Quotulatiousness

May 23, 2014

“Mammals don’t respond well to surveillance. We consider it a threat. It makes us paranoid, and aggressive and vengeful”

Filed under: Cancon, Government, Liberty — Tags: , , , — Nicholas @ 08:58

Angelique Carson reports on a recent IAPP Canada Privacy Symposium presentation:

If marine biologist-turned-best-selling author Peter Watts is an expert on anything, it’s mammals. Speaking to 400 or so privacy pros and regulators gathered last week at the IAPP Canada Privacy Symposium to talk privacy and data protection, he used that experience to send a rather jarring — and anything but conventional — message:

Mammals don’t respond well to surveillance. We consider it a threat. It makes us paranoid, and aggressive and vengeful. But we’ll never win against the giant corporations and governments that watch us, Watts argued, so all we can develop is a surefire defense.

Think “scorched earth.” If we can’t protect the data, Watts posited, maybe we should burn it to the ground.

Hear him out: Mammals will always respond to the surveillance threat as they would any threat — with aggression, in the same way the natural selection process has shaped every other life form on this planet.

“Anybody who thinks their own behavior isn’t at least partly informed by those legacy circuits has not been paying attention,” he said.

Watts pointed to author David Brin’s assertion during his keynote recently at the IAPP’s Global Privacy Summit that while our instinct is to pass a law aimed at telling governments and corporations to “stop looking” at us, we should instead turn our gaze to them in the name of reciprocity.

“It’s not telling them do not look,” Brin said during his speech. “It’s looking back.”

But Edward Snowden is currently living in Russia after he tried to “look back.” And as someone who’s worked a lot in the past with mammals, Watts knows that, biologically, looking back is a bad idea: “To get into a staring contest with a large, aggressive, territorial mammal primed to think of eye contact as a threat display … I can’t recommend it.”

“Natural selection favors the paranoid,” Watts said.

H/T to Bruce Schneier for the link.

May 19, 2014

“Parallel construction” and Godwinizing the NSA

Filed under: Government, History, USA, WW2 — Tags: , , , — Nicholas @ 09:33

At Popehat, Clark uses an excerpt from a Bruce Schneier post to make a larger point. Here’s what Bruce wrote last year:

This dynamic was vitally important during World War II. During the war, the British were able to break the German Enigma encryption machine and eavesdrop on German military communications. But while the Allies knew a lot, they would only act on information they learned when there was another plausible way they could have learned it. They even occasionally manufactured plausible explanations. It was just too risky to tip the Germans off that their encryption machines’ code had been broken.

And this is Clark’s take:

We know that the NSA collects all sorts of information on American citizens. We know that the FBI and the CIA have full access to this information. We know that the DEA also has full access to that data. And we know that when the DEA busts someone using information gleaned by the electronic panopticon of our internal spy organization, they take pains to hide the source of the information via the subterfuge of parallel construction.

The insight is this: our government is now dealing with the citizenry the same way that the British dealt with the Nazis: treating them as an external existential threat, spying on them, and taking pains to obfuscate the source of the information that they use to target their attacks.

Yeah, Godwin’s law, whatever, whatever. My point is NOT that the NSA is the same as the Nazi party (in fact, my argument has the NSA on the opposite side). My point is that the government now treats ordinary civilians as worthy of the same sort of tactics that they once used against the Nazis.

H/T to Bernard King for the link.

May 15, 2014

The NSA’s self-described mission – “Collect it all. Know it all. Exploit it all.”

Filed under: Government, Liberty, Media, Technology — Tags: , , , , — Nicholas @ 07:31

In The Atlantic, Conor Friedersdorf reviews Glenn Greenwald’s new book, No Place to Hide:

NSA - New Collection Posture

Collect it all. Know it all. Exploit it all.

That totalitarian approach came straight from the top. Outgoing NSA chief Keith Alexander began using “collect it all” in Iraq at the height of the counterinsurgency. Eventually, he aimed similar tools at hundreds of millions of innocent people living in liberal democracies at peace, not war zones under occupation.

The strongest passages in No Place to Hide convey the awesome spying powers amassed by the U.S. government and its surveillance partners; the clear and present danger they pose to privacy; and the ideology of the national-security state. The NSA really is intent on subverting every method a human could use to communicate without the state being able to monitor the conversation.

U.S. officials regard the unprecedented concentration of power that would entail to be less dangerous than the alternative. They can’t conceive of serious abuses perpetrated by the federal government, though recent U.S. history offers many examples.

[…]

But it is a mistake (albeit a common one) to survey the NSA-surveillance controversy and to conclude that Greenwald represents the radical position. His writing can be acerbic, mordant, biting, trenchant, scathing, scornful, and caustic. He is stubbornly uncompromising in his principles, as dramatized by how close he came to quitting The Guardian when it wasn’t moving as fast as he wanted to publish the first story sourced to Edward Snowden. Unlike many famous journalists, he is not deferential to U.S. leaders.

Yet tone and zeal should never be mistaken for radicalism on the core question before us: What should America’s approach to state surveillance be? “Defenders of suspicionless mass surveillance often insist … that some spying is always necessary. But this is a straw man … nobody disagrees with that,” Greenwald explains. “The alternative to mass surveillance is not the complete elimination of surveillance. It is, instead, targeted surveillance, aimed only at those for whom there is substantial evidence to believe they are engaged in real wrongdoing.”

That’s as traditionally American as the Fourth Amendment.

Targeted surveillance “is consistent with American constitutional values and basic precepts of Western justice,” Greenwald continues. Notice that the authority he most often cites to justify his position is the Constitution. That’s not the mark of a radical. In fact, so many aspects of Greenwald’s book and the positions that he takes on surveillance are deeply, unmistakably conservative.

May 11, 2014

The NSA worked very hard to set themselves up for the Snowden leaks

Filed under: Government, Liberty, Technology — Tags: , , , , , — Nicholas @ 10:30

A few days back, Charles Stross pointed out one of the most ironic points of interest in the NSA scandal … they did it to themselves, over the course of several years effort:

I don’t need to tell you about the global surveillance disclosures of 2013 to the present — it’s no exaggeration to call them the biggest secret intelligence leak in history, a monumental gaffe (from the perspective of the espionage-industrial complex) and a security officer’s worst nightmare.

But it occurs to me that it’s worth pointing out that the NSA set themselves up for it by preventing the early internet specifications from including transport layer encryption.

At every step in the development of the public internet the NSA systematically lobbied for weaker security, to enhance their own information-gathering capabilities. The trouble is, the success of the internet protocols created a networking monoculture that the NSA themselves came to rely on for their internal infrastructure. The same security holes that the NSA relied on to gain access to your (or Osama bin Laden’s) email allowed gangsters to steal passwords and login credentials and credit card numbers. And ultimately these same baked-in security holes allowed Edward Snowden — who, let us remember, is merely one guy: a talented system administrator and programmer, but no Clark Kent — to rampage through their internal information systems.

The moral of the story is clear: be very cautious about poisoning the banquet you serve your guests, lest you end up accidentally ingesting it yourself.

May 6, 2014

Reset the Net on June 5th

Filed under: Liberty, Media, Technology — Tags: , , , — Nicholas @ 09:58

At Wired, Kim Zetter talks about an initiative to reclaim (some measure of) privacy on the internet:

A coalition of nearly two-dozen tech companies and civil liberties groups is launching a new fight against mass internet surveillance, hoping to battle the NSA in much the same way online campaigners pushed back on bad piracy legislation in 2012.

The new coalition, organized by Fight for the Future, is planning a Reset the Net day of action on June 5, the anniversary of the date the first Edward Snowden story broke detailing the government’s PRISM program, based on documents leaked by the former NSA contractor.

“Government spies have a weakness: they can hack anybody, but they can’t hack everybody,” the organizers behind the Reset the Net movement say in their video (above). “Folks like the NSA depend on collecting insecure data from tapped fiber. They depend on our mistakes, mistakes we can fix.”

To that end, the groups are calling on developers to add at least one NSA resistant feature to mobile apps, and on websites to add security features like SSL (Secure Socket Layer), HSTS (HTTP Strict Transport Security), and Perfect Forward Secrecy to better secure the communication of users and thwart government man-in-the-middle attacks.

April 15, 2014

Militarization of the police, pervasive surveillance, incarceration rates, and other police state trappings

Filed under: Government, Liberty, USA — Tags: , , , — Nicholas @ 10:24

An email from Rupert included a link to this infographic illustrating the “progress” of the United States toward a police state:

Click image to see full infographic

Click image to see full infographic

It’s easy to poke fun at people who worry about the ever-growing state involvement in everyday life … well, it used to be fun until the NSA’s incredible list of surveillance programs became known. Now, paranoia is the rational state for anyone concerned with their privacy and freedom of speech. We had Godwin’s Law, which provided a useful rule of thumb for when internet arguments had passed the point of no return. This is a rare example of an argument that meets the condition of Godwin’s Law (in the infographic), yet still remains relevant.

April 13, 2014

Ephemeral apps and the NSA

Filed under: Business, Media, Technology — Tags: , , — Nicholas @ 11:21

Bruce Schneier on the rising popularity of apps that only leave your content visible briefly and then automatically removes it:

Ephemeral messaging apps such as Snapchat, Wickr and Frankly, all of which advertise that your photo, message or update will only be accessible for a short period, are on the rise. Snapchat and Frankly, for example, claim they permanently delete messages, photos and videos after 10 seconds. After that, there’s no record.

This notion is especially popular with young people, and these apps are an antidote to sites such as Facebook where everything you post lasts forever unless you take it down—and taking it down is no guarantee that it isn’t still available.

These ephemeral apps are the first concerted push against the permanence of Internet conversation. We started losing ephemeral conversation when computers began to mediate our communications. Computers naturally produce conversation records, and that data was often saved and archived.

[…]

At best, the data is recorded, used, saved and then deliberately deleted. At worst, the ephemeral nature is faked. While the apps make the posts, texts or messages unavailable to users quickly, they probably don’t erase them off their systems immediately. They certainly don’t erase them from their backup tapes, if they end up there.

The companies offering these apps might very well analyze their content and make that information available to advertisers. We don’t know how much metadata is saved. In SnapChat, users can see the metadata even though they can’t see the content and what it’s used for. And if the government demanded copies of those conversations — either through a secret NSA demand or a more normal legal process involving an employer or school — the companies would have no choice but to hand them over.

Even worse, if the FBI or NSA demanded that American companies secretly store those conversations and not tell their users, breaking their promise of deletion, the companies would have no choice but to comply.

That last bit isn’t just paranoia.

April 2, 2014

People are less inclined to shop or bank online after NSA surveillance reports

Filed under: Business, Government, Technology — Tags: , , , , , — Nicholas @ 08:46

Among the side-effects of government surveillance revelations, ordinary people are deciding to be a bit less involved in online activities, according to a new Harris Poll:

Online banking and shopping in America are being negatively impacted by ongoing revelations about the National Security Agency’s digital surveillance activities. That is the clear implication of a recent ESET-commissioned Harris poll which asked more than 2,000 U.S. adults ages 18 and older whether or not, given the news about the NSA’s activities, they have changed their approach to online activity.

Almost half of respondents (47%) said that they have changed their online behavior and think more carefully about where they go, what they say, and what they do online.

When it comes to specific Internet activities, such as email or online banking, this change in behavior translates into a worrying trend for the online economy: over one quarter of respondents (26%) said that, based on what they have learned about secret government surveillance, they are now doing less banking online and less online shopping. This shift in behavior is not good news for companies that rely on sustained or increased use of the Internet for their business model.

[…]

Whether or not we have seen the full extent of the public’s reaction to state-sponsored mass surveillance is hard to predict, but based on this survey and the one we did last year, I would say that, if the NSA revelations continue – and I am sure they will – and if government reassurances fail to impress the public, then it is possible that the trends in behavior we are seeing right now will continue. For example, I do not see many people finding reassurance in President Obama’s recently announced plan to transfer the storage of millions of telephone records from the government to private phone companies. As we will document in our next installment of survey findings, data gathering by companies is even more of a privacy concern for some Americans than government surveillance.

And in case anyone is tempted to think that this is a narrow issue of concern only to news junkies and security geeks, let me be clear: according to this latest survey, 85% of adult Americans are now at least somewhat familiar with the news about secret government surveillance of private citizens’ phone calls, emails, online activity, and so on.

March 29, 2014

Surveillance of Canadian telecommunications channels

Filed under: Cancon, Government, Law, Media — Tags: , , , , , — Nicholas @ 00:01

The University of Toronto’s Munk School of Global Affairs looks at how the Canadian security establishment operates:

The issue of lawful access has repeatedly arisen on the Canadian federal agenda. Every time that the legislation has been introduced Canadians have opposed the notion of authorities gaining warrantless access to subscriber data, to the point where the most recent version of the lawful access legislation dropped this provision. It would seem, however, that the real motivation for dropping the provision may follow from the facts on the ground: Canadian authorities already routinely and massively collect subscriber data without significant pushback by Canada’s service providers. And whereas the prior iteration of the lawful access legislation (i.e. C–30) would have required authorities to report on their access to this data the current iteration of the legislation (i.e. C–13) lacks this accountability safeguard.

In March 2014, MP Charmaine Borg received responses from federal agencies (.pdf) concerning the agencies’ requests for subscriber-related information from telecommunications service providers (TSPs). Those responses demonstrate extensive and unaccountable federal government surveillance of Canadians. I begin this post by discussing the political significance of MP Borg’s questions and then proceed to granularly identify major findings from the federal agencies’ respective responses. After providing these empirical details and discussing their significance, I conclude by arguing that the ‘subscriber information loophole’ urgently needs to be closed and that federal agencies must be made accountable to their masters, the Canadian public.

[…]

The government’s responses to MP Borg’s questions were returned on March 24, 2014. In what follows I identify the major findings from these responses. I first discuss the Communications Security Establishment Canada (CSEC), Canadian Security Intelligence Service (CSIS), Royal Canadian Mounted Police (RCMP), and Canadian Border Service Agency (CBSA). These agencies provided particularly valuable information in response to MP Borg’s questions. I then move to discuss some of the ‘minor findings’ related to the Canadian Revenue Agency (CRA), Competition Bureau, Statistics Canada, and the Transportation Safety Board (TSB).

March 23, 2014

Isn’t it Ironic: Government Surveillance Version (with Remy)

Filed under: Government, Humour, Liberty, Media — Tags: , , , — Nicholas @ 00:01

Published on 20 Mar 2014

Remy updates the Alanis Morissette hit for a certain senior senator from California.

Approximately 2 minutes.

Written by Remy. Video and animation by Meredith Bragg. Music performed, produced, recorded, mixed and mastered by Ben Karlstrom.

For full text, links, downloadable versions and more, go to: http://reason.com/reasontv/2014/03/20/remy-isnt-it-ironic.

Lyrics:
A Senator lady
Got the news one day
The country’s being spied on
by the NSA

So she went out defending
on each TV set
but when she found out she’d been snooped on
she got all upset

And isn’t it ironic?
I mean, don’t you think?

It’s like you’re at Chris Brown’s
and there’s punch in the fridge
or if The Bachelor
passed a geography quiz

Learning Ted Kennedy
happened to be good at bridge.
And who would have thought?
It figures.

Senator, this may surprise you
and the irony bites
but Congresspeople ain’t the only ones
with 4th Amendment rights

It’s like a minimalist
who does their laundry
with All
or if Woody Allen liked to watch
Kids in the Hall

it’s like FDR
got locked in a Honda Accord
a cheap healthcare plan
that you just can’t afford

If Oscar Pistorius
really hated The Doors
and who would have thought?
It figures.

I heard the government
is sneaking up on you.
Life has a funny, funny way
of calling you out
calling you out.

March 13, 2014

It’s amazing how much data can be derived from “mere” metadata

Filed under: Liberty, Media, Technology — Tags: , , , , — Nicholas @ 08:25

Two Stanford grad students conducted a research project to find out what kind of actual data can be derived from mobile phone metadata:

Two Stanford computer science students were able to acquire detailed information about people’s lives just from telephone metadata — the phone number of the caller and recipient, the particular serial number of the phones involved, the time and duration of calls and possibly the location of each person when the call occurred.

The researchers did not do any illegal snooping — they worked with the phone records of 546 volunteers, matching phone numbers against the public Yelp and Google Places directories to see who was being called.

From the phone numbers, it was possible to determine that 57 percent of the volunteers made at least one medical call. Forty percent made a call related to financial services.

The volunteers called 33,688 unique numbers; 6,107 of those numbers, or 18 percent, were isolated to a particular identity.

[…]

They crowdsourced the data using an Android application and conducted an analysis of individual calls made by the volunteers to sensitive numbers, connecting the patterns of calls to emphasize the detail available in telephone metadata, Mayer said.

“A pattern of calls will, of course, reveal more than individual call records,” he said. “In our analysis, we identified a number of patterns that were highly indicative of sensitive activities or traits.”

For example, one participant called several local neurology groups, a specialty pharmacy, a rare-condition management service, and a pharmaceutical hotline used for multiple sclerosis.

Another contacted a home improvement store, locksmiths, a hydroponics dealer and a head shop.

The researchers initially shared the same hypothesis as their computer science colleagues, Mayer said. They did not anticipate finding much evidence one way or the other.

“We were wrong. Phone metadata is unambiguously sensitive, even over a small sample and short time window. We were able to infer medical conditions, firearm ownership and more, using solely phone metadata,” he said.

March 12, 2014

Senator Dianne Feinstein versus the CIA

Filed under: Government, Law, USA — Tags: , , , , , — Nicholas @ 10:52

In Mother Jones, David Corn shows the state of play between the Central Intelligence Agency and the senate committee that is responsible for oversight of the CIA:

Sen. Dianne Feinstein (D-Calif.), the chair of the Senate intelligence committee, took to the Senate floor and accused the CIA of spying on committee investigators tasked with probing the agency’s past use of harsh interrogation techniques (a.k.a. torture) and detention. Feinstein was responding to recent media stories reporting that the CIA had accessed computers used by intelligence committee staffers working on the committee’s investigation. The computers were set up by the CIA in a locked room in a secure facility separate from its headquarters, and CIA documents relevant to the inquiry were placed on these computers for the Senate investigators. But, it turns out, the Senate sleuths had also uncovered an internal CIA memo reviewing the interrogation program that had not been turned over by the agency. This document was far more critical of the interrogation program than the CIA’s official rebuttal to a still-classified, 6,300-page Senate intelligence committee report that slams it, and the CIA wanted to find out how the Senate investigators had gotten their mitts on this damaging memo.

The CIA’s infiltration of the Senate’s torture probe was a possible constitutional violation and perhaps a criminal one, too. The agency’s inspector general and the Justice Department have begun inquiries. And as the story recently broke, CIA sources — no names, please — told reporters that the real issue was whether the Senate investigators had hacked the CIA to obtain the internal review. Readers of the few newspaper stories on all this did not have to peer too far between the lines to discern a classic Washington battle was under way between Langley and Capitol Hill.

[…]

So here we have the person assigned the duty of guaranteeing that the intelligence establishment functions effectively and appropriately, and she cannot get information about how the CIA meddled in one of her own investigations. This is a serious breakdown. And by the way, Feinstein has still not succeeded in forcing the CIA to declassify her committee’s massive report on the interrogation and detention program.

Here is how she summed up the current state of play:

    If the Senate can declassify this report, we will be able to ensure that an un-American, brutal program of detention and interrogation will never again be considered or permitted. But, Mr. President, the recent actions that I have just laid out make this a defining moment for the oversight of our intelligence committee. How Congress and how this will be resolved will show whether the intelligence committee can be effective in monitoring and investigating our nation’s intelligence activities or whether our work can be thwarted by those we oversee.

What Feinstein didn’t say — but it’s surely implied — is that without effective monitoring, secret government cannot be justified in a democracy. This is indeed a defining moment. It’s a big deal for President Barack Obama, who, as is often noted in these situations, once upon a time taught constitutional law. Feinstein has ripped open a scab to reveal a deep wound that has been festering for decades. The president needs to respond in a way that demonstrates he is serious about making the system work and restoring faith in the oversight of the intelligence establishment. This is more than a spies-versus-pols DC turf battle. It is a constitutional crisis.

March 11, 2014

Surveillance game – Nothing to Hide

Filed under: Gaming, Government, USA — Tags: , , — Nicholas @ 10:50

If you’re not worried about the government (or other governments) watching your every move — because you’ve “got nothing to hide” — you might be interested in this game:

The tongue-in-cheek game Nothing to Hide was born out of creator Nicky Case’s dedication to privacy rights. Using the game, he intends to chip away at confidence in National Security Agency (NSA) procedures and give advocates something to think about.

The “anti-stealth” framework is an “inversion” of more familiar stealth-based video games. In the Panopticon-inspired environment, players must control behavior to please monitoring powers. Rather than avoid surveillance equipment, players actively work to remain in sight of yellow, triangle cyclops-eyed cameras. If a player walks outside the view of the camera, he or she risks death by summary, trial-free execution — because clearly he or she is a criminal with something to hide.

The name Nothing to Hide is, of course, taken from a common blasé reaction to state surveillance: “Well, I’ve got nothing to hide.” The game confronts this attitude by drawing attention to the unpleasantness of being constantly monitored. Players are thrust into a dystopian environment devoid of privacy. Digital posters with creepy comments like “Smile for the camera” and “Thank you for participating in your own surveillance” cover the walls.

March 10, 2014

When we do it, it’s “intelligence gathering”, when they do it, it’s “cyberwar”

Filed under: China, Technology, USA — Tags: , , , , — Nicholas @ 10:48

Bruce Schneier on the odd linguistic tic of how we describe an act depending on who the actor is:

Back when we first started getting reports of the Chinese breaking into U.S. computer networks for espionage purposes, we described it in some very strong language. We called the Chinese actions cyberattacks. We sometimes even invoked the word cyberwar, and declared that a cyber-attack was an act of war.

When Edward Snowden revealed that the NSA has been doing exactly the same thing as the Chinese to computer networks around the world, we used much more moderate language to describe U.S. actions: words like espionage, or intelligence gathering, or spying. We stressed that it’s a peacetime activity, and that everyone does it.

The reality is somewhere in the middle, and the problem is that our intuitions are based on history.

Electronic espionage is different today than it was in the pre-Internet days of the Cold War. Eavesdropping isn’t passive anymore. It’s not the electronic equivalent of sitting close to someone and overhearing a conversation. It’s not passively monitoring a communications circuit. It’s more likely to involve actively breaking into an adversary’s computer network — be it Chinese, Brazilian, or Belgian — and installing malicious software designed to take over that network.

In other words, it’s hacking. Cyber-espionage is a form of cyber-attack. It’s an offensive action. It violates the sovereignty of another country, and we’re doing it with far too little consideration of its diplomatic and geopolitical costs.

February 11, 2014

Michael Geist on what Canadians can do about mass surveillance

Filed under: Cancon, Government, Liberty, Technology — Tags: , , — Nicholas @ 12:21

A post at Michael Geist’s website advises Canadians about their options to protest the government’s role in internet surveillance:

… we know that U.S. law provides fewer protections to personal information of non-U.S. citizens, suggesting that Canadian data residing in cloud-based servers in the U.S. are particularly vulnerable. Meanwhile, the Canadian legal rules remain largely shrouded in secrecy, with officials maintaining that programs fall within the law despite the obvious privacy interests in metadata and statutory restrictions on domestic surveillance.

[…]

Today is the day that Canadians can send a message that this official is wrong. The Day We Fight Back Against Mass Surveillance is a global effort to galvanize people around the world to speak out against ubiquitous surveillance. Canadians can learn more here, but the key ask is to contact your Member of Parliament. If you are concerned with widespread surveillance in Canada, take a couple of moments to send an email or letter (no stamp required) to your MP and let them know how you feel (alternatively, you can fill out the form at this site). In addition, you can sign onto a global petition supported by hundreds of groups around the world.

I’ve written about the need for changes here and many others — including Interim Privacy Commissioner Chantal Bernier, Kent Roach, Wesley Wark, Ron Diebert, David Fraser, Ontario Privacy Commissioner Ann Cavoukian and Avner Levin, Craig Forcese, and Lisa Austin — have highlighted other potential changes. There are no shortage of ideas for reform. What we need now are Canadians to speak out to demand an open review and reform of Canadian surveillance law and policy.

« Newer PostsOlder Posts »

Powered by WordPress