2600's Emmanuel Goldstein writes, "This summer's HOPE X conference has added another major whistleblower to its schedule: Thomas Drake, who was charged under the Espionage Act in 2010 after revealing waste, fraud, and abuse at the NSA. The government would later drop these charges, after ruining Drake's career and dragging his name through the mud. Drake was one of the opponents of the NSA's Trailblazer program in 2002, which wound up costing billions of taxpayer dollars and would have been a huge violation of privacy, had it not been cancelled in 2006. It wouldn't be the last such program, and Drake wouldn't be the last whistleblower. HOPE X takes place July 18-20 at the Hotel Pennsylvania in New York City. More info at xxx.xxxxxxxxxxxxxxxxxx.xxx or x.hope.net."
Libby writes, "Today the Free Software Foundation is releasing Email Self-Defense, a guide to personal email encryption to help everyone, including beginners, make the NSA's job a little harder. We're releasing it as part of Reset the Net, a global day of action to push back against the surveillance-industrial complex. The guide will get you encrypting your emails in under 30 minutes, and takes you all the way through sending and receiving your first encrypted email."
Google has announced support for end-to-end encryption with Gmail, a major step for privacy and a major blow against mass surveillance. Gmail users who install free and open Chrome plugin will be able to send and receive messages that can only be read by people who have their intended recipients' passphrase, and not Google -- meaning that even if the NSA legally or covertly taps into Google's data-centers, they won't be able to read mail that's encrypted with the End-to-End plugin.
This is marvellous news. There is already support for Gnu Privacy Guard (GPG) and Pretty Good Privacy (PGP) in Gmail, through Firefox plugin or Chrome plugin, but long experience has shown that many people are confused by PGP/GPG in its current state.
What's more, Google has explicitly tied this to the Reset the Net campaign (in which Boing Boing is a partner), a global day commemorating the Snowden leaks and calling for an Internet that is made strong and secure from mass spying.
Read the rest
Read the rest
Read the rest
Here's a reading (MP3) of a my latest Locus column, How to Talk to Your Children About Mass Surveillance, in which I describe the way that I've explained the Snowden affair to my six-year-old:
Read the rest
Josh from the ACLU writes, "To mark this Thursday's one-year anniversary of the first NSA revelation from Edward Snowden, we've made a very cool video showing what's happened so far (and yes that is Snowden's voice at the end). You've not seen an NSA video like this before. We've also created a guide (PDF) to what we think needs to be done for surveillance reform by Congress, the president, the courts, and tech companies."
Smári "Mailpile" McCarthy's lecture Engineering Our Way Out of Fascism sets out a set of technical, legal and social interventions we can undertake to make mass surveillance impossible, starting with this: "The goal of those interested in protecting human rights should be to raise the average cost of surveillance to $10.000 per person per day within the next five years."
Read the rest
Read the rest
Cory Doctorow reviews Glenn Greenwald’s long-awaited No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State. More than a summary of the Snowden leaks, it’s a compelling narrative that puts the most explosive revelations about official criminality into vital context.Read the rest
Respected cryptographer and security researcher Ross Anderson has a fascinating new paper, Privacy versus government surveillance: where network effects meet public choice [PDF], which explores the "privacy economics" of mass surveillance, pointing out the largely overlooked impact of "network effects" on the reality of who spies, who is spied upon, and under what circumstances.
My first big point is that all the three factors which lead to monopoly – network effects, low marginal costs and technical lock-in – are present and growing in the national-intelligence nexus itself. The Snowden papers show that neutrals like Sweden and India are heavily involved in information sharing with the NSA, even though they have tried for years to pretend otherwise. A non-aligned country such as India used to be happy to buy warplanes from Russia; nowadays it still does, but it shares intelligence with the NSA rather then the FSB. If you have a choice of joining a big spy network like America's or a small one like Russia's then it's like choosing whether to write software for the PC or the Mac back in the 1990s. It may be partly an ideological choice, but the economics can often be stronger than the ideology.
Second, modern warfare, like the software industry, has seen the bulk of its costs turn from variable costs into fixed costs. In medieval times, warfare was almost entirely a matter of manpower, and society was organised appropriately; as well as rent or produce, tenants owed their feudal lord forty days’ service in peacetime, and sixty days during a war. Barons held their land from the king in return for an oath of fealty, and a duty to provide a certain size of force on demand; priests and scholars paid a tax in lieu of service, so that a mercenary could be hired in their place. But advancing technology brought steady industrialisation. When the UK and the USA attacked Germany in 1944, we did not send millions of men to Europe, as in the first world war, but a combat force of a couple of hundred thousand troops – though with thousands of tanks and backed by larger numbers of men in support roles in tens of thousands of aircraft and ships. Nowadays the transition from labour to capital has gone still further: to kill a foreign leader, we could get a drone fire a missile that costs $30,000. But that's backed by colossal investment – the firms whose data are tapped by PRISM have a combined market capitalisation of over $1 trillion.
Third is the technical lock-in, which operates at a number of levels. First, there are lock-in effects in the underlying industries, where (for example) Cisco dominates the router market: those countries that have tried to build US-free information infrastructures (China) or even just government information infrastructures (Russia, Germany) find it’s expensive. China went to the trouble of sponsoring an indigenous vendor, Huawei, but it’s unclear how much separation that buys them because of the common code shared by router vendors: a vulnerability discovered in one firm’s products may affect another. Thus the UK government lets BT buy Huawei routers for all but its network’s most sensitive parts (the backbone and the lawful-intercept functions). Second, technical lock-in affects the equipment used by the intelligence agencies themselves, and is in fact promoted by the agencies via ETSI standards for functions such as lawful intercept.
Just as these three factors led to the IBM network dominating the mainframe age, the Intel/Microsoft network dominating the PC age, and Facebook dominating the social networking scene, so they push strongly towards global surveillance becoming a single connected ecosystem.
(Image: Friendwheel, Steve Jurvetson, CC-BY)
Read the rest
Maciej Cegłowski's latest talk, The Internet With A Human Face, is a perfect companion to both his Our Comrade the Electron and Peter Watts's Scorched Earth Society: A Suicide Bomber's Guide to Online Privacy: a narrative that explains how the Internet of liberation became the Internet of inhuman and total surveillance. Increasingly, I'm heartened by the people who understand that the right debate to have is "How do we make the Internet a better place for human habitation?" and not "Is the Internet good or bad for us?" I'm also heartened to see the growth of the view that aggregated personal data is a kind of immortal toxic waste and that the best way to prevent spills is to not collect it in the first place.
Read the rest
The US paperback of my novel Homeland comes out today, and I've written an open letter to teenagers for Tor.com to celebrate it: You Are Not a Digital Native. I used the opportunity to draw a connection between kids being told that as "digital natives," everything they do embodies some mystical truth about what the Internet is for, and the way that surveillance companies like Facebook suck up their personal data by the truckload and excuse themselves by saying "digital natives" have demonstrated that privacy is dead.
As researchers like danah boyd have pointed out, a much more plausible explanation for teens' privacy disclosures is that they're making mistakes, because they're teenagers, and teenagers learn to be adults by making (and learning from) mistakes. I finish the piece with a list of tools that teens can use to have a more private, more fulfilling online social life.
They say that the Holy Roman Emperor Frederick II ordered a group of children to be raised without any human interaction so that he could observe their “natural” behavior, untainted by human culture, and find out the true, deep nature of the human animal.
If you were born around the turn of the 21st century, you’ve probably had to endure someone calling you a “digital native” at least once. At first, this kind of sounds like a good thing to be—raised without the taint of the offline world, and so imbued with a kind of mystic sixth sense about how the Internet should be.
But children aren’t mystic innocents. They’re young people, learning how to be adult people, and they learn how to be adults the way all humans learn: by making mistakes. All humans screw up, but kids have an excuse: they haven’t yet learned the lessons the screw-ups can impart. If you want to double your success rate, you have to triple your failure rate.
The problem with being a “digital native” is that it transforms all of your screw-ups into revealed deep truths about how humans are supposed to use the Internet. So if you make mistakes with your Internet privacy, not only do the companies who set the stage for those mistakes (and profited from them) get off Scot-free, but everyone else who raises privacy concerns is dismissed out of hand. After all, if the “digital natives” supposedly don’t care about their privacy, then anyone who does is a laughable, dinosauric idiot, who isn’t Down With the Kids.
Science fiction writer and biologist Peter Watts gave a spectacular talk to the Symposium of the International Association of Privacy Professional, called The Scorched Earth Society: A Suicide Bomber's Guide to Online Privacy (PDF); Watts draws on his two disciplines to produce a stirring, darkly comic picture of the psychological toll of the surveillance society.
Watts is the writer who was beaten, maced, and convicted of a felony for asking a US border guard why he'd walked up behind his rental car and opened his trunk without any discussion or notice. His take on surveillance and its relationship to control, authoritarianism and corruption is both sharp-edged and nuanced. And his proposal for a remedy is provocative and difficult to argue with. I only wish I'd been in the room to give the talk, as he's a remarkable and acerbic storyteller.
Read the rest
Here's a riveting talk by Michael Geist on the state of Canadian surveillance. Geist broke the story that Canadian telcos hand over personal information to government agencies every 27 seconds, without a warrant. Canada is one of the "Five Eyes" countries that participated in the NSA's surveillance build-out, and the Canadian government is once again considering a massive expansion of warrantless surveillance powers for police, government agencies, and even private companies working for the government.
Kevin writes, "With the Privacy is a right project I try to visualize the global privacy debate by using quotes on the subject and turn them into large (in real life) visuals. I started out with key figures in this debate (such as Edward Snowden, Kirsty Hughes and even Cory Doctorow) but now everyone can react and share their view on the subject by submitting a quote on the site. Any inspiring quote will then be turned into art by me. Some of the visuals will be part of my graduation exposition (25th - 29th of June) for the Willem de Kooning Rotterdam University of Applied Sciences in Rotterdam, the Netherlands."
Before Edward Snowden went on the run and effected the first-ever leak of documents from the NSA, he threw a cryptoparty in Hawai'i, coordinating with Runa Sandvik from the Tor Project and Asher Wolf from the Cryptoparty movement to plan an event where everyday people were taught to use crypto. He gave a lecture for his neighbors on Truecrypt, and told people that he ran at least two Tor exist nodes to help people keep their anonymous traffic moving (Boing Boing also runs a Tor exit node). Apparently, his girlfriend videoed the event -- I'd love to see it!
Snowden used the Cincinnatus name to organize the event, which he announced on the Crypto Party wiki, and through the Hi Capacity hacker collective, which hosted the gathering. Hi Capacity is a small hacker club that holds workshops on everything from the basics of soldering to using a 3D printer.
“I’ll start with a casual agenda, but slot in additional speakers as desired,” write Cincinnatus in the announcement. “If you’ve got something important to add to someone’s talk, please share it (politely). When we’re out of speakers, we’ll do ad-hoc tutorials on anything we can.”
When the day came, Sandvik found her own way to the venue: an art space on Oahu in the back of a furniture store called Fishcake. It was filled to its tiny capacity with a mostly male audience of about 20 attendees. Snowden spotted her when she walked in and introduced himself and his then-girlfriend, Lindsay Mills, who was filming the event. “He was just very nice, and he came to the door and introduced himself and talked about how the event was going to run,” Sandvik says.
They chatted for a bit. Sandvik asked Snowden where he worked, and after hemming and hawing, he finally said he worked for Dell. He didn’t let on that his work for Dell was under an NSA contract, but Sandvik could tell he was hiding something. “I got the sense that he didn’t like me prying too much, and he was happy to say Dell and move on,” she says.
Sandvik began by giving her usual Tor presentation, then Snowden stood in front of the white board and gave a 30- to 40-minute introduction to TrueCrypt, an open-source full disk encryption tool. He walked through the steps to encrypt a hard drive or a USB stick. “Then we did an impromptu joint presentation on how to set up and run a Tor relay,” Sandvik says. “He was definitely a really, really smart guy. There was nothing about Tor that he didn’t already know.”
Snowden’s First Move Against the NSA Was a Party in Hawaii [Kevin Poulsen/Wired]
(Image: a downsized thumbnail of a photo by Bart Gellman/Getty)