— FEATURED —
— FOLLOW US —
Boing Boing is on Twitter and Facebook. Subscribe to our RSS feed or daily email.
— POLICIES —
Except where indicated, Boing Boing is licensed under a Creative Commons License permitting non-commercial sharing with attribution
— FONTS —
Cory Doctorow at 8:44 am • • 
Rep. Rogers says #CISPA opponents are probably 14-year-olds in a basement. Tell him how wrong he is by tweeting to @repmikerogers.
— EFF (@EFF) April 16, 2013
CISPA is the latest Congressional proposal to do something unbelievably horrible with the Internet -- this time, it's letting US law enforcement and intelligence service raid all of your data, all the time, without letting you know, regardless of your service provider's privacy policy, in the name of preventing "cyberattacks," whatever they are.
It's about as horrible as it can be: the House Rules Committee won't even allow privacy-protecting amendments on the agenda; the bill's sponsor Rep. Mike Rogers dismisses people who oppose CISPA as 14-year-olds in their parents' basements; and a bunch of tech companies are lobbying in favor of CISPA because the bill cannily immunizes them from liability for firehosing your personal, sensitive information all over the place.
The sole bright light is this: the Obama White House has taken an uncharacteristically progressive stance on privacy this time around, and has threatened to veto the bill.
The Electronic Frontier Foundation is, as always, the best place to go to find things you can (and should, and MUST) do to kill this insane proposal.
Cory Doctorow at 6:29 am • •
Evan from Fight for the Future sez, "In the hours before the House Intelligence Committee's secretive, closed-door markup on privacy killing bill, CISPA, we had to unleash our secret weapon. CISPA threatens to invalidate every privacy law on the books and give companies full legal immunity when they share our private data with the government. That's why the tech giants that stood with us during SOPA (Google, Facebook, and Twitter) haven't said much about CISPA. Our chief Internet Defender, Reddit-Cofounder Alexis Ohanian, helped us make this video of him calling Google and asking to speak to CEO Larry Page about that fact that if CISPA passes, every privacy policy on the web will be a total joke."
Sign the petition, kill CISPA, save the Internet (again!).
Google, Twitter, & Facebook: What's your privacy policy? (Thanks, Evan)
Cory Doctorow at 8:03 pm • •
Greg Costikyan sez,
inBloom, a Gates-funded non-profit to harness data to improve grade school education, has partnered with New York and eight other states to encourage the development of apps to "further education" by using intimate data about students, without parental consent and with no ability for parents to opt out.
Among the data shared are name, address, phone numbers, test scores, grades, economic status, test scores, disciplinary records, picture, email, race, developmental delay... just about everything conceivable, and all specific, none of it anonymized. inBloom has arrangements with nine states (New York, Massachusetts, Louisiana, Colorado, Illinois, North Carolina, Georgia, Delaware and Kentucky) to do this.
The XML schema used are downloadable here. Anyone can register as a developer and start using "sample" data, but "real" data is supposedly only available to developers with contracts with a school board. But this includes for-profit, third party developers, such as, say, Amplify, a News Corp subsidiary with a contract with New York.
And it doesn't appear there are any constraints on their use of this data.Ed: apparently constraints can be imposed by districts and states, though the system can allow unconstrained access if the district/state chooses.
Who is Stockpiling and Sharing Private Information About New York Students? (Thanks, Greg!)
Cory Doctorow at 1:13 pm • •
My latest Guardian column is "Copyright wars are damaging the health of the internet" and it looks at what we really need from proposed solutions to the copyright wars:
I've sat through more presentations about the way to solve the copyright wars than I've had hot dinners, and all of them has fallen short of the mark. That's because virtually everyone with a solution to the copyright wars is worried about the income of artists, while I'm worried about the health of the internet.
Oh, sure, I worry about the income of artists, too, but that's a secondary concern. After all, practically everyone who ever set out to earn a living from the arts has failed – indeed, a substantial portion of those who try end up losing money in the bargain. That's nothing to do with the internet: the arts are a terrible business, one where the majority of the income accrues to a statistically insignificant fraction of practitioners – a lopsided long tail with a very fat head. I happen to be one of the extremely lucky lotto winners in this strange and improbable field – I support my family with creative work – but I'm not parochial enough to think that my destiny and the destiny of my fellow 0.0000000000000000001 percenters are the real issue here.
What is the real issue here? Put simply, it's the health of the internet.
Cory Doctorow at 10:07 am • •
ORGCon North is the first regional conference to build on the success of the national sell-out event, ORGCon, which takes place in London every year. On Saturday 13th April Open Rights Group, the UK digital rights campaigning organisation, will be running ORGCon North at the Manchester Friends' Meeting House. The event is a great introduction to digital rights issues that affect every internet user - like freedom from surveillance and free speech on Twitter and Facebook. The event runs from 11am till 5pm and is hosted by ORG-Manchester, the local campaigning group.
ORGCon North gathers experts from many technology fields and civil liberties groups across the country debating some of the big issues like: Will copyright eat the internet? Do we have a right to be offensive? There will be a keynote speech from John Buckman, chair of the Electronic Frontier Foundation (EFF) and founder of the independent record label Magnatune. He will be talking about upcoming challenges to digital rights, drawing on his experiences in the UK and US. Open Rights Group are also offering an 'unconference track' with room for anyone to lead sessions or pop up a debate, to build to the conference they want.
Individual tickets are priced at £11 or £6 for ORG supporters. Tickets are free if you join ORG this month.
ORGCon North 2013 (Thanks, Ruth!)
Cory Doctorow at 6:34 am • •
Unique in the Crowd: The privacy bounds of human mobility, a Nature Scientific Reports paper by MIT researchers and colleagues at Belgium's Universite Catholique de Louvain, documents that 95% of "anonymous" location data from cellphone towers can be de-anonymized to the individual level. That is, given data from a region's cellular towers, the researchers can ascribe individuals to 95% of the data-points.
“We show that the uniqueness of human mobility traces is high, thereby emphasizing the importance of the idiosyncrasy of human movements for individual privacy,” they explain. “Indeed, this uniqueness means that little outside information is needed to re-identify the trace of a targeted individual even in a sparse, large-scale, and coarse mobility dataset. Given the amount of information that can be inferred from mobility data, as well as the potentially large number of simply anonymized mobility datasets available, this is a growing concern.”
The data they studied involved users in an unidentified European country, possibly Belgium, and involved anonymized data collected by their carriers between 2006 and 2007.
Anonymized Phone Location Data Not So Anonymous, Researchers Find [Wired/Kim Zetter]
Cory Doctorow at 9:49 am • •
Rep Louie Gohmert (R-TX) is an ignoramus, as is demonstrated by his questioning during this hearing on reforms to the Electronic Communications Privacy Act. Gohmert questions a Google rep about how Adwords in Gmail work. For the record, here's how it works: Google parses the email for keywords, checks to see if anyone has bid to have text-ads displayed on emails with those words, and displays ads that match. Here's how Gohmert thinks they work: A computer at Google reads your email, sends your identity to an advertiser, and asks it if it wants to display ads on your email.
Gohmert may have confused Adwords with some of the realtime auctions for display ads. Google rep very patiently, and repeatedly tries to explain this to Gohmert, who refuses to get it, and instead smugly keeps asking whether the government could buy the right to see who's sending what email from Google in the way he imagines (incorrectly) that advertisers do.
If watching the video is too painful, have no fear, TechDirt's Mike Masnick has thoughtfully transcribed some of the choicest moments:
Gohmert: Okay, so what would prevent the federal government from making a deal with Google, so they could also "Scroogle" people, and say "I want to know everyone who has ever used the term 'Benghazi'" or "I want everyone who's ever used... a certain term." Would you discriminate against the government, or would you allow the government to know about all emails that included those words?
Lawyer [confounded look] Uh... sir, I think those are apples and oranges. I think the disclosure of the identity...
Gohmert: I'm not asking for a fruit comparison. I'm just asking would you be willing to make that deal with the government? The same one you do with private advertisers, so that the government would know which emails are using which words.
Lawyer: Thank you, sir. I meant by that, that it isn't the same deal that's being suggested there.
Gohmert: But I'm asking specifically if the same type of deal could be made by the federal government? [some pointless rant about US government videos aired overseas that is completely irrelevant and which it wasn't worth transcribing] But if that same government will spend tens of thousands to do a commercial, they might, under some hare-brained idea like to do a deal to get all the email addresses that use certain words. Couldn't they make that same kind of deal that private advertisers do?
For the record, I think there are real privacy concerns with Gmail's ads, but not the dumbass ones that Gohmert is worried about. Also for the record, Gohmert believes that a trans-Alaskan pipeline will help caribou get more sex; denies climate change; and thinks that school shootings can be averted by giving school principals M-4 rifles.
Rep. Gohmert's Record For Stunning Technological Ignorance Is Broken By... Rep. Gohmert
Cory Doctorow at 11:42 am • •
Further to Xeni's post from yesterday about the landmark ruling by a San Francisco district court judge that the FBI may not issue "national security letters" (NSLs), the Electronic Frontier Foundation, who fought the case, has posted a good explanation about what NSLs are and why they were so creepy:
The controversial NSL provisions EFF challenged on behalf of the unnamed client allow the FBI to issue administrative letters -- on its own authority and without court approval -- to telecommunications companies demanding information about their customers. The controversial provisions also permit the FBI to permanently gag service providers from revealing anything about the NSLs, including the fact that a demand was made, which prevents providers from notifying either their customers or the public. The limited judicial review provisions essentially write the courts out of the process.
In today's ruling, the court held that the gag order provisions of the statute violate the First Amendment and that the review procedures violate separation of powers. Because those provisions were not separable from the rest of the statute, the court declared the entire statute unconstitutional. In addressing the concerns of the service provider, the court noted: "Petitioner was adamant about its desire to speak publicly about the fact that it received the NSL at issue to further inform the ongoing public debate."
"The First Amendment prevents the government from silencing people and stopping them from criticizing its use of executive surveillance power," said EFF Legal Director Cindy Cohn. "The NSL statute has long been a concern of many Americans, and this small step should help restore balance between liberty and security."
I am so proud of my friends at EFF this morning. Go team!
National Security Letters Are Unconstitutional, Federal Judge Rules
Cory Doctorow at 8:39 am • •
Nate Anderson's long Ars Technica piece on RATters -- men who use "Remote Administration Tools" to spy on others, mostly women, via their laptop cameras, and to plunder their computers for files and passwords -- is a must-read. Anderson lays out the way that online communities like Hack Forums provide expertise, tools, and, most importantly, validation for the men who participate in this "game." Anderson explains the power of software like DarkComet, which allows for near-total control of compromised computers (everything from opening the CD trays to disabling the Start menu in Windows); the dehumanizing language used by Ratters (they call their victims "slaves"); and the way that these tools have found their way into the arsenals of totalitarian governments, like the Assad regime in Syria, which used these tools to spy on rebels.
For many ratters, though, the spying remains little more than a game. It might be an odd hobby, but it's apparently no big deal to invade someone's machine, rifle through the personal files, and watch them silently from behind their own screens. "Most of my slaves are boring," wrote one aspiring ratter. "Wish I could get some more girls with webcams. It makes it more exciting when you can literally spy on someone. Even if they aren't getting undressed!"
One poster said he had already archived 200GB of webcam material from his slaves. "Mostly I pick up the best bits (funny parts, the 'good' [sexual] stuff) and categorize them (name, address, passwords etc.), just for funsake," he wrote. "For me I don't have the feeling of doing something perverted, it's more or less a game, cat and mouse game, with all the bonuses included. The weirdest thing is, when I see the person you've been spying on in real life, I've had that a couple of times, it just makes me giggle, especially if it's someone with an uber-weird-nasty habit."
By finding their way to forums filled with other ratters, these men—and they appear to be almost exclusively men—gain community validation for their actions. "lol I have some good news for u guys we will all die sometime, really glad to know that there are other people like me who do this shit," one poster wrote. "Always thought it was some kind of wierd sick fetish because i enjoy messing with my girl slaves."
Everything we do today involves computers and everything we do tomorrow will require computers. It's imperative that computers be designed to reveal themselves to their users and owners -- every program and process accessible to users and owners by design. But we continue to erode this fundamental through bans on jailbreaking and unlocking, and through the governmental trade in "zero-day" exploits intended for use in so-called cyberwar.
Meet the men who spy on women through their webcams [Nate Anderson/Ars Technica]
Cory Doctorow at 12:00 pm • •
The Electronic Communications Privacy Act (ECPA) of 1986 is an ancient law that governs the privacy of the files you keep on servers, including your webmail and other private stuff. The 1986 law assumes that any file left on a server for more than six months is abandoned, and gives law enforcement the power to retrieve it without a warrant. Many attempts have been made to update this, but the nation's law enforcement apparatus always kicks up a huge fuss when anyone proposes closing this glaring loophole.
Now there's a new, bipartisan bill from Representatives Zoe Lofgren (D-Calif.), Ted Poe (R-Texas) and Suzan DelBene (D-Wash.) that will update electronic privacy law for the bold world of the 1990s (at least!). The Electronic Frontier Foundation's Rainey Reitman has more:
We’re pleased to see Representatives Lofgren, Poe, and DelBene take up this crucial issue, but the current draft isn’t a perfect solution to all ECPA woes. For example, the bill has room for improvement on the issue of evidence suppression for email content collected without a warrant. We hope this already promising bill can be further improved through amendments.
By introducing this reform bill, the 113th Congress has an opportunity to enact powerful protections for everyday Internet users – which would be particularly appreciated, since all too often Congress uses its power to try to undermine our digital civil liberties.
If you agree that the government shouldn’t be snooping through inboxes without a warrant, then please sign our petition, which will automatically send an email to Congress demanding they reform ECPA.
New Bill Would Ensure Law Enforcement Gets a Warrant Before Reading Email
Cory Doctorow at 9:22 am • •
An en banc (all the 11/20 judges together) decision from the 9th Circuit has affirmed that you have the right to expect that your laptop and other devices will not be forensically examined without suspicion at the US border. It's the first time that a US court has upheld electronic privacy rights at the border, and the court also said that using an encrypted device that can't be casually searched is not grounds for suspicion. The judges also note that the prevalence of cloud computing means that searching at the border gives cops access to servers located all over the world. At TechDirt, Mike Masnick has some great analysis of this welcome turn of events:
The ruling is pretty careful to strike the right balance on the issues. It notes that a cursory review at the border is reasonable:
Officer Alvarado turned on the devices and opened and viewed image files while the Cottermans waited to enter the country. It was, in principle, akin to the search in Seljan, where we concluded that a suspicionless cursory scan of a package in international transit was not unreasonable.
But going deeper raises more questions. Looking stuff over, no problem. Performing a forensic analysis? That goes too far and triggers the 4th Amendment. They note that the location of the search is meaningless to this analysis (the actual search happened 170 miles inside the country after the laptop was sent by border agents to somewhere else for analysis). So it's still a border search, but that border search requires a 4th Amendment analysis, according to the court.
It is the comprehensive and intrusive nature of a forensic examination—not the location of the examination—that is the key factor triggering the requirement of reasonable suspicion here....
Notwithstanding a traveler’s diminished expectation of privacy at the border, the search is still measured against the Fourth Amendment’s reasonableness requirement, which considers the nature and scope of the search. Significantly, the Supreme Court has recognized that the “dignity and privacy interests of the person being searched” at the border will on occasion demand “some level of suspicion in the case of highly intrusive searches of the person.” Flores-Montano, 541 U.S. at 152. Likewise, the Court has explained that “some searches of property are so destructive,” “particularly offensive,” or overly intrusive in the manner in which they are carried out as to require particularized suspicion. Id. at 152, 154 n.2, 155–56; Montoya de Hernandez, 473 U.S. at 541. The Court has never defined the precise dimensions of a reasonable border search, instead pointing to the necessity of a case-by-case analysis....
The court is led by Chief Judge Alex Kozinski, who is a fan of my book Little Brother (which features a scene where DHS officials force a suspect to decrypt his devices, on the grounds that his encryption itself is suspicious), and was kind enough to write me a blurb for the new edition of the book. I'm not saying that Little Brother inspired Kozinski to issue this decision, but I'm delighted to discover that something I've been pushing through fiction since 2008 has made it into law in 2013.
Cory Doctorow at 4:35 am • •
Ken Macleod's amazing dystopian novel Intrusion is out in paperback today. Here's my review from last March:
Ken MacLeod's new novel Intrusion is a new kind of dystopian novel: a vision of a near future "benevolent dictatorship" run by Tony Blair-style technocrats who believe freedom isn't the right to choose, it's the right to have the government decide what you would choose, if only you knew what they knew.
Set in North London, Intrusion begins with the story of Hope, a mother who has become a pariah because she won't take "the fix," a pill that repairs known defects in a gestating fetus's genome. Hope has a "natural" toddler and is pregnant with her second, and England is in the midst of a transition from the fix being optional to being mandatory for anyone who doesn't have a "faith-based" objection. Hope's objection isn't based on religion, and she refuses to profess a belief she doesn't have, and so the net of social services and laws begins to close around her.
MacLeod widens the story from Hope, and her husband Hugh (a carpenter working with carbon-sequestering, self-forming "New Wood") who has moved to London from an independent Scotland, and whose childhood hides a series of vivid hallucinations of ancient people from the Ice Age-locked past. Soon we're learning about the bioscientists who toil to improve the world's genomes, the academics who study their work, the refuseniks who defy the system in small and large ways, and the Naxals, city-burning wreckers who would obliterate all of society. The Naxals, along with a newly belligerent India and Russia, are a ready-made excuse for a war-on-terror style crackdown on every corner of human activity that includes ubiquitous CCTV, algorithmic behavior monitors, and drones in every corner of the sky.
With Intrusion, MacLeod pays homage to Orwell, showing us how a society besotted with paternalistic, Cass Sunstein-style "nudging" of behavior can come to the same torturing, authoritarian totalitarianism of brutal Stalinism. MacLeod himself is a Marxist who is lauded by libertarians, and his unique perspective, combined with a flair for storytelling, yields up a haunting, gripping story of resistance, terror, and an all-consuming state that commits its atrocities with the best of intentions.
