Russian Pastafarian parade disrupted by cops, Orthodox hooligans


Robbo sez, "Church of the Flying Spaghetti Monster members who held a procession in Moscow were dispersed by riot police and Orthodox activists; some were detained for holding an 'unsanctioned rally.' Best quote in the news post: 'We were detained for simply walking,' a message posted by another Pastafarian said. 'In particular, I was taken in for a sieve on my head.'

Read the rest

Cops accidentally record themselves admitting they harassed activist at rodeo owners' request: "God, we're gonna get sued"

An anti-rodeo/animal right activist was subjected to a blatantly illegal, harassing traffic stop after he was asked to leave an Oregon rodeo. How do we know it was illegal? Because the cops who stopped him forgot to turn off their own cameras and recorded themselves admitting that the rodeo (which is a major donor to the Malheur County Sheriff's Department) had demanded the traffic stop. The same cops who participated in the stop were previously at the center of a lawsuit that the county settled in which they were alleged to have fabricated evidence, so they've got form for this. Some dialog highlights:

Read the rest

Danny O'Brien on civil liberties groups, the NSA and Bruce Sterling

Yesterday, I posted my reaction to Bruce Sterling's essay The Ecuadorian Library, where Bruce described activists as "living in a pitiful dream world where their imaginary rule of law applies to an electronic frontier." Danny O'Brien, who recently returned to a job at the Electronic Frontier Foundation after a stint at the Committee to Protect Journalists, has written an excellent essay on the way that civil liberties and civil society groups and activists have devoted their lives, and risked their safety, in the cause of civil liberties online.

Read the rest

Sterling's "The Ecuadorian Library" vs civil liberties groups

Earlier today, Xeni blogged Bruce Sterling's latest essay, "The Ecuadorian Library." I thought this piece had a lot of merit, but was brought up short by one passage that made me think that despite Bruce's keen observations, he hasn't been paying very close attention to what groups like the Electronic Frontier Foundation has been doing since 2005. Indeed, when it comes to the view he presents of Internet activists, Bruce is just plain, flat-out, factually wrong.

Read the rest

Little Brother-themed team scavenger hunt coming to San Francisco!

My novel Little Brother is the "One City One Book" pick for the San Francisco Public Library this year; and in its honor, they've put together an amazing city-wide scavenger hunt called "Rogue Agent." It features fiendish puzzles and awesome clues, and kicks off on September 14. It's a team-sport, so start thinking about your teammates now; I'll be at the SFPL at the end of September to read from the book and talk about it.

Read the rest

Pirate Cinema wins the Prometheus Award

I could not be happier to announce that my novel Pirate Cinema has won the Libertarian Science Fiction Society's Prometheus Award, along with Neal Stephenson's Cryptonomicon. I won the Prometheus in 2008 for my novel Little Brother, and it's among my proudest honors. My sincere thanks to the judges and the members of the society for this honor. Cory 2

EFF's guide to Comic-Con

Headed to San Diego? The EFF Guide to San Diego Comic-Con is a thorough guide to where to go to hear about comics and free expression, meet friends of the EFF, learn about surveillance and privacy, and find like-minded civil liberties comic geeks. Cory 1

Glenn Greenwald's keynote at Freedom to Connect 2013

Joly sez, "On March 4-5 2013 the Internet Society's North America Bureau webcast the Freedom to Connect 2013 conference in Washington DC. One keynote speaker was Glenn Greenwald, who has recently come to international attention as the journalist who broke the NSA surveillance story. In his hour long speech, he talks about Aaron Swartz, the imbalance of justice, the growth of the surveillance state, the nature of power in the digital age, and its implications for Internet freedom. There are a couple of small glitches in the recording, for which we apologize."

VIDEO: Glenn Greenwald keynote at Freedom to Connect 2013 #f2c #netfreedom #prism (Thanks, Joly!)

Where to get an EFF laptop sticker like Edward Snowden's

Hugh from the Electronic Frontier Foundation sez, "Edward Snowden's computer sported stickers for EFF and Tor. You can buy the EFF sticker here."

Last chance for an ORGCon2013 ticket!


Ruth from the Open Rights Group writes,

There are still some tickets left for ORGCon2013! Don't miss out on a rare opportunity to hear John Perry Barlow speak in London, this Saturday June 8th! John Perry Barlow, co-founder of Electronic Frontier Foundation, will be headlining ORGCon2013 along with writer of The Master Switch, Tim Wu.

Debate the big issues hitting the headlines, including the cry for a Snoopers' Charter revival following the Woolwich attack, and the calls for new Internet filters in the light of April Jones' murder. As politicians use the latest tragic news stories as an excuse to regulate the Internet, now is the time to get involved with digital rights!

The final programme has the perfect mix of panel debates, workshops, rapid fire talks and guest lectures! You can look forward to sessions on the Digital Arms Trade, freedom of speech, child protection on the internet, online censorship, copyright, creative citizenship...

Plus, hear from an impressive line-up of speakers including David Allen Green of #twitterjoketrial, Jeni Tennison, Policy Head at the Open Data Institute, Richard Allan Policy Director at Facebook, Diane Duane, Star Trek and Young Wizards writer, and many more! Individual tickets are priced at £28, £16 for ORG supporters and just £6 for students. FREE tickets if you join ORG today!

Open Rights Group - Join us at ORGCon2013! (Thanks, Ruth!)

(Disclosure: I co-founded the Open Rights Group and am pleased to serve as a volunteer advisor to it)

Why lie?

Here's an excerpt from Judge Alex Kozinski's opinion in US v Xavier Alvarez (PDF), in which the judge describes some of the reasons that people lie:

Saints may always tell the truth, but for mortals living means lying. We lie to protect our privacy ("No, I don't live around here"); to avoid hurt feelings ("Friday is my study night"); to make others feel better ("Gee you've gotten skinny"); to avoid recriminations ("I only lost $10 at poker"); to prevent grief ("The doc says you're getting better"); to maintain domestic tranquility ("She’s just a friend"); to avoid social stigma ("I just haven't met the right woman"); for career advancement ("I'm sooo lucky to have a smart boss like you"); to avoid being lonely ("I love opera"); to eliminate a rival ("He has a boyfriend"); to achieve an objective ("But I love you so much"); to defeat an objective ("I'm allergic to latex"); to make an exit ("It's not you, it's me"); to delay the inevitable ("The check is in the mail"); to communicate displeasure ("There's nothing wrong"); to get someone off your back ("I'll call you about lunch"); to escape a nudnik ("My mother's on the other line"); to namedrop ("We go way back"); to set up a surprise party ("I need help moving the piano"); to buy time ("I'm on my way"); to keep up appearances ("We're not talking divorce"); to avoid taking out the trash ("My back hurts"); to duck an obligation ("I've got a headache"); to maintain a public image ("I go to church every Sunday"); to make a point ("Ich bin ein Berliner"); to save face ("I had too much to drink"); to humor ("Correct as usual, King Friday"); to avoid embarrassment ("That wasn't me"); to curry favor ("I've read all your books"); to get a clerkship ("You're the greatest living jurist"); to save a dollar ("I gave at the office"); or to maintain innocence ("There are eight tiny reindeer on the rooftop")….

An important aspect of personal autonomy is the right to shape one’s public and private persona by choosing when to tell the truth about oneself, when to conceal, and when to deceive. Of course, lies are often disbelieved or discovered, and that, too, is part of the push and pull of social intercourse. But it’s critical to leave such interactions in private hands, so that we can make choices about who we are. How can you develop a reputation as a straight shooter if lying is not an option?

Why We Lie

Girl who was arrested for making a tin-foil volcano tells her story


On May 1, Kiera Wilmot, a Florida high school student, was arrested for mixing toilet bowl cleaner with tin foil, causing a small, harmless explosion. Though she had a spotless school record, she was expelled and charged with a felony as an adult -- a harsh penalty widely ascribed to institutional racism (Wilmot is black). On May 16, thanks to Wilmot's bravery, a crowdfunded project by former NASA engineer Homer Hickam, and the ACLU, the charges against Wilmot were dropped and Wilmot and her twin sister were awarded a full bursary to the Advanced Space Academy program at the U.S. Space Camp in Huntsville, Ala..

Now, Wilmot has written a must-read editorial for the ACLU on her experience with zero-tolerance, detailing the awful treatment she received and the thoughtless way in which the gears of the a discipline-obsessed educational system grind up its own students:

The principal and dean of discipline came over and asked me to tell them what happened. I was kind of scared, but I thought they'd understand it was an accident. Before that, I've never gotten in trouble this year other than a dress code violation because my skirt was two inches too short. I told him it was my science experiment. In my third period class I was called up to discipline. I wrote a statement to the dean of discipline explaining what had happened. Afterward I was told to sit on the resource officer's office. They told me I made a bomb on school property, and police possibly have the right to arrest me. I didn't know what they classified as a bomb. I was worried I accidently made a bomb. I was really hurt and scared. I was crying.

They didn't read me any rights. They arrested me after sitting in the office for a couple minutes. They handcuffed me. It cut my wrist, and really hurt sitting on my hands behind my back.

They took me to a juvenile assessment center. I was sitting in this room with no clock so it felt like years of me sitting there. When my mom came, she didn't say anything. She just had this really disappointed look, and told me I lost privileges. But she's really been supportive of me. I don't know what would have happened if I didn't have my mom. I would have dug a hole and sat there for the rest of my life.

I don't think police should have been involved because I'm a good student for one. And two, it was a big deal, but it wasn't like people were hurt and the school was in shatters. I maybe should have gotten 10 days suspension or a work detail where on Saturday you wake up early and pick up trash around the school.

An Unexpected Reaction: Why a Science Experiment Gone Bad Doesn't Make Me a Criminal (via The Mary Sue)

MEP explains the security problem with militarizing the Internet

The Dutch MEP Marietje Schaake has a fantastic, must-read essay on the problem with "cyber-war." She lays out the case for securing the Internet (and the world of people and systems that rely on it) through fixing vulnerabilities and making computers and networks as secure and robust as possible, rather than relying on weaknesses in security as vectors for attacking adversaries.

Mass surveillance, mass censorship, tracking and tracing systems, as well as hacking tools and vulnerabilities can be used to harm people as well as our own security in Europe. Though overregulation of the internet should never be a goal in and of itself, regulation of this dark sector is much needed to align our values and interests in a digital and hyper-connected world. There are many European examples. FinFisher software, made by UK’s Gamma Group was used in Egypt while the EU condemned human rights violations by the Mubarak regime. Its spread to 25 countries is a reminder that proliferation of digital arms is inevitable.

Vupen is perhaps best labelled as an anti-security company in France that sells software vulnerabilities to governments, police forces and others who want to use them to build (malicious) software that allows infiltrating in people’s or government’s computers.

It is unclear which governments are operating on this unregulated market, but it is clear that the risk of creating a Pandora’s box is huge if nothing is done to regulate this trade by adopting reporting obligations. US government has stated that American made, lawful intercept technologies, have come back as a boomerang when they were used against US interests by actors in third countries. Other companies, such as Area Spa from Italy designed a monitoring centre, and had people on the ground in Syria helping the Assad government succeed in anti-democratic or even criminal behaviour by helping the crackdown against peaceful dissidents and demonstrators.

It's just not good policy to make the people who are supposed to be securing our computers dependent on insecurity in computers to achieve that end.

In defense of digital freedom (via Techdirt)

Perils of smart cities

Here'a an excellent piece on the promise and peril of "smart cities," which could be part of a system to make cities fairer and more transparent, or could form the basis for an authoritarian lockdown. As Adam Greenfield says, "[the centralized model of the smart city is] disturbingly consonant with the exercise of authoritarianism." The author mentions Greenfield's upcoming book "The City is Here for You to Use" (a very promising-looking read) as well as Smart Cities: Big Data, Civic Hackers, and the Quest for a New Utopia, which is out in the fall.

These critics are advocating not that cities shun technology, but that they foster a more open debate about how best to adopt it—and a public airing of the questions cities need to ask. One question is how deeply cities rely on private companies to set up and maintain the systems they run on. Smart-city projects rely on sophisticated infrastructure that municipal governments aren’t capable of creating themselves, Townsend points out, arguing that the more they rely on software, the more cities are increasingly shunting important civic functions and information into private hands. In recent talks and in his upcoming book, “Smart Cities: Big Data, Civic Hackers, and the Quest for a New Utopia,” Townsend portrays companies as rushing to become the indispensable middlemen without which the city cannot function.

Cities can easily lose leverage to private companies their citizens rely on, as the persistent battles of political leaders against telecom companies over price increases show. And private-sector software can operate behind a veil: Townsend says that while cities have made lots of data freely available online, there’s less concern about opening up the proprietary tools used to analyze that data—software that might help a city official decide who is eligible for services, or which neighborhoods are crime hotspots. “It’s the algorithms in government that need to be brought out to the light of day, not the data,” he says. “What I worry about are the de facto laws that are being coded in software without public scrutiny.”

Another concern is what will be done to protect the huge amount of data cities can gather about their citizens. The wealth of video at the Boston Marathon bombings, though it came from private cameras, showed how useful surveillance footage can be—and also how pervasive. Cameras, sensors, and tracking technologies like the Mass Pike’s EZPass can reveal a great deal about your life: where you live and travel, what you buy, even what time you take a shower. Smart grid utility-metering systems, for instance, collect and transmit detailed energy consumption information, which help consumers understand and curb their energy use but can also reveal their habits. As such, they have come under fire for threatening privacy and civil liberties, and several states have adopted legislation governing what kind of data can be shared with third parties and how customers can opt out. In Massachusetts, automated license plate recognition technology used by police cruisers has raised concerns about authorities tracking the whereabouts of citizens. The American Civil Liberties Union of Massachusetts has been pushing for a License Plate Privacy Act that would limit law enforcement’s ability to retain and use the information.

The too-smart city [Courtney Humphries/Boston Globe]

(via Beyond the Beyond)

Computer scientists to FBI: don't require all our devices to have backdoors for spies

In an urgent, important blog post, computer scientist and security expert Ed Felten lays out the case against rules requiring manufacturers to put wiretapping backdoors in their communications tools. Since the early 1990s, manufacturers of telephone switching equipment have had to follow a US law called CALEA that says that phone switches have to have a deliberate back-door that cops can use to secretly listen in on phone calls without having to physically attach anything to them. This has already been a huge security problem -- through much of the 1990s, AT&T's CALEA controls went through a Solaris machine that was thoroughly compromised by hackers, meaning that criminals could listen in on any call; during the 2005/6 Olympic bid, spies used the CALEA backdoors on the Greek phone company's switches to listen in on the highest levels of government.

But now, thanks to the widespread adoption of cryptographically secured messaging services, law enforcement is finding that its CALEA backdoors are of declining utility -- it doesn't matter if you can intercept someone else's phone calls or network traffic if the data you're captured is unbreakably scrambled. In response, the FBI has floated the idea of "CALEA II": a mandate to put wiretapping capabilities in computers, phones, and software.

As Felten points out, this is a terrible idea. If your phone is designed to secretly record you or stream video, location data, and messages to an adverse party, and to stop you from discovering that it's doing this, it puts you at huge risk when that facility is hijacked by criminals. It doesn't matter if you trust the government not to abuse this power (though, for the record, I don't -- especially since anything mandated by the US government would also be present in devices used in China, Belarus and Iran) -- deliberately weakening device security makes you vulnerable to everyone, including the worst criminals:

Our report argues that mandating a virtual wiretap port in endpoint systems is harmful. The port makes it easier for attackers to capture the very same data that law enforcement wants. Intruders want to capture everything that happens on a compromised computer. They will be happy to see a built-in tool for capturing and extracting large amounts of audio, video, and text traffic. Better yet (for the intruder), the capability will be stealthy by design, making it difficult for the user to tell that anything is amiss.

Beyond this, the mandate would make it harder for users to understand, monitor, and fix their own systems—which is bad for security. If a system’s design is too simple or its operation too transparent or too easy to monitor, then wiretaps will be evident. So a wiretappability mandate will push providers toward complex, obfuscated designs that are harder to secure and raise the total cost of building and operating the system.

Finally, our report argues that it will not be possible to block non-compliant implementations. Many of today’s communication tools are open source, and there is no way to hide a capability within an open source code base, nor to prevent people from simply removing or disabling an undesired feature. Even closed source systems are routinely modified by users—as with jailbreaking of phones—and users will find ways to disable features they don’t want. Criminals will want to disable these features. Ordinary users will also want to disable them, to mitigate their security risks.

Felten's remarks summarize a report [PDF] signed by 20 distinguished computer scientists criticizing the FBI's proposal. It's an important read -- maybe the most important thing you'll read all month. If you can't trust your devices, you face enormous danger.

CALEA II: Risks of wiretap modifications to endpoints