Quotulatiousness

November 21, 2016

“We are one click away from totalitarianism”

Filed under: Britain, Law — Tags: , , , — Nicholas @ 02:00

Cory Doctorow on the awful authoritarian “Snooper’s Charter” that somehow slithered onto the law books in Britain recently:

Britain’s love-affair with mass surveillance began under the Labour government, but it was two successive Conservative governments (one in coalition with the Liberal Democrats, who are nominally pro-civil liberties) who took Tony Blair’s mass surveillance system and turned it into a vicious, all-powerful weapon. Now, their work is done.

The Snoopers Charter — AKA the “Investigatory Powers Act” — is the most extreme surveillance law in Europe, more extreme that America’s Patriot Act and associated presidential orders and secret rulings from the Foreign Intelligence courts. Snowden nailed it when he said it “goes further than many autocracies.”

The fact that these new spying powers — which conscript tech companies to do the collection and retention of materials for use by the government, usually in secret — comes even as the ruling Conservative Party is barely holding itself together after the Brexit vote and the rise of nativist, racist, pro-deportation/anti-migrant movements who are working their way into the halls of power. Needless to say, any project of mass roundups and expulsions will rely heavily on the legal and technical capabilities for surveillance that the British state has just claimed for itself.

September 11, 2015

How about creating a truly open web?

Filed under: Liberty, Technology — Tags: , , , , , — Nicholas @ 02:00

Brewster Kahle on the need to blow up change the current web and recreate it with true open characteristics built-in from the start:

Over the last 25 years, millions of people have poured creativity and knowledge into the World Wide Web. New features have been added and dramatic flaws have emerged based on the original simple design. I would like to suggest we could now build a new Web on top of the existing Web that secures what we want most out of an expressive communication tool without giving up its inclusiveness. I believe we can do something quite counter-intuitive: We can lock the Web open.

One of my heroes, Larry Lessig, famously said “Code is Law.” The way we code the web will determine the way we live online. So we need to bake our values into our code. Freedom of expression needs to be baked into our code. Privacy should be baked into our code. Universal access to all knowledge. But right now, those values are not embedded in the Web.

It turns out that the World Wide Web is quite fragile. But it is huge. At the Internet Archive we collect one billion pages a week. We now know that Web pages only last about 100 days on average before they change or disappear. They blink on and off in their servers.

And the Web is massively accessible – unless you live in China. The Chinese government has blocked the Internet Archive, the New York Times, and other sites from its citizens. And other countries block their citizens’ access as well every once in a while. So the Web is not reliably accessible.

And the Web isn’t private. People, corporations, countries can spy on what you are reading. And they do. We now know, thanks to Edward Snowden, that Wikileaks readers were selected for targeting by the National Security Agency and the UK’s equivalent just because those organizations could identify those Web browsers that visited the site and identify the people likely to be using those browsers. In the library world, we know how important it is to protect reader privacy. Rounding people up for the things that they’ve read has a long and dreadful history. So we need a Web that is better than it is now in order to protect reader privacy.

May 8, 2015

Quantum Insert

Filed under: Britain, Technology, USA — Tags: , , , , , — Nicholas @ 02:00

Kim Zetter talks about some of the NSA’s more sneaky ways of intercepting communications:

Among all of the NSA hacking operations exposed by whistleblower Edward Snowden over the last two years, one in particular has stood out for its sophistication and stealthiness. Known as Quantum Insert, the man-on-the-side hacking technique has been used to great effect since 2005 by the NSA and its partner spy agency, Britain’s GCHQ, to hack into high-value, hard-to-reach systems and implant malware.

Quantum Insert is useful for getting at machines that can’t be reached through phishing attacks. It works by hijacking a browser as it’s trying to access web pages and forcing it to visit a malicious web page, rather than the page the target intend to visit. The attackers can then surreptitiously download malware onto the target’s machine from the rogue web page.

Quantum Insert has been used to hack the machines of terrorist suspects in the Middle East, but it was also used in a controversial GCHQ/NSA operation against employees of the Belgian telecom Belgacom and against workers at OPEC, the Organization of Petroleum Exporting Countries. The “highly successful” technique allowed the NSA to place 300 malicious implants on computers around the world in 2010, according to the spy agency’s own internal documents — all while remaining undetected.

But now security researchers with Fox-IT in the Netherlands, who helped investigate that hack against Belgacom, have found a way to detect Quantum Insert attacks using common intrusion detection tools such as Snort, Bro and Suricata.

September 14, 2014

Latest Snowden revelation – NSA and GCHQ have full access to German telecom systems

Filed under: Britain, Europe, Germany, Technology, USA — Tags: , , , , — Nicholas @ 12:21

In The Register, Kelly Fiveash sums up the latest information from Edward Snowden:

An NSA and GCHQ surveillance programme — dubbed Treasure Map — grants US and British spooks access to the networks of German telcos such as Deutsche Telekom, according to a new stash of leaked documents from Edward Snowden.

Der Spiegel published the latest revelations today. However, Deutsche Telekom reportedly said it had found no evidence of such tampering on its system.

“We are looking into every indication of possible manipulations but have not yet found any hint of that in our investigations so far,” a spokesman at the company told Reuters.

He added: “We’re working closely with IT specialists and have also contacted German security authorities. It would be completely unacceptable if a foreign intelligence agency were to gain access to our network.”

The Register sought comment from the telco, but it hadn’t immediately got back to us at time of writing.

The Treasure Map programme was described by Snowden as “a 300,000 foot view of the internet” in a New York Times story published in November last year.

June 5, 2014

Living in a post-Snowden world, under the gaze of the Five Eyes

Filed under: Australia, Cancon, Government, Technology, USA — Tags: , , , , — Nicholas @ 07:12

It’s been a year since the name Edward Snowden became known to the world, and it’s been a bumpy ride since then, as we found out that the tinfoil-hat-wearing anti-government conspiracy theorists were, if anything, under-estimating the actual level of organized, secret government surveillance. At The Register, Duncan Campbell takes us inside the “FIVE-EYED VAMPIRE SQUID of the internet”, the five-way intelligence-sharing partnership of US/UK/Canada/Australia/New Zealand:

One year after The Guardian opened up the trove of top secret American and British documents leaked by former National Security Agency (NSA) sysadmin Edward J Snowden, the world of data security and personal information safety has been turned on its head.

Everything about the safety of the internet as a common communication medium has been shown to be broken. As with the banking disasters of 2008, the crisis and damage created — not by Snowden and his helpers, but by the unregulated and unrestrained conduct the leaked documents have exposed — will last for years if not decades.

Compounding the problem is the covert network of subornment and control that agencies and collaborators working with the NSA are now revealed to have created in communications and computer security organisations and companies around the globe.

The NSA’s explicit objective is to weaken the security of the entire physical fabric of the net. One of its declared goals is to “shape the worldwide commercial cryptography market to make it more tractable to advanced cryptanalytic capabilities being developed by the NSA”, according to top secret documents provided by Snowden.

Profiling the global machinations of merchant bank Goldman Sachs in Rolling Stone in 2009, journalist Matt Taibbi famously characterized them as operating “everywhere … a great vampire squid wrapped around the face of humanity, relentlessly jamming its blood funnel into anything that smells like money”.

The NSA, with its English-speaking “Five Eyes” partners (the relevant agencies of the UK, USA, Australia, New Zealand and Canada) and a hitherto unknown secret network of corporate and government partners, has been revealed to be a similar creature. The Snowden documents chart communications funnels, taps, probes, “collection systems” and malware “implants” everywhere, jammed into data networks and tapped into cables or onto satellites.

May 15, 2014

The NSA’s self-described mission – “Collect it all. Know it all. Exploit it all.”

Filed under: Government, Liberty, Media, Technology — Tags: , , , , — Nicholas @ 07:31

In The Atlantic, Conor Friedersdorf reviews Glenn Greenwald’s new book, No Place to Hide:

NSA - New Collection Posture

Collect it all. Know it all. Exploit it all.

That totalitarian approach came straight from the top. Outgoing NSA chief Keith Alexander began using “collect it all” in Iraq at the height of the counterinsurgency. Eventually, he aimed similar tools at hundreds of millions of innocent people living in liberal democracies at peace, not war zones under occupation.

The strongest passages in No Place to Hide convey the awesome spying powers amassed by the U.S. government and its surveillance partners; the clear and present danger they pose to privacy; and the ideology of the national-security state. The NSA really is intent on subverting every method a human could use to communicate without the state being able to monitor the conversation.

U.S. officials regard the unprecedented concentration of power that would entail to be less dangerous than the alternative. They can’t conceive of serious abuses perpetrated by the federal government, though recent U.S. history offers many examples.

[…]

But it is a mistake (albeit a common one) to survey the NSA-surveillance controversy and to conclude that Greenwald represents the radical position. His writing can be acerbic, mordant, biting, trenchant, scathing, scornful, and caustic. He is stubbornly uncompromising in his principles, as dramatized by how close he came to quitting The Guardian when it wasn’t moving as fast as he wanted to publish the first story sourced to Edward Snowden. Unlike many famous journalists, he is not deferential to U.S. leaders.

Yet tone and zeal should never be mistaken for radicalism on the core question before us: What should America’s approach to state surveillance be? “Defenders of suspicionless mass surveillance often insist … that some spying is always necessary. But this is a straw man … nobody disagrees with that,” Greenwald explains. “The alternative to mass surveillance is not the complete elimination of surveillance. It is, instead, targeted surveillance, aimed only at those for whom there is substantial evidence to believe they are engaged in real wrongdoing.”

That’s as traditionally American as the Fourth Amendment.

Targeted surveillance “is consistent with American constitutional values and basic precepts of Western justice,” Greenwald continues. Notice that the authority he most often cites to justify his position is the Constitution. That’s not the mark of a radical. In fact, so many aspects of Greenwald’s book and the positions that he takes on surveillance are deeply, unmistakably conservative.

May 11, 2014

The NSA worked very hard to set themselves up for the Snowden leaks

Filed under: Government, Liberty, Technology — Tags: , , , , , — Nicholas @ 10:30

A few days back, Charles Stross pointed out one of the most ironic points of interest in the NSA scandal … they did it to themselves, over the course of several years effort:

I don’t need to tell you about the global surveillance disclosures of 2013 to the present — it’s no exaggeration to call them the biggest secret intelligence leak in history, a monumental gaffe (from the perspective of the espionage-industrial complex) and a security officer’s worst nightmare.

But it occurs to me that it’s worth pointing out that the NSA set themselves up for it by preventing the early internet specifications from including transport layer encryption.

At every step in the development of the public internet the NSA systematically lobbied for weaker security, to enhance their own information-gathering capabilities. The trouble is, the success of the internet protocols created a networking monoculture that the NSA themselves came to rely on for their internal infrastructure. The same security holes that the NSA relied on to gain access to your (or Osama bin Laden’s) email allowed gangsters to steal passwords and login credentials and credit card numbers. And ultimately these same baked-in security holes allowed Edward Snowden — who, let us remember, is merely one guy: a talented system administrator and programmer, but no Clark Kent — to rampage through their internal information systems.

The moral of the story is clear: be very cautious about poisoning the banquet you serve your guests, lest you end up accidentally ingesting it yourself.

March 10, 2014

When we do it, it’s “intelligence gathering”, when they do it, it’s “cyberwar”

Filed under: China, Technology, USA — Tags: , , , , — Nicholas @ 10:48

Bruce Schneier on the odd linguistic tic of how we describe an act depending on who the actor is:

Back when we first started getting reports of the Chinese breaking into U.S. computer networks for espionage purposes, we described it in some very strong language. We called the Chinese actions cyberattacks. We sometimes even invoked the word cyberwar, and declared that a cyber-attack was an act of war.

When Edward Snowden revealed that the NSA has been doing exactly the same thing as the Chinese to computer networks around the world, we used much more moderate language to describe U.S. actions: words like espionage, or intelligence gathering, or spying. We stressed that it’s a peacetime activity, and that everyone does it.

The reality is somewhere in the middle, and the problem is that our intuitions are based on history.

Electronic espionage is different today than it was in the pre-Internet days of the Cold War. Eavesdropping isn’t passive anymore. It’s not the electronic equivalent of sitting close to someone and overhearing a conversation. It’s not passively monitoring a communications circuit. It’s more likely to involve actively breaking into an adversary’s computer network — be it Chinese, Brazilian, or Belgian — and installing malicious software designed to take over that network.

In other words, it’s hacking. Cyber-espionage is a form of cyber-attack. It’s an offensive action. It violates the sovereignty of another country, and we’re doing it with far too little consideration of its diplomatic and geopolitical costs.

February 6, 2014

TAFTA/TTIP – The US is negotiating from a position of unassailable strength

Filed under: Europe, Technology, USA — Tags: , , , , , — Nicholas @ 11:02

At Techdirt, Glyn Moody explains why the EU is insane not to demand that the negotiations with the US government over TAFTA/TTIP be made fully public:

On the one side is the US, on the other, the 28 nations that go to make up the European Union. Because they have differing views on the TAFTA/TTIP negotiations, it’s necessary to pass around many documents conveying information about the current negotiations, and seek to obtain some kind of consensus on future EU proposals and flexibilities.

In the wake of Snowden’s revelations, security will doubtless be much better than during the Copenhagen Summit, when supposedly secret messages were sent using unencrypted emails. But it only needs one weak link in the European Union’s security chain — somebody who forgets to encrypt his or her message, or who leaves it on a system that has been compromised — and the NSA will be able to access that information, and pass it on to the US negotiators, just as it did in Copenhagen.

The key point is that there is a profound information asymmetry in the TAFTA/TTIP talks. Although the spy agencies of the EU countries will doubtless be trying their best to obtain confidential information about US negotiating tactics, it will be much harder than it is for the US to do the same about EU positions. That’s because the NSA is far larger, and far more expert than the EU agencies. GCHQ is probably the nearest in terms of capabilities, but is so closely allied with the NSA in other areas that it probably won’t be trying too hard so as not to annoy its paymaster.

This more or less guarantees that the US will know everything about the EU’s negotiating plans during TAFTA/TTIP, while the EU will remain in the dark about the US intentions. That not only undercuts the European Commission’s argument that releasing documents is not possible because they must remain secret during the negotiations — they won’t be — it also gives the EU a huge incentive to insist on full transparency for the talks. That way, the EU negotiators would be able to see at least some US documents that currently are hidden from them, whereas the US would gain little that it didn’t already know through more dubious means.

February 5, 2014

The Internet and the defenestration of the gatekeepers

Filed under: Government, Liberty, Technology — Tags: , , , — Nicholas @ 08:51

In the latest Libertarian Enterprise, L. Neil Smith talks about the recent movie The Fifth Estate, prominent whistleblowers, and how the Internet upset so many top-down information models:

The top three “whistle-blowers”, of course, in no particular order, are Assange himself, Bradley/Chelsea Manning, and Edward Snowden. I’m interested in these individuals for a number of reasons, not the least of which, is that I wrote about them (actually, I anticipated them) long before most people in the world ever knew they existed.

Including me.

Eleven years ago, in a speech I delivered to the Libertarian Party of New Mexico entitled “Empire of Lies“, I asserted that every human being on Earth is swimming — drowning — in an ocean of lies, mostly told by governments of one variety or another. I pointed out that lies of that kind — for example, the Gulf of Tonkin “incident” that never happened, and yet cost the lives of 60,000 Americans and 2,000,000 Vietnamese — are deadly. I proposed, therefore, that any politician, bureaucrat, or policeman caught telling a lie to any member of the public for any reason — a well as any among their ilk keeping secrets — ought to be subject to capital punishment, preferably by public hanging.

On network television.

Some time later, I stumbled on what I think is the true historical significance of the Internet. For as long as human beings have been communicating with one another, except among family and friends (and even then, sometimes) communications have been vertical and one-way, from the top down. Just to take it back to the Middle Ages, you can’t talk back to, or argue with a church bell. You either do what you are trained to do when it rings — wake, pray, eat, go to bed — or you do not, and suffer whatever consequences society has arranged for you to suffer.

This sorry situation was not improved materially by later “great” inventions like the printing press, movies, radio, or television. Such innovations only made it easier and more convenient to issue orders. The elite laid down the law to the peons (that’s us) and there was no way of contradicting them. Letters to the Editor are limited to 400 words.

But the Internet, and all of the technical, political, and social phenomena associated with it, turned this communications hierarchy sideways. Almost overnight, it was now possible for anybody on the planet to talk to anybody else, and to speak privately with a single individual, or to millions, without obtaining anyone’s permission, judged not by their power or authority, but by the cogency of their arguments.

Atlas didn’t shrug, Authority wigged.

Traditional Big Media, newspaper, magazine, and book publishers, movie studios, radio and television network executives, held onto their monopoly gatekeeper position, inherited from a more primitive era, desperately and at any cost. Only they were fit to judge what word could be sent by mere individuals to the Great Unwashed (that’s us, again). What it cost them is their very existence. They were incapable of divining that the Age of Authority, including theirs, was over.

For governments all over the world, subsisting as they all do on lies, intimidation, and violence, it was a nightmare. They have tried to fight back, but they will lose. The tide of history is against them. The idea of “peer-to-peer” communication is out there, and — short of the mass slaughter some of them seem to be preparing against us: a measure of their utter despair — it can never be called back or contained.

January 31, 2014

Security theatre special edition – destroying hard drives that held Snowden’s documents

Filed under: Britain, Government — Tags: , , , , — Nicholas @ 09:30

It may have been pointless — and it was! — but the British government not only felt it had to do something, but that it had to be seen to be doing something:

New video footage has been released for the first time of the moment Guardian editors destroyed computers used to store top-secret documents leaked by the NSA whistleblower Edward Snowden.

Under the watchful gaze of two technicians from the British government spy agency GCHQ, the journalists took angle-grinders and drills to the internal components, rendering them useless and the information on them obliterated.

The bizarre episode in the basement of the Guardian‘s London HQ was the climax of Downing Street’s fraught interactions with the Guardian in the wake of Snowden’s leak — the biggest in the history of western intelligence. The details are revealed in a new book — The Snowden Files: The Inside Story of the World’s Most Wanted Man — by the Guardian correspondent Luke Harding. The book, published next week, describes how the Guardian took the decision to destroy its own Macbooks after the government explicitly threatened the paper with an injunction.

In two tense meetings last June and July the cabinet secretary, Jeremy Heywood, explicitly warned the Guardian‘s editor, Alan Rusbridger, to return the Snowden documents.

Heywood, sent personally by David Cameron, told the editor to stop publishing articles based on leaked material from American’s National Security Agency and GCHQ. At one point Heywood said: “We can do this nicely or we can go to law”. He added: “A lot of people in government think you should be closed down.”

The maple-flavoured NSA used airport Wi-Fi to track travellers

Filed under: Cancon, Government, Technology — Tags: , , , — Nicholas @ 09:17

With so much talk about the NSA and GCHQ using every electronic means at their disposal, it was inevitable that some of the documents being released by Edward Snowden would implicate Canadian intelligence in similar activities:

A top secret document retrieved by U.S. whistleblower Edward Snowden and obtained by CBC News shows that Canada’s electronic spy agency used information from the free internet service at a major Canadian airport to track the wireless devices of thousands of ordinary airline passengers for days after they left the terminal.

After reviewing the document, one of Canada’s foremost authorities on cyber-security says the clandestine operation by the Communications Security Establishment Canada (CSEC) was almost certainly illegal.

Ronald Deibert told CBC News: “I can’t see any circumstance in which this would not be unlawful, under current Canadian law, under our Charter, under CSEC’s mandates.”

The spy agency is supposed to be collecting primarily foreign intelligence by intercepting overseas phone and internet traffic, and is prohibited by law from targeting Canadians or anyone in Canada without a judicial warrant.

As CSEC chief John Forster recently stated: “I can tell you that we do not target Canadians at home or abroad in our foreign intelligence activities, nor do we target anyone in Canada.

“In fact, it’s prohibited by law. Protecting the privacy of Canadians is our most important principle.”

But security experts who have been apprised of the document point out the airline passengers in a Canadian airport were clearly in Canada.

CSEC said in a written statement to CBC News that it is “mandated to collect foreign signals intelligence to protect Canada and Canadians. And in order to fulfill that key foreign intelligence role for the country, CSEC is legally authorized to collect and analyze metadata.”

Metadata reveals a trove of information including, for example, the location and telephone numbers of all calls a person makes and receives — but not the content of the call, which would legally be considered a private communication and cannot be intercepted without a warrant.

“No Canadian communications were (or are) targeted, collected or used,” the agency says.

In the case of the airport tracking operation, the metadata apparently identified travelers’ wireless devices, but not the content of calls made or emails sent from them.

January 15, 2014

The NSA’s rise to being the “centerpiece of the entire intelligence system”

Filed under: Government, Technology, USA — Tags: , , , — Nicholas @ 09:06

In Wired, Felix Salmon explains that “Quants don’t know everything”:

By now, nearly everyone from the president of the United States on down has admit­ted that the National Security Agency went too far. Documents leaked by Edward Snowden, the rogue NSA contractor who has since gained asylum in Rus­sia, paint a picture of an organization with access to seemingly every word typed or spoken on any electronic device, anywhere in the world. And when news of the NSA’s reach became public — as it was surely bound to do at some point — the entire US intelli­gence apparatus was thrust into what The New York Times recently called a “crisis of purpose and legitimacy.”

It was a crisis many years in the making. Over the course of three decades, the NSA slowly transformed itself from the nation’s junior spy agency to the centerpiece of the entire intelligence system. As the amount of data in the world doubled, and doubled again, and again, the NSA kept up with it — even as America’s human intelligence capability, as typified by old-fashioned CIA spies in the field, struggled to do anything useful with the unprecedented quantities of signals intelligence they had access to. Trained agency linguists capable of parsing massive quantities of Arabic- and Farsi-language intercepts don’t scale up nearly as easily as data centers do.

That, however, wasn’t the computer geeks’ problem. Once it was clear that the NSA could do something, it seemed inarguable that the agency should do it — even after the bounds of information overload (billions of records added to bulging databases every day) or basic decency (spying on allied heads of state, for example) had long since been surpassed. The value of every marginal gigabyte of high tech signals intelligence was, at least in theory, quantifiable. The downside — the inability to prioritize essential intelligence and act on it; the damage to America’s democratic legitimacy — was not. As a result, during the past couple of decades spycraft went from being a pursuit driven by human judgment calls to one driven by technical capability.

December 11, 2013

Edward Snowden interviewed by Time

Filed under: Liberty, Technology, USA — Tags: , , , , — Nicholas @ 09:50

He may not have made the cover as “person of the year”, but he’s still very newsworthy:

For Snowden, those impacts are but a means to a different end. He didn’t give up his freedom to tip off German Chancellor Angela Merkel about the American snoops on her cell phone or to detail the ways the NSA electronically records jihadi porn-watching habits. He wanted to issue a warning to the world, and he believed that revealing the classified information at his fingertips was the way to do it. His gambit has so far proved more successful than he reasonably could have hoped — he is alive, not in prison, and six months on, his documents still make headlines daily — but his work is not done, and his fate is far from certain. So in early October, he invited to Moscow some supporters who wanted to give him an award.

After the toasts, some photographs and a brief ceremony, Snowden sat back down at the table, spread with a Russian buffet, to describe once again the dystopian landscape he believes is unfolding inside the classified computer networks on which he worked as a contractor. Here was a place that collected enormous amounts of information on regular citizens as a precaution, a place where U.S. law and policy did not recognize the right to privacy of foreigners operating outside the country, a place where he believed the basic freedoms of modern democratic states — “to speak and to think and to live and be creative, to have relationships and to associate freely” — were under threat.

“There is a far cry between legal programs, legitimate spying, legitimate law enforcement — where it is targeted, it’s based on reasonable suspicion, individualized suspicion and warranted action — and the sort of dragnet mass surveillance that puts entire populations under a sort of an eye and sees everything, even when it is not needed,” Snowden told his colleagues. “This is about a trend in the relationship between the governing and governed in America.”

That is the thing that led him to break the law, the notion that mass surveillance undermines the foundations of private citizenship. In a way, it is the defining critique of the information age, in which data is increasingly the currency of power. The idea did not originate with Snowden, but no one has done more to advance it. “The effect has been transformative,” argues Julian Assange, the founder of WikiLeaks, who has been helping Snowden from the confines of the Ecuadorean embassy in London. “We have shifted from a small group of experts understanding what was going on to broad public awareness of the reality of NSA mass surveillance.” If Facebook’s Mark Zuckerberg is the sunny pied piper of the new sharing economy, Snowden has become its doomsayer.

November 4, 2013

Living in a Surveillance State: Mikko Hypponen at TEDxBrussels

Filed under: Liberty, Technology, USA — Tags: , , , , — Nicholas @ 00:01

Older Posts »

Powered by WordPress