Meet the spooky tech companies getting rich by making NSA surveillance possible


Wildly profitable companies like Neustar, Subsentio, and Yaana do the feds' dirty work for them, slurping huge amounts of unconstitutionally requisitioned data out of telcos' and ISPs' data-centers in response to secret, sealed FISA warrants -- some of them publicly traded, too, making them a perfect addition to the Gulag Wealth Fund.

Read the rest

Weaseling about surveillance, Australian Attorney General attains bullshit Singularity

Michael writes, "Watching Australia's Attorney-General try to explain why tracking Australians' web histories is not such a big deal resembles listening to a dirty joke told by a ten-year-old, i.e. it leaves one with the distinct impression the speaker is trying to seem like they understand something they've only heard about secondhand."

Read the rest

Back doors in Apple's mobile platform for law enforcement, bosses, spies (possibly)

Jonathan Zdziarski's HOPE X talk, Identifying Backdoors, Attack Points, and Surveillance Mechanisms in iOS Devices, suggests that hundreds of millions of Iphone and Ipad devices ship from Apple with intentional back-doors that can be exploited by law enforcement, identity thieves, spies, and employers.

Read the rest

Open Rights Group wants to sue UK government over #DRIP, needs your help

Parliament has passed #DRIP, a sweeping, illegal surveillance bill that doubles down on the old surveillance law, which was struck down by the European Court for violating fundamental human rights.

Read the rest

Understanding #DRIP: new spy powers being rammed through UK Parliament


The party line from MPs who are being told by their parties to vote in mass-scale, warrantless surveillance powers is that the law doesn't change anything -- it's a lie.

Read the rest

Cowardice meets arrogance in UK surveillance stitch up

The leadership of the major UK political parties are set to ram through a sweeping surveillance bill without debate or study. It’s a perfect storm of cowardice and arrogance, and it comes at a price. Cory Doctorow wants you to do something about it.

Read the rest

UK government set to ram through surveillance legislation


The UK government is has put MPs on notice that a bill will be considered and moved on July 14, but they won't say what it is. Veteran Labour MP Tom Watson thinks it's data retention legislation that will enlist the private sector to comprehensively spy on everything you do and save it for long periods, turning it over to the government when asked. And almost no one -- not even MPs -- will get a chance to read the bill right up to the last minute, when they'll be whipped to vote for it by their party leadership.

UK secretary of state: "There is no surveillance state"


UK Secretary of State Theresa May -- part of a regime that presides over a spy service that claims the right to intercept all webmail, search and clicks; that spends hundreds of millions sabotaging Internet security; that dirty-tricks and psy-opses peaceful protest groups;

Read the rest

Researchers publish secret details of cops' phone-surveillance malware


Kaspersky Labs (Russia) and Citizen Lab (University of Toronto) have independently published details of phone-hacking tools sold to police departments worldwide by the Italian firm Hacking Team (here's Kaspersky's report and Citizen Lab's). The tools can be used to attack Android, Ios, Windows Mobile and Blackberry devices, with the most sophisticated attacks reserved for Android and Ios.

The spyware can covertly record sound, images and keystrokes, capture screenshots, and access the phones' storage and GPS. The tools are designed to detect attempts to search for them and to delete themselves without a trace if they sense that they are under attack.

Hacking Team insists that its tools are only sold to "democratic" police forces, but Citizen Lab's report suggests that the tool was used by the Saudi government to target dissidents.

The means of infection is device-specific. If police have physical access, it's simple. Android devices can be attacked by infecting a PC with a virus that installs the police malware when the device is connected to it. This attack also works on jailbroken Iphones.

Read the rest

GCHQ claims right to do warrantless mass interception of all webmail, search and social media


The UK spy agency GCHQ says it doesn't need a warrant to intercept and store all UK social media traffic, search history and webmail because it is headed offshore, so it's "foreign communications". It had kept this interpretation of English and Welsh law a secret until now, and only revealed it after a protracted legal battle with the excellent people at Privacy International and six other civil liberties groups, including Amnesty International, and ACLU.

Read the rest

Anti-forensic mobile OS gets your phone to lie for you

In Android Anti-forensics: Modifying CyanogenMod Karl-Johan Karlsson and William Bradley Glisson present a version of the Cyanogenmod alternate operating system for Android devices, modified so that it generates plausible false data to foil forensic analysis by law enforcement. The idea is to create a mobile phone that "lies" for you so that adversaries who coerce you into letting them take a copy of its data can't find out where you've been, who you've been talking to, or what you've been talking about.

I'm interested in this project but wonder about how to make it practical for daily use. Presently, it maintains a hidden set of true data, and a trick set of false data intended to be fetched by forensic tools. Presumably, this only works until the forensic tools are modified to spot the real data. But you can conceptually imagine a phone that maintains a normal address book and SMS history, etc -- all the things that are useful to have in daily use -- but that, on a certain signal (say, when an alternate unlock code is entered, or after a certain number of failed unlock attempts) scrubs all that and replaces it with plausible deniability data.

Obviously, this kind of thing doesn't work against state-level actors who can subpoena (or coerce) your location data and call history from your carrier, but those people don't need to seize your phone in the first place.

Read the rest

Podcast: News from the future for Wired UK

Here's a reading (MP3) of a short story I wrote for the July, 2014 issue of Wired UK in the form of a news dispatch from the year 2024 -- specifically, a parliamentary sketch from a raucous Prime Minister's Question Time where a desperate issue of computer security rears its head:

Read the rest

Canadian Supreme Court's landmark privacy ruling

The Supreme Court of Canada's ruling in R. v. Spencer sets an amazing precedent for privacy that not only reforms the worst practices of Canadian ISPs and telcos; it also annihilates the Tories' plans to weaken Canadian privacy law into insignificance. The Supremes unanimously held that the longstanding practice of carriers voluntarily handing over subscriber data to cops and government agencies without a warrant was unconstitutional.

The court's decision, written by Harper appointed Justice Thomas Cromwell, takes a nuanced view of privacy, and upholds the importance of anonymity as part of the protected right to privacy.

The Harper government is currently pushing two surveillance bills, C-13 and S-4, which would radically expand the practice of "voluntary" disclosure of subscriber data without a warrant. As Michael Geist writes in an excellent explainer, these bills are almost certainly unconstitutional under this ruling and are likely to die or be substantially reformed.

Read the rest

US Marshals raid Florida cops to prevent release of records of "stingray" surveillance


US Marshals swept into the offices of police in Sarasota, Florida to whisk away records related to operation of "stingray" surveillance tools that the ACLU had requested. The records detailed the farcically low standard for judicial permission to use a stingray (which captures information about the movements, communications and identities of all the people using mobile phones in range of them), and is part of a wider inquiry to their use without a warrant at all -- at least 200 Florida stingray deployments were undertaken without judicial oversight because the police had signed a nondisclosure agreement with the device's manufacturer and they decided that this meant they didn't have to get warrants anymore.

The ACLU has seen a lot of shenanigans in respect of its campaign to document the use and abuse of stingrays, but this is a cake-taker: "We’ve seen our fair share of federal government attempts to keep records about stingrays secret, but we’ve never seen an actual physical raid on state records in order to conceal them from public view."

Read the rest

Warrantless spying makes spying-with-a-warrant impossible

Tim Bray's taxonomy of privacy levels makes a compact and compelling argument that the existence of warrantless spying and security sabotage is what drives people to adopt cryptographic techniques that can't be broken even with a warrant. Cory 1