I am outraged that our blog once again failed to make it on to the list of websites the U.S. Department of Homeland Security's command center routinely monitors. The grandfather of all rogue leak sites, Cryptome, published a copy of the 2011 edition of the government document (PDF link to document copy). Apparently, there's a new 2012 version some have seen, on which a current round of news coverage is based.
There's a Reuters article summarizing its significance here:
A "privacy compliance review" issued by DHS last November says that since at least June 2010, its national operations center has been operating a "Social Networking/Media Capability" which involves regular monitoring of "publicly available online forums, blogs, public websites and message boards."
The purpose of the monitoring, says the government document, is to "collect information used in providing situational awareness and establishing a common operating picture."
The document adds, using more plain language, that such monitoring is designed to help DHS and its numerous agencies, which include the U.S. Secret Service and Federal Emergency Management Agency, to manage government responses to such events as the 2010 earthquake and aftermath in Haiti and security and border control related to the 2010 Winter Olympics in Vancouver, British Columbia.
"This is a representative list of sites that the NOC will start to monitor in order to provide situational
awareness and establish a common operating picture under this Initiative," the document reads.
Oh fine, so, the imminent Yeti invasion isn't something that needs to be monitored? Read the rest
John Young and Deborah Natsios'
whistleblower archive Cryptome
has long been a thorn in the flesh of US government agencies. But if my memory serves correctly, none of them ever managed to do what Microsoft did today: shut the site down.
Network Solutions shut off the lights in response to a DMCA notice, after Cryptome published a 22-page Microsoft document outlining how the company stores private user data in its web-connected servers. The document also explains how government agencies can access that personal data.
More at Wired News, and you can download the disputed PDF here. More at ReadWriteWeb, with comments from the EFF.
[ Photo: John Young of Cryptome, shot by Declan McCullagh, NYC, 2001.]
Previously:Boing Boing: Cryptome founder John Young profiled in Radar
ABC News story on Cryptome.org
Cryptome: Eyeballing Katrina
Cryptome gallery of Bush Bulge pics
Read the rest
Cryptome is hosting several ISPs' pricelists and guidelines
for "lawful spying" activities on behalf of
law enforcement. Included is Yahoo's price-guide (hilariously, Yahoo tried to send them a
copyright takedown notice
to make this go away).
One of the more remarkable elements of Yahoo's document is the sheer quantity of material that
Yahoo retains for very, very long periods. From /.: "IP logs last for one year, but the original IPs used to create accounts have been kept since 1999. The contents of your Yahoo account are bought for $30 to $40 by law enforcement agencies."
Yahoo! will seek reimbursement based on the actual time expended by Yahoo!'s compliance staff in complying with
the request. The average costs related to compliance matters are listed below for your convenience. These
estimates are neither a ceiling nor a floor but represent the average costs of typical searches. Time spent may vary
considerably based on the wording of the request and the information available about the user. These time
estimates are also based on narrowly tailored requests that do not require extensive searches in multiple
databases. These estimates are not price quotes, budgets, or guarantees and should not be used for budgeting
purposes. Yahoo! reserves the right to adjust its estimates and reimbursement charges as necessary.
Read the rest
* Basic subscriber records: approx. $20 for the first ID, $10 per ID thereafter
* Basic Group Information (including information about moderators): approx. $20 for a group with a
* Contents of subscriber accounts, including email: approx.