Archive for the ·


· Category...

Richard Stallman response to the Facebook scandal

Comments Off

In an opinion piece in The Guardian, Richards Stallman shares his view on the latest Facebook / Cambridge Analytica scandal. He is definitely in a position to say “I told you so”, and both he and everybody else know, so instead he repeats his message in his usual to-the-point clear-cut language:

The surveillance imposed on us today far exceeds that of the Soviet Union. For freedom and democracy’s sake, we need to eliminate most of it. There are so many ways to use data to hurt people that the only safe database is the one that was never collected. [...] I propose a law to stop systems from collecting personal data.

The “don’t record it – don’t collect it” will be the mantra of the new privacy-conscious tech generation. The publish-everything fad is over. Delete is the new black. Ephemeral is the new gray. Hopefully.

On the state and state security and absolute surveillance vs. its people, he continues:

An unjust state is more dangerous than terrorism, and too much security encourages an unjust state.

A surveillance state is probably more than unjust, it most likely turns absolutist and totalitarian, like we see in Putin’s Russia and Xi’s China. Reverting that trend will take more than changing fashions in social networks.

Comments Off

Facebook shattered

Comments Off

The last week has been devastating for Facebook, with revelations about the Cambridge Analytica data abuse, but also uncontrolled access to people’s private information and friend networks by thousands of other developers and apps. There’s now a trending #deletefacebook campaign, with instructions on how to clean up if you still have an account. Even Elon Musk is publicly quiting and removing his company pages.

The current focus of the story is two-fold: One the one side, there is the specific case of Cambridge Analytica which misused people’s data for targeted political advertisement. Apparently, they were involved in both the British EU exit vote and the 2016 US presidential vote. Although this is clearly manipulative political propaganda, the exposure were in these cases limited, with some hundred thousand to a few million people possibly affected. It is doubtful that their meddling affected the final outcome of either election. However, this part of the story is just the tip of the iceberg.

The much larger issue is that the Facebook “Graph API” which was used by Cambridge Analytica was also available to thousands of other Facebook hosted apps. Facebook actually got concerned these third party developers might steal their whole social graph, and start new social network companies, so access was somewhat restricted around 2014. However, up-until then, the information of millions, or more likely hundreds of millions, of people were downloaded by all kinds of companies.

Yet, even with Facebook’s change of policy, the problem persists. Through mobile phone apps, it is still too easy to lure people into granting full access to contact lists and other private data. Once the button is pressed, there is no longer any way to oversee or control what data is sent where. Indeed, once the Facebook part of the story fades away, mobile app privacy and permission settings is likely to be the next fallout. Here Google and Apple will have to answer for their behavior and the lack of user control of their data.

Told you so

It is easy to get up on a high horse and look down on people who are affected by the latest privacy fallout. After all, there have been news, warnings, and even popular fiction about the dangers of loss of privacy and dystopian absolute surveillance since Orewell who published in 1948. Richard Stallman has been writing since the 1980s, and Snowden blew the whistle in 2013. “Told you so”, is on the tip of the tongue of anybody vaguely informed.

Yet, privacy and publicity is not a one-size-fits-all matter. What some people find acceptable or necessary to be public, others want to keep private, and visa-versa. Eric Schmidt, Sasha Grey, and Edward Snowden would want very different privacy settings. Crucially, there is not one correct publicity and privacy strategy. It has to be a personal consideration and choice, without absolute directives on what is legally allowed and morally acceptable.

It is therefore futile to wait for government regulation on the matter. There is simply no law or regulation which will solve all possible requirements. In certain cases, law and eager law enforcement can make the matter significantly worse, as in the cases where teenage “sexting” is brought down with the full force of the law. Some jurisdictions are changing the law, but here short term ephemeral communication like in Snapshat is a better technical solution.

Protect yourself

Given that privacy and publicity preferences are personal, what are some steps you can take to make your online presence fit your preference? It has to start with personal reflection on what you want and require, and be articulated into a consistent personal strategy from there on. Adhering to a coherent strategy makes it easier to follow, and easier to explain to others.

Here are some ideas, some might fit you, while other might not.

  • Use a pseudonym: This has been standard practice for authors and artists for ages, and long before Facebook most user accounts were arbitrary nicknames like “john1970″. Even if you are not a published writer, your social media publications could well benefit from a modified name. How much you want to alter your name is up to you. Facebook will not allow certain made-up names, but a few spelling mistakes will likely go through the filter. For different accounts, e.g. Twitter, consider if you use a different pseudonym, or the same. It will depend on the goal of your publication.
  • Hide your face: Computer vision and facial recognition has now become so good at matching faces from images, that it has become just as unique an identifier as your name. That is, there is still likely to be some mismatch because some people look alike (or have the same name), but we must assume Facebook, Goolge, and governments has the capability to identify you based on a picture. Not appearing in any picture can be difficult, but you can at least start with not publishing your own selfies.
  • Go ephemeral: Some things are better forgotten, and it is easier to forget if there exists no records. However, till recently, the dogma of the digital information age has been that anything stored can never be deleted. There will always be a copy somewhere. Services which put an expiry date on information is starting to change that. Snapchat has become popular because of that feature, and there is an untapped marked for more expiry features in more services.
    Somewhat ironically, it is standard practice in large cooperations like Facebook and Google to have email and document retention policies with limited duration, usually two to three years, to protect themselves from possible future legal subpoenas.
  • Say no: Deleting your Facebook account has already been discussed. Yet, there are many other apps out there, and they are often in just as good a position to harvest data. Not installing, deleting, or not granting certain access should be simple good digital hygiene for everybody.
  • Use privacy focused tools: Certain tools and apps are not possible to get around if we want to take advantage of the Internet. By now there are many alternatives to the mainstream devices, applications and mobile apps. In the wake of the Snodwen NSA files, there were many good suggestions, and the advice at PRISM-break, named after one of the NSA mass surveillance programs, is just as relevant today.
  • Block ads: Whether it’s freedom from political propaganda or manipulative advertising, browsing the web without advertisement is very refreshing. It also makes many websites load much faster. Adblock Plus is an extension available to most desktop and mobile browsers. My personal preference though, is host blocking on DNS level. With some technical know-how, it’s an easy install-and-forget procure, with no need to upgrade before you get a new computer or device.
  • Turn off cookies, JavaScript: This one can be a bit extreme, because it makes certain websites less useful, and you’ll have to reconfigure the same settings over and over. A good compromise is to automatically delete cookies on browser exit, and install NoScript where you can white-list your trusted sites. But it does take some work, and is far from perfect.
    Just be aware of websites which require you to enter credit card data. Those are best accessed in an incognito (private) window, but with cookies and JavaScript turned on, lest the transaction fails or get stuck due to missing scripts.
Comments Off

Expanding police and surveillance powers across Europe

Comments Off

In January, two interesting and thorough reports on expanding police and surveillance powers across Europe were published: Amnesty International published a 70 page report which summarizes its research into expanding police laws across EU and the troubling consequences to innocent citizens. It was followed up by an opinion piece in The Guardian by one of its authors, John Dalhuisen.

The second report was by Privacy International (original), and analysed the expanded surveillance and data retention powers in UK, Germany and France.

Each report paints a grim picture of the state of human rights and privacy across the EU. Overall a somber picture emerges: The liberty and freedom we have enjoyed over the last quarter of a century is eroding. Add to that the sweeping wind of right-wing nationalist politics across the continent, and the alarm bells should be ringing.

Too often, the counter-argument in this debate is “if you’ve got nothing to hide, you’ve got nothing to fear”, or the corollary “I’m too boring for the state to be interested in”. Glenn Greenwald does a good job of dispelling that argument in his book “No Place to Hide”. He points out that surveillance stifles self-expression, creativity and experimentation. On a state level, its very purpose is to hinder deviant and radical thought and action. As such, surveillance and lack of privacy is an obstacle to political and cultural progress.

Given that mass state surveillance harms us all, our individual relation with the state authority, and whether we personally feel we have anything to hide or not, is nonessential to the debate. It is irrelevant if you yourself is involved in politics, opposition groups, and protests. Surveillance harms everybody, depriving us of freedom, and hindering political, cultural, and human progress. It makes us complacent, unable or unwilling to question authority.

Dangerously disproportionate

In their report, titled “Dangerously disproportionate”, Amnesty International analyses events and laws passed in 2015 and 2016 in multiple EU member countries, including UK, Germany, France, Holland, Spain, Poland, Hungary and Austria. They look at new emergency powers; legality of laws and powers; the right to privacy; freedom of expression; right to liberty; freedom of movement; and stripping of nationality. In each section, Amnesty International specifically calls on EU member states to respect established Human Rights and the rule of law. They provide multiple examples from the various states where it is questionable whether the police and the executive branches have acted legally, against their countries laws or against basic human rights.

The report is well written, and comes with several insightful and well placed warnings. Amnesty International is ringing the alarm bells, and points out that the governments of Europe are now the biggest threats to their own nations and freedom of their people:

“Ultimately, however, the threat to the life of a nation – to social cohesion, to the functioning of democratic institutions, to respect for human rights and the rule of law – does not come from the isolated acts of a violent criminal fringe (…), but from governments and societies that are prepared to abandon their own values in confronting them.”

Terms like “the enemy” and “terrorism” have always been deliberately vague. This is now causing real problems when such vague and undefined terms are used as part of laws:

Because there is no universally agreed definition of “terrorism” under international law, states and international bodies have created their own. In that process, over the years, definitions of terrorism have become ever more vague and overly broad. This lack of clarity in many counter-terrorism laws has led, in turn, to a lack of certainty regarding what precisely constitutes an act of terrorism. If people can’t tell whether their conduct would amount to a crime, they cannot adjust their behaviour to avoid criminality. The consequences can be significant, ranging from the profiling of members of certain groups thought to be more inclined toward “radicalization”, “extremism”, or criminality based on stereotypes – i.e. guilt by association – to the outright misuse by states of laws that define terrorism loosely to deliberately target political opponents, human rights defenders, journalists, environmental activists, artists, and labour leaders.

Mass surveillance is still illegal and against Human Rights:

Any communications surveillance measure used must be strictly necessary and, to the extent that it interferes with people’s rights, must be proportionate in the particular circumstances of each case. The cornerstone of lawful communications surveillance is that it is individualized and based on reasonable suspicion of wrongdoing.

Indiscriminate mass surveillance, in effect a fishing expedition and “just-in-case” retention of people’s communications and data, is the antithesis of this. States may refer to indiscriminate mass surveillance practices by other names – “bulk” rather than “mass”, “collection” or “interception” rather than “surveillance” – but linguistic gymnastics do not make the practices conform to human rights standards.

When laws are vaguely defined and the state can monitor everybody all the time, this is causing a chilling effect on freedom of speech, thought and expression. Simply clicking on the wrong link can be enough to land somebody in trouble. The report points out how musicians and other artists have already been the target of discrimination and “terrorist” laws.

The right to freedom of expression has been under direct and sustained assault across Europe in recent years. Measures that seek to curb speech and other forms of expression, taken cumulatively, reflect a landscape where freedom to access information, offer opinions, exchange ideas, and engage in robust and challenging debate – publicly or online – is in rapid decline. The risk that a person could be labelled a security threat or “extremist” has had very real consequences for some people as the examples below illustrate, while the “chilling effect” that such measures creates has left the public space for free expression smaller and more impoverished than it has been in decades.

Finally, the report discusses freedom of movement, and the dangerous trend towards “preventive measures” and “pre-crime” initiatives without the rule of law:

Indeed the extent of the remove can be seen from the fact that states are criminalizing not just the preparatory act of travelling abroad with the purpose of committing a terrorist offence, but also acts preparatory to the preparatory act of travelling abroad with this purpose. The problem here is that acts such as browsing “extremist” websites and looking up the price of flights to Istanbul can all render people liable to prosecution, long before individuals may have made up their minds to commit a terrorist offence, or without their ever even having contemplated it in the first place.

Mass Surveillance in Europe

The Privacy International report is shorter, but just as interesting and worrying. It covers the British “Snoopers Charter” or Investigatory Powers Act (IPA); the German Communications Intelligence Gathering Act (“Ausland-Fernmeldeaufklärung des Bundes-nachrichtendienstes”); and the French International Electronic Communications Law (“mesures de surveillance des communications électroniques internationales”). For each law, the authorized powers, oversight, and power over privileged communication is examined.

Although the terrorist attacks in these countries over the last years are driving forces, many of the laws being passed now seems to have at least some relation to the EU Data Retention Directive, issued a decade ago, in 2006. Although that was annulled by the EU Court of Justice in 2014 for “violating fundamental rights”. Still, similar and broader laws are now in place in many EU member states.

The report concludes:

The leaders of Germany, France and the UK are setting a dangerous precedent which echoes within the European Community and far beyond it: Mass surveillance by governments has become the new normal.

No sanctuary in Switzerland?

Upon till recently, Switzerland was a sanctuary of privacy and secrecy of private information and financial information. The latter was shattered a few years back, when the US threatened to throw out the Swiss banks if they did not disclose account details on what US citizens held. The former came under attack in 2015 and 2016 when two separate data retention and surveillance laws were enacted and passed. The BÜPF – “Überwachung des Post und Fernmeldeverkehrs” (“Monitoring of post and telecommunications”) and the NDG – “Nachrichtendienstgesetz”, an extension to the existing national intelligence law. There’s a discussion of both here, and more details by ProtonMail.

The laws call for all communication channels and services to retain certain metadata about the communication for a year, which apparently includes any open wifi hotspots; IRC chat rooms; email and chat services; message boards and so on. Again, similar laws which were declared illegal for violating fundamental rights by EU Court of Justice in 2014 have become national law. Furthermore, the laws make state hacking and wiretapping legal.

Even though Switzerland is neutral, they maintain close ties to the US, including data sharing agreements through the Privacy Shield Framework, like the other EU countries. (The double-speak has really gone far when “privacy shield” is a name for business and government information sharing). Furthermore, regarding financial details, Switzerland is taking part in the Automatic exchange of information (AEOI) program, under the guise of detecting tax evasion.

An interesting note about the “Nachrichtendienstgesetz” extension is that it met strong resistance, and ProtonMail were amongst activists who gathered enough signatures for the 2015 proposal to go through a national referendum, as is required in Switzerland. The only problem: they lost. On 25 September 2016, the vast majority at 65.5% voted in favour of the law. Although only about 43% of eligible voters cast their vote, the outcome was similar across all cantons, and therefore we must assume representative of the opinion of the population as a whole. It goes to show, that even in Switzerland when the choice stands between privacy and security, people will give up their privacy.

Comments Off

Privacy attacks and government surveillance continue

Comments Off

At the Symantec Government Symposium on Tuesday, FBI director James Comey said he “can’t resist talking about encryption and going dark”, and will continue an “adult” discussion into 2017. What’s stopping him now, seems to be the media attention on the presidential election. He continued “The challenge we face is that the advent of default, ubiquitous strong encryption is making more and more of the room we are charged to investigate dark”. Referring to device encryption on iPhones and Android phones, as well as Whatsapp, etc.

Meanwhile in Europe, French and German politicians have seized on the recent fear of violence to push similar rhetoric. Last week French Interior Minister Bernard Cazeneuve and German Interior Minister Thomas de Maizière said that “they will push for a Europe-wide law requiring tech companies to provide law enforcement agencies with access to encrypted messages when necessary”. Cazeneuve said, “We propose that the EU Commission studies the possibility of a legislative act introducing rights and obligations for operators to force them to remove illicit content or decrypt messages as part of investigations, whether or not they are based in Europe”. The “our law” should universal thinking, in other words.

The “crypto wars” are as hot as ever, and even though the latest communication technology offerings have made it easier for everybody to stay private, it is clear that the Western surveillance states will not give up without a fight.

Comments Off

Review: No Place to Hide, Glenn Greenwald

Comments Off

In his latest book, No Place to Hide, Glenn Greenwald gives a brief summary of the events since Edwards Snowden first contacted him 1 December 2012, up until UK government’s harassment of David Miranda at London Heathrow airport on 18 August 2014. He gives an overview of some of the released NSA documents, showing the scope and detail of the illegal surveillance.

It is however the last two chapters of the book which makes this a must-read. Here, Greenwald examines why ubiquitous surveillance is so dangerous and damaging to all of society, and why the “nothing to hide – nothing to fear” argument is misguided and naive.

In the final chapter, Greenwald describes the toxic climate of modern journalisms, and how challenging state power is the exception rather than the norm in many newspapers.

Besieged by state surveillance

Glenn Greenwald’s examination of the harms of mass state surveillance is an indispensable read for anybody debating the topic. He explains why privacy is essential to all humans, on an individual level, as well as for society as a whole. Without privacy, we automatically conform to written and unwritten rules and expectations of behaviour and and thought.

Surveillance stifles self-expression, creativity and experimentation. On a state level, its very purpose is to hinder deviant and radical thought and action. As such, surveillance and lack of privacy is an obstacle to political and cultural progress. The goal is to freeze the status quo with its current power structure and current authority.

Herein lies the rebut of the “nothing to hide – nothing to fear” argument. Rather than grasping for fringe groups and special circumstances, Greenwald shows that this argument is narrow minded, egoistical and hypocritical. Given that mass state surveillance harms us all, our individual relation with the state authority is nonessential to the debate. It is irrelevant if you yourself is involved in politics, opposition groups, and protests. In many ways, surveillance harms everybody, depriving us of freedom, and hindering political, cultural, and human progress. It makes us complacent, unable or unwilling to question authority.

Furthermore, Greenwald points out that state surveillance is masked in secrecy, often with little oversight. It makes the surveillance a one-way mirror: They can see you, but you cannot see them. This is by design, and Greenwald examines multiple examples of why this works so well in controlling the population. He shows why it is important to break this one-way mirror; to shine light on government activities so its power cannot be used for harassment and control.

News as state propaganda

In the last chapter, Greenwald gives an introspective look into the failures of US media. Journalists and newspapers are nicknamed the Fourth Estate, because they were supposed to challenge the other three branches of government. However, many have become mere propaganda outlets for those in power.

What’s worse, Greenwald was attacked by fellow journalists across the political spectrum for publishing his stories based on the NSA documents. UK in particular has gone very far in attacking anybody working with these documents. There is no Forth Amendment or similar law protecting free speech in the UK. As a result, the Guardian was threatened with lawsuits and shutdown by GCHQ (Government Communications Headquarters) agents. Through an ultimatum, they destroyed the computers belonging to the newspaper which they believed contained copies the NSA documents.

Later, Greenwald’s partner, David Miranda, was detained using an anti-terrorist law while in transit through London Heathrow airport. As Greenwald put it, UK agents grabbed him out of non-British neutral territory. Lacking anything to charge him with, the UK police later acknowledged that this was an harassment tactic, to send a message to anybody working with Snowden or Greenwald.

Read it now!

If you haven’t kept an eye on the Snowden and NSA story, Gleen Greenwald’s latest book is an excellent and brief overview of the important events and facts. Still, even if you have followed the details of the NSA documents, the last half of the book is refreshing and worth the read.

State propaganda with its excuses to justify surveillance is as prevalent as ever. It is essential that we all know how to refute those arguments. Also, putting an end to the “nothing to hide & fear” argument will be important if we want to repel mass state surveillance.

Comments Off

anonabox : a Tor hardware router

Comments Off

Update: This project turned out to be too good too be true, at least for now. Wired has a brief article on the problems of the project, and why it was canceled by Kickstarter.

However, as the developer Germar says: “This would have been a success even if we’d raised $10,000. – This is a place to start.” (The project went above $600.000 before it was canceled).

I just backed the KickStarter project “anonabox”. It’s a drop-in Tor hardware router, which makes all outgoing traffic anonymous without any user configuration. As seen in the picture, it connects between your incoming ISP point, and your laptop. Or, the other way around, where the box itself pickup up a foreign Wifi signal, and give you a wired hotspot. Or where the laptop in the picture is connected over wifi instead of wired.

At the price of $50, I ordered two, to be delivered beginning of next year. The Kickstarter has already gone almost 100x above their set goal of $7500, so they might have some extra work to backfill orders. The project looks promising though, with the device to be shipped already in its fourth generation of development.

Order yours now! There’s still 26 days to go.

Comments Off

Another assault on privacy by GCHQ

Comments Off

Recently, it was revealed by IT Security Guru that the British intelligence agency GCHQ had demand a backdoor into the secure email service PrivateSky by CertiVox. At the end of 2012, GCHQ made the request, but CertiVox chose to close the service instead of betraying their customers. This is preceding the similar heavy-handed threats by NSA which caused US based Lavabit and Canadian based Silent Circle to shut down their secure email services.

It is clear then, that it is not possible to operate secure email or communication services within these countries. In that light, it’s interesting to see Swiss hosting companies picking up business. “Business for Switzerland’s 55 data centres is booming”, claims the article. It will be interesting to see how it plays out. Will they be pressured by US as was the case with the banks? Or will they also sell out, as was the case with the Swiss based Crypto AG and their machines?

As many have pointed out, the physical security of a data centre is often less of an issue than its network and system security. Furthermore, it’s a question of how it is used and what is offered. PrivateSky is for example still operational, but only for its owners. If somebody offered a secure communication service from within the Tor network, it would be both hard to detect, so it might fly under the radar for a while, and hard to take down if hosted in Switzerland. That’s a business idea right, up for grabs for anybody with a bit of spare time and money.

Comments Off

Trends: Snowden didn’t change public’s behaviour

Comments Off

For all the NSA documents revealed by Snowden, and for all the news headlines stressing the gravity of the situation, it seems the general public has not changed their behaviour much. At least that would be the conclusion if looking at the worldwide trends of a few Google search terms: As can be seen in the first chart, the terms Snowden and NSA quickly rose to prominence when the story broke in the second half of 2013. However, interest quickly declined. If we look at the two next charts, comparing terms privacy, surveillance, encryption there seem to be no correlation with the former terms at all. Maybe there is an ever so faint increase in the term encryption, but nothing of significance.

The two last charts compare the terms encryption, surveillance in Germany. Here there is a small blip for the former term, while interest in the later, surveillance, seems to have increased significantly. This is possibly driven by the news stories there about NSA spying on Chancellor Angela Merkel.

These trends are rather disappointing to see. One would have hoped for at least a blip on the radar when it comes to public awareness of these issues. Instead, the distraction campaigns by most of the mainstream media seems to have been successful: The headlines have been focusing on Snowden, his girlfriend, his father, and whether he is a hero or traitor. Masking and excusing the abuse of power by NSA, GCHQ and the politicians who support these organizations have been successful. In fact, in Britain the story has taken the bizarre turn where the government is investigating The Guardian and editor Alan Rusbridger for publishing the leaked documents. What other clue do you need to see that the so called democracies and free countries of the West is nothing but a mirage for a powerful and abusive elite?

Swedish politician Rickard Falkvinge put it nicely in his post about the coming of the Swedish police-state:

A key difference between a functioning democracy and a police state is, that in a functioning democracy, the Police don’t get everything they point at.


Comments Off

The list of shame

Comments Off

Over the last years, Wikileaks has collected and published a set of files detailing the companies involved in implementing and assisting mass surveillance. The “Spy Files” includes mostly public product sheets, sales brochures and company catalogues. Below is the list of all the company names mentioned in all the Wikileaks Spy Files.

There’s a lot of interesting reading there. From not so well known hardware companies across the world, to big names like HP, Ericsson, and Siemens. Some of them are selling “investigation platforms” for law enforcement, while others offer products for covert operations. There’s data sheets on network taps like those from NetOptics, and network traffic surveillance and retention from Packet Forensics, to give some examples. There’s marketing material, like Ernst & Young 2011 brochure with the title Biometrics: time to evangelise the benefits. (They want biometric identification pretty much everywhere: From border control to benefit payments, and Internet access).

In other words, these are the companies which implement the police and surveillance state. Employees from these companies do the dirty-work of the NSAs and GCHQs around the world. If you are working for or with one of these, now is a very good time to consider your stance on democracy, human rights, and privacy. If your set of values does not align with that of your company, it might be time to do something about that. “I was just doing my job and following orders” is not an excuse which will hold up in court when judgement comes.

ADS UKTI Defence & Security Organisation
AGT International
AI Solve
ATIS Systems GmbH
Atis Uher
Berkeley Varitronics Systems
Cambridge Consultants
Cassidian (EADS)
CCT Cecratech
Delta SPA
Digital Barriers
Dreamlab Gamma
EBS Electronic
Enterprise Europe Network
Ernst & Young
Evidence Talks Ltd.
Expert System
FCO Services
Forensic Telecommunications Services
Freightwatch Security Net
Glimmerglass Networks
HiddenTechnology Systems International Ltd.
HP Defence and Security
Human Recognition Systems
i2 Group
Innov Telek IZT
IPS Intelligence
Kapow Software
NETWORK Instruments
NICE Systems
Nokia Siemens Networks
Packet Forensics
Pine Digital Security
PV labs
QCC Interscan
Roke Manor Research
Scan & Target
Septier Communication Ltd.
Silicom Dreamlab
Speech Technology Center
Spektor Forensic Intelligence
Telesoft Technologies
Utimaco Safeware AG
Visual Analytics Inc
VUPEN Security

Comments Off

NSA’s Social Graph

Comments Off

NSA is creating a social graph of everybody. That is the latest NSA story based on Snowden’s documents. “The agency can augment the communications data with material from public, commercial and other sources, including bank codes, insurance information, Facebook profiles, passenger manifests, voter registration rolls and GPS location information, as well as property records and unspecified tax data”

On Slashdot, user jbn-o has an insightful comment, regarding Eben Moglen’s warnings about exactly this scenario:

“I was talking to a senior government official of this government about that outcome and he said well you know we’ve come to realize that we need a robust social graph of the United States. That’s how we’re going to connect new information to old information. I said let’s just talk about the constitutional implications of this for a moment. You’re talking about taking us from the society we have always known, which we quaintly refer to as a free society, to a society in which the United States government keeps a list of everybody every American knows.” —Eben Moglen, “Innovation Under Austerity”

Eben Moglen gave a talk where he warned us about a conversation he had with an American government official who wanted a “robust social graph” of Americans. And again at Moglen’s re:publica talk as Nicole Brydson reminds us. Of course, I’d prefer to point to a copy of this talk in a format friendly to free software, but I don’t know of one.

Moglen reminds us in his talks about how right Richard Stallman (RMS) is, and how we need to do the work of sharing what RMS teaches to others. RMS was right (as per usual) we need software freedom more than ever. Social action based on an ethical grounding (not mere technical convenience or speedy development) is exactly what this situation calls for. I hope everyone will take the time to read or listen to Moglen’s insightful talks and take them seriously. They’re deeply engrossing and filled with interesting history, so much so that they reward repeated listening and social action.

Comments Off

Latest NSA round-up

Comments Off

Glenn Greenwald has the latest round-up of various NSA surveillance related stories around the world this week. From the British GCHQ spying on Belgium’s largest telecom, Belgacom, to Obama working hard to keep the controversial programs away from judicial and public scrutiny. And much more.

Also interesting is a new coalition of civil liberties organizations and other interest groups called “Stop Watching Us”. On October 26th they are planning a rally in Washington, D.C. It takes time, but somebody are waking up.

Comments Off

The mind of a megalomaniac: NSA chief Keith Alexander

Comments Off

Glenn Greenwald recently had a nice story in the Guardian which showed how completely out of touch with society and reality NSA’s surveillance operation has become. NSA chief Keith Alexander have built a command centre and war room modelled after Star Trek’s Enterprise bridge. The pictures below are from the Guardian article.

To add insult to injury, the room was dubbed “Information Dominance Center”. The arrogance of it all is astonishing. Add to that Alexander’s motto “Collect it All”, and it goes to show how totally out of control this whole operation and agency has spun. The revelations over the last months have made it crystal clear that he nor is organization can be trusted, and this small story just hammers home the point even further.

Comments Off

NSA survailance violations – a brief summary

Comments Off

A summary of the latest news and NSA revelations.

Thanks to Snowden, we now know the NSA:

  • Had James Clapper lie under oath to us – on camera – to Congress to hide the domestic spying programs Occured in March, revealed in June.
  • Warrantlessly accesses records of every phone call that routes through the US thousands of times a day JuneSeptember
  • Steals your private data from every major web company (Facebook, Google, Apple, Microsoft, et al) via PRISMJune and pays them millions for it August
  • Pays major US telecommunications providers (AT&T, Verizon, et al) between $278,000,000-$394,000,000 annually to provide secret access to all US fiber and cellular networks (in violation of the 4th amendment). August
  • Intentionally weakened the encryption standards we rely on, put backdoors into critical software, and break the crypto on our private communications September
  • NSA employees use these powers to spy on their US citizen lovers via “LOVEINT”, and only get caught if they self-confess. Though this is a felony, none were ever been charged with a crime. August
  • Lied to us again just ten days ago, claiming they never perform economic espionage (whoops!) before a new leak revealed that they do all the time. September
  • Made over fifteen thousand false certifications to the secret FISA court, leading a judge to rule they “frequently and systemically violated” court orders in a manner “directly contrary to the sworn attestations of several executive branch officials,” that 90% of their searches were unlawful, and that they “repeatedly misled the court.” September September
  • Has programs that collect data on US Supreme Court Justices and elected officials, and they secretly provide it to Israel regulated only by an honor system. September


Comments Off

PRISM – The political repercussions

Comments Off

It has been about a month and half since the NSA and PRISM story broke, and we are now starting to see some of the political repercussions. As expected, they take longer to develop than news-headlines and knee-jerk Internet forum reactions, but the Snowden’s leaks will definitely have long term political effects.


Up until now, very much of the media attention has been on Snowden himself, his whistle-blower status, and his escape from the US. Although not that interesting in themselves, his movements have drawn some very intriguing lines, more clearly showing who’s in bed with who, and which countries are willing to stand up against the US. Snowden was more or less escorted out of Hong Kong, China, and welcomed to Russia, or at least not kicked out yet. The problem is, even if he has been offered asylum from Bolivia, Nicaragua and Venezuela, he cannot travel there. First of all, because the US has cancelled his passport, but maybe more importantly, he risks being captured mid-flight. That was made clear when Bolivian president Morales’ flight was forced down in Vienna, because other European countries had blocked their airspace on suspicion that Snowden was on board the plane.

That incident very clearly showed which countries are aligned with the Americans, and is now confirmed by the fact they did apologize. The Bolivian Foreign Minister confirmed that they had received apologies from Italy, Portugal, Spain and France. However, he wants to get to the heart of the matter, even though it is blatantly obvious who was behind the request to force down the plane. Furthermore, as a reaction against these European countries, Bolivia, Brazil, Argentina, Venezuela, and Uruguay have resolved to withdraw their diplomatic missions. That is a pretty strong signal, even though it might be temporary.

Finally, on Snowden, it was interesting to note that he has been nominated for the Nobel peace prize by Swedish professor Stefan Svallfors who notes that “‘I was just following orders’ [can never be] claimed as an excuse for acts contrary to human rights and freedoms”. He continues; awarding the prize to Snowden would “help to save the Nobel Peace Prize from the disrepute incurred by the hasty and ill-conceived decision to award US President Barack Obama [the] 2009 award.” Ouch! That has to sting!

EU political effects

In addition to the four countries who closed their airspace for Morales’ flight, it is clear that more have been accomplices of the US and NSA. UK’s GCHQ (Government Communications Headquarters) have eagerly been collecting data from Internet fibre cables, and is now facing legal challenges from the UK charity Privacy International.

Signals have also been collected in Germany, although here it is less clear whether German intelligence organizations have been in on the game or not. Even the interior minister Hans-Peter Friedrich is not able to explain exactly what has been going on, and apparently he has a gag-order from the US. Chancellor Angela Merkel seems more ambiguous, on the one side urging people to wait for US’ investigation, but also calling for stronger EU data protection laws, and at the same time bringing sanity and common sense to the discussion with the quote: “Just because something is technically possible doesn’t mean you should do it”.

Meanwhile, on EU level, the European Parliament has voted for a resolution to 1) let their Civil Liberties Committee launch an inquiry into the PRISM scandal (with a report due towards the end of the year); 2) warn other member states, including UK, Sweden, the Netherlands, Germany and Poland, who have been running similar programs; 3) reconsider the data sharing of air-traffic passenger information and SWIFT banking transfer with the US; 4) and offer stronger protection for whistle-blowers like Snowden. Several of these points echo similar demands by the EU Pirate Parties about a month ago.

US political effects

On US side, we’ve also seen the start of some interesting cases: Several groups, including the Electronic Privacy Information Center, have filled legal actions which seek to stop the NSA mass surveillance. In addition to the EPIC case, Electronic Frontier Foundation (EFF) has filed a lawsuit, backed by an unusual coalition of rights activists, church leaders and drug and gun rights advocates. It will probably take a long time before we see any form of outcome, or even response to these cases, but they have at least made the required move. As an example of long it can take, EFF supported the filing of a class action lawsuit in 2008, and just recently did a federal court judge reject the U.S. government’s latest attempt to dismiss the case (so it is now finally allowed start).

Just as interesting was the recent US Congressional hearing and questioning of the NSA officials James Cole, Robert S Litt and John Inglis. They revealed that the PRISM program had the capability to analyse social graph relations as much as three hops away from every person. This is significant, first, because it was previously assumed that they only had data and capabilities to perform only one (your friends) or two hops (the friends of your friends). Secondly, in an massively networked “social” world, three hops will include a lot of people. When six degrees of separation was estimated to link any two people in the world some fifty years ago, they did not have Facebook where everybody had thousands of “friends”. Now, it is estimated that any Facebook user can be linked with less than five hops. In other words, within three hops, most of us will be linked to some “bad” people. If those links are to be used against us, we will all be found suspicious.

Also worth noticing from the hearing was the comment from congressman Frank James Sensenbrenner. He was the author of the controversial 2001 Patriot Act, which probably has enabled some parts of the PRISM program. He told the NSA officials that unless they rein in their spying efforts, they would risk losing the legal provisions which enabled it. Although it is hard to believe it will come to that, it is still a quote to take note of. (Or, depending on how cynical you feel, yet another proof that you can never trust a politician).

Comments Off

PRISM – the effect

Comments Off

Another week with NSA and PRISM news has gone by, and now the reactions and comments start to take on more substance and show that people have had to the time to reflect on the various issues, rather than just posting knee-jerk headlines.

John Naughton had an interesting comment in the Guardian, where he points out that you can check out, but never leave: We are simply too used to, too entangled with, maybe even addicted to the services provided by the big Internet actors. Between the companies mentioned in the NSA slide, pretty much everybody are somehow covered. (Maybe Richard Stallman has managed to escape, however, he is probably encrypting his e-mails, and thus is up for extra scrutiny).

Another interesting article, by James Risen and Nick Wingfield of New York Times, points out the revolving door between Silicon Valley tech companies and the surveillance industry. They give the example of Max Kelly, the chief security officer for Facebook, who got recruited by NSA, and also several Silicon Valley startups which are either funded by or selling to NSA/CIA.

Finally, and most welcome, is the Anti-PRISM campaign, a joint effort by the several European Pirate Parties. They clearly and concisely point out the dangers posed to privacy and democracy by government surveillance. The language and demands contain a certain irony towards the US, noting that Europe should be become “a worldwide beacon for digital rights and privacy protection, government transparency and whistleblower protection” (referencing America’s 19th century goal of becoming “a beacon to the world”).

Their demands are clear political and regulative goals. It’s a great opportunity for these parties to grow beyond the copyright infringement fight, show that they have a broader political agenda, and gain more mainstream support. I’m guessing the two main points to watch are: First the “uncovering of the facts”, which gives a concrete proposal to form a European Parliament committee to investigate the details of the PRISM program, and how it relates to EU states. Secondly, the point about repealing of the Data Retention Directive is interesting. It mentions that three countries have already rejected this 2006 directive in national courts. It will be interesting to see if the latest news and politics will have an effect on other EU countries as well.

Comments Off