US appeals court rules a warrant is required for cell phone location tracking

logo25

Big news in the fight for security and privacy in the US: the 11th Circuit Court of Appeals this week ruled that a warrant is required for cell phone location tracking.

Read the rest

How can you trust your browser?


Tim Bray's Trusting Browser Code explores the political and technical problems with trusting your browser, especially when you're using it to do sensitive things like encrypt and decrypt your email. In an ideal world, you wouldn't have to trust Google or any other "intermediary" service to resist warrants forcing it to turn over your sensitive communications, because it would be technically impossible for anyone to peek into the mail without your permission. But as Bray points out, the complexity and relative opacity of Javascript makes this kind of surety difficult to attain.

Bray misses a crucial political problem, though: the DMCA. Under US law (and similar laws all over the world), telling people about vulnerabilities in DRM is illegal, meaning that a bug in your browser that makes your email vulnerable to spying might be illegal to report, and will thus potentially never be fixed. Now that the World Wide Web Consortium and all the major browser vendors (even including Mozilla) have capitulated on adding DRM to the Web, this is the most significant political problem in the world of trusting your browser.

Read the rest

Time-capsule crypto to help journalists protect their sources


Jonathan Zittrain writes, "I published an op-ed in the Boston Globe today musing on the prospects for 'time capsule encryption,' one of several ways of storing information that renders it inaccessible to anyone until certain conditions -- such as the passage of time -- are met. I could see libraries and archives offering such technology as part of accepting papers and manuscripts, especially in the wake of the "Belfast Project" situation, where a library promised confidentiality for accounts of the Troubles in North Ireland, and then found itself amidst subpoenas from law enforcement looking to solve long-cold cases. But the principle could apply to any person or company thinking that there's a choice between leaving information exposed to leakage, or destroying it entirely."

I'm less enthusiastic about this than Jonathan is. I think calibrating the strength of your time-capsule is very hard. If the NSA might be an order of magnitude faster than the rest of us at brute-force cryptanalysis, that means you need to make your 10-year capsule strong enough to last for 100 years just to be on the safe side. Same goes for proof-of-work.

Read the rest

'NSA vs. USA,' anti-spying dance music video

An anti-mass-surveillance music video by Shahid Buttar, director of the Bill of Rights Defense Committee.

Download the extended dance floor mix. Read the lyrics (annotated with hyperlinks to help you learn more). [HT: Rainey Reitman]

Today is the day we Reset the Net

Today is the day we Reset the Net! It’s been one year since the Edward Snowden disclosures hit the news and the whole world woke up to the scale of mass, indiscriminate Internet surveillance — a spying campaign that was only possible because our own tools leak our private information in great gouts. Reset the Net provides you with a technical, political, and social toolkit to harden our Internet against the spies; and Boing Boing is proud to be playing a role.

Read the rest

Tomorrow: Berlin sunrise mass whistle-in to commemorate Snowden leaks


A reader writes, "Just after sunrise on June 5, the NK Projekt in Berlin is leading a massive whistle-blowing session to commemorate the one-year anniversary of Edward Snowden's own whistle blowing activities."

(Image: I want you to blow the whistle, Mike, CC-BY-SA)

Five dumb things that NSA apologists should really stop saying


The Electronic Frontier Foundation has rounded up the five most discredited arguments advanced by apologists for NSA spying, including "The NSA has Stopped 54 Terrorist Attacks with Mass Spying"; Just collecting call detail records isn’t a big deal"; "There Have Been No Abuses of Power"; "Invading Privacy is Okay Because It’s Done to Prevent Terrorist Attacks"; and "There’s Plenty of Oversight From Congress, the Foreign Intelligence Surveillance Court, and Agency Watchdogs." Each of these claims is meticulously debunked in the post.

Read the rest

Snowden, one year after: Now we know the NSA's secrets

Josh from the ACLU writes, "To mark this Thursday's one-year anniversary of the first NSA revelation from Edward Snowden, we've made a very cool video showing what's happened so far (and yes that is Snowden's voice at the end). You've not seen an NSA video like this before. We've also created a guide (PDF) to what we think needs to be done for surveillance reform by Congress, the president, the courts, and tech companies."

They Knew Our Secrets. One Year Later, We Know Theirs.

NSA facial recognition: combining national ID cards, Internet intercepts, and commercial facial databases for millions of people

A newly released set of slides from the Snowden leaks reveals that the NSA is harvesting millions of facial images from the Web for use in facial recognition algorithms through a program called "Identity Intelligence." James Risen and Laura Poitras's NYT piece shows that the NSA is linking these facial images with other biometrics, identity data, and "behavioral" data including "travel, financial, behaviors, social network."

The NSA's goal -- in which it has been moderately successful -- is to match images from disparate databases, including databases of intercepted videoconferences (in February 2014, another Snowden publication revealed that NSA partner GCHQ had intercepted millions of Yahoo video chat stills), images captured by airports of fliers, and hacked national identity card databases from other countries. According to the article, the NSA is trying to hack the national ID card databases of "Pakistan, Saudi Arabia and Iran."

This news is likely to be rhetorically useful to campaigners against national ID cards in countries like the UK, where the issue has been hotly debated for years (my own Member of Parliament, Meg Hillier, was the architect of one such programme, and she, along with other advocates for national ID cards, dismissed fears of this sort of use as paranoid ravings).

The development of the's NSA facial recognition technology has been accompanied by a mounting imperative to hack into, or otherwise gain access to, other databases of facial images. For example, the NSA buys facial images from Google's Pittpatt division, while another program scours mass email interceptions for images that appear to be passport photos.

An interesting coda to the piece is that the NSA has developed the capability to infer location by comparing scenery in terrestrial photos to satellite images, which sounds like a pretty gnarly computer-vision problem.

Read the rest

House approves 'media shield' amendment, as reporter reveals 2011 subpoena fight

houseofrep232way_wide-4bac6d92f39d630d0f94f3c708ca06710a717d2f-s6-c30The House of Representatives today voted 225-183 to approve an appropriations bill amendment that bars the Justice Department from forcing reporters to testify about their confidential sources.

Read the rest

Majority of Americans think Snowden was right to leak


A forthcoming Yougov survey found that 55 percent of Americans believe Edward Snowden was right to leak the details of Prism (it's not clear whether they were surveyed on other leaks).

Read the rest

NSA can't find any emails from Snowden, then it can (convenient, no?)

Yesterday, the NSA released an email from Edward Snowden to his superiors asking about the legality of NSA spying, claiming it was the only evidence they had that he ever tried to go through channels before turning leaker; on its face, this is pretty damning. But there's one problem: six months ago, the NSA claimed that they had no emails of the sort from Snowden, and then this one happened to turn up just in time to counter Snowden's allegations on US TV that he'd tried to blow the whistle from inside. My guess? Someone as canny as Snowden kept copies of all the communiques he made and flags he raised, and will be shortly making the NSA look like pathetic liars (again).

Read the rest

Warrantless spying makes spying-with-a-warrant impossible

Tim Bray's taxonomy of privacy levels makes a compact and compelling argument that the existence of warrantless spying and security sabotage is what drives people to adopt cryptographic techniques that can't be broken even with a warrant. Cory 1

Jonathan Lethem and Lars Eidinger's claustrophobic, Snowden-commemorating short film

Jonathan Lethem and Lars Eidinger star in Lars and Jonathan: A Berlin Friendship , a short, paranoid, quirky film made for Transmediale's Snowden-leak-commemorating Magical Secrecy Tour.

Watch the full-length NBC News interview with Edward Snowden

140528-snowden-interview-mn-1447_4c31342b0b39224722c815ad79f0ceea.nbcnews-fp-720-320

NBC News has released an online version of its featured interview with NSA whistleblower Edward Snowden, a first for US TV.

Read the rest