Understanding #DRIP: new spy powers being rammed through UK Parliament


The party line from MPs who are being told by their parties to vote in mass-scale, warrantless surveillance powers is that the law doesn't change anything -- it's a lie.

Read the rest

If you read Boing Boing, the NSA considers you a target for deep surveillance

The NSA says it only banks the communications of “targeted” individuals. Guess what? If you follow a search-engine link to Boing Boing’s articles about Tor and Tails, you’ve been targeted. Cory Doctorow digs into Xkeyscore and the NSA’s deep packet inspection rules.

Read the rest

Seven things you should know about Tor

Tor (The Onion Router) is a military-grade, secure tool for increasing the privacy and anonymity of your communications; but it's been the subject of plenty of fear, uncertainty and doubt.

The Electronic Frontier Foundation's 7 Things You Should Know About Tor debunks some of the most common myths about the service (which even the NSA can't break) and raises some important points about Tor's limitations.

7 Things You Should Know About Tor [Cooper Quintin/EFF]

UK cinemas ban Google Glass from screenings


UK cinema exhibitors -- which already makes a practice of recklessly confiscating mobile phones full of sensitive, unprotected data during preview screenings -- have announced that it will not allow Google Glass wearers into cinemas, lest they commit an act of piracy (Glass has a 45 minute battery life when in recording mode).

Read the rest

Blackphone: a privacy-conscious phone that actually works


The Blackphone is a secure mobile phone whose operating system is based on Android, designed to minimize the amount of data you leak as you move through the world through a combination of encryption and systems design that takes your privacy as its first priority.

Read the rest

Bust card: Constitutionally protected smartphone edition

Now that the Supreme Court has ruled that warrantless smartphone searches are unconstitutional, here's a bust-card for you to print, carry, and commit to memory so that you'll have it to hand when John Law wants to muscle his way into your mobile life.

Read the rest

Nominate for the EFF Pioneer Award

The Electronic Frontier Foundation has opened the nominations for the 2014 Pioneer Award, which celebrates people who have contributed substantially to the health, growth, accessibility, or freedom of computer-based communications. Anyone can nominate, and the winners will be chosen by an independent and august jury. I am enduringly proud to have received the Pioneer Award, along with such luminaries as Limor "Lady Ada" Fried, Bruce Shneier, Bunnie Huang and Aaron Swartz.

NSA helps foreign governments conduct mass surveillance at home


A new release of Snowden's leaked NSA docs detail RAMPART-A, through which the NSA gives foreign governments the ability to conduct mass surveillance against their own populations in exchange for NSA access to their communications. RAMPART-A, is spread across 13 sites, accesses three terabytes/second from 70 cables and networks. It cost US taxpayers $170M between 2011 and 2013, allocated through the NSA's "black budget."

The NSA makes its foreign partners promise not to spy on the USA using its equipment and in return, agrees not to spy on its partners' populations (with "exceptions"). However, as was documented in Glenn Greenwald's indispensable No Place to Hide, the NSA has a simple trick for circumventing any promises not to spy on its partners' populations.

"No Place to Hide" revealed a list of 33 "third party" countries that assist the NSA in conducting mass surveillance, including Saudi Arabia, Israel, Singapore, Ethiopia, and 15 EU member states. These countries do not allow the NSA to spy on their own countries, but the NSA exploits a loophole to conduct this surveillance anyway: it will strike an agreement with Country A, on one end of a high-speed cable not to spy on it population, and with Country B, on the other end of the cable, not to spy on its population, but will conduct mass surveillance of Country A's communications from Country B and vice-versa.

How Secret Partners Expand NSA’s Surveillance Dragnet [Ryan Gallagher/The Intercept]

GCHQ claims right to do warrantless mass interception of all webmail, search and social media


The UK spy agency GCHQ says it doesn't need a warrant to intercept and store all UK social media traffic, search history and webmail because it is headed offshore, so it's "foreign communications". It had kept this interpretation of English and Welsh law a secret until now, and only revealed it after a protracted legal battle with the excellent people at Privacy International and six other civil liberties groups, including Amnesty International, and ACLU.

Read the rest

IRS won't fix database of nonprofits, so it goes dark


Rogue archivist Carl Malamud writes, "Due to inaction by the Internal Revenue Service and the U.S. Congress, Public.Resource.Org has been forced to terminate access to 7,634,050 filings of nonprofit organizations. The problem is that we have been fixing the database, providing better access mechanisms and finding and redacting huge numbers of Social Security Numbers. Our peers such as GuideStar are also fixing their copies of the database."

Read the rest

Erotic fiction written by a privacy-conscious author


Mallory Ortberg (who created the excellent Squicked out alien describes human sex story) has done it again with Erotica Written By Someone With An Appropriate Sense of Privacy.

Read the rest

Canadian Supreme Court's landmark privacy ruling

The Supreme Court of Canada's ruling in R. v. Spencer sets an amazing precedent for privacy that not only reforms the worst practices of Canadian ISPs and telcos; it also annihilates the Tories' plans to weaken Canadian privacy law into insignificance. The Supremes unanimously held that the longstanding practice of carriers voluntarily handing over subscriber data to cops and government agencies without a warrant was unconstitutional.

The court's decision, written by Harper appointed Justice Thomas Cromwell, takes a nuanced view of privacy, and upholds the importance of anonymity as part of the protected right to privacy.

The Harper government is currently pushing two surveillance bills, C-13 and S-4, which would radically expand the practice of "voluntary" disclosure of subscriber data without a warrant. As Michael Geist writes in an excellent explainer, these bills are almost certainly unconstitutional under this ruling and are likely to die or be substantially reformed.

Read the rest

Apple adds privacy-protecting MAC spoofing (when Aaron Swartz did it, it was evidence of criminality)

Apple has announced that it will spoof the MAC addresses emitted by its wireless devices as an anti-tracking measure, a change that, while welcome, is "an umbrella in a hurricane" according to a good technical explainer by the Electronic Frontier Foundation's Jeremy Gillula and Seth Schoen.

Read the rest

US appeals court rules a warrant is required for cell phone location tracking

logo25

Big news in the fight for security and privacy in the US: the 11th Circuit Court of Appeals this week ruled that a warrant is required for cell phone location tracking.

Read the rest

Time-capsule crypto to help journalists protect their sources


Jonathan Zittrain writes, "I published an op-ed in the Boston Globe today musing on the prospects for 'time capsule encryption,' one of several ways of storing information that renders it inaccessible to anyone until certain conditions -- such as the passage of time -- are met. I could see libraries and archives offering such technology as part of accepting papers and manuscripts, especially in the wake of the "Belfast Project" situation, where a library promised confidentiality for accounts of the Troubles in North Ireland, and then found itself amidst subpoenas from law enforcement looking to solve long-cold cases. But the principle could apply to any person or company thinking that there's a choice between leaving information exposed to leakage, or destroying it entirely."

I'm less enthusiastic about this than Jonathan is. I think calibrating the strength of your time-capsule is very hard. If the NSA might be an order of magnitude faster than the rest of us at brute-force cryptanalysis, that means you need to make your 10-year capsule strong enough to last for 100 years just to be on the safe side. Same goes for proof-of-work.

Read the rest