— FEATURED —
— FOLLOW US —
— POLICIES —
Except where indicated, Boing Boing is licensed under a Creative Commons License permitting non-commercial sharing with attribution
— FONTS —
Joly sez, "On March 4-5 2013 the Internet Society's North America Bureau webcast the Freedom to Connect 2013 conference in Washington DC. One keynote speaker was Glenn Greenwald, who has recently come to international attention as the journalist who broke the NSA surveillance story. In his hour long speech, he talks about Aaron Swartz, the imbalance of justice, the growth of the surveillance state, the nature of power in the digital age, and its implications for Internet freedom. There are a couple of small glitches in the recording, for which we apologize."
In the Guardian, an excellent roundup of the US and EU responses to the revelations from Edward Snowden's leaks about the extent of NSA dragnet spying on the Internet and phone networks:
The congressional fury came at the end of a day of fast-moving developments.
• In a lawsuit filed in New York, the American Civil Liberties Union accused the US government of a process that was "akin to snatching every American's address book".
• On Capitol Hill, a group of US senators introduced a bill aimed at forcing the US federal government to disclose the opinions of a secretive surveillance court that determines the scope of the eavesdropping on Americans' phone records and internet communications.
• A leading member of the Senate intelligence committee, Ron Wyden, came close to saying that James Clapper, the US director of national intelligence, misled him on the scope of government surveillance during a March hearing. Clapper admitted earlier this week that he gave the "least untruthful" answer possible to a question by Wyden.
NSA surveillance: anger mounts in Congress at 'spying on Americans' [Dan Roberts, Spencer Ackerman and Alan Travis/The Guardian]
They followed his directions, and encountered a man with a Rubik’s Cube. That man was Snowden.
In related news, NYT columnist David Brooks is an idiot: "He betrayed our privacy," Brooks writes about the man who leaked evidence of the NSA's secret and sweeping surveillance program. You have got to be kidding me.
Glenn Greenwald and the Guardian have published details of another Top Secret US surveillance/security document. This one is a presidential order from Obama to his top spies directing them to draw up a hit-list of "cyber war" targets to be attacked by American military hacking operations.
The 18-page Presidential Policy Directive 20, issued in October last year but never published, states that what it calls Offensive Cyber Effects Operations (OCEO) "can offer unique and unconventional capabilities to advance US national objectives around the world with little or no warning to the adversary or target and with potential effects ranging from subtle to severely damaging".
It says the government will "identify potential targets of national importance where OCEO can offer a favorable balance of effectiveness and risk as compared with other instruments of national power".
The directive also contemplates the possible use of cyber actions inside the US, though it specifies that no such domestic operations can be conducted without the prior order of the president, except in cases of emergency.
The document further contemplates preemptive first strikes on foreign targets.
As Greenwald points out, this document has been published on the eve of a meeting between Obama and the Chinese Premier Xi Jinping. China has been publicly accused by the USA of carrying out electronic attacks on American infrastructure, and Xi has rebutted by saying that the US has engaged in aggressive "cyber-war" attacks on Chinese infrastructure. This document lends credence to Xi's claim.
A report by Nick Hopkins in the Guardian accuses the UK spy agency GCHQ of making use of the American NSA's Prism program, which was revealed in leaked documents earlier today -- a slide presentation claiming that the NSA had direct access to the servers at Google, Microsoft, Apple, and many other Internet giants.
According to Hopkins, GCHQ has been able to access Prism since Jun 2010. This is based on information from the same leaked slide deck, apparently:
Unless GCHQ has stopped using Prism, the agency has accessed information from the programme for at least three years. It is not mentioned in the latest report from the Interception of Communications Commissioner Office, which scrutinises the way the UK's three security agencies use the laws covering the interception and retention of data.
Asked to comment on its use of Prism, GCHQ said it "takes its obligations under the law very seriously. Our work is carried out in accordance with a strict legal and policy framework which ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight, including from the secretary of state, the interception and intelligence services commissioners and the intelligence and security committee".
The agency refused to be drawn on how long it had been using Prism, how many intelligence reports it had gleaned from it, or which ministers knew it was being used.
A GCHQ spokesperson added: "We do not comment on intelligence matters."
At the Huffington Post, actor and activist John Cusack has a conversation with George Washington Law School professor and constitutional scholar Jonathan Turley, and Kevin McCabe, a pal of Cusack. The three discuss "WikiLeaks' impact on transparency, the government's response, and the comparison to the Pentagon Papers whistleblower Daniel Ellsberg."
Read the rest
Read the rest
Yesterday morning, I wrote about the closed-door International Telecommunications Union meeting where they were working on standardizing "deep packet inspection" -- a technology crucial to mass Internet surveillance. Other standards bodies have refused to touch DPI because of the risk to Internet users that arises from making it easier to spy on them. But not the ITU.
The ITU standardization effort has been conducted in secret, without public scrutiny. Now, Asher Wolf writes,
I publicly asked (via Twitter) if anyone could give me access to documents relating to the ITU's DPI recommendations, now endorsed by the U.N. The ITU's senior communications officer, Toby Johnson, emailed me a copy of their unpublished policy recommendations.
5 hours later, they emailed, asking me not to publish it, in part or in whole, and that it was for my eyes only.
Please publish it (credit me for sending it to you.)
1. The recommendations *NEVER* discuss the impact of DPI.
2. A FEW EXAMPLES OF POTENTIAL DPI USE CITED BY THE ITU:
"I.9.2 DPI engine use case: Simple fixed string matching for BitTorrent"
"II.3.4 Example “Forwarding copy right protected audio content”"
"II.3.6 Example “Detection of a specific transferred file from a particular user”"
"II.4.2 Example “Security check – Block SIP messages (across entire SIP traffic) with specific content types”"
"II.4.5 Example “Identify particular host by evaluating all RTCP SDES packets”"
"II.4.6 Example “Measure Spanish Jabber traffic”"
"II.4.7 Example “Blocking of dedicated games”"
"II.4.11 Example “Identify uploading BitTorrent users”"
"II.4.13 Example “Blocking Peer-to-Peer VoIP telephony
with proprietary end-to-end application control protocols”"
"II.5.1 Example “Detecting a specific Peer-to-Peer VoIP telephony with proprietary end-to-end application control protocols”"
Read the rest
Security researcher Brian Krebs picks out some choice exchanges out of a dump from an elite Russian spammer message-board, and suggests that this contains clues to the identities of the world's most prolific spammers.
“Everything is all right with John. We drank with him recently in Europe. He is getting married soon. He is no longer spamming stocks. He got squeezed [arrested/questioned] once very badly some time ago. Now he is all clean. His friend – SP – screwed him and also is not working with stocks now. Rin is in total shit. He is going to be in jail (or he is going to be hiding) for a long time. He calls me pretty often, so he is alive so far. I am helping his wife with money from time to time.”
The two exchange recommendations about their favorite nightclubs in St. Petersburg, Russia. Tarelka inquires how Severa is doing, which elicits the following reply:
“I am okay. Damn, where to find sponsors? I am sure I can spin off stocks even in the current market. Are there any more contacts? Maybe I will ask Apple. Maybe he can give me some referrals. Who could think two years ago that this “theme” would die, huh? Give my regards to Igor [possibly Igor Gusev, the co-curator of SpamIt]. I wish you luck and patience.”
Tarelka says he tried to convince John/Apple that there was still money to be made in stock spam, but that John insisted the market was dead, and that no one was coming forward to pay spammers to send pump-and-dump spam anymore.
A number of journalists I know believe the Obama administration is the most secretive administration yet.
When I read news like this, I am inclined to believe them: the Naval Criminal Investigative Service is going after our pals at Danger Room, over a 5-year-old leak about a weapon that was never built.
"Federal agents are also chasing a leaker who gave Danger Room a document asking for a futuristic laser weapon that could set insurgents’ clothes on fire from nine miles away."