Warrantless spying makes spying-with-a-warrant impossible

Tim Bray's taxonomy of privacy levels makes a compact and compelling argument that the existence of warrantless spying and security sabotage is what drives people to adopt cryptographic techniques that can't be broken even with a warrant. Cory 1

Greenwald's "No Place to Hide": a compelling, vital narrative about official criminality

Cory Doctorow reviews Glenn Greenwald’s long-awaited No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State. More than a summary of the Snowden leaks, it’s a compelling narrative that puts the most explosive revelations about official criminality into vital context.

Read the rest

Privacy vs network effects


Respected cryptographer and security researcher Ross Anderson has a fascinating new paper, Privacy versus government surveillance: where network effects meet public choice [PDF], which explores the "privacy economics" of mass surveillance, pointing out the largely overlooked impact of "network effects" on the reality of who spies, who is spied upon, and under what circumstances.

My first big point is that all the three factors which lead to monopoly – network effects, low marginal costs and technical lock-in – are present and growing in the national-intelligence nexus itself. The Snowden papers show that neutrals like Sweden and India are heavily involved in information sharing with the NSA, even though they have tried for years to pretend otherwise. A non-aligned country such as India used to be happy to buy warplanes from Russia; nowadays it still does, but it shares intelligence with the NSA rather then the FSB. If you have a choice of joining a big spy network like America's or a small one like Russia's then it's like choosing whether to write software for the PC or the Mac back in the 1990s. It may be partly an ideological choice, but the economics can often be stronger than the ideology.

Second, modern warfare, like the software industry, has seen the bulk of its costs turn from variable costs into fixed costs. In medieval times, warfare was almost entirely a matter of manpower, and society was organised appropriately; as well as rent or produce, tenants owed their feudal lord forty days’ service in peacetime, and sixty days during a war. Barons held their land from the king in return for an oath of fealty, and a duty to provide a certain size of force on demand; priests and scholars paid a tax in lieu of service, so that a mercenary could be hired in their place. But advancing technology brought steady industrialisation. When the UK and the USA attacked Germany in 1944, we did not send millions of men to Europe, as in the first world war, but a combat force of a couple of hundred thousand troops – though with thousands of tanks and backed by larger numbers of men in support roles in tens of thousands of aircraft and ships. Nowadays the transition from labour to capital has gone still further: to kill a foreign leader, we could get a drone fire a missile that costs $30,000. But that's backed by colossal investment – the firms whose data are tapped by PRISM have a combined market capitalisation of over $1 trillion.

Third is the technical lock-in, which operates at a number of levels. First, there are lock-in effects in the underlying industries, where (for example) Cisco dominates the router market: those countries that have tried to build US-free information infrastructures (China) or even just government information infrastructures (Russia, Germany) find it’s expensive. China went to the trouble of sponsoring an indigenous vendor, Huawei, but it’s unclear how much separation that buys them because of the common code shared by router vendors: a vulnerability discovered in one firm’s products may affect another. Thus the UK government lets BT buy Huawei routers for all but its network’s most sensitive parts (the backbone and the lawful-intercept functions). Second, technical lock-in affects the equipment used by the intelligence agencies themselves, and is in fact promoted by the agencies via ETSI standards for functions such as lawful intercept.

Just as these three factors led to the IBM network dominating the mainframe age, the Intel/Microsoft network dominating the PC age, and Facebook dominating the social networking scene, so they push strongly towards global surveillance becoming a single connected ecosystem.

Privacy versus government surveillance: where network effects meet public choice (via Schneier)

(Image: Friendwheel, Steve Jurvetson, CC-BY)

The Internet With a Human Face: Maciej Cegłowski on the things we need to fix


Maciej Cegłowski's latest talk, The Internet With A Human Face, is a perfect companion to both his Our Comrade the Electron and Peter Watts's Scorched Earth Society: A Suicide Bomber's Guide to Online Privacy: a narrative that explains how the Internet of liberation became the Internet of inhuman and total surveillance. Increasingly, I'm heartened by the people who understand that the right debate to have is "How do we make the Internet a better place for human habitation?" and not "Is the Internet good or bad for us?" I'm also heartened to see the growth of the view that aggregated personal data is a kind of immortal toxic waste and that the best way to prevent spills is to not collect it in the first place.

Read the rest

You Are Not a Digital Native: on the publication of the Homeland paperback, a letter to kids

The US paperback of my novel Homeland comes out today, and I've written an open letter to teenagers for Tor.com to celebrate it: You Are Not a Digital Native. I used the opportunity to draw a connection between kids being told that as "digital natives," everything they do embodies some mystical truth about what the Internet is for, and the way that surveillance companies like Facebook suck up their personal data by the truckload and excuse themselves by saying "digital natives" have demonstrated that privacy is dead.

As researchers like danah boyd have pointed out, a much more plausible explanation for teens' privacy disclosures is that they're making mistakes, because they're teenagers, and teenagers learn to be adults by making (and learning from) mistakes. I finish the piece with a list of tools that teens can use to have a more private, more fulfilling online social life.

They say that the Holy Roman Emperor Frederick II ordered a group of children to be raised without any human interaction so that he could observe their “natural” behavior, untainted by human culture, and find out the true, deep nature of the human animal.

If you were born around the turn of the 21st century, you’ve probably had to endure someone calling you a “digital native” at least once. At first, this kind of sounds like a good thing to be—raised without the taint of the offline world, and so imbued with a kind of mystic sixth sense about how the Internet should be.

But children aren’t mystic innocents. They’re young people, learning how to be adult people, and they learn how to be adults the way all humans learn: by making mistakes. All humans screw up, but kids have an excuse: they haven’t yet learned the lessons the screw-ups can impart. If you want to double your success rate, you have to triple your failure rate.

The problem with being a “digital native” is that it transforms all of your screw-ups into revealed deep truths about how humans are supposed to use the Internet. So if you make mistakes with your Internet privacy, not only do the companies who set the stage for those mistakes (and profited from them) get off Scot-free, but everyone else who raises privacy concerns is dismissed out of hand. After all, if the “digital natives” supposedly don’t care about their privacy, then anyone who does is a laughable, dinosauric idiot, who isn’t Down With the Kids.

You Are Not a Digital Native: Privacy in the Age of the Internet

Peter Watts's The Scorched Earth Society: A Suicide Bomber's Guide to Online Privacy


Science fiction writer and biologist Peter Watts gave a spectacular talk to the Symposium of the International Association of Privacy Professional, called The Scorched Earth Society: A Suicide Bomber's Guide to Online Privacy (PDF); Watts draws on his two disciplines to produce a stirring, darkly comic picture of the psychological toll of the surveillance society.

Watts is the writer who was beaten, maced, and convicted of a felony for asking a US border guard why he'd walked up behind his rental car and opened his trunk without any discussion or notice. His take on surveillance and its relationship to control, authoritarianism and corruption is both sharp-edged and nuanced. And his proposal for a remedy is provocative and difficult to argue with. I only wish I'd been in the room to give the talk, as he's a remarkable and acerbic storyteller.

Read the rest

Must-see: Michael Geist on the state of surveillance in Canada

Here's a riveting talk by Michael Geist on the state of Canadian surveillance. Geist broke the story that Canadian telcos hand over personal information to government agencies every 27 seconds, without a warrant. Canada is one of the "Five Eyes" countries that participated in the NSA's surveillance build-out, and the Canadian government is once again considering a massive expansion of warrantless surveillance powers for police, government agencies, and even private companies working for the government.

Visualizing inspiring quotes about privacy


Kevin writes, "With the Privacy is a right project I try to visualize the global privacy debate by using quotes on the subject and turn them into large (in real life) visuals. I started out with key figures in this debate (such as Edward Snowden, Kirsty Hughes and even Cory Doctorow) but now everyone can react and share their view on the subject by submitting a quote on the site. Any inspiring quote will then be turned into art by me. Some of the visuals will be part of my graduation exposition (25th - 29th of June) for the Willem de Kooning Rotterdam University of Applied Sciences in Rotterdam, the Netherlands."

Read the rest

Edward Snowden hosted a cryptoparty and ran a Tor exit node

Before Edward Snowden went on the run and effected the first-ever leak of documents from the NSA, he threw a cryptoparty in Hawai'i, coordinating with Runa Sandvik from the Tor Project and Asher Wolf from the Cryptoparty movement to plan an event where everyday people were taught to use crypto. He gave a lecture for his neighbors on Truecrypt, and told people that he ran at least two Tor exist nodes to help people keep their anonymous traffic moving (Boing Boing also runs a Tor exit node). Apparently, his girlfriend videoed the event -- I'd love to see it!

Snowden used the Cincinnatus name to organize the event, which he announced on the Crypto Party wiki, and through the Hi Capacity hacker collective, which hosted the gathering. Hi Capacity is a small hacker club that holds workshops on everything from the basics of soldering to using a 3D printer.

“I’ll start with a casual agenda, but slot in additional speakers as desired,” write Cincinnatus in the announcement. “If you’ve got something important to add to someone’s talk, please share it (politely). When we’re out of speakers, we’ll do ad-hoc tutorials on anything we can.”

When the day came, Sandvik found her own way to the venue: an art space on Oahu in the back of a furniture store called Fishcake. It was filled to its tiny capacity with a mostly male audience of about 20 attendees. Snowden spotted her when she walked in and introduced himself and his then-girlfriend, Lindsay Mills, who was filming the event. “He was just very nice, and he came to the door and introduced himself and talked about how the event was going to run,” Sandvik says.

They chatted for a bit. Sandvik asked Snowden where he worked, and after hemming and hawing, he finally said he worked for Dell. He didn’t let on that his work for Dell was under an NSA contract, but Sandvik could tell he was hiding something. “I got the sense that he didn’t like me prying too much, and he was happy to say Dell and move on,” she says.

Sandvik began by giving her usual Tor presentation, then Snowden stood in front of the white board and gave a 30- to 40-minute introduction to TrueCrypt, an open-source full disk encryption tool. He walked through the steps to encrypt a hard drive or a USB stick. “Then we did an impromptu joint presentation on how to set up and run a Tor relay,” Sandvik says. “He was definitely a really, really smart guy. There was nothing about Tor that he didn’t already know.”

Snowden’s First Move Against the NSA Was a Party in Hawaii [Kevin Poulsen/Wired]

(Image: a downsized thumbnail of a photo by Bart Gellman/Getty)

Science fiction and the law: free speech, censorship, privacy and surveillance


In Do Androids Dream of Electric Free Speech? Visions of the Future of Copyright, Privacy, and the First Amendment in Science Fiction , a paper from Communicaton Law and Policy by Texas Christian University's Daxton "Chip" Stewart, we're treated to a wide-ranging overview of the free speech, copyright, privacy and surveillance legal issues raised in science fiction from Frankenstein to my own books. Stewart's paper insightfully weaves together everyone from Ernest Cline to Isaac Asimov and closely analyzes the way that science fictional thought-experiments can inform legal discussions, in a fashion reminiscent of the excellent Law of Superheros.

Read the rest

NSA sabotaged exported US-made routers with backdoors

The NSA systematically sabotaged US-made network routers as they were exported, equipping them with secret backdoors, according to Edward Snowden leaks newly released by Glenn Greenward in the Guardian. The devices were tampered with prior to leaving the USA and resealed with factory seals. Ironically, this is exactly what grandstanding US politicians have been accusing the Chinese government and Huawei of doing for years. Takes one to know one? Or just honi soit qui mal y pense?

Read the rest

You are a Gmail user


For years, Benjamin Mako Hill has paid to host his own mail, as a measure to enhance his privacy and independence from big companies. But a bit of clever analysis of his stored mail reveals that despite this expense and effort, he is a Gmail user, because so many of his correspondents are Gmail users and store copies of his messages with Google. And thanks to an archaic US law, any message left on Gmail for more than six months can be requested by police without a warrant, as it is considered "abandoned."

Mako has posted the script he used to calculate how much of his correspondence ends up in Google's hands.

I host my own mail, too. I'm really looking forward to Mailpile, which should make this process a lot easier, and also make keeping all my mail encrypted simpler. Knowing that Google has a copy of my correspondence is a lot less worrisome if they can't read it (though it's still not an ideal situation).

Read the rest

Tor: network security for domestic abuse survivors


Michael from Beta Boston writes, "The privacy protections offered by tools like Tor aren't just for journalists and spies; they're important for everyone. Almost every modern abusive relationship has a digital component, from cyberstalking to hacking phones, emails, and social media accounts, but women's shelters increasingly have found themselves on the defensive, ill-equipped to manage and protect their clients from increasingly sophisticated threats. Recently the Tor Project stepped in to help change that, and we took a long look at the work cut out for them."

This is an important point: when you make it so that no one can keep secrets from the state and its enforcement arm, you also make it so that no one can keep secrets from crooks, thugs, stalkers, and every other kind of bad guy.

Read the rest

EFF on the White House's Big Data report: what about privacy and surveillance?

Last week, I wrote about danah boyd's analysis of the White House's Big Data report [PDF]. Now, the Electronic Frontier Foundation has added its analysis to the discussion. EFF finds much to like about the report, but raises two very important points:

* The report assumes that you won't be able to opt out of leaving behind personal information and implicitly dismisses the value of privacy tools like ad blockers, Do Not Track, Tor, etc

* The report is strangely silent on the relationship between Big Data and mass surveillance, except to the extent that it equates whistleblowers like Chelsea Manning and Edward Snowden with the Fort Hood shooter, lumping them all in as "internal threats"

Read the rest

How to Talk to Your Children About Mass Surveillance


In my latest Locus column, How to Talk to Your Children About Mass Surveillance, I tell the story of how I explained the Snowden leaks to my six-year-old, and the surprising interest and comprehension she showed during our talk and afterwards. Kids, it seems, intuitively understand what it's like to be constantly monitored by unaccountable, self-appointed authority figures!

Read the rest