Submit a link Features Reviews Podcasts Video Forums More ▾

Australian attorney general wants the power to launch man-in-the-middle attacks on secure Internet connections


The Australian attorney general has mooted a proposal to require service providers to compromise their cryptographic security in order to assist in wiretaps. The proposal is given passing mention in a senate submission from the AG's office, where it is referenced as "intelligibility orders" that would allow "law enforcement, anti-corruption and national security agencies" to secure orders under which providers like Google, Facebook and Yahoo would have to escrow their cryptographic keys with the state in order to facilitate mass surveillance.

Edward Snowden referenced this possibility in his SXSW remarks, pointing out that any communications that are decrypted by service providers are vulnerable to government surveillance, because governments can order providers to reveal their keys. This is why Snowden recommended the use of "end-to-end" security, where only the parties in the discussion -- and not the software vendor -- have the ability to spy on users.

The "intelligibility order" is the same kind of order that led to the shutdown of Lavabit, the secure email provider used by Snowden, whose creator shut the service down rather than compromising his users' security.

Read the rest

Public Prosecutor of Rome unilaterally orders ISPs to censor 46 sites


The Public Prosecutor of Rome has unilaterally ordered Italy's ISPs to censor 46 sites, and it appears the ISPs are complying, even though no complaint had been lodged against the sites, nor had any judge issued any order related to them. This doesn't bode well for the governance style of the new Prime Minister, Matteo Renzi, a young politician who is trying to set himself apart from the autocratic Berlusconi regime, which used tight media control as part of its corrupt governance strategy.

Read the rest

Phoenix cops arrest prostitutes, detain them without trial in churches, pressure them to take deals without access to lawyers


Molly Crabapple sez, "I wrote this piece about a program in Phoenix called Project ROSE arrests sex workers in massive raids and brings them to a church, where they are held extra-judicially and offered alternative sentences without lawyers, judges, or due process."

Read the rest

Video of the ritual destruction of a Guardian laptop with the Snowden leaks, as ordered by Prime Minister David Cameron


Remember when UK Prime Minister David Cameron ordered government officials to go to the offices of the Guardian in London and demand the symbolic destruction of a laptop with the Edward Snowden leaks on it? It was a bizarre kind of high-tech exorcism, a bizarre ritual in which one of many, many copies of the Snowden documents were ritually destroyed, because, in the Prime Minister's words, "We've had enough debate about them."

The Guardian has posted a video of the exorcism, showing how the stern officials oversaw the piece-by-piece systematic destruction of the machine. It's not embeddable, but it's a remarkable piece of footage that you should really go and watch.

Revealed: the day Guardian destroyed Snowden hard drives under watchful eye of GCHQ – video

(via Techdirt)

Fed judge rules that a downloader's IP address is not proof of identity

In a surprisingly sane ruling Washington District Judge Robert Lasnik found that an IP address is not sufficient evidence of the identity of a copyright infringer. The case involved the B-movie Elf-Man, whose production company have gained notoriety through trollish attacks on people alleged to have downloaded the movie over bittorrent.

Read the rest

City of London Police told they can't just take away domains because Hollywood doesn't like them


The City of London is a curiosity; it's the financial district within London proper, and it has its own local government, which is elected by the banks and other corporations within the district. This (literally) corporate-run government then operates its own police force, separate from the Metropolitan Police, with sweeping powers.

The City of London Police recently gave themselves the power to seize domains that they believed were implicated in copyright violation, and started sending officious letters to domain registrars demanding that the domains be shut down. This was a purely extrajudicial, ad-hoc procedure -- in other words, the City of London Police were just making it up. The letters they sent had no force in law, cited no evidence from a court, and were unenforceable.

Read the rest

UK home secretary wants to overturn human rights treaties and make terror suspects stateless

Under international human rights conventions, nations are not allowed to withdraw their passports from citizens if doing so would leave them stateless. Theresa May, the UK home secretary, has asked her staff to find a way around this, so that British citizens who are accused of terrorism can have their passports withdrawn while they are travelling abroad, rendering them stateless, with no way to return home to Britain.

Read the rest

In-depth explanation of EFF's courtroom victory over the FBI's "National Security Letters"

Last week, we brought you the wonderful news that a district court in San Francisco had struck down the law that allowed the FBI to issue its own "National Security Letters" (NSLs) -- secret search-warrants with permanent gag orders. Now, Matt Zimmerman, a senior staff attorney at the Electronic Frontier Foundation (who brought the case on behalf of an unnamed telco), explains in depth what EFF asked the court to recognize, how far they got, and what happens next:

The court made five critical findings. First, Judge Illston quickly rejected the government's dangerous argument that NSL recipients had no power to review the constitutionality of the statute. The government had suggested that the court could only review specific problems with specific NSLs, meaning that larger structural problems with the statute would remain untouched. As the court correctly noted, however, the statute specifically allows a court to determine whether an NSL is "unreasonable" or "unlawful" which includes determining whether the statute itself is unconstitutional.

Second, the district court found that the statute impermissibly authorizes the FBI to limit speech without constitutionally-mandated procedural protections. The Supreme Court articulated the scope for such protections in 1965 in Freedman vs. Maryland, a case in which it struck down a Maryland licensing scheme that required films to be submitted to a government ratings board prior to public showings. The problem with the statute wasn't necessarily its substantive reach as it was possible that films could be banned without violating the First Amendment -- if, for example, they met the First Amendment definition of "obscene." Instead, the court was concerned that the procedures for challenging a ban stacked the deck against theater owners...

... Fourth, the district court found that the statute was not "severable," meaning that Congress designed the NSL tool as a whole and that the powers it granted to the FBI were not intended to function separately if one of the powers was found to be unconstitutional. Because the nondisclosure provision was found to be unconstitutional on its face, the power to compel the disclosure of customer records must also fall. NSL statistics are consistent with this observation: 97% of all NSLs are delivered with a gag order.

Finally, the district court found that, regardless of other failings, the statute's standard of review violated separation of powers principles by forcing the courts to defer to the FBI's determinations and preventing independent review. It noted that a "[c]ourt can only sustain nondisclosure based on a searching standard of review." While courts do largely defer to the executive branch's judgment in national security matters, the standard in this statute required the court to consider the government's decision "conclusive" and only allowing the court to consider whether it was made in "bad faith." The court rightly noted that real judicial review requires more.

In Depth: The District Court's Remarkable Order Striking Down the NSL Statute

NYPD will arrest you for carrying condoms: the women/trans/genderqueer version of stop-and-frisk


NYC has a law prohibiting "loitering for the purposes of engaging in a prostitution offense" which lets cops arrest whomever they feel like, on the strength of their conviction that the person is probably a sex-worker, on the basis of flimsy circumstantial evidence like carrying a condom, talking to men, or wearing tight clothes. Like stop-and-frisk, it's part of a pattern of laws that assume that the police have infallible intuition about who the "bad guys" are and lets them use their discretion to harass and bust whomever they feel like. And like stop-and-frisk laws, the "condom" law shows that the much-vaunted cop intuition is really just bias, a dowsing rod that leads officers to poor women, genderqueer people, and trans people.

Like most laughably cruel tricks of the justice system, you probably wouldn't know that you could be arrested for carrying condoms until it happened to you. Monica Gonzalez is a nurse and a grandmother. In 2008, Officer Sean Spencer arrested her for prostitution while she was on the way to the ER with an asthma attack. The condom he found on her turned out to be imaginary. Gonzalez sued the city after the charges were dropped. But if the condom were real, why should she have even been arrested at all?

Arrest is always violent. The NYPD may or may not break your ribs, but the process of arrest in America is still a man tying your hands behind your back at gunpoint and locking you in a cage. Holding cells are shit-encrusted boxes, often too crowded to sit down. Police can leave you there for three days; long enough to lose your job. If this seems obvious, I say it because the polite middle classes trivialize arrest. They talk about "keeping people off the streets." They don't realize that the constant threat of arrest is traumatic, unless it happens to them or their kids.

Prostitution is only a misdemeanor in New York, but a conviction will knock you off food stamps and out of subsidized housing. While society feigns wanting sex workers to change their profession, it does everything it can to keep them where they are. Most prostitution defendants plea bargain. Too broke and scared to fight, men and women agree to charges that will follow them for life.

There are two types of prostitution arrests. For "prostitution," the officer has to witness you making an offer, but "loitering for the purposes of engaging in a prostitution offense" requires only circumstantial evidence. On the supporting depositions, officers answer a checklist. Were you standing in an area known for prostitution? According to Karina Claudio, a lead organizer at the community group Make the Road, these areas can be anywhere. Were you dressed provocatively? Did you speak to a guy? Were you standing next to someone who has been arrested for prostitution? Were you carrying condoms?

New York Cops Will Arrest You for Carrying Condoms | VICE United States (via Amanda Palmer)

(Image: Molly Crabapple)

Six-strikes US copyright punishments will harm open WiFi

You may have heard Jill Lesser, Executive Director of the Center for Copyright Information, explain that America's six-strikes copyright punishment system would not harm open WiFi. Adi Kamdar explains why Ms Lesser's totally mistaken:

Termination may not be part of the CAS, but that's not the point—the program still uses "protecting copyright" as an excuse to seriously hinder a user's online experience. For example, CAS involves not just "education" but also "Mitigation Measures," such as slowing down Internet speeds to 256 kbps for days—rendering your connection all but unusable in today's era of videochats and Netflix.

Lesser doesn't think that's a problem. As she told the radio show On The Media: "The reduction of speed, which one or more of the ISPs will be using as a mitigation measure, is first of all only 48 hours, which is far from termination."

But that's 48 hours of lower productivity and limited communication across the globe, based on nothing more than a mere allegation of copyright infringement.

Don't Be Fooled: "Six Strikes" Will Undoubtedly Harm Open Wireless

Preview of Verizon's version of America's "six strikes" copyright enforcement scheme

America's largest ISPs took the chickenshit step of agreeing to voluntarily police copyright on behalf of the movie studios and record labels, with a "six strikes" system that involves a series of ever-more-dire warnings and punishments for unsubstantiated copyright complaints from Big Content. Here's a preview of the final stage of the punishment regime at Verizon:

“Redirect your browser to a special web page where you will be given several options. You can: Agree to an immediate temporary (2 or 3 day) reduction in the speed of your Internet access service to 256kbps (a little faster than typical dial-up speed); Agree to the same temporary (2 or 3 day) speed reduction but delay it for a period of 14 days; or Ask for a review of the validity of your alerts by the American Arbitration Association.”

Verizon’s “Six Strikes” Anti-Piracy Measures Unveiled [Torrentfreak]

Understanding the NDAA, a US law that makes it possible to indefinitely detain people without charge or trial

Omems sends us, "ProPublica's point-by-point discussion of why this year's NDAA might not allow for the indefinite detention of US citizens. As clear and concise a summary as I've seen, and provides a bit of hope that our rights aren't completely irrelevant to our representatives."

I don't know that I'd got that far. ProPublica concludes that some of the senators who voted for NDAA clearly believe (and intend) that it will be used to lock up American citizens and lawful residents forever, without a trial or any meaningful due process. And all of them expect that the NDAA will allow for indefinite detention without charge or trial for foreigners who are captured abroad, or who happen to visit the USA (tourists beware). As one of those foreigners who often visits the USA on a work-visa, I'm not exactly comforted by this news.

What about people detained in the U.S. who aren’t citizens or permanent residents?

They could still be indefinitely detained.

Human rights and civil libertarian groups criticized the amendment for falling short of the protections in the constitution under the Fifth Amendment, which says that any “person” in the U.S. be afforded due process.

In the floor debate, Feinstein said she agreed with critics that allowing anybody in the U.S. to be detained indefinitely without charges “violates fundamental American rights.” Feinstein said she didn’t think she had the necessary votes to pass a due-process guarantee for all.

Cutting through the Controversy about Indefinite Detention and the NDAA (Thanks, Omem!)

Entertainment industry to Japanese ISPs: we'll hand you a secret list of copyrighted works, and you have to block them


As part of Japan's batshit new 10-years-in-jail-for-uploading copyright law, the Recording Industry Ass. of Japan is demanding that ISPs install network filters that spy on all user activity and attempt to detect copyright infringements by comparing every user upload to a massive, secret database of "fingerprints" of copyrighted music, created by Gracenote. Those uploads would be shut off, without review, trial, or notice. One proposal would even require ISPs to send three-strikes-style notices to customers whose connections had been censored, warning them of impending disconnection from the Internet if they continue to trigger positives on the secret, proprietary system. They want ISPs to pay for a monthly software licensing fee for the privilege of running this surveillance/censorship technology.

Torrentfreak reports:

Several music rights groups including the Recording Industry Association of Japan say they have developed a system capable of automatically detecting unauthorized music uploads before they even hit the Internet. In order to do that though, Internet service providers are being asked to integrate the system into their networks.

The system works by spying on the connections of users and comparing data being uploaded to the Internet with digital fingerprints held in an external database. As can be seen from the diagram, the fingerprinting technology employed is from GraceNote, with intermediate systems provided by Copyright Data Clearinghouse (CDC).

Jail For File-Sharing Not Enough, Labels Want ISP-Level Spying Regime

NSA whistleblower to keynote HOPE hacker conference in NYC

2600 Magazine's Emmanuel Goldstein writes, "Our second keynote speaker at this year's HOPE conference is someone who has been deep inside the National Security Agency. Former analyst William Binney became aware of an increased tendency at the massive center of surveillance to focus their attention on American citizens, something the NSA was never supposed to do. Binney did the right thing - he quit and told the world what he had learned. Such integrity is something we see often in the hacker world, usually kids standing up to authority and telling the world of their wrongdoings. This time, the stage is much bigger." Cory

CISPA is SOPA 2.0: petition to stop it

CISPA, the Cyber Intelligence Sharing and Protection Act of 2011 (H.R. 3523), is a successor, of sorts, to the loathesome SOPA legislative proposal, which was shot down in flames earlier this year. EFF's chilling analysis of the bill shows how it could be used to give copyright enforcers carte blanche to spy on Internet users and censoring the Internet (it would also give these powers to companies and governments who'd been embarrassed by sites like Wikileaks).

Under the proposed legislation, a company that protects itself or other companies against “cybersecurity threats” can “use cybersecurity systems to identify and obtain cyber threat information to protect the rights and property” of the company under threat. But because “us[ing] cybersecurity systems” is incredibly vague, it could be interpreted to mean monitoring email, filtering content, or even blocking access to sites. A company acting on a “cybersecurity threat” would be able to bypass all existing laws, including laws prohibiting telcos from routinely monitoring communications, so long as it acted in “good faith.”

The broad language around what constitutes a cybersecurity threat leaves the door wide open for abuse. For example, the bill defines “cyber threat intelligence” and “cybersecurity purpose” to include “theft or misappropriation of private or government information, intellectual property, or personally identifiable information.”

Yes, intellectual property. It’s a little piece of SOPA wrapped up in a bill that’s supposedly designed to facilitate detection of and defense against cybersecurity threats. The language is so vague that an ISP could use it to monitor communications of subscribers for potential infringement of intellectual property. An ISP could even interpret this bill as allowing them to block accounts believed to be infringing, block access to websites like The Pirate Bay believed to carry infringing content, or take other measures provided they claimed it was motivated by cybersecurity concerns.

There's a DemandProgress petition against CISPA (DemandProgress was one of the leaders of the SOPA fight).