Nominate for the EFF Pioneer Award

The Electronic Frontier Foundation has opened the nominations for the 2014 Pioneer Award, which celebrates people who have contributed substantially to the health, growth, accessibility, or freedom of computer-based communications. Anyone can nominate, and the winners will be chosen by an independent and august jury. I am enduringly proud to have received the Pioneer Award, along with such luminaries as Limor "Lady Ada" Fried, Bruce Shneier, Bunnie Huang and Aaron Swartz.

NSA helps foreign governments conduct mass surveillance at home


A new release of Snowden's leaked NSA docs detail RAMPART-A, through which the NSA gives foreign governments the ability to conduct mass surveillance against their own populations in exchange for NSA access to their communications. RAMPART-A, is spread across 13 sites, accesses three terabytes/second from 70 cables and networks. It cost US taxpayers $170M between 2011 and 2013, allocated through the NSA's "black budget."

The NSA makes its foreign partners promise not to spy on the USA using its equipment and in return, agrees not to spy on its partners' populations (with "exceptions"). However, as was documented in Glenn Greenwald's indispensable No Place to Hide, the NSA has a simple trick for circumventing any promises not to spy on its partners' populations.

"No Place to Hide" revealed a list of 33 "third party" countries that assist the NSA in conducting mass surveillance, including Saudi Arabia, Israel, Singapore, Ethiopia, and 15 EU member states. These countries do not allow the NSA to spy on their own countries, but the NSA exploits a loophole to conduct this surveillance anyway: it will strike an agreement with Country A, on one end of a high-speed cable not to spy on it population, and with Country B, on the other end of the cable, not to spy on its population, but will conduct mass surveillance of Country A's communications from Country B and vice-versa.

How Secret Partners Expand NSA’s Surveillance Dragnet [Ryan Gallagher/The Intercept]

GCHQ claims right to do warrantless mass interception of all webmail, search and social media


The UK spy agency GCHQ says it doesn't need a warrant to intercept and store all UK social media traffic, search history and webmail because it is headed offshore, so it's "foreign communications". It had kept this interpretation of English and Welsh law a secret until now, and only revealed it after a protracted legal battle with the excellent people at Privacy International and six other civil liberties groups, including Amnesty International, and ACLU.

Read the rest

IRS won't fix database of nonprofits, so it goes dark


Rogue archivist Carl Malamud writes, "Due to inaction by the Internal Revenue Service and the U.S. Congress, Public.Resource.Org has been forced to terminate access to 7,634,050 filings of nonprofit organizations. The problem is that we have been fixing the database, providing better access mechanisms and finding and redacting huge numbers of Social Security Numbers. Our peers such as GuideStar are also fixing their copies of the database."

Read the rest

Erotic fiction written by a privacy-conscious author


Mallory Ortberg (who created the excellent Squicked out alien describes human sex story) has done it again with Erotica Written By Someone With An Appropriate Sense of Privacy.

Read the rest

Canadian Supreme Court's landmark privacy ruling

The Supreme Court of Canada's ruling in R. v. Spencer sets an amazing precedent for privacy that not only reforms the worst practices of Canadian ISPs and telcos; it also annihilates the Tories' plans to weaken Canadian privacy law into insignificance. The Supremes unanimously held that the longstanding practice of carriers voluntarily handing over subscriber data to cops and government agencies without a warrant was unconstitutional.

The court's decision, written by Harper appointed Justice Thomas Cromwell, takes a nuanced view of privacy, and upholds the importance of anonymity as part of the protected right to privacy.

The Harper government is currently pushing two surveillance bills, C-13 and S-4, which would radically expand the practice of "voluntary" disclosure of subscriber data without a warrant. As Michael Geist writes in an excellent explainer, these bills are almost certainly unconstitutional under this ruling and are likely to die or be substantially reformed.

Read the rest

Apple adds privacy-protecting MAC spoofing (when Aaron Swartz did it, it was evidence of criminality)

Apple has announced that it will spoof the MAC addresses emitted by its wireless devices as an anti-tracking measure, a change that, while welcome, is "an umbrella in a hurricane" according to a good technical explainer by the Electronic Frontier Foundation's Jeremy Gillula and Seth Schoen.

Read the rest

US appeals court rules a warrant is required for cell phone location tracking

logo25

Big news in the fight for security and privacy in the US: the 11th Circuit Court of Appeals this week ruled that a warrant is required for cell phone location tracking.

Read the rest

Time-capsule crypto to help journalists protect their sources


Jonathan Zittrain writes, "I published an op-ed in the Boston Globe today musing on the prospects for 'time capsule encryption,' one of several ways of storing information that renders it inaccessible to anyone until certain conditions -- such as the passage of time -- are met. I could see libraries and archives offering such technology as part of accepting papers and manuscripts, especially in the wake of the "Belfast Project" situation, where a library promised confidentiality for accounts of the Troubles in North Ireland, and then found itself amidst subpoenas from law enforcement looking to solve long-cold cases. But the principle could apply to any person or company thinking that there's a choice between leaving information exposed to leakage, or destroying it entirely."

I'm less enthusiastic about this than Jonathan is. I think calibrating the strength of your time-capsule is very hard. If the NSA might be an order of magnitude faster than the rest of us at brute-force cryptanalysis, that means you need to make your 10-year capsule strong enough to last for 100 years just to be on the safe side. Same goes for proof-of-work.

Read the rest

NSA whistleblower Thomas Drake to appear at HOPE NYC

2600's Emmanuel Goldstein writes, "This summer's HOPE X conference has added another major whistleblower to its schedule: Thomas Drake, who was charged under the Espionage Act in 2010 after revealing waste, fraud, and abuse at the NSA. The government would later drop these charges, after ruining Drake's career and dragging his name through the mud. Drake was one of the opponents of the NSA's Trailblazer program in 2002, which wound up costing billions of taxpayer dollars and would have been a huge violation of privacy, had it not been cancelled in 2006. It wouldn't be the last such program, and Drake wouldn't be the last whistleblower. HOPE X takes place July 18-20 at the Hotel Pennsylvania in New York City. More info at xxx.xxxxxxxxxxxxxxxxxx.xxx or x.hope.net."

Encrypt like a boss with the Email Self-Defense Guide


Libby writes, "Today the Free Software Foundation is releasing Email Self-Defense, a guide to personal email encryption to help everyone, including beginners, make the NSA's job a little harder. We're releasing it as part of Reset the Net, a global day of action to push back against the surveillance-industrial complex. The guide will get you encrypting your emails in under 30 minutes, and takes you all the way through sending and receiving your first encrypted email."

Email Self-Defense - a guide to fighting surveillance with GnuPG (Thanks, Libby!)

Google announces end-to-end encryption for Gmail (a big deal!)

Google has announced support for end-to-end encryption with Gmail, a major step for privacy and a major blow against mass surveillance. Gmail users who install free and open Chrome plugin will be able to send and receive messages that can only be read by people who have their intended recipients' passphrase, and not Google -- meaning that even if the NSA legally or covertly taps into Google's data-centers, they won't be able to read mail that's encrypted with the End-to-End plugin.

This is marvellous news. There is already support for Gnu Privacy Guard (GPG) and Pretty Good Privacy (PGP) in Gmail, through Firefox plugin or Chrome plugin, but long experience has shown that many people are confused by PGP/GPG in its current state.

What's more, Google has explicitly tied this to the Reset the Net campaign (in which Boing Boing is a partner), a global day commemorating the Snowden leaks and calling for an Internet that is made strong and secure from mass spying.

Read the rest

Podcast: How to Talk to Your Children About Mass Surveillance


Here's a reading (MP3) of a my latest Locus column, How to Talk to Your Children About Mass Surveillance, in which I describe the way that I've explained the Snowden affair to my six-year-old:

Read the rest

Snowden, one year after: Now we know the NSA's secrets

Josh from the ACLU writes, "To mark this Thursday's one-year anniversary of the first NSA revelation from Edward Snowden, we've made a very cool video showing what's happened so far (and yes that is Snowden's voice at the end). You've not seen an NSA video like this before. We've also created a guide (PDF) to what we think needs to be done for surveillance reform by Congress, the president, the courts, and tech companies."

They Knew Our Secrets. One Year Later, We Know Theirs.

Engineering our way out of mass surveillance

Smári "Mailpile" McCarthy's lecture Engineering Our Way Out of Fascism sets out a set of technical, legal and social interventions we can undertake to make mass surveillance impossible, starting with this: "The goal of those interested in protecting human rights should be to raise the average cost of surveillance to $10.000 per person per day within the next five years."

Read the rest