amount of computing power. We're talking more energy required than the universe can give us. There are 115,792,089,237,316,195,423,570,985,008,687,907,853,269,984, 665,640,564,039, 457,584,007,913,129,639,936 combinations of keys if you feel like trying to brute-force it.

Serious maths ... the calculations behind AES

It is possible someone could extract unencrypted information, or even the secret crypto keys, using a side-channel attack. This is usually pulled off by precisely timing the calculations performed by the system doing the encryption and recovering the goodies byte by byte.

Such endeavours, so far as we know, have worked against tiny keys (some as small as 32 bits). Then in 2010, three boffins showed they could quickly recover a 128-bit AES key by running unprivileged code that spies on CPU cache access on a Linux server running OpenSSL: on the one hand, yes, you need to be able to run your own malicious software on the machine to snaffle this data, but on the other hand, this will not be difficult for state-backed spooks with loads of private zero-day exploits – so steps need to be taken to defend against this sort of compromise.

Proud tinfoil-hat-wearers among us will point out that these encryption standards may have been molested by the NSA at some point, perhaps to introduce weaknesses that can be exploited to easily crack encrypted data. Putting aside the fact that these algorithms have faced intense public scrutiny before their deployment, if the spooks had nobbled the maths, one wonders why the cops are so keen to extract decryption keys from suspects (or even perfectly innocent people) ... though perhaps that's what they want us to think.

2. Use clean machines

Make sure you're doing all of this on completely clean computers, you and your whistleblower: only ever use them for communicating between you and your contact, and don't contaminate the kit with other stuff or have it in any way associated with your other work. Keep both machines powered down when not in use; don't connect either to your corporate or personal network.

Buy new machines for cash from a shop and harden them against attack: why not (again) take the NSA's own advice and make sure you're using Security-Enhanced Linux, a series of patches for the open-source OS that are now part of Linus Torvalds' official mainline kernel. More seriously, install Grsecurity and use TrueCrypt to protect disk volumes. The spooks have online public guides to securing OSes here.

Essentially, do everything you can to compartmentalise your system. Install a hypervisor (yeah, a good one) on the new computer, and run all of the above software – your PGP tools and other essential utilities – inside a hardened virtual machine. Once that VM is set up, snapshot it and save it off disk on secured removable storage.

Every time you need to look at the leaked encrypted documents (again, stored securely off disk), reload the snapshot and use that environment afresh, so that the VM doesn't have to touch the host machine's disk and also just in case the VM was compromised the last time you used it.

Bear in mind that if an attacker did infiltrate your VM and silently escaped the hypervisor, or otherwise snaffled your private key, it's game over. And state-backed spies will have zero-days to make this possible.

Even the NSA's own advice is to assume you've been compromised and work from there. "We have to build our systems on the assumption that adversaries will get in," the agency's Debora Plunkett told a security conference. "We have to, again, assume that all the components of our system are not safe, and make sure we're adjusting accordingly."

In other words, carve your hardware into compartments and protect them from each other, even using an old-fashioned air gap. Be paranoid.

3. How to shift the data securely

It's time for your source to package up the goods to leak: your contact can either use your public key to asymmetrically encrypt the files using PGP or if you've somehow agreed upon a key (typically generated from a pass-phrase) that is utterly secret between you two, then consider symmetric encryption using AES-256.

If this symmetric key falls into the wrong hands, then the jig is up, whereas in asymmetric encryption, you just have to be responsible for your own private key. Having said that, using AES-256 to encrypt your leaked data (once you have it) on removable storage, perhaps steganographically inside a video or TrueCrypt volume, is essential.

Encrypting files, once they've been archived into a zip or tarball for convenience's sake, is just a simple command line away. For symmetric, try:
gpg --output totallyinnocent.txt --symmetric leakedsecrets.pdf

...or for asymmetrically use:
gpg --output totallyinnocent.txt --encrypt --hidden-recipient Friend leakedsecrets.pdf

In the latter case, the source must have added the public key for Friend (that's you) using gpg --import. GnuPG is completely documented.

Of course, you'll need to exchange public keys. To avoid having to rely on encrypted instant messaging systems (such as OTR), publish your public key online, in the open. The first communication you may get from your leaker is an encrypted message from a throwaway email account from a Wi-Fi hotspot, and unfortunately such data is likely to set off triggers within the spooks' internet surveillance systems. The chase will be on immediately.

Once the leaker has encrypted her data, it's time to transfer it. Don't use email. Don't even consider uploading the file to a server across the open web, even if the data is encrypted: with the global internet dragnet in operation, you do not want to accidentally reveal your source by allowing spooks to realise the association between the two of you. (Life is made easier if your source outs himself, like Edward Snowden did, but then life hasn't been easy for him since.)

So consider using Tor, first backed by the US Navy for secure communications and then developed by the Electronic Frontier Foundation (EFF) and others. This is a system that routes connections through a mesh of computers joined up to the Tor network: your connection goes into an entry node, through a randomly selected path, jumping from machine to machine, until it reaches an exit node, which connects to the outside world. The exact path taken is decided by the user's software and cryptographically shielded to prevent someone from tracing you back through the network.

The computer you eventually connect to outside the Tor network will only see a connection from the exit node – and, yes, this node can snaffle your network traffic so that's why we encrypt everything just in case someone compromised it (use a secure VPN if you wish, but that's beyond the scope of this piece).

How Tor works is best described with illustrations, such as the one below from the EFF, which has an excellent guide here.

Unfortunately, as noted computer security researcher The Grugq pointed out, the NSA and GCHQ will have all the entry and exit points of Tor covered:
The financial cost of compromising the Tor network is not even a rounding error in a nation state budget. It is the equivalent of a portion of the change found in the couch. Further more, Tor is not new. It isn’t as if nation state level adversaries just woke up last week, “holy shit, this Tor thing! We better get on that!”

The trick, in El Reg's opinion, is to get the data transferred before the spooks put a crack team on you and your mole to swipe the keys or otherwise prevent the leak. So, if you're persevering, set up a hidden service, which allows your source to securely connect to your server across the Tor mesh. See, no need to fly a data mule through Heathrow.

4. Using hidden services

Take a clean, secured new PC and hook it up to the internet far away from your other networks; run an SSL protected web or FTPS server and allow your leaker to anonymously upload files to it, effectively creating your own personal drop box.

Agree on a time and date to do this, and pull the plug once the deed is done. And do this after the source has fled to a country without a US extradition treaty, such as Ecuador.

Then you can transfer the encrypted data, via removable media, to your clean not-networked VM to decrypt with the private key you've kept away from everything. Publish the juicy details before someone can slap an injunction on you, officials turn up and demand some computers are smashed up, or armies of state-sponsored hackers try to raid your setup for all the data you hold.

So that's your air gap. Those are the hoops you need to jump through. You may as well hide some secret encrypted data in a video, put it on a DVD, and post it first class.

And, lest your humble hack hasn't made his point strong enough, you're up against a nation state, not some credit-card stealing hacker; even if you don't believe spies can record conversations in rooms using lasers pointed at windows, they have resources.
As The Grugq concluded after the Snowden scandal broke, you're dealing with plenty of unknowns:
Practicing effective counterintelligence on the internet is an extremely difficult process and requires planning, evaluating options, capital investment in hardware, and a clear goal in mind. If you just want to “stay anonymous from the NSA”, or whomever … good luck with that. My advice? Pick different adversaries.

Speaking of which, let's not forget the tech giants holding all our data for years. The big cloud providers know everything about us, although Google and its fellows insist that staff access to netizens' personal data is highly restricted.

As one UK government security staffer complained to El Reg even before the NSA PRISM firestorm kicked off: "You would not believe the hoops we have to jump through to access an email, all the legal paperwork that needs completing, when Google has everyone on file and no one blinks an eye."
http://www.theregister.co.uk/2013/08...snowden_advice





Longboat Key Cameras Raise Privacy Concerns
John Rogers

License plate cameras are now up and running on Longboat Key.

They're positioned at the north and south ends of the island, and they run the tags of every car that passes by.

After only a couple of days, officers already made an arrest thanks to the technology.

"This is a tremendous benefit to the department and the community, really," said Longboat Key Police Chief Pete Cumming.

The system compares the photos to state and national databases looking for violations- anything from an expired tag to a kidnapper. If there is a hit, the picture is then sent to dispatch, and an officer is contacted.

Hits only come up when a violation is found, but Cumming says every single photo taken is stored for up to ten years.

"They're all stored as evidence, that's right. Even if we don't use them," said Cumming.

Some feel these cameras pose an invasion of privacy.

The cameras only snap photos of license plates, not your faces. But the ACLU has some serious privacy concerns. They're worried these cameras could be misused to track people's movements.

In a recent report, the ACLU said these cameras store vast amounts of data on innocent people.

The group is concerned about the length of time the data is stored. The ACLU also commented that the cameras pose a risk to people's privacy since it could be used to track people's movements.

The report stated: "Anyone with access to these systems could track his boss, his ex-wife, his romantic or workplace rivals, friends, enemies, neighbors, family, and so forth. An agent could target the owners of vehicles parked at political meetings, gay bars, gun stores, or abortion clinics."

"There are regulations, policies and laws in place that prohibit that kind of abuse. And if abuse is discovered, it's punished," said Cumming.

The chief says these cameras do the same work any patrolman would do, only a lot quicker.

The ACLU says there are cameras like these all across the country, but not all of them store the data for the same time period as Longboat Key.

For example, the Minnesota State Patrol only keeps license plate data for 48 hours. The Ohio State Highway Patrol deletes all non-hits immediately.
http://www.wfla.com/story/23182549/l...n-longboat-key





Canon Spies Opportunity in Surveillance as Camera Growth Cools
Sophie Knight and Reiji Murai

Nosy governments and nervous homeowners, among other drivers of the surveillance society, may soon upstage amateur photographers as the focus for big camera makers such as Canon Inc (7751.T) who spot growing opportunities in the security market.

Canon, the industry leader, has been hit with a sudden downturn in shipments of its top-end digital cameras, an increasingly saturated market sensitive to the recent slowdown in emerging economies and with a receding pace of innovation.

Add to that a compact camera market that has been battered by smartphones with increasingly high-resolution cameras, and companies like Canon have been left scrambling for new markets.

"A major focus for the next phase is increasing our business-to-business (B2B) sales, and of course security cameras - which is a huge market - is part of that," Canon President and CEO Fujio Mitarai said in an interview.

Canon is looking beyond digital cameras - the last consumer gadget industry still dominated by Japan Inc - and targeting industrial and corporate clients, much like Japanese peers such as Panasonic Corp (6752.T) which fell prey to foreign competition in TVs and other consumer electronics.

Canon sees surveillance cameras, which research firm IHS forecasts will swell by two-thirds to a global market of $23 billion by 2017, as a wide-open playing field with no dominant suppliers and an ideal target for its B2B ambitions.

The company, which counts the U.S. Secret Service as a customer, aims to reach annual sales from the sector of about $1 billion during its next five-year plan from 2016, Mitarai said.

Panasonic said its security camera division posted sales of 13.4 billion yen ($136 million) in the latest quarter and it was aiming for annual growth of 15 percent. Sony Corp (6758.T) said it was also aiming to leverage its image sensor technology to become a major player in the sector.

B2B, OR NOT TO BE?

The market is booming as concerns mount over crime and security, even as headlines stir worries about covert governmental and corporate surveillance operations.

Japan is the third-biggest market for security cameras behind China and the United States, with the switch to networked digital systems from analogue CCTV devices stimulating demand even in saturated markets such as Britain, which had one surveillance camera for every 16 people in 2012, according to IHS.

"The market is growing quite quickly, and is forecast to grow the most in Asia," said Jon Cropley, principal analyst for video surveillance at IHS. "But it's a highly fragmented and competitive market with lots of companies involved. Coming up with a unique selling point can be difficult."

Canon says its lens and sensor technology will position it well to shoot to the top of the sector, which is packed with smaller firms but few major players besides Sweden's Axis AB (AXIS.ST).

It faced a similar challenge when it targeted the then-fledgling digital camera market more than a decade ago: a fast-growing, fragmented market that was just beginning to mature, when it marched in with a broad product line and proceeded to dominate it. Canon claimed more than a fifth of the total digital camera market in 2012, and 43 percent of the high-end market for interchangeable-lens cameras.

But this year their reliable high-end camera business has turned unexpectedly sour, with analysts reversing a double-digit growth forecast to a double-digit decline.

Worldwide shipments of Canon's interchangeable-lens cameras fell 6.7 percent in the first six months of this year, a sharper decline than the industry average of 5 percent, according to International Data Corp (IDC).

"It appears over the past nine months the interchangeable market has entered a new phase of maturity," said Chris Chute, research director of digital imaging at IDC, which last week reversed its forecast for the market of an 11.9 percent increase to an 11.3 percent drop.

"A strategy that camera companies have to take is to diversify away from one of their traditional reliably profitable markets," Chute said. "If anything, I see Canon being one of the leaders moving away from the consumer sector."

Mitarai, who returned to the helm last year to help turn around a slide in profit, says he is already steering the company in that direction in the hope of reducing its dependence on the consumer market for 70 percent of its sales.

He also said the company is constantly on the lookout to spend some of its 700 billion yen ($7.1 billion) cash pile on an M&A deal to achieve that - whether in security cameras or in another of the cutting-edge technologies it is exploring.

"Security cameras are going to become an important pillar for us," Mitarai said. "We've already made it a separate division, and think that the global market has limitless possibilities for growth."

(Corrects data source in paragraph 15)

($1 = 98.6050 Japanese yen)

(Editing by Edmund Klamann and Ian Geoghegan)
http://www.reuters.com/article/2013/...97M0BE20130823





New Details Show Broader NSA Surveillance Reach

Programs Cover 75% of Nation's Traffic, Can Snare Emails
Siobhan Gorman and Jennifer Valentino-Devries

The National Security Agency—which possesses only limited legal authority to spy on U.S. citizens—has built a surveillance network that covers more Americans' Internet communications than officials have publicly disclosed, current and former officials say.

The system has the capacity to reach roughly 75% of all U.S. Internet traffic in the hunt for foreign intelligence, including a wide array of communications by foreigners and Americans. In some cases, it retains the written content of emails sent between citizens within the U.S. and also filters domestic phone calls made with Internet technology, these people say.

The NSA's filtering, carried out with telecom companies, is designed to look for communications that either originate or end abroad, or are entirely foreign but happen to be passing through the U.S. But officials say the system's broad reach makes it more likely that purely domestic communications will be incidentally intercepted and collected in the hunt for foreign ones.

The programs, code-named Blarney, Fairview, Oakstar, Lithium and Stormbrew, among others, filter and gather information at major telecommunications companies. Blarney, for instance, was established with AT&T Inc., former officials say. AT&T declined to comment.

This filtering takes place at more than a dozen locations at major Internet junctions in the U.S., officials say. Previously, any NSA filtering of this kind was largely believed to be happening near points where undersea or other foreign cables enter the country.

Details of these surveillance programs were gathered from interviews with current and former intelligence and government officials and people from companies that help build or operate the systems, or provide data. Most have direct knowledge of the work.

The NSA defends its practices as legal and respectful of Americans' privacy. According to NSA spokeswoman Vanee Vines, if American communications are "incidentally collected during NSA's lawful signals intelligence activities," the agency follows "minimization procedures that are approved by the U.S. attorney general and designed to protect the privacy of United States persons."

As another U.S. official puts it, the NSA is "not wallowing willy-nilly" through Americans' idle online chatter. "We want high-grade ore."

To achieve that, the programs use complex algorithms that, in effect, operate like filters placed over a stream with holes designed to let certain pieces of information flow through. After the 2001 terrorist attacks, NSA widened the holes to capture more information when the government broadened its definition of what constitutes "reasonable" collection, according to a former top intelligence official.

The NSA's U.S. programs have been described in narrower terms in the documents released by former NSA contractor Edward Snowden. One, for instance, acquires Americans' phone records; another, called Prism, makes requests for stored data to Internet companies. By contrast, this set of programs shows the NSA has the capability to track almost anything that happens online, so long as it is covered by a broad court order.

The NSA programs are approved and overseen by the secret Foreign Intelligence Surveillance Court. NSA is required to destroy information on Americans that doesn't fall under exceptions to the rule, including information that is relevant to foreign intelligence, encrypted, or evidence of a crime.

The NSA is focused on collecting foreign intelligence, but the streams of data it monitors include both foreign and domestic communications. Inevitably, officials say, some U.S. Internet communications are scanned and intercepted, including both "metadata" about communications, such as the "to" and "from" lines in an email, and the contents of the communications themselves.

Much, but not all, of the data is discarded, meaning some communications between Americans are stored in the NSA's databases, officials say. Some lawmakers and civil libertarians say that, given the volumes of data NSA is examining, privacy protections are insufficient.

Sen. Ron Wyden, an Oregon Democrat, in 2012 sought but failed to prohibit the agency from searching its databases for information on Americans without a warrant. He has also pushed intelligence agencies to detail how many Americans' communications have been collected and to explain whether purely domestic communications are retained in NSA's databanks. They have declined.

"Technology is moving us swiftly into a world where the only barriers to this kind of dragnet surveillance are the protections enshrined into law," Mr. Wyden says.

This month President Barack Obama proposed changes to NSA surveillance to improve oversight. Those proposed changes wouldn't alter the systems in the U.S. that NSA relies upon for some of its most sensitive surveillance.

The systems operate like this: The NSA asks telecom companies to send it various streams of Internet traffic it believes most likely to contain foreign intelligence. This is the first cut of the data.

These requests don't ask for all Internet traffic. Rather, they focus on certain areas of interest, according to a person familiar with the legal process. "It's still a large amount of data, but not everything in the world," this person says.

The second cut is done by NSA. It briefly copies the traffic and decides which communications to keep based on what it calls "strong selectors"—say, an email address, or a large block of computer addresses that correspond to an organization it is interested in. In making these decisions, the NSA can look at content of communications as well as information about who is sending the data.

One U.S. official says the agency doesn't itself "access" all the traffic within the surveillance system. The agency defines access as "things we actually touch," this person says, pointing out that the telecom companies do the first stage of filtering.

The surveillance system is built on relationships with telecommunications carriers that together cover about 75% of U.S. Internet communications. They must hand over what the NSA asks for under orders from the secret Foreign Intelligence Surveillance Court. The firms search Internet traffic based on the NSA's criteria, current and former officials say.

Verizon Communications Inc., for example, has placed intercepts in the largest U.S. metropolitan areas, according to one person familiar with the technology. It isn't clear how much information these intercepts send to the NSA. A Verizon spokesman declined to comment.

Not all telecommunications providers handle the government demands the same way, says the person familiar with the legal process. According to a U.S. official, lawyers at telecom companies serve as checks on what the NSA receives. "The providers are independently deciding what would be responsive," the official says.

Lawyers for at least one major provider have taken the view that they will provide access only to "clearly foreign" streams of data—for example, ones involving connections to ISPs in, say, Mexico, according to the person familiar with the legal process. The complexities of Internet routing mean it isn't always easy to isolate foreign traffic, but the goal is "to prevent traffic from Kansas City to San Francisco from ending up" with the NSA, the person says.

At times, the NSA has asked for access to data streams that are more likely to include domestic communications, this person says, and "it has caused friction." This person added that government officials have said some providers do indeed comply with requests like this.

The person says talks between the government and different telecoms about what constitutes foreign communications have "been going on for some years," and that some in the industry believe the law is unclear on Internet traffic. "Somebody should enunciate a rule," this person says.

Intelligence officials and the White House argue NSA's surveillance provides early warnings of terror threats that don't respect geographic boundaries. "It's true we have significant capabilities," Mr. Obama said in his NSA remarks last week. "What's also true is we show a restraint that many governments around the world don't even think to do."

Mr. Obama and top intelligence officials say NSA's programs are overseen by all three branches of government, citing procedures approved by the secret surveillance court that require the NSA to eliminate "incidentally acquired" data on Americans. "If you say, 'We don't want the NSA to be scanning large amounts of traffic,' you're saying you don't want it to do its job," says one former official.

Blarney, Fairview, Oakstar, Lithium and Stormbrew were mentioned, but not fully explained, in documents released by Mr. Snowden. An NSA paper released this month mentioned several but didn't describe them beyond saying, "The government compels one or more providers to assist NSA with the collection of information responsive to the foreign intelligence need."

The system is built with gear made by Boeing Co.'s Narus subsidiary, which makes filtering technology, and Internet hardware manufacturers Cisco Systems Inc. and Juniper Networks Inc., among other companies, according to former intelligence officials and industry figures familiar with the equipment.

Narus didn't respond to requests for comment. Cisco and Juniper declined to comment.

The NSA started setting up Internet intercepts well before 2001, former intelligence officials say. Run by NSA's secretive Special Services Office, these types of programs were at first designed to intercept communications overseas through arrangements with foreign Internet providers, the former officials say. NSA still has such arrangements in many countries, particularly in the Middle East and Europe, the former officials say.

Within NSA, former officials say, intelligence officers joked that the Blarney intercept program with AT&T was named in homage to the NSA program Shamrock, which intercepted telegraphic messages into and out of the U.S. and was an inspiration for the 1978 Foreign Intelligence Surveillance Act, which created the secret national-security court and placed intelligence activities under its supervision.

Blarney was in use before the 2001 terror attacks, operating at or near key fiber-optic landing points in the U.S. to capture foreign communications coming in and out of the country. One example is an AT&T facility in San Francisco that was revealed in 2006 during the debate over warrantless wiretapping. A similar facility was built at an AT&T site in New Jersey, former officials say.

After the 2001 attacks, a former official says, these intercept systems were expanded to include key Internet networks within the U.S. through partnerships with U.S. Internet backbone providers. Amid fears of terrorist "sleeper cells" inside the U.S., the government under President George W. Bush also began redefining how much domestic data it could collect.

For the 2002 Winter Olympics in Salt Lake City, officials say, the Federal Bureau of Investigation and NSA arranged with Qwest Communications International Inc. to use intercept equipment for a period of less than six months around the time of the event. It monitored the content of all email and text communications in the Salt Lake City area.

At that point, the systems fed into the Bush administration's program of warrantless wiretapping, which circumvented the surveillance court on the authority of the president's power as commander in chief. The Bush administration came under criticism from lawmakers and civil libertarians for sidestepping court supervision.

The current legal backing for Blarney and its related programs stems from a section of a 2008 surveillance law. It permits the government, for foreign intelligence investigations, to snoop on foreigners "reasonably believed" to be outside the U.S.

Previously, the law had tighter standards. It allowed the government to spy on people if there were "probable cause" to believe they were an "agent of a foreign power."

NSA has discretion on setting its filters, and the system relies significantly on self-policing. This can result in improper collection that continues for years.

For example, a recent Snowden document showed that the surveillance court ruled that the NSA had set up an unconstitutional collection effort. Officials say it was an unintentional mistake made in 2008 when it set filters on programs like these that monitor Internet traffic; NSA uncovered the inappropriate filtering in 2011 and reported it.

"NSA's foreign intelligence collection activities are continually audited and overseen internally and externally," Ms. Vines says. "When we make a mistake in carrying out our foreign intelligence mission, we report the issue internally and to federal overseers and aggressively get to the bottom of it."

Another Snowden document describes the procedures NSA uses to protect American information that is retained. Any such information is "minimized," meaning that it is destroyed. The document highlights several exceptions, including encrypted communications and information of foreign intelligence significance.

Officials acknowledged some purely domestic communications are incidentally swept into the system. "We don't keep track of numbers of U.S. persons," a U.S. official says. "What we try to do is minimize any exposure."

When searching the data, intelligence officials say they are permitted to look only for information related to a "foreign intelligence interest." In practice, the NSA has latitude under that standard, and an American's communication could be read without a warrant, another U.S. official says.

Paul Kouroupas, a former executive at Global Crossing Ltd. and other telecom companies responsible for security and government affairs, says the checks and balances in the NSA programs depend on telecommunications companies and the government policing the system themselves. "There's technically and physically nothing preventing a much broader surveillance," he says.

An official at Global Crossing's parent, Level 3 Communications Inc., says the company complies with laws requiring it to assist government investigations and declined to disclose the assistance provided.

It is difficult to know how much domestic data NSA is inadvertently retaining. The filtering technology relies on algorithms to seek out valuable communications. A U.S. official says analysts guide the use of these algorithms to make them as precise as possible.

—Devlin Barrett contributed to this article.
http://online.wsj.com/article_email/...DEyNDAyWj.html





Lawmakers Probe Willful Abuses of Power by NSA Analysts
Chris Strohm

The leaders of U.S. congressional intelligence committees said they want to probe the intentional abuses of surveillance authority committed by some National Security Agency analysts in the past decade.

“I am reviewing each of these incidents in detail,” Dianne Feinstein, a California Democrat and chairman of the Senate intelligence panel, said in a statement, after the NSA confirmed to Bloomberg News yesterday that some analysts deliberately ignored restrictions on their authority to spy on Americans.

“Any case of noncompliance is unacceptable, but these small numbers of cases do not change my view that NSA takes significant care to prevent any abuses and that there is a substantial oversight system in place,” Feinstein said.

The incidents, chronicled by the NSA’s inspector general, provide additional evidence that U.S. intelligence agencies sometimes have violated the legal and administrative restrictions on domestic spying, and may add to the pressure to bolster laws that govern intelligence activities.

Republican Representative Mike Rogers of Michigan, chairman of the House intelligence committee, is reviewing the cases of intentional misconduct in detail, his spokeswoman, Susan Phalen, said in a statement.

There were “approximately a dozen” cases in the past 10 years that “involved improper behavior on the part of individual employees,” Phalen said.

Most of the cases didn’t involve the communications of Americans, Feinstein said.

Willful Violations

Republican Representative Justin Amash of Michigan is seeking details about the incidents, his spokesman, Will Adams, said in a statement. Amash proposed a measure last month that would have denied the NSA funding to collect telephone records on millions of Americans. It fell seven votes short of passing.

“Over the past decade, very rare instances of willful violations of NSA’s authorities have been found,” the agency said in a statement to Bloomberg News. “NSA takes very seriously allegations of misconduct, and cooperates fully with any investigations -- responding as appropriate. NSA has zero tolerance for willful violations of the agency’s authorities.”

The compilation of willful violations, while limited, contradicts repeated assertions that no deliberate abuses occurred.

Army General Keith Alexander, director of the NSA, said during a conference in New York on Aug. 8 that “no one has willfully or knowingly disobeyed the law or tried to invade your civil liberties or privacy.”

‘Misleading Statements’

President Barack Obama told CNN in an interview broadcast yesterday he is confident no one at the NSA is “trying to abuse this program or listen in on people’s e-mail.”

“There’s a pattern of the administration making misleading statements about its surveillance activities,” Jameel Jaffer, a deputy legal director at the American Civil Liberties Union, said in a phone interview. “The government tells us one thing, and another thing is true.”

A secret court that oversees the NSA said in a declassified legal opinion from October 2011 the agency substantially misrepresented the scope of surveillance operations three times in less than three years.

Obama’s administration should make the cases of intentional misconduct public so Americans can assess their significance, Jaffer said.

The cases involved inappropriate actions by people with access to the NSA’s vast electronic surveillance systems, according to an official familiar with the findings who spoke on the condition of anonymity to discuss classified intelligence.

Executive Order

In a few cases, NSA officials or contractors used agency surveillance tools or data to spy on people in which they had romantic interests, said two U.S. officials familiar with the cases, speaking on the condition of anonymity.

The deliberate actions didn’t violate the 1978 Foreign Intelligence Surveillance Act or the USA Patriot Act, the NSA said in its statement. Instead, they overstepped 1981 Executive Order 12333, issued by President Ronald Reagan, which governs U.S. intelligence operations.

The actions, said a second U.S. official briefed on them, were the work of overzealous NSA employees or contractors eager to prevent any encore to the Sept. 11, 2001, terrorist attacks.

The agency has taken steps to ensure that everyone understands the legal and administrative boundaries on NSA activities, whom to consult when questions arise, and the consequences of violations or willful ignorance, said the official, who spoke on the condition of anonymity because details on the cases are classified.

Defending NSA

Feinstein said her committee has never identified an instance in which the NSA has intentionally abused its authority under the Foreign Intelligence Surveillance Act.

Intelligence officials have attributed most abuses of the FISA restrictions on the NSA’s surveillance of domestic phone calls, e-mails and other communications to technical or inadvertent errors.

Legal opinions declassified on Aug. 21 revealed that the NSA intercepted as many as 56,000 electronic communications a year of Americans who weren’t suspected of having links to terrorism, before a secret court that oversees surveillance found the operation unconstitutional in 2011.

A May 2012 internal government audit found more than 2,700 violations involving surveillance of Americans and foreigners over a one-year period. The audit was reported Aug. 16 by the Washington Post, citing documents provided by former NSA contractor Edward Snowden.

John DeLong, the agency’s director of compliance, first referred to deliberate abuses of the 1981 executive order on Aug. 16, telling reporters there had been rare instances of “willful violations” of legal authority and the privacy rights of U.S. citizens. He said there had been “a couple over the past decades,” according to a transcript provided by the agency.

“When they do occur, right, they are detected, corrected, reported to the inspector general and appropriate action is taken,” he said.
http://www.bloomberg.com/news/2013-0...ple-times.html





In the 21st Century Surveillance State, We Are All Terrorists

Intimidating reporters, destroying their computers, detaining them under false pretenses -- it's all in a day's work for today's modern spy agency.
Dan Tynan 5

“You’ve had your debate. There’s no need to write any more.”

These chilling words were delivered by an unnamed official of Her Majesty’s Secret Service to UK Guardian editor Alan Rusbridger, shortly before he was ordered to destroy every computer and hard drive containing files given to the Guardian by Edward Snowden.

This encounter happened more than a month ago. Rusbridger only revealed it yesterday after British secret service detained David Miranda at Heathrow Airport under Schedule 7 of the UK’s Terrorism Act 2000, the British equivalent of the Patriot Act.

That law allows UK officials to detain suspected terrorists for up to 9 hours while denying them contact with anyone else. And that’s exactly what they did. The Brits also confiscated all of Miranda’s digital gear – which, presumably, contained more documents from Edward Snowden.

Miranda is the boyfriend of journalist Glenn Greenwald. (I assume you’ve heard of him.) He was apparently acting as a courier between Greenwald, based in Brazil, and his reporting partner in the Snowden Affair, film-maker Laura Poitras, who lives in Berlin.

Aside from that we know very little. But a few things have now become crystal clear.

* If there was any doubt that US and UK spooks are performing 24/7 surveillance on Greenwald, Poitras, and anyone else involved with the leaks, there isn’t now. How else would they know who Miranda was and when he would be on British soil?

* The UK is defending the seizure by claiming Miranda was “in possession of highly sensitive stolen information that would help terrorism.” The documents that were in Miranda’s possession were encrypted. So how, exactly, would UK officials know what’s inside them?

* Clearly Greenwald et al have no faith that any electronic communications can be trusted, and have resorted to face-to-face exchanges of data – a kind of global sneakernet. Following the voluntary closures of two encrypted email services last week, and Google’s declaration that Gmail users “have no legitimate expectation of privacy,” this drives yet another nail into the coffin of so-called private communications.

I think even lifelong British bureaucrats understand that destroying the Guardian’s hardware did nothing to destroy the data that lives on it. Encrypted copies abound – if not in England, then certainly in Russia, Germany, and Brazil.

No, they did it to send a message. And that message is, Your debate is inconsequential. We control the horizontal and the vertical. We’ll do what we want, and there’s nothing you can do to stop us.

Miranda Warning

As I’ve written before, there are only two things you need to worry about from wall-to-wall 24/7 surveillance: accidental mistakes and intentional ones.

Last year, the NSA made nearly 3,000 accidental mistakes in surveillance, ranging from mis-identifying Americans as foreigners to typos that allowed NSA analysts to confuse calls made from Washington DC with those made from Egypt.

To see the potential consequences of an accidental mistake, Google Brandon Mayfield or Khalid el-Masri. Due to an FBI screw-up with fingerprint matching, Mayfield almost spent the rest of his life in a maximum security prison. German citizen el-Masri was abducted by the CIA, sent off to a secret prison, tortured for five months, then dumped on the side of a road. His crime? Having a name that was a phonetic match to an actual terrorist.

For a more benign example, just ask anyone named “David Nelson” who attempted to board a flight after 9/11 and got stopped because his name was on the TSA’s Do Not Fly list.

But yanking David Miranda out of a queue at Heathrow, tossing him into an interrogation room, and sweating him for nine hours is an example of the other kind of mistake. Nobody in the UK secret service thought Miranda was really a terrorist – or, at least, how you and I would define “terrorist.” That, too, was sending a message.

It was a warning to Greenwald but also to journalists and whistleblowers in general: The gloves are coming off. Or as the kids like to say, s**t just got real.

Cooking the books

There are some sad ironies in all of this.

Ed Snowden got away with taking a trove of secret documents from the NSA because an organization whose mission is to watch everyone failed to watch him. The NSA failed IT Security 101: segregation of duties. A single individual should not have the ability to access sensitive data as well as the ability to control the audit trail.

If you own a bank, you don’t want the person you’ve hired to guard the money to be the same guy who’s keeping the books.

By the same token, though, the NSA and the UK’s GCHQ are also operating with almost no oversight, despite what Barack Obama or David Cameron might try to tell you. That’s because they’re the ones who get to say who is and isn’t a terrorist suspect, then scoop them up and lock them away.

In other words, a “terrorist” is anyone the spooks say is a terrorist. In the past, we might reasonably assume our intelligence agencies targeted people who presented a potential threat to us. With the Miranda detention, it’s clear that a “terrorist” is anyone who presents a threat to them.

Not to sound too paranoid, but: This is how totalitarianism starts.

I know some people worry about the safety of Julian Assange. (Others fantasize about him being killed in a drone strike.) Not me. Assange is not nearly as important as he likes to think he is. Assange is like a guy who goes to bed in a dark room, wakes up with the lights blazing, and thinks he invented electricity in his sleep.

No, I’m worried about the safety of Glenn Greenwald and Laura Poitras. I’m worried about the safety of the Washington Post’s Barton Gellman; and the New York Times’ Eric Lichtblau, James Risen, and Charlie Savage; and Reuters’ John Shiffman and Kristina Cooke; and all the others who’ve done such an amazing job unraveling the Gordian knots of our industrial surveillance complex, post-Snowden. I worry about their sources, too – real people with serious jobs who are taking an enormous risk in talking to them.
I worry that we will wake up to headlines that Greenwald has died in a car accident. Or from a drug overdose. Or that he got caught by a stray bullet in a convenience store robbery. Or maybe they’ll take a page out of Vladimir Putin’s book and just assassinate him in broad daylight. And all we’ll have left are a series of Internet conspiracy theories.

Because if this latest round of intimidation fails to work – and both the Guardian and Greenwald have vowed that it won’t – that’s the next logical step.

I’m not worried because I share a profession with these guys. I’m worried because when government fails to do its job or tries to assume too much control, reporters like these are the only way we’ll ever know about it. Despite its many deep flaws, the media is still our last best line of defense.

Datapocalypse

Still I think this strategy will backfire horribly on the spooks. Because here’s what is most likely to happen.

So far, I think, the Guardian and others have exercised reasonable restraint in what they have reported. They are at least attempting to understand the data before presenting it, and to maintain a balance between the public’s right to know and putting lives or even countries in danger. Reasonable people can disagree about how good a job they’re doing at that, but it’s clear they’re trying to achieve a level of responsible disclosure (unlike, say, Julian Assange did when he released 250,000 unredacted state department cables from Bradley Manning).

If you detain reporters at the airport and confiscate their thumb drives or force them to destroy computers, they will stop trying to parse the data and redact the most sensitive bits. The only safe way to handle this information in the future would be to distribute it as widely and quickly as possible.

In other words, a total Internet data free for all, open to anyone and everyone – including foreign spies and actual terrorists. Is that the world we want to live in? I don’t think so. But it’s far preferable to one in which no one dares speak at all, lest they become one more “mistake.”
http://www.itworld.com/it-management...all-terrorists





Judge Sentences Bradley Manning to 35 Years
Julie Tate

A military judge on Wednesday morning sentenced Army Pfc. Bradley Manning to 35 years in prison for leaking hundreds of thousands of classified documents to the anti-secrecy group WikiLeaks.

Manning, 25, was convicted last month of multiple charges, including violations of the Espionage Act for copying and disseminating the documents while serving as an intelligence analyst at a forward operating base in Iraq. He faced up to 90 years in prison.

Manning is required to serve one-third of the sentence, minus three and half years of time served, before he is eligible for parole. That will be in eight years when he is 33.

Judge Denise Lind, an Army colonel, said Manning was dishonorably discharged. He was also reduced in rank and forfeits all pay.

Manning stood at attention, flanked by his attorneys, to hear the verdict with his aunt, Debra Van Alstyne, sitting behind him. He did not appear to react when the sentence was read.

As Manning was escorted out of the packed courtroom, more than half a dozen supporters shouted out to him, “We’ll keep fighting for you, Bradley! You’re our hero!”

The decision was immediately condemned by the American Civil Liberties Union.

“When a soldier who shared information with the press and public is punished far more harshly than others who tortured prisoners and killed civilians, something is seriously wrong with our justice system,” said Ben Wizner, director of the ACLU’s Speech, Privacy and Technology Project.

The government had asked the judge to sentence Manning to 60 years. “There is value in deterrence, your honor; this court must send a message to any soldier contemplating stealing classified information,” said Capt. Joe Morrow, a military prosecutor. “National security crimes that undermine the entire system must be taken seriously.”

Defense lawyer David Coombs portrayed Manning as a well-intentioned but isolated soldier with gender identification issues, and he asked Lind to impose “a sentence that allows him to have a life.”

“He cares about human life,” said Coombs as the sentencing phase of the court-martial at Fort Meade ended last week. “His biggest crime was he cared about the loss of life he was seeing and was struggling with it.”

Manning also addressed the court and apologized for his actions, saying he was “sorry that I hurt the United States.”

Manning will receive a credit of 1,293 days for the time he has been confined prior to the sentence, including 112 days of credit for abusive treatment he was subjected to in the brig at the Quantico Marine Base.

Manning transmitted the first documents to WikiLeaks in February 2010, sending what came to be known as the Iraq and Afghanistan “War Logs” — field reports from across both theaters. Manning’s lawyers said he had become disillusioned by what he was seeing in Iraq and hoped that the public release of the secret material would prompt greater public understanding of the wars.

Manning established a relationship online with a person who is thought to be Julian Assange, the founder of WikiLeaks. As their personal correspondence deepened, Manning continued to transmit more material, including assessments of detainees at Guantanamo Bay and an enormous cache of diplomatic cables. He also leaked a video that showed a U.S. Apache helicopter in Baghdad opening fire on a group of Iraqis, including two journalists and children, that the helicopter crew believed to be insurgents.

According to his lawyers, Manning became more and more stressed in Iraq, wrestling with his sexuality and the breakup of a relationship. At one point, in April 2010, he sent an e-mail to a superior with the subject line “My Problem” and a photo of himself wearing a blond wig and lipstick.

On May 7, Manning was found on the floor of a supply room with a knife at his feet. After some brief counseling, he was returned to his workstation. Later that same day, he struck a fellow soldier and was removed permanently from the secure environment where he worked.

Following these events, Manning boasted to hacker Adrian Lamo that he had been working with WikiLeaks. After engaging Manning for several days, Lamo informed Army investigators and the FBI about the breach of information and provided them with his chat logs with Manning.

Manning was arrested in Iraq on May 27, 2010.

Legal proceedings against Manning began in December 2011 and, in February of this year, Manning pleaded guilty to 10 lesser included charges. The trial portion of the proceedings began June 3, and on July 30, Lind found Manning guilty of 20 of the 22 charges he faced.
http://www.washingtonpost.com/world/...4cd_story.html





LEAKED: German Government Warns Key Entities Not To Use Windows 8 – Links The NSA

“A Special Surveillance Chip”
Wolf Richter

According to leaked internal documents from the German Federal Office for Information Security (BSI) that Die Zeit obtained, IT experts figured out that Windows 8, the touch-screen enabled, super-duper, but sales-challenged Microsoft operating system is outright dangerous for data security. It allows Microsoft to control the computer remotely through a built-in backdoor. Keys to that backdoor are likely accessible to the NSA – and in an unintended ironic twist, perhaps even to the Chinese.

The backdoor is called “Trusted Computing,” developed and promoted by the Trusted Computing Group, founded a decade ago by the all-American tech companies AMD, Cisco, Hewlett-Packard, IBM, Intel, Microsoft, and Wave Systems. Its core element is a chip, the Trusted Platform Module (TPM), and an operating system designed for it, such as Windows 8. Trusted Computing Group has developed the specifications of how the chip and operating systems work together.

Its purpose is Digital Rights Management and computer security. The system decides what software had been legally obtained and would be allowed to run on the computer, and what software, such as illegal copies or viruses and Trojans, should be disabled. The whole process would be governed by Windows, and through remote access, by Microsoft.

Now there is a new set of specifications out, creatively dubbed TPM 2.0. While TPM allowed users to opt in and out, TPM 2.0 is activated by default when the computer boots up. The user cannot turn it off. Microsoft decides what software can run on the computer, and the user cannot influence it in any way. Windows governs TPM 2.0. And what Microsoft does remotely is not visible to the user. In short, users of Windows 8 with TPM 2.0 surrender control over their machines the moment they turn it on for the first time.

It would be easy for Microsoft or chip manufacturers to pass the backdoor keys to the NSA and allow it to control those computers. NO, Microsoft would never do that, we protest. Alas, Microsoft, as we have learned from the constant flow of revelations, informs the US government of security holes in its products well before it issues fixes so that government agencies take advantage of the holes and get what they’re looking for.

Experts at the BSI, the Ministry of Economic Affairs, and the Federal Administration warned unequivocally against using computers with Windows 8 and TPM 2.0. One of the documents from early 2012 lamented, “Due to the loss of full sovereignty over the information technology, the security objectives of ‘confidentiality’ and ‘integrity’ can no longer be guaranteed.”

Elsewhere, the document warns, “This can have significant consequences on the IT security of the Federal Administration.” And it concludes, “The use of ‘Trusted Computing’ technology in this form … is unacceptable for the Federal Administration and for operators of critical infrastructure.”

Another document claims that Windows 8 with TPM 2.0 is “already” no longer usable. But Windows 7 can “be operated safely until 2020.” After that other solutions would have to be found for the IT systems of the Administration.

The documents also show that the German government tried to influence the formation of the TPM 2.0 specifications – a common practice in processes that take years and have many stakeholders – but was rebuffed. Others have gotten what they wanted, Die Zeit wrote. The NSA for example. At one of the last meetings between the TCG and various stakeholders, someone dropped the line, “The NSA agrees.”

Rüdiger Weis, a professor at the Beuth University of Technology in Berlin, and a cryptographic expert who has dealt with Trusted Computing for years, told Die Zeit in an interview that Microsoft wanted to completely change computing by integrating “a special surveillance chip” in every electronic device. Through that chip and the processes of Windows 8, particularly Secure Boot, “users largely lose control over their own hardware and software.”

But wouldn’t it contribute to higher levels of security? Certain aspects actually raise the risks, he said. For example, during production, the secret key to that backdoor is generated outside the chip and then transferred to the chip. During this process, copies of all keys can be made. “It’s possible that there are even legal requirements to that effect that cannot be reported.” And so the TPM is “a dream chip of the NSA.”

Perhaps even more ominously, he added: “The other realistic scenario is that TPM chip manufactures don’t sit within reach of the NSA, but in China….”

Apple phased out the surveillance chips in 2009. Linux doesn’t comply with the standards, and Linux machines cannot use the technology. Microsoft defended itself the best it could. The TPM is activated by default because most users accept defaults, it said. If users would have to activate the functions themselves, many users would end up operating a less secure system. And of course, government regulations that would require that users have the option to opt in or out would be unwise.

Instead, hardware manufactures could build machines with the chips deactivated, Microsoft said. If you want to have control over your computer, that’s what you’d have to buy. Another option would be to switch to Linux machines, something that the city government of Munich has started 10 years ago; the changeover should be complete before the year is up. This end of the NSA debacle cannot possibly be twisted into bullish news for Microsoft.
http://investmentwatchblog.com/leake...links-the-nsa/





Microsoft CEO Steve Ballmer to Retire Within 12 Months

Board of directors initiates succession process; Ballmer remains CEO until successor is named.

Microsoft Corp. today announced that Chief Executive Officer Steve Ballmer has decided to retire as CEO within the next 12 months, upon the completion of a process to choose his successor. In the meantime, Ballmer will continue as CEO and will lead Microsoft through the next steps of its transformation to a devices and services company that empowers people for the activities they value most.

“There is never a perfect time for this type of transition, but now is the right time,” Ballmer said. “We have embarked on a new strategy with a new organization and we have an amazing Senior Leadership Team. My original thoughts on timing would have had my retirement happen in the middle of our company’s transformation to a devices and services company. We need a CEO who will be here longer term for this new direction.”

The Board of Directors has appointed a special committee to direct the process. This committee is chaired by John Thompson, the board’s lead independent director, and includes Chairman of the Board Bill Gates, Chairman of the Audit Committee Chuck Noski and Chairman of the Compensation Committee Steve Luczo. The special committee is working with Heidrick & Struggles International Inc., a leading executive recruiting firm, and will consider both external and internal candidates.

“The board is committed to the effective transformation of Microsoft to a successful devices and services company,” Thompson said. “As this work continues, we are focused on selecting a new CEO to work with the company’s senior leadership team to chart the company’s course and execute on it in a highly competitive industry.”

“As a member of the succession planning committee, I’ll work closely with the other members of the board to identify a great new CEO,” said Gates. “We’re fortunate to have Steve in his role until the new CEO assumes these duties.”

Founded in 1975, Microsoft (Nasdaq “MSFT”) is the worldwide leader in software, services and solutions that help people and businesses realize their full potential.
http://www.microsoft.com/en-us/news/...ncementPR.aspx





GCSB Bill Passes After Final Reading
Audrey Young

The Government Communications Security Bureau and Related Legislation Amendment Bill has passed at its third reading.

Prime Minister and Minister Responsible for GCSB John Key welcomed the passing of the legislation.

"Despite ill-informed claims to the contrary, nothing in this legislation allows for wholesale spying on New Zealanders. It actually tightens, not widens, the existing regime,'' Mr Key said.

"This essential legislation makes it clear what the GCSB may and may not do, and fixes an Act passed under the Labour Government a decade ago, which was not, and probably never was, fit for purpose.

"It clarifies the GCSB's legal framework and substantially increases oversight of the country's intelligence agencies, which will go some way to rebuilding public confidence in the GCSB,'' Mr Key said.

The legislation passed today makes the GCSB's three functions clear, he said. ``These are:

Information assurance and cyber security;

Foreign intelligence, and;

Assisting other agencies.''

The Green Party said a fundamental constraint on freedom had become law.

"The National Government, along with Peter Dunne and John Banks, have signed away significant freedoms of New Zealanders by passing the Government Communications and Security Bureau (GCSB) legislation tonight,'' Greens' Co-leader Dr Russel Norman said.

"This legislation ... restricts our freedom of expression and our right to live without surveillance,'' he said.

Earlier today, during the third and final reading of the bill, Mr Key said if he could disclose some of the briefings he had had about risks to New Zealand it would "cut dead'' some of the opposition to the GCSB bill, but he could not divulge them.

He said he regretted that many citizens had become agitated and alarmed about the bill, but he would be more regretful if the bill's changes were not passed.

"The bill is being passed right now because it is needed right now.

"Others may play politics with the security and lives of New Zealanders, but I cannot and I do not and I will not.''

He said the bill "isn't a revolution in the way New Zealand conducts its intelligence operations.''

It made it clear what the GCSB could and could not do.

Mr Key said nothing in the bill allowed for wholesale surveillance of New Zealanders.

He repeated the statements he made to the Herald last week that approving interception warrants of New Zealanders under the cyber security function would be a two-step process, and that a warrant to look at content would be with the consent of the New Zealander unless there was a good reason not to seek consent.

It was Mr Key's first speech in Parliament on the bill, with previous debates having been handled by Justice Minister Judith Collins and Attorney-General Chris Finlayson.

Under the bill, the GCSB will have three functions. It will retain its traditional function of collecting foreign intelligence, and it is not allowed to spy on New Zealanders under that function, either under the current law or the new law.

Another function will be to assist the SIS, the police and Defence in conducting duly warranted interceptions of New Zealanders. It has been doing this already under doubtful legal authority, because while the current law says the GCSB can help such agencies in specific ways, it explicitly says it cannot spy on New Zealanders.

A further expansion of powers comes under the GCSB's cyber-security function. Until now its job has been to protect only Government communications from attack, but it will be extended to private-sector cyber systems if they are important enough to New Zealand.

In his speech, Mr Key also reiterated the position on metadata - that it would be treated the same in the bill as communications, which means that before a New Zealander's metadata can be collected, it will require a warrant to be signed by the Prime Minister and the Commissioner of Security Warrants.

Labour Leader David Shearer said a Labour-led government would hold an inquiry in order to create a world class intelligence service.

Labour Deputy Leader Grant Robertson said Mr Key's claim that the bill did not expand the GCSB's function was "fundamentally wrong.'' There were clearly new powers under the cyber security function, he said.

Greens' Co-leader Russel Norman said many people died last century fighting for freedoms "and we, here today, are fighting for those basic principles.''

He said it was hard to have a debate about protecting freedom in the abstract, and that was made harder with the Prime Minister "screaming hysterically about al Qaeda.''

Attorney-General Chris Finlayson attacked several critics of the bill including Rodney Harrison, QC, who presented the Law Society's submission on the bill, former Prime Minister Sir Geoffrey Palmer, former director of the GCSB Sir Bruce Ferguson, and historian and academic Dame Anne Salmond.

He told Parliament the bill hadn't been rushed through, but perhaps it had not been long enough for Mr Harrison to come to grips with it. He said much of difficulties that the bill addressed had occurred under Sir Bruce's watch despite him trying to reinvent himself as a commentator.

Mr Finlayson said Sir Geoffrey had allowed the GCSB to operate without any legislation at all while he had been Prime Minister, and he described Dame Anne's attacks as "shrill and unprofessional.''

The real problem had been with the passage of the 2003 legislation which should never have been passed, he said.

Yesterday Mr Key said he and GCSB director Ian Fletcher would resign if he found that the GCSB had engaged in mass surveillance because it would be unlawful.

****************************

What's different

Under current act, the GCSB:

• Gathers intelligence by spying on foreigners.

• Cannot spy on New Zealanders to gather intelligence.

• Protects Government communications from cyber attack.

• May help other domestic agencies such as SIS, Police and Defence and other entities in an unspecified manner.

Under new act, the GCSB:

• Protects Government communications and important private sector systems from cyber attack.

• Can spy on New Zealanders' communications content under cyber security, though John Key says it will be rare and on a second warrant only.

• Can help specifically the SIS, Police and Defence, to spy on New Zealanders if the other agencies are authorised under warrant or statute.

• Still cannot spy on New Zealanders to gather foreign intelligence.

Metadata

The word metadata (eg data logs rather than content) is not mentioned in the current act or the proposed act but the Attorney-General has stated in the Second Reading that the Government regards metadata as communications _ and therefore a warrant will be required by the GCSB to access New Zealanders' metadata.
http://www.nzherald.co.nz/nz/news/ar...ectid=11112152















Until next week,

- js.



















Current Week In Review





Recent WiRs -

August 17, August 10th, August 3rd, July 27th

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 03:25 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)