Boing Boing 

Feds wanted to fine Yahoo $250K/day for fighting PRISM


We've known since the start that Yahoo fought the NSA's Prism surveillance program tooth-and-nail; but as unsealed court docs show, the Feds made the process into a harrowing ordeal, and sweet-talked gullible judges into dropping the hammer on Y.

Read the rest

European Court of Human Rights will hear case about GCHQ spying


This is huge news: the European Court of Human Rights has agreed to hear a challenge to bulk Internet surveillance by the UK spy agency GCHQ. The case was brought by Big Brother Watch, the Open Rights Group and English PEN, and German Internet activist Constanze Kurz. This is a rare instance of "impact litigation" in the UK, where a bad law or practice can be ended swiftly and decisively by having a court hear a test-case about the law and rule on its constitutionality. This tactic has been incredibly effective in the US -- EFF's famous Bernstein victory, which legalized strong cryptography, is a good example -- but has been less available to UK activists.

Read the rest

Leaked US independent surveillance watchdog report concludes NSA program is illegal and recommends shut-down

The forthcoming report of the Privacy and Civil Liberties Oversight Board, the arm's-length body established by the Congress to investigate NSA spying, has leaked, with details appearing in The New York Times and The Washington Post.

From its pages, we learn that the board views the NSA's metadata collection program -- which was revealed by Edward Snowden -- as illegal, without "a viable legal foundation under Section 215, implicates constitutional concerns under the First and Fourth Amendments, raises serious threats to privacy and civil liberties as a policy matter, and has shown only limited value…As a result, the board recommends that the government end the program."

The report goes farther than the President's Review Group on Intelligence and Communications Technologies (whose recommendations Obama ignored) and even farther than the policies announced by the President himself.

The Board also found that NSA metadata collection didn't stop any terrorist attacks, and would not have been useful in preventing the 9/11 attacks.

Read the rest

Congress calls on Schneier to give it answers that the NSA won't

Congress has grown so weary of the NSA's duck-and-weave routine when asked to explain its spying that yesterday, six members of Congress called in Bruce Schneier to give it the answers that the NSA can't or won't give. Schneier, who's seen some of the Snowden leaks, called the meeting "surreal" and "extremely freaky."

NSA official: mass spying has foiled one (or fewer) plots in its whole history

During an NPR interview, the NSA's outgoing deputy director John C Inglis -- the top civilian official in the NSA hierarchy -- admitted that the NSA's mass surveillance program had foiled a total of one terrorist plot (an attempt to wire some money to al-Shabaab in Somalia) in its entire history. But he doesn't want to get rid of his agency's program of spying on everything every American does, because it's an "insurance policy" in case someone tries the kind of terrorist attack that it might foil.

Read the rest

EFF: "Everything we know about NSA spying" from 30C3

The Electronic Frontier Foundation's Kurt Opsahl -- a brillliant digital civil liberties attorney who has been suing the US government and the NSA over spying since 2006 -- took to the stage at the 30th Chaos Communications Congress in Hamburg this week to explain in clear and simple language the history of NSA spying. Kurt lays out the tortured legal history of American bulk surveillance, showing how an interlocking set of laws, policies, lies and half-truths have been used to paper over an obviously, grossly unconstitutional program of spying without court oversight or particular suspicion.

If you're mystified by the legal shenanigans that led up to the Snowden and Manning leaks, this is where you should start. And even if you've been following the story closely, Opsahl gives badly needed coherence to the disjointed legal struggle, connecting the dots and revealing the whole picture.

30c3: Through a PRISM, Darkly - Everything we know about NSA spying

Google security engineer on NSA: "Fuck these guys"


In a heartfelt and personal blog-post, Google security engineer Brandon Downey discusses his feelings on the discovery that the NSA had tapped Google's private fiber links. In three words: "Fuck these guys." But you should read the rest, too.

Read the rest

Rebutting Apple's claim of Imessage security: Apple can too spy on users

Ios jailbreaker and security researcher Cyril Cattiaux presented his work on Apple's Imessage software at the Hack in the Box conference in Kuala Lumpur. Apple had previously stated that its messaging software was resistant to Prism-style surveillance because of its secure key-handling, through which the company itself could not see what its users were saying. Cattiaux called this "basically lies" and showed that there was scope for undetectably swapping out keys, allowing the company (or anyone it cooperates with) to spy on users. Cattiaux worked with other researchers, including Moxie Marlinspike, and showed that there were ways of designing Imessage such that users could detect key-substitutions and other attacks on the integrity of their messages, but that Apple had chosen to implement their system in a less secure way.

Read the rest

Stallman on making technology compatible with a free society

Writing in Wired, Richard Stallman -- founder of the Free Software Foundation, which puts the GNU in GNU/Linux -- writes about the relationship between software freedom and a free society. Proprietary software -- opaque to its users, liable to subversion for the purposes of governments and corporations -- is incompatible with a free, democratic society. The temptation to collect data, and, once collect it, to abuse it, is irresistible for the fallible humans who make up the state. Systems have to be designed to keep their users free and private -- there is no way to make people secure unless their tools are secure, too. Stallman sets out the various forms of surveillance and control, from no-fly lists to web-tracking, and proposes ways to make them safe for a free society.

Read the rest

ORG, coalition of activist groups sue UK government over Prism, need donations


Jim Killock from the UK Open Rights Group sez, "The Open Rights group, Big Brother Watch, Constanze Kurz and English PEN are challenging the legality of the mass data hoovering by the Uk government revealed by Edward Snowden. They need £20,000 to mount the challenge in the EU Court of Human Rights. They've raised over £3,000 in less than a day: please donate!"

This is very exciting, and looks like the kind of "impact litigation" we see a lot of in the USA, where activist groups can use high courts to strike down bad laws. It's a very effective way of conducting an asymmetrical battle against entrenched, incumbent authorities. Even though I've already made my annual donation to ORG, I've kicked in another £100 for this.

Read the rest

DiFi admits that the NSA is wiretapping the Internet's backbone

Ever since whistleblower Mark Klein revealed that he'd build a secret wiretapping room for the NSA at AT&T's San Francisco switching center, we've known that the NSA was illegally wiretapping the Internet's backbone. But the government has steadfastly denied it. However, as Bruce Schneier documents, Senator Diane Feinstein has let slip that the NSA is tapping the backbone on several occasions, though president Obama continues to deny it.

Jacob Appelbaum explains surveillance to the EuroParl

Jacob Appelbaum of the Tor Project and Wikileaks addressed the European Parliament on the issue of surveillance and freedom. It was a remarkable speech, even by Appelbaum's high standards. An amateur transcript gives you a sense of what's going on, but the video is even better: "Is it used for coercion? Is data passed to autocratic regimes? Is it used to study groups? Is it used to disrupt? Yes, yes, and yes. Might they force or forge data? Absolutely."

Read the rest

The New York Times' prophetic 1983 warning about the NSA

David Burnham, in 1983: THE SILENT POWER OF THE N.S.A.
No laws define the limits of the N.S.A.'s power. No Congressional committee subjects the agency's budget to a systematic, informed and skeptical review. With unknown billions of Federal dollars, the agency purchases the most sophisticated communications and computer equipment in the world. But truly to comprehend the growing reach of this formidable organization, it is necessary to recall once again how the computers that power the N.S.A. are also gradually changing lives of Americans - the way they bank, obtain benefits from the Government and communicate with family and friends. Every day, in almost every area of culture and commerce, systems and procedures are being adopted by private companies and organizations as well as by the nation's security leaders that make it easier for the N.S.A. to dominate American society should it ever decide such action is necessary.

Benedict Cumberbatch has found a use for omnipresent paparazzi

publicizing important questions about the state of British democracy.

Join PRSM, the most social social network

Introducing a brand new way to share everything. [getprsm]

How British spies exorcise a leak-haunted laptop


(Photo by Roger Tooth)

In the Guardian, Julian Borger follows up on Monday's account of the raid on the newspaper's office by British spooks from GCHQ that culminated with government agents smashing a laptop into tiny pieces on the grounds it contained one of many, many copies of the Edward Snowden leaks. It's not clear whether the spooks were incompetent enough to believe that this would have any practical effect on the continued publication of secrets regarding dragnet surveillance, or whether it was a purely symbolic gesture.

But the evidence favours intimidation. Borger tells a tale of increased pressure on the Guardian, a series of ever-more-intense calls and visits, dropped hints of a secret injunction or a full-on raid. It culminated with the farcical destruction of the tainted computer, which had been infected by its proximity to embarrassing revelations of government lies and criminality, in which Guardian employees, top spooks, and stern government ministers reduced the computer to scraps by means of angle grinders and drills. The spies took lots of pictures, but let the Guardian keep the scraps.

Read the rest

Cyveillance, Comcast's creepy copyright threat-deliverer, also helps the Secret Service

The "Guaranteed takedowns in 5 hours or less" that web-watching outfit Cyveillance promises aren't so guaranteed when they're illegal: a lesson in the Streisand Effect having just been dealt to its client, Comcast, by a particularly ill-advised attempt to bully TorrentFreak into removing public court documents.

But it's not their first rodeo, and Cyveillance has always been as trivially sleazy about it as they are now. Here's a blog entry from 2003 complaining about its efforts to hide what it does.

Read the rest

Schneier: when the NSA comes to your company's door, fight!


Bruce Schneier has advice for America's tech companies: when the NSA comes to you and asks you to spy on your users, say NO. They'll promise you that no one will ever find out that you were helping them break the law, but they can't keep that promise. They'll put your company's name in PowerPoint presentations that they show to thousands of employees and contractors and suppliers, and the next whistleblower will out you for your cowardly complicity -- just like Snowden did for Microsoft, Apple, Google, and so many others. If you think not complying with the NSA will cost you the business, recognize that complying with them could also destroy you.

Read the rest

Stickonspy: sticker-reminder that the NSA likes to fool around with your webcam


Stickonspy sells die-cut stickers that go around your laptop's webcam to remind yourself -- and others -- that spooks from western governments have made a practice of using spyware that allows them to covertly switch on laptop and mobile phone cameras and microphones to spy on their owners. $3 for one, $10 for 6. We used to sell a variation on these in the old Boing Boing Bazaar. Just remember to trim away enough of the sticker that you can see if the webcam light is lit, which will prevent some of the less-subtle attacks, and also inadvertent embarrassment.

Stickonspy (Thanks, Bradley!)

US businesses stand to lose up to $35B as a result of PRISM


How Much Will PRISM Cost the U.S. Cloud Computing Industry? [PDF], a report from the Information Technology and Innovation Foundation -- a highly regarded DC think-tank -- estimates that the US cloud computing companies will lose $22-$35 billion as a result of customers' nervousness about PRISM and other spying programs. The US had been leading the world in cloud computing, but analysts are seeing a rush to European cloud providers that are (presumably) out of reach on the NSA and in jurisdictions with tighter rules on government spying.

Read the rest

Oversight: the future of bland, corporate ubiquitous surveillance

Tom Scott (who created last year's EULAs for the Afterlife video) has made a terrific and terrifying video called "Oversight: Thank you for volunteering, citizen;" a horribly plausible look at what the future of crowdsourced, privatised ubiquitous surveillance might look for. As always, Scott nails the weirdly upbeat and blandly evil voice of global corporatism and produces something that is chillingly convincing.

Oversight: Thank you for volunteering, citizen. (Thanks, Tom!)

Six blatant lies about spying from the NSA up to Obama

ProPublica has produced a video showing, point-by-point all the ways that US government officials, all the way up to Obama, have told blatant lies about the details and extent of NSA spying.

Read the rest

German animation explains the evils of ubiquitous surveillance

"Überwachungsstaat - Was ist das?" is a short animation narrated in German (with English subtitles) that does a very good job of explaining the evils of mass surveillance. Being German, the narrator is allowed to make comparisons to the Nazis without invoking Godwin's Law, which turns out to be surprisingly useful.

Überwachungsstaat - Was ist das? (Thanks, Stefan!)

If recording your calls without playing them back isn't surveillance...

...then downloading music without listening to it isn't piracy

NSA capo heckled at Black Hat conference


Noted perjuror and NSA Director Keith Alexander appeared onstage at the Black Hat security conference today, where he was heckled by audience members, notably a 30-year-old security consultant named Jon McCoy, who shouted things like "Freedom!" and "Bullshit!" and then got into some more substantive points.

Read the rest

Which Congresscritters voted for infinite, permanent, all-pervasive NSA spying?

As Xeni wrote, yesterday's vote to de-fund the NSA's warrantless dragnet surveillance came within a whisker of passing. 205 Reps voted in favor of asserting innocent Americans' right not to be spied upon; 217 voted against, and 12 abstained -- enough to have carried the day. Who were these heroes and villains and absentees? Here are their names from the full roll call.

If you live in the district of a Congresscritter who voted in favor of defunding the NSA, please call her or him and say thank you. If your Congresscritter voted in favor of you being spied upon at all times and in every way forever, call that person up and do some shouting. The anti-NSA side was thoroughly bipartisan. There are undoubtably some "no" voters who can be persuaded to switch to a yes if they think that their constituents really care about it. We are so close.

Same goes for abstainers -- if those 12 had bothered to show up for work yesterday and voted with the Constitution they've sworn to uphold, the day would have been carried.

Click through the jump to see the full lists, courtesy of Techdirt.

Read the rest

Europeans: sign petition calling on EU leaders to stop mass surveillance programmes


A coalition of European privacy, free speech and civil liberties groups have started a petition to the leaders of the EU, calling on them to stop governments from carrying out programs of mass, suspicionless, warrantless dragnet surveillance like Prism and Tempora (the US and UK programs revealed in Edward Snowden's NSA leaks). They need your signature, too:

We, the undersigned, call on our Heads of Government to clearly and unambiguously state their opposition to all systems of mass surveillance including the US's NSA PRISM system and similar systems in several countries in Europe. Europe’s leaders have not yet taken any action to stop this abuse of our right to privacy and freedom of expression.

We call on Europe’s leaders to place this issue firmly on the agenda for the next European Council Summit in October. They need to make it clear that they will do so.

They must take action to stop this abuse of our human rights.

The inaugural signatories include Index on Censorship, English PEN, Article 19, Privacy International, Open Rights Group and Liberty.

EU leaders: Stop mass surveillance

End warrantless dragnet supying -- DEFUND THE NSA! Act today!

Congress is voting tomorrow on a bill that would defund the NSA's program of warrantless, mass, illegal spying on innocent Americans. You -- YES YOU -- need to hit the link below, enter your ZIP code, get contact details for your congresscritter and call that number and give the staffer who answers a firm, polite, serious piece of your mind. This is a great chance to make an important change in the world. Do it.

A critical vote is happening tomorrow, July 24th, on the Defense Appropriations Bill in the House of Representatives. The bill gives taxpayer money to fund defense programs, including NSA surveillance.

Yesterday, an important bipartisan amendment to that bill was green-lighted to be voted on tomorrow. Proposed by Rep. Justin Amash (MI), the amendment would remove funding for blanket collection of phone records and metadata from cell phone service providers.

The summary of the amendment on the House of Representatives website reads:

Ends authority for the blanket collection of records under the Patriot Act. Bars the NSA and other agencies from using Section 215 of the Patriot Act to collect records, including telephone call records, that pertain to persons who are not subject to an investigation under Section 215.

The vote on this bill is critical. We need to flood Congress with calls in support of the amendment, and hold our representatives accountable.

A crucial vote is happening that could end NSA surveillance

Google experimenting with spy-resistant encrypted Google Drive

CNet's Declan McCullagh reports on a rumor that Google is testing a system for encrypting its users' files on Google Drive; they are reportedly considering the move as a means of making it harder for government spies to harvest user-data. There are lots of things this could mean: if Google encrypts the files but retains the keys, it would mean that any government spying would be more visible within the company, since it would require the government requesting access to the keys before it could snoop on users. On the other hand, it might mean that Google would encrypt its files in a way that even it can't encrypt it -- called "zero-knowledge encryption" -- which would be much more robust against spying. McCullagh talks about companies that do similar things:

Some smaller companies already provide encrypted cloud storage, a concept that's sometimes called "host-proof hosting." SpiderOak says its software, available for Windows, OS X, Linux, iOS, Android, and Nokia N900 platforms, uses "zero-knowledge" encryption techniques that allow it to store data that's "readable to you alone." SpiderOak also offers a Web access option because of "overwhelming customer demand," but suggests the client application is more secure.

Wuala is an application for Windows, OS X, Linux, iOS, and Android created by Zurich-based LaCie AG that also uses client-side encryption. "LaCie employees have very limited access to your data," the company says. "They can only see how many files you have stored and how much storage space they occupy."

Google tests encryption to protect users' Drive files against government demands

Microsoft: NSA harming constitution

Declan McCullagh: "A strongly worded letter from Microsoft's general counsel to Attorney General Eric Holder says secrecy about National Security Agency surveillance is harming fundamental 'constitutional principles.'" [CNET]