CALL CONGRESS NOW, END NSA MASS SURVEILLANCE


If you call your Congressional rep today, we can stop NSA mass surveillance in its tracks. Today, Congress will vote on a critical amendment to the Defense Appropriations Bill: under this amendment, the NSA will be prohibited from using its prodigious budget to conduct mass, warrantless surveillance and to sabotage security standards and technology. This doesn't solve all the surveillance problems, but it's the cleanest, quickest and most plausible way to hamstring NSA spying. The last time this happened, Congress came within seven votes of passing it. The chances are even better now. CALL.

Shut the NSA's Backdoor to the Internet

(Image: I want you to blow the whistle, Mike, )

Germany is NSA's largest listening post, according to new report based on Snowden leaks

A general view of the large former monitoring base of the U.S. intelligence organization National Security Agency (NSA) during break of dawn in Bad Aibling south of Munich, July 11, 2013. Chancellor Angela Merkel has defended Germany's cooperation with U.S. intelligence, dismissing comparisons of its techniques to those used in communist East Germany in an attempt to ease tensions a day before talks on the thorny issue in Washington.   REUTERS/Michael Dalder


A general view of the large former monitoring base of the U.S. intelligence organization National Security Agency (NSA) during break of dawn in Bad Aibling south of Munich, July 11, 2013. Chancellor Angela Merkel has defended Germany's cooperation with U.S. intelligence, dismissing comparisons of its techniques to those used in communist East Germany in an attempt to ease tensions a day before talks on the thorny issue in Washington. REUTERS/Michael Dalder

Using documents leaked by National Security Agency whistleblower Edward Snowden, Der Spiegel reports that the NSA has turned Germany into its most important base of operations in Europe. "NSA is more active in Germany than anywhere else in Europe," reports the paper, "And data collected here may have helped kill suspected terrorists."

The German archive provides the basis for a critical discussion on the necessity and limits of secret service work as well as on the protection of privacy in the age of digital communication. The documents complement the debate over a trans-Atlantic relationship that has been severely damaged by the NSA affair.

They paint a picture of an all-powerful American intelligence agency that has developed an increasingly intimate relationship with Germany over the past 13 years while massively expanding its presence. No other country in Europe plays host to a secret NSA surveillance architecture comparable to the one in Germany. It is a web of sites defined as much by a thirst for total control as by the desire for security. In 2007, the NSA claimed to have at least a dozen active collection sites in Germany.

The documents indicate that the NSA uses its German sites to search for a potential target by analyzing a "Pattern of Life," in the words of one Snowden file. And one classified report suggests that information collected in Germany is used for the "capture or kill" of alleged terrorists.

"New NSA Revelations: Inside Snowden's Germany File" [Der Spiegel]

Related:

Possible hidden Latin warning about NSA in Truecrypt's suicide note


When the anonymous authors of the Truecrypt security tool mysteriously yanked their software last month, there was widespread suspicion that they had been ordered by the NSA to secretly compromise their software. A close look at the cryptic message they left behind suggests that they may have encoded a secret clue in the initials of each word of the sentence ("Using TrueCrypt is not secure as it may contain unfixed security issues"), the Latin phrase "uti nsa im cu si" which some claim can be translated as a warning that the NSA had pwned Truecrypt.

Read the rest

US appeals court rules a warrant is required for cell phone location tracking

logo25

Big news in the fight for security and privacy in the US: the 11th Circuit Court of Appeals this week ruled that a warrant is required for cell phone location tracking.

Read the rest

How can you trust your browser?


Tim Bray's Trusting Browser Code explores the political and technical problems with trusting your browser, especially when you're using it to do sensitive things like encrypt and decrypt your email. In an ideal world, you wouldn't have to trust Google or any other "intermediary" service to resist warrants forcing it to turn over your sensitive communications, because it would be technically impossible for anyone to peek into the mail without your permission. But as Bray points out, the complexity and relative opacity of Javascript makes this kind of surety difficult to attain.

Bray misses a crucial political problem, though: the DMCA. Under US law (and similar laws all over the world), telling people about vulnerabilities in DRM is illegal, meaning that a bug in your browser that makes your email vulnerable to spying might be illegal to report, and will thus potentially never be fixed. Now that the World Wide Web Consortium and all the major browser vendors (even including Mozilla) have capitulated on adding DRM to the Web, this is the most significant political problem in the world of trusting your browser.

Read the rest

Time-capsule crypto to help journalists protect their sources


Jonathan Zittrain writes, "I published an op-ed in the Boston Globe today musing on the prospects for 'time capsule encryption,' one of several ways of storing information that renders it inaccessible to anyone until certain conditions -- such as the passage of time -- are met. I could see libraries and archives offering such technology as part of accepting papers and manuscripts, especially in the wake of the "Belfast Project" situation, where a library promised confidentiality for accounts of the Troubles in North Ireland, and then found itself amidst subpoenas from law enforcement looking to solve long-cold cases. But the principle could apply to any person or company thinking that there's a choice between leaving information exposed to leakage, or destroying it entirely."

I'm less enthusiastic about this than Jonathan is. I think calibrating the strength of your time-capsule is very hard. If the NSA might be an order of magnitude faster than the rest of us at brute-force cryptanalysis, that means you need to make your 10-year capsule strong enough to last for 100 years just to be on the safe side. Same goes for proof-of-work.

Read the rest

'NSA vs. USA,' anti-spying dance music video

An anti-mass-surveillance music video by Shahid Buttar, director of the Bill of Rights Defense Committee.

Download the extended dance floor mix. Read the lyrics (annotated with hyperlinks to help you learn more). [HT: Rainey Reitman]

Today is the day we Reset the Net

Today is the day we Reset the Net! It’s been one year since the Edward Snowden disclosures hit the news and the whole world woke up to the scale of mass, indiscriminate Internet surveillance — a spying campaign that was only possible because our own tools leak our private information in great gouts. Reset the Net provides you with a technical, political, and social toolkit to harden our Internet against the spies; and Boing Boing is proud to be playing a role.

Read the rest

Tomorrow: Berlin sunrise mass whistle-in to commemorate Snowden leaks


A reader writes, "Just after sunrise on June 5, the NK Projekt in Berlin is leading a massive whistle-blowing session to commemorate the one-year anniversary of Edward Snowden's own whistle blowing activities."

(Image: I want you to blow the whistle, Mike, CC-BY-SA)

Five dumb things that NSA apologists should really stop saying


The Electronic Frontier Foundation has rounded up the five most discredited arguments advanced by apologists for NSA spying, including "The NSA has Stopped 54 Terrorist Attacks with Mass Spying"; Just collecting call detail records isn’t a big deal"; "There Have Been No Abuses of Power"; "Invading Privacy is Okay Because It’s Done to Prevent Terrorist Attacks"; and "There’s Plenty of Oversight From Congress, the Foreign Intelligence Surveillance Court, and Agency Watchdogs." Each of these claims is meticulously debunked in the post.

Read the rest

Snowden, one year after: Now we know the NSA's secrets

Josh from the ACLU writes, "To mark this Thursday's one-year anniversary of the first NSA revelation from Edward Snowden, we've made a very cool video showing what's happened so far (and yes that is Snowden's voice at the end). You've not seen an NSA video like this before. We've also created a guide (PDF) to what we think needs to be done for surveillance reform by Congress, the president, the courts, and tech companies."

They Knew Our Secrets. One Year Later, We Know Theirs.

NSA facial recognition: combining national ID cards, Internet intercepts, and commercial facial databases for millions of people

A newly released set of slides from the Snowden leaks reveals that the NSA is harvesting millions of facial images from the Web for use in facial recognition algorithms through a program called "Identity Intelligence." James Risen and Laura Poitras's NYT piece shows that the NSA is linking these facial images with other biometrics, identity data, and "behavioral" data including "travel, financial, behaviors, social network."

The NSA's goal -- in which it has been moderately successful -- is to match images from disparate databases, including databases of intercepted videoconferences (in February 2014, another Snowden publication revealed that NSA partner GCHQ had intercepted millions of Yahoo video chat stills), images captured by airports of fliers, and hacked national identity card databases from other countries. According to the article, the NSA is trying to hack the national ID card databases of "Pakistan, Saudi Arabia and Iran."

This news is likely to be rhetorically useful to campaigners against national ID cards in countries like the UK, where the issue has been hotly debated for years (my own Member of Parliament, Meg Hillier, was the architect of one such programme, and she, along with other advocates for national ID cards, dismissed fears of this sort of use as paranoid ravings).

The development of the's NSA facial recognition technology has been accompanied by a mounting imperative to hack into, or otherwise gain access to, other databases of facial images. For example, the NSA buys facial images from Google's Pittpatt division, while another program scours mass email interceptions for images that appear to be passport photos.

An interesting coda to the piece is that the NSA has developed the capability to infer location by comparing scenery in terrestrial photos to satellite images, which sounds like a pretty gnarly computer-vision problem.

Read the rest

House approves 'media shield' amendment, as reporter reveals 2011 subpoena fight

houseofrep232way_wide-4bac6d92f39d630d0f94f3c708ca06710a717d2f-s6-c30The House of Representatives today voted 225-183 to approve an appropriations bill amendment that bars the Justice Department from forcing reporters to testify about their confidential sources.

Read the rest

Majority of Americans think Snowden was right to leak


A forthcoming Yougov survey found that 55 percent of Americans believe Edward Snowden was right to leak the details of Prism (it's not clear whether they were surveyed on other leaks).

Read the rest

NSA can't find any emails from Snowden, then it can (convenient, no?)

Yesterday, the NSA released an email from Edward Snowden to his superiors asking about the legality of NSA spying, claiming it was the only evidence they had that he ever tried to go through channels before turning leaker; on its face, this is pretty damning. But there's one problem: six months ago, the NSA claimed that they had no emails of the sort from Snowden, and then this one happened to turn up just in time to counter Snowden's allegations on US TV that he'd tried to blow the whistle from inside. My guess? Someone as canny as Snowden kept copies of all the communiques he made and flags he raised, and will be shortly making the NSA look like pathetic liars (again).

Read the rest