Quotulatiousness

January 11, 2014

February 11th 2014 is The Day We Fight Back Against Mass Surveillance

Filed under: Government, Liberty, Media — Tags: , , , , — Nicholas @ 10:49

It may be only a token gesture, but mark 11 February on your calendar:

DEAR USERS OF THE INTERNET,

In January 2012 we defeated the SOPA and PIPA censorship legislation with the largest Internet protest in history. A year ago this month one of that movement’s leaders, Aaron Swartz, tragically passed away.

Today we face a different threat, one that undermines the Internet, and the notion that any of us live in a genuinely free society: mass surveillance.

If Aaron were alive, he’d be on the front lines, fighting against a world in which governments observe, collect, and analyze our every digital action.

Now, on the eve of the anniversary of Aaron’s passing, and in celebration of the win against SOPA and PIPA that he helped make possible, we are announcing a day of protest against mass surveillance, to take place this February 11th.

[…]

Anti-surveillance banner preview

We’re creating embeddable banners and widgets that you’ll be able to add to your site to encourage visitors to participate in the day of action. The photo above is just a draft — the final design is yet to come.

January 9, 2014

Oh, that’s okay then – Congress has the same constitutional protections as other Americans (i.e., none whatsoever)

Filed under: Government, Law, Liberty, USA — Tags: , , , — Nicholas @ 10:59

Like Andrew Napolitano, I’m sure all members of congress heaved a sigh of relief when the NSA said that they have exactly the same constitutional right to privacy from surveillance as every other American does. Wait, what?

Last week, Sen. Bernie Sanders, I-Vt., wrote to Gen. Keith Alexander, director of the National Security Administration (NSA), and asked plainly whether the NSA has been or is now spying on members of Congress or other public officials. The senator’s letter was no doubt prompted by the revelations of Edward Snowden to the effect that the federal government’s lust for personal private data about all Americans and many foreigners knows no bounds, and its respect for the constitutionally protected and statutorily enforced right to privacy is nonexistent.

[…]

All of this is background to the timing of Sanders’ letter. That Clapper perjured himself before, and Alexander misled, Congress is nothing new. And the punishments for lying to Congress and for misleading Congress are identical: five years per lie or per misleading statement. Hence, the silence from the NSA to Sanders.

Well, it wasn’t exactly silence, but rather a refusal to answer a simple question. The NSA did reply to Sanders by stating — in an absurd oxymoron — that members of Congress receive the same constitutional protections as other Americans: that is to say, none from the NSA.

The NSA’s refusal to answer Sanders’ question directly is a tacit admission, because we are all well aware that the NSA collects identifying data on and the content of virtually every email, text message and phone call sent or received in the U.S. In fact, just last week, the secret FISA court renewed the order authorizing massive records collection for the 36th time. If members of Congress are treated no differently than the American public, then the NSA is keeping tabs on every email, text and phone call members of Congress send and receive, too.

That raises a host of constitutional questions. Under the Constitution, Congress and the executive branch are equals. The president — for whom the NSA works — can no more legally spy on members of Congress without a search warrant about the members to be spied upon than Congress can legally spy on the president. Surely the president, a former lecturer in constitutional law at the University of Chicago Law School, knows this.

There was a time when the NSA’s failure to answer such a straightforward question as Sanders has asked would have led to hearings and bipartisan investigations. However, Democrats are largely silent, choosing party and personality over principle, and Republicans know all of this started under President George W. Bush and are afraid to open a can of worms — except for King, who apparently likes to be spied upon.

January 8, 2014

“Silicon Valley was … collateral damage in the war on terror”

Filed under: Government, Liberty, Media, Technology, USA — Tags: , , , , , — Nicholas @ 08:40

In Wired, Steven Levy explains how the NSA nearly killed the internet:

On June 6, 2013, Washington Post reporters called the communications depart­ments of Apple, Facebook, Google, Yahoo, and other Internet companies. The day before, a report in the British newspaper The Guardian had shocked Americans with evidence that the telecommunications giant Verizon had voluntarily handed a database of every call made on its network to the National Security Agency. The piece was by reporter Glenn Greenwald, and the information came from Edward Snowden, a 29-year-old IT consultant who had left the US with hundreds of thousands of documents detailing the NSA’s secret procedures.

Greenwald was the first but not the only journalist that Snowden reached out to. The Post’s Barton Gellman had also connected with him. Now, collaborating with documentary filmmaker and Snowden confidante Laura Poitras, he was going to extend the story to Silicon Valley. Gellman wanted to be the first to expose a top-secret NSA program called Prism. Snowden’s files indicated that some of the biggest companies on the web had granted the NSA and FBI direct access to their servers, giving the agencies the ability to grab a person’s audio, video, photos, emails, and documents. The government urged Gellman not to identify the firms involved, but Gellman thought it was important. “Naming those companies is what would make it real to Americans,” he says. Now a team of Post reporters was reaching out to those companies for comment.

It would be the start of a chain reaction that threatened the foundations of the industry. The subject would dominate headlines for months and become the prime topic of conversation in tech circles. For years, the tech companies’ key policy issue had been negotiating the delicate balance between maintaining customers’ privacy and providing them benefits based on their personal data. It was new and contro­versial territory, sometimes eclipsing the substance of current law, but over time the companies had achieved a rough equilibrium that allowed them to push forward. The instant those phone calls from reporters came in, that balance was destabilized, as the tech world found itself ensnared in a fight far bigger than the ones involving oversharing on Facebook or ads on Gmail. Over the coming months, they would find themselves at war with their own government, in a fight for the very future of the Internet.

December 22, 2013

Does the US Constitution actually provide any protection against surveillance?

Filed under: Government, Law, Liberty, Technology, USA — Tags: , , , — Nicholas @ 11:16

Julian Sanchez talks about dismantling the surveillance state:

On Tuesday, Judge Richard Leon held that the National Security Agency’s controversial phone records program likely violates the Fourth Amendment’s guarantee against “unreasonable searches and seizures.” But when the inevitable appeal comes, far more than a single surveillance program will be at stake. Whether far higher courts are prepared to embrace Leon’s logic could determine if Americans enjoy any meaningful constitutional protection against government monitoring in the information age.

The NSA program — a massive database that logs, and stores for five years, the time, date, duration, and number dialed for nearly every call placed in the United States — is based on Section 215 of the Patriot Act, which authorizes the government to obtain any records it reasonably believes are “relevant” to a foreign intelligence investigation. But that authority itself depends on the so-called “third party doctrine,” which says that business records held by a “third party” like a phone company aren’t protected by the Fourth Amendment.

If not for the third party doctrine, “relevance” would not be enough: The government would have to satisfy the Fourth Amendment’s far stricter demand to show “probable cause” that records it had “particularly described” would yield evidence of wrongdoing. Under Fourth Amendment standards, a program that involved vacuuming up billions of records in order to fish through them later for suspicious calls would be out of the question — the kind of unlimited “general warrant” the framers of the Constitution were especially concerned to prohibit.

The roots of this cramped reading stretch back to 1979, when the Supreme Court unwittingly dealt a profound blow to American privacy in the case of Smith v. Maryland. With the cooperation of the phone company, police had traced a series of obscene phone calls from Michael Lee Smith to a woman he had earlier robbed. Because they had not first obtained a warrant from a judge, Smith argued that the police had conducted an illegal search, akin to a wiretap.

The Court disagreed: Because Smith should have known, based on the itemized list of calls on his monthly bill, that the phone company kept business records of the numbers he dialed, he had voluntarily abandoned his “reasonable expectation of privacy” in that information — and with it, the protection of the Constitution.

November 30, 2013

“I have nothing to hide from the government, so why should I worry?”

Filed under: Government, Liberty, Media — Tags: , , , — Nicholas @ 11:39

The Electronic Frontier Foundation explains why you should worry about omnipresent government surveillance:

There are a few ways to respond to this, depending on what you think will work best for the person raising the question.

  • Point out how mass surveillance leaves you at the mercy of not only the NSA, but also to the DEA, the FBI and even the IRS. We know that the government claims that any evidence of a “crime” can be sent to the appropriate law enforcement agencies.
  • Tell them that, even if you don’t think you have something to hide, it’s possible the government thinks you do, or can create some concern about you (or your friends or loved ones). There are so many laws and regulations on the books, Rep. Jim Sensenbrenner said the Congressional Research Service did not have the resources to count them all. One legal expert has argued that the average person likely commits three felonies a day without ever realizing. So, you may be technically breaking a law you have no idea about.
  • We all benefit from a system that allows privacy. For example, when journalists can speak to sources without the specter of surveillance, helping fuel investigative journalism and the free flow of information. And this is not just a hypothetical — the Department of Justice subpoenaed the phone records of Associated Press journalists in an effort to track down government whistleblowers. And it’s not just journalists. Activists, political organizers, lawyers, individuals conducting sensitive research, businesses that want to keep their strategies confidential, and many others rely on secure, private, surveillance-free communication.

November 25, 2013

When your product is “users” your product improvement is “more surveillance”

Filed under: Business, Liberty, Media, Technology — Tags: , , , , , — Nicholas @ 10:36

Bruce Schneier on the rising tide of non-governmental surveillance:

Google recently announced that it would start including individual users’ names and photos in some ads. This means that if you rate some product positively, your friends may see ads for that product with your name and photo attached — without your knowledge or consent. Meanwhile, Facebook is eliminating a feature that allowed people to retain some portions of their anonymity on its website.

These changes come on the heels of Google’s move to explore replacing tracking cookies with something that users have even less control over. Microsoft is doing something similar by developing its own tracking technology.

More generally, lots of companies are evading the “Do Not Track” rules, meant to give users a say in whether companies track them. Turns out the whole “Do Not Track” legislation has been a sham.

It shouldn’t come as a surprise that big technology companies are tracking us on the Internet even more aggressively than before.

If these features don’t sound particularly beneficial to you, it’s because you’re not the customer of any of these companies. You’re the product, and you’re being improved for their actual customers: their advertisers.

November 21, 2013

A panopticon society, but only in one direction

Filed under: Government, Liberty, Technology, USA — Tags: , , , — Nicholas @ 11:37

For some reason, despite the recent revelations that Americans have almost literally no privacy thanks to government surveillance, some government employees think that they have a right to privacy that they actively push to deny to others:

From the ACLU of Massachusetts:

    Boston Police Department bosses want to install GPS monitoring devices in every patrol car, to enable dispatch to more efficiently process 911 calls. But police officers and their union are outraged, saying that the ubiquitous tracking is too invasive of their personal privacy. Tracking the location of officers as they go about their days would reveal incredibly detailed information about their lives, the officers say.

It must be just awful to go about your daily life looking over your shoulder, conscious that your every movement and activity is being recorded and could be used against you. Oh, wait. That’s what the entire American public is already dealing with, in this age of mass electronic surveillance. But the way the police union is hissing’n’flapping about it, it’s almost as if there was something wrong with that. Don’t they know that you have nothing to fear, if you have nothing to hide?

The ACLU’s tack is that if the police don’t like the feeling of being followed, they shouldn’t be pushing for technologies like mass tracking of license plates or cellphone locations. That’s fair enough, but there’s a larger point here also.

November 18, 2013

Lifelogging in 30-second intervals

Filed under: Media, Technology — Tags: , , , — Nicholas @ 15:38

Jerry Brito is a sousveillance fan and he thinks you should be too:

The Narrative Clip is a digital camera about the size of a postage stamp that clips to one’s breast pocket or shirt collar and takes a photo every thirty seconds of whatever one’s seeing. The photos are uploaded to the cloud and can be accessed on demand with a smartphone app, making it easy to look up any moment in one’s life. When the project to mass-produce these cameras first hit Kickstarter, I knew I had to have one, and with any luck mine will be arriving in a couple of weeks.

The prospect of having a complete photographic record of my life is compelling for many reasons. I have a terrible memory, especially for faces, so it will be interesting to see if this device can help. There are also moments in life that would be great to relive, but that one can’t – or one doesn’t know one should – be photographing. Narrative’s Instagram feed has some good examples of these. But most importantly, I want to help hasten our inevitable sousveillance future.

[…]

Being monitored in everyday life has become inescapable. So, as David Brin points out in The Transparent Society, the question is not whether there should be pervasive monitoring, but who will have access to the data. Will it only be the powerful, who will use the information to control? Or will the rest of us also be able to watch back?

Ideally, perhaps, we would all be left alone to live private lives under no one’s gaze. Short of halting all technological progress, however, that ship has sailed. Mass surveillance is the inevitable result of smaller cameras and microphones, faster processors, and incredibly cheap storage. So if I can’t change that reality, I want to be able to watch back as well.

November 4, 2013

Living in a Surveillance State: Mikko Hypponen at TEDxBrussels

Filed under: Liberty, Technology, USA — Tags: , , , , — Nicholas @ 00:01

October 29, 2013

What happens when you challenge hackers to investigate you?

Filed under: Law, Technology — Tags: , , , , — Nicholas @ 09:13

Adam Penenberg had himself investigated in the late 1990s and wrote that up for Forbes. This time around, he asked Nick Percoco to do the same thing, and was quite weirded out by the experience:

It’s my first class of the semester at New York University. I’m discussing the evils of plagiarism and falsifying sources with 11 graduate journalism students when, without warning, my computer freezes. I fruitlessly tap on the keyboard as my laptop takes on a life of its own and reboots. Seconds later the screen flashes a message. To receive the four-digit code I need to unlock it I’ll have to dial a number with a 312 area code. Then my iPhone, set on vibrate and sitting idly on the table, beeps madly.

I’m being hacked — and only have myself to blame.

Two months earlier I challenged Nicholas Percoco, senior vice president of SpiderLabs, the advanced research and ethical hacking team at Trustwave, to perform a personal “pen-test,” industry-speak for “penetration test.” The idea grew out of a cover story I wrote for Forbes some 14 years earlier, when I retained a private detective to investigate me, starting with just my byline. In a week he pulled up an astonishing amount of information, everything from my social security number and mother’s maiden name to long distance phone records, including who I called and for how long, my rent, bank accounts, stock holdings, and utility bills.

[…]

A decade and a half later, and given the recent Edward Snowden-fueled brouhaha over the National Security Agency’s snooping on Americans, I wondered how much had changed. Today, about 250 million Americans are on the Internet, and spend an average of 23 hours a week online and texting, with 27 percent of that engaged in social media. Like most people, I’m on the Internet, in some fashion, most of my waking hours, if not through a computer then via a tablet or smart phone.

With so much of my life reduced to microscopic bits and bytes bouncing around in a netherworld of digital data, how much could Nick Percoco and a determined team of hackers find out about me? Worse, how much damage could they potentially cause?

What I learned is that virtually all of us are vulnerable to electronic eavesdropping and are easy hack targets. Most of us have adopted the credo “security by obscurity,” but all it takes is a person or persons with enough patience and know-how to pierce anyone’s privacy — and, if they choose, to wreak havoc on your finances and destroy your reputation.

H/T to Terry Teachout for the link.

October 28, 2013

Reason.tv – What We Saw At The Anti-NSA “Stop Watching Us” Rally

Filed under: Government, Liberty, USA — Tags: , , , , , — Nicholas @ 09:59

On October 26, 2013, protesters from across the political spectrum gathered in Washington, D.C. to take part in the Stop Watching Us rally, a demonstration against the National Security Agency’s domestic and international surveillance programs.

Reason TV spoke with protesters — including 2012 Libertarian Party presidential candidate Gary Johnson and former Congressman Dennis Kucinich — to discuss the rally, why people should worry about the erosion of privacy, and President Barack Obama’s role in the growth of the surveillance state.

Correction: Laura Murphy, Director of the ACLU Washington Legislative Office, was incorrectly identified as Susan N. Herman, ACLU President.

Produced by Joshua Swain, interviews by Todd Krainin.

Mark Steyn on the Obamacare software

Filed under: Bureaucracy, Cancon, Government, Technology — Tags: , , , — Nicholas @ 07:22

Mark Steyn’s weekend column touched on some items of interest to aficionados of past government software fiascos:

The witness who coughed up the intriguing tidbit about Obamacare’s exemption from privacy protections was one Cheryl Campbell of something called CGI. This rang a vague bell with me. CGI is not a creative free spirit from Jersey City with an impressive mastery of Twitter, but a Canadian corporate behemoth. Indeed, CGI is so Canadian their name is French: Conseillers en Gestion et Informatique. Their most famous government project was for the Canadian Firearms Registry. The registry was estimated to cost in total $119 million, which would be offset by $117 million in fees. That’s a net cost of $2 million. Instead, by 2004 the CBC (Canada’s PBS) was reporting costs of some $2 billion — or a thousand times more expensive.

Yeah, yeah, I know, we’ve all had bathroom remodelers like that. But in this case the database had to register some 7 million long guns belonging to some two-and-a-half to three million Canadians. That works out to almost $300 per gun — or somewhat higher than the original estimate for processing a firearm registration of $4.60. Of those $300 gun registrations, Canada’s auditor general reported to parliament that much of the information was either duplicated or wrong in respect to basic information such as names and addresses.

Sound familiar?

Also, there was a 1-800 number, but it wasn’t any use.

Sound familiar?

So it was decided that the sclerotic database needed to be improved.

Sound familiar?

But it proved impossible to “improve” CFIS (the Canadian Firearms Information System). So CGI was hired to create an entirely new CFIS II, which would operate alongside CFIS I until the old system could be scrapped. CFIS II was supposed to go operational on January 9, 2003, but the January date got postponed to June, and 2003 to 2004, and $81 million was thrown at it before a new Conservative government scrapped the fiasco in 2007. Last year, the government of Ontario canceled another CGI registry that never saw the light of day — just for one disease, diabetes, and costing a mere $46 million.

But there’s always America! “We continue to view U.S. federal government as a significant growth opportunity,” declared CGI’s chief exec, in what would also make a fine epitaph for the republic. Pizza and Mountain Dew isn’t very Montreal, and on the evidence of three years of missed deadlines in Ontario and the four-year overrun on the firearms database CGI don’t sound like they’re pulling that many all-nighters. Was the government of the United States aware that CGI had been fired by the government of Canada and the government of Ontario (and the government of New Brunswick)? Nobody’s saying. But I doubt it would make much difference.

October 11, 2013

Creating an “air gap” for computer security

Filed under: Liberty, Technology — Tags: , , , , — Nicholas @ 12:13

Bruce Schneier explains why you’d want to do this … and how much of a pain it can be to set up and work with:

Since I started working with Snowden’s documents, I have been using a number of tools to try to stay secure from the NSA. The advice I shared included using Tor, preferring certain cryptography over others, and using public-domain encryption wherever possible.

I also recommended using an air gap, which physically isolates a computer or local network of computers from the Internet. (The name comes from the literal gap of air between the computer and the Internet; the word predates wireless networks.)

But this is more complicated than it sounds, and requires explanation.

Since we know that computers connected to the Internet are vulnerable to outside hacking, an air gap should protect against those attacks. There are a lot of systems that use — or should use — air gaps: classified military networks, nuclear power plant controls, medical equipment, avionics, and so on.

Osama Bin Laden used one. I hope human rights organizations in repressive countries are doing the same.

Air gaps might be conceptually simple, but they’re hard to maintain in practice. The truth is that nobody wants a computer that never receives files from the Internet and never sends files out into the Internet. What they want is a computer that’s not directly connected to the Internet, albeit with some secure way of moving files on and off.

He also provides a list of ten rules (or recommendations, I guess) you should follow if you want to set up an air-gapped machine of your own.

October 4, 2013

John Lanchester on the Guardian‘s GCHQ files

Filed under: Britain, Government, Liberty, Media — Tags: , , , , , — Nicholas @ 07:44

Novelist John Lanchester was invited to look at the trove of files the Guardian received from Edward Snowden:

In August, the editor of the Guardian rang me up and asked if I would spend a week in New York, reading the GCHQ files whose UK copy the Guardian was forced to destroy. His suggestion was that it might be worthwhile to look at the material not from a perspective of making news but from that of a novelist with an interest in the way we live now.

I took Alan Rusbridger up on his invitation, after an initial reluctance that was based on two main reasons. The first of them was that I don’t share the instinctive sense felt by many on the left that it is always wrong for states to have secrets. I’d put it more strongly than that: democratic states need spies.

And all’s well in the world and we’re worried over nothing?

My week spent reading things that were never meant to be read by outsiders was, from this point of view, largely reassuring. Most of what GCHQ does is exactly the kind of thing we all want it to do. It takes an interest in places such as the Horn of Africa, Iran, and North Korea; it takes an interest in energy security, nuclear proliferation, and in state-sponsored computer hacking.

There doesn’t seem to be much in the documents about serious crime, for which GCHQ has a surveillance mandate, but it seems that much of this activity is covered by warrants that belong to other branches of the security apparatus. Most of this surveillance is individually targeted: it concerns specific individuals and specific acts (or intentions to act), and as such, it is not the threat.

Few people are saying we don’t need intelligence-gathering organizations like GCHQ, but we do have a right to be concerned about what they are doing when they’re not watching actual, known threats. They have capabilities that we generally thought were just from the pages of James Bond novels or Tom Clancy thrillers … and they use them all the time, not just for keeping tabs on the “bad guys”.

In the case of modern signals intelligence, this is no longer true. Life has changed. It has changed because of the centrality of computers and digital activity to every aspect of modern living. Digital life is central to work: many of us, perhaps most of us, spend most of our working day using a computer. Digital life is central to our leisure: a huge portion of our discretionary activity has a digital component, even things which look like they are irreducibly un-digital, from cycling to cooking.

[…]

As for our relationships and family lives, that has, especially for younger people, become a digital-first activity. Take away Facebook and Twitter, instant messaging and Skype and YouTube, and then — it’s hard to imagine, but try — take away the mobile phone, and see the yawning gap where all human interaction used to take place. About the only time we don’t use computers is when we’re asleep — that’s unless we have a gadget that tracks our sleep, or monitors our house temperature, or our burglar alarm, or whatever.

This is the central point about what our spies and security services can now do. They can, for the first time, monitor everything about us, and they can do so with a few clicks of a mouse and — to placate the lawyers — a drop-down menu of justifications.

Looking at the GCHQ papers, it is clear that there is an ambition to get access to everything digital. That’s what engineers do: they seek new capabilities. When it applies to the people who wish us harm, that’s fair enough. Take a hypothetical, but maybe not unthinkable, ability to eavesdrop on any room via an electrical socket. From the GCHQ engineers’ point of view, they would do that if they could. And there are a few people out there on whom it would be useful to be able to eavesdrop via an electrical socket. But the price of doing so would be a society that really did have total surveillance. Would it be worth it? Is the risk worth the intrusion?

That example might sound far-fetched, but trust me, it isn’t quite as far fetched as all that, and the basic intention on the part of the GCHQ engineers — to get everything — is there.

October 2, 2013

Bruce Schneier’s TEDx talk “The Battle for Power on the Internet”

Filed under: Media, Technology — Tags: , , , , — Nicholas @ 08:56

Published on 25 Sep 2013

Bruce Schneier gives us a glimpse of the future of the internet, and shares some of the context we should keep in mind, and the insights we need to understand, as we prepare for it. Learn more about Bruce Schneier at https://www.schneier.com and TEDxCambridge at http://www.tedxcambridge.com.

About TEDx, x = independently organized event
In the spirit of ideas worth spreading, TEDx is a program of local, self-organized events that bring people together to share a TED-like experience. At a TEDx event, TEDTalks video and live speakers combine to spark deep discussion and connection in a small group. These local, self-organized events are branded TEDx, where x = independently organized TED event. The TED Conference provides general guidance for the TEDx program, but individual TEDx events are self-organized.* (*Subject to certain rules and regulations)

« Newer PostsOlder Posts »

Powered by WordPress