If your phone is designed to be secure against thieves, voyeurs, and hackers, it'll also stop spies and cops. So the FBI has demanded that device makers redesign their products so that they -- and anyone who can impersonate them -- can break into them at will.
Read the rest
Wildly profitable companies like Neustar, Subsentio, and Yaana do the feds' dirty work for them, slurping huge amounts of unconstitutionally requisitioned data out of telcos' and ISPs' data-centers in response to secret, sealed FISA warrants -- some of them publicly traded, too, making them a perfect addition to the Gulag Wealth Fund.
Read the rest
When you use the Freedom of Information Act to prise loose a document from the FBI, they are prone to liberal redactions; the results are surprisingly artistic, especially when it comes to photos and other graphics.
Read the rest
The NSA is supposed to be America's offshore spy agency, forbidden from spying on Americans. But as an important article by the Electronic Frontier Foundation's Nadia Kayyali points out, the FBI, DEA and other US agencies have closely integrated the NSA into their own efforts, using the NSA's mass surveillance to gather intelligence on Americans -- as Glenn Greenwald's No Place to Hide discloses, the NSA isn't a stand-alone agency, it is part of an overarching surveillance state.
Read the rest
Writing in the Guardian, Lavabit founder Ladar Levison recounts the events that led to his decision to shutter his company in August 2013. Lavabit provided secure, private email for over 400,000 people, including Edward Snowden, and the legal process by which the FBI sought to spy on its users is a terrifying mix of Orwell -- wanting to snoop on all 400,000 -- and Kafka -- not allowing Levison legal representation and prohibiting him from discussing the issue with anyone who might help him navigate the appropriate law.
Levison discloses more than I've yet seen about the nature of the feds' demands, but more important are the disclosures about the legal shenanigans he was subjected to. In fact, his description of the legal process is a kind of bas relief of the kind of legal services that those of us fighting the excesses of the global war on terror might need: a list of attorneys who are qualified to represent future Lavabits, warrant canaries for the services we rely upon; and, of course, substantive reform to the judicial processes laid out in the Patriot Act.
Read the rest
A suit brought by four Muslim-American men with no criminal records asserts that the FBI put them on the no-fly list in order to pressure them to inform on their communities. Brooklynite Awais Sajjad, one of the plaintiffs, says that he was denied boarding for a flight to visit his sickly grandmother in Pakistan in 2012, and that subsequently, the FBI told him they would remove him from the no-fly list only if he worked as an FBI informant. Sajjad's has tried all the official means of getting himself removed from the no-fly list, without any success. Sajjad's co-plaintiffs tell similar stories.
The case echoes that of Dr Rahinah Ibrahim, the first person to successfully appeal being placed on the US no-fly list. In her case, it emerged that she had been put on the list due to an administrative error (an FBI officer ticked the wrong box on a form) and that subsequently the DHS, Justice Department and FBI conspired to use state secrecy to cover up their error, even though they knew that there was no conceivable reason to keep Ibrahim on the no-fly list.
Sajjad and co will have to overcome the same secrecy privilege and the same culture of ass-covering indifference to innocence from the FBI and its allies in government. I don't like their chances, but I wish them luck.
Read the rest
Last week, the FBI arrested Robert James Talbot Jr., 38, of Katy, Texas. Talbot was the self-styled head of the American Insurgent Movement, which openly plotted to massacre Moslems at mosques and kill them with automatic weapons, sought to rob armored cars, and recruited followers to sow more mayhem. Talbot is a violent Christian fundamentalist who advertised his intention to murder people wholesale.
Kudos to the FBI for arresting this fellow, but as Death and Taxes point out, where the hell was the national panic that attends every arrest of a jihadi terrorist, no matter how cracked and improbable his plan happened to be? Nowhere to be seen.
Now, if this was a recognition by the press that lone kooks are not an existential threat to the world -- even if they are capable of committing horrible, isolated crimes -- I'd be standing up and cheering. But if Talbot had been a brown-skinned conservative Muslim who'd been arrested after planning to attack Christian churches in America with bombs and machine-guns, I suspect there would have been screaming front-page headlines and round-the-clock intensive CNN coverage for days, not to mention grim, determined reporting on Fox News.
Former Icelandic interior minister Ogmundur Jonasson says he asked "8 or 9" FBI agents to leave the country when he found out that they'd lied about their visit; they claimed they'd come to help prevent "an imminent attack on Icelandic government databases," but it turns out they were just digging up dirt on Wikileaks
Bruce Schneier's editorial on CALEA-II is right on. In case you missed it, CALEA II is the FBI's proposal to require all American computers, mobile devices, operating systems, email programs, browsers, etc, to have weak security so that they can eavesdrop on them (as a side note, a CALEA-II rule would almost certainly require a ban on free/open source software, since code that can be modified is code that can have the FBI back-doors removed).
The FBI believes it can have it both ways: that it can open systems to its eavesdropping, but keep them secure from anyone else's eavesdropping. That's just not possible. It's impossible to build a communications system that allows the FBI surreptitious access but doesn't allow similar access by others. When it comes to security, we have two options: We can build our systems to be as secure as possible from eavesdropping, or we can deliberately weaken their security. We have to choose one or the other.
This is an old debate, and one we've been through many times. The NSA even has a name for it: the equities issue. In the 1980s, the equities debate was about export control of cryptography. The government deliberately weakened U.S. cryptography products because it didn't want foreign groups to have access to secure systems. Two things resulted: fewer Internet products with cryptography, to the insecurity of everybody, and a vibrant foreign security industry based on the unofficial slogan "Don't buy the U.S. stuff -- it's lousy."
In 1994, the Communications Assistance for Law Enforcement Act mandated that U.S. companies build eavesdropping capabilities into phone switches. These were sold internationally; some countries liked having the ability to spy on their citizens. Of course, so did criminals, and there were public scandals in Greece (2005) and Italy (2006) as a result.
In 2012, we learned that every phone switch sold to the Department of Defense had security vulnerabilities in its surveillance system. And just this May, we learned that Chinese hackers breached Google's system for providing surveillance data for the FBI.
The Problems with CALEA-II