Edward Snowden hosted a cryptoparty and ran a Tor exit node

Before Edward Snowden went on the run and effected the first-ever leak of documents from the NSA, he threw a cryptoparty in Hawai'i, coordinating with Runa Sandvik from the Tor Project and Asher Wolf from the Cryptoparty movement to plan an event where everyday people were taught to use crypto. He gave a lecture for his neighbors on Truecrypt, and told people that he ran at least two Tor exist nodes to help people keep their anonymous traffic moving (Boing Boing also runs a Tor exit node). Apparently, his girlfriend videoed the event -- I'd love to see it!

Snowden used the Cincinnatus name to organize the event, which he announced on the Crypto Party wiki, and through the Hi Capacity hacker collective, which hosted the gathering. Hi Capacity is a small hacker club that holds workshops on everything from the basics of soldering to using a 3D printer.

“I’ll start with a casual agenda, but slot in additional speakers as desired,” write Cincinnatus in the announcement. “If you’ve got something important to add to someone’s talk, please share it (politely). When we’re out of speakers, we’ll do ad-hoc tutorials on anything we can.”

When the day came, Sandvik found her own way to the venue: an art space on Oahu in the back of a furniture store called Fishcake. It was filled to its tiny capacity with a mostly male audience of about 20 attendees. Snowden spotted her when she walked in and introduced himself and his then-girlfriend, Lindsay Mills, who was filming the event. “He was just very nice, and he came to the door and introduced himself and talked about how the event was going to run,” Sandvik says.

They chatted for a bit. Sandvik asked Snowden where he worked, and after hemming and hawing, he finally said he worked for Dell. He didn’t let on that his work for Dell was under an NSA contract, but Sandvik could tell he was hiding something. “I got the sense that he didn’t like me prying too much, and he was happy to say Dell and move on,” she says.

Sandvik began by giving her usual Tor presentation, then Snowden stood in front of the white board and gave a 30- to 40-minute introduction to TrueCrypt, an open-source full disk encryption tool. He walked through the steps to encrypt a hard drive or a USB stick. “Then we did an impromptu joint presentation on how to set up and run a Tor relay,” Sandvik says. “He was definitely a really, really smart guy. There was nothing about Tor that he didn’t already know.”

Snowden’s First Move Against the NSA Was a Party in Hawaii [Kevin Poulsen/Wired]

(Image: a downsized thumbnail of a photo by Bart Gellman/Getty)

Science fiction and the law: free speech, censorship, privacy and surveillance


In Do Androids Dream of Electric Free Speech? Visions of the Future of Copyright, Privacy, and the First Amendment in Science Fiction , a paper from Communicaton Law and Policy by Texas Christian University's Daxton "Chip" Stewart, we're treated to a wide-ranging overview of the free speech, copyright, privacy and surveillance legal issues raised in science fiction from Frankenstein to my own books. Stewart's paper insightfully weaves together everyone from Ernest Cline to Isaac Asimov and closely analyzes the way that science fictional thought-experiments can inform legal discussions, in a fashion reminiscent of the excellent Law of Superheros.

Read the rest

NSA sabotaged exported US-made routers with backdoors

The NSA systematically sabotaged US-made network routers as they were exported, equipping them with secret backdoors, according to Edward Snowden leaks newly released by Glenn Greenward in the Guardian. The devices were tampered with prior to leaving the USA and resealed with factory seals. Ironically, this is exactly what grandstanding US politicians have been accusing the Chinese government and Huawei of doing for years. Takes one to know one? Or just honi soit qui mal y pense?

Read the rest

You are a Gmail user


For years, Benjamin Mako Hill has paid to host his own mail, as a measure to enhance his privacy and independence from big companies. But a bit of clever analysis of his stored mail reveals that despite this expense and effort, he is a Gmail user, because so many of his correspondents are Gmail users and store copies of his messages with Google. And thanks to an archaic US law, any message left on Gmail for more than six months can be requested by police without a warrant, as it is considered "abandoned."

Mako has posted the script he used to calculate how much of his correspondence ends up in Google's hands.

I host my own mail, too. I'm really looking forward to Mailpile, which should make this process a lot easier, and also make keeping all my mail encrypted simpler. Knowing that Google has a copy of my correspondence is a lot less worrisome if they can't read it (though it's still not an ideal situation).

Read the rest

Tor: network security for domestic abuse survivors


Michael from Beta Boston writes, "The privacy protections offered by tools like Tor aren't just for journalists and spies; they're important for everyone. Almost every modern abusive relationship has a digital component, from cyberstalking to hacking phones, emails, and social media accounts, but women's shelters increasingly have found themselves on the defensive, ill-equipped to manage and protect their clients from increasingly sophisticated threats. Recently the Tor Project stepped in to help change that, and we took a long look at the work cut out for them."

This is an important point: when you make it so that no one can keep secrets from the state and its enforcement arm, you also make it so that no one can keep secrets from crooks, thugs, stalkers, and every other kind of bad guy.

Read the rest

EFF on the White House's Big Data report: what about privacy and surveillance?

Last week, I wrote about danah boyd's analysis of the White House's Big Data report [PDF]. Now, the Electronic Frontier Foundation has added its analysis to the discussion. EFF finds much to like about the report, but raises two very important points:

* The report assumes that you won't be able to opt out of leaving behind personal information and implicitly dismisses the value of privacy tools like ad blockers, Do Not Track, Tor, etc

* The report is strangely silent on the relationship between Big Data and mass surveillance, except to the extent that it equates whistleblowers like Chelsea Manning and Edward Snowden with the Fort Hood shooter, lumping them all in as "internal threats"

Read the rest

How to Talk to Your Children About Mass Surveillance


In my latest Locus column, How to Talk to Your Children About Mass Surveillance, I tell the story of how I explained the Snowden leaks to my six-year-old, and the surprising interest and comprehension she showed during our talk and afterwards. Kids, it seems, intuitively understand what it's like to be constantly monitored by unaccountable, self-appointed authority figures!

Read the rest

Big Data analysis from the White House: understanding the debate


Danah boyd, founder of the critical Big Data think/do tank Data and Society, writes about the work she did with the White House on Big Data: Seizing Opportunities, Preserving Values [PDF]. Boyd and her team convened a conference called The Social, Cultural & Ethical Dimensions of "Big Data" (read the proceedings here), and fed the conclusions from that event back to the White House for its report.

In boyd's view, the White House team did good work in teasing out the hard questions about public benefit and personal costs of Big Data initiatives, and made solid recommendations for future privacy-oriented protections. Boyd points to this Alistair Croll quote as getting at the heart of one of Big Data's least-understood problems:

Perhaps the biggest threat that a data-driven world presents is an ethical one. Our social safety net is woven on uncertainty. We have welfare, insurance, and other institutions precisely because we can’t tell what’s going to happen — so we amortize that risk across shared resources. The better we are at predicting the future, the less we’ll be willing to share our fates with others.

Read the rest

Can you really opt out of Big Data?


Janet Vertesi, assistant professor of sociology at Princeton University, had heard many people apologize for commercial online surveillance by saying that people who didn't want to give their data away should just not give their data away -- they should opt out. So when she got pregnant, she and her husband decided to keep the fact secret from marketing companies (but not their friends and family). She quickly discovered that this was nearly impossible, even while she used Tor, ad blockers, and cash-purchased Amazon cards that paid for baby-stuff shipped to anonymous PO boxes.

Read the rest

Report: Twitter planning "whisper mode"

Twitter has private messages and public tweets. It may soon have something in-between: a "whisper mode" that lets users choose who can see a conversation. Here's TNW's Emil Protalinksi, quoting a Bloomberg interview with CEO Dick Costolo.

"There are frequently public conversations that you would like to grab hold of and take into whisper mode with a friend and say, hey, this thing has happened. Look what these people are talking about. What do you think about this, with a friend or more than one friend. So being able to move fluidly between that public conversation and the private conversation is something we’ll make simpler."

This will end in tears.

Every 27 seconds, Canadian telcos hand over subscriber data to cops (mostly without a warrant)

Michael Geist writes, "These stunning disclosures, which were released by the Office of the Privacy Commissioner of Canada, comes directly from the telecom industry after years of keeping their disclosure practices shielded from public view. Every 27 seconds. Minute after minute, hour after hour, day after day, week after week, month after month. Canadian telecommunications providers, who collect massive amounts of data about their subscribers, are asked to disclose basic subscriber information to Canadian law enforcement agencies every 27 seconds. In 2011, that added up to 1,193,630 requests. Given the volume, most likely do not involve a warrant or court oversight (2010 RCMP data showed 94% of requests involving customer name and address information was provided voluntarily without a warrant).

Read the rest

TAILS: Snowden's favorite anonymous, secure OS goes 1.0


TAILS -- The Amnesiac Incognito Live System -- is a highly secure operating system intended to be booted from an external USB stick without leaving behind any trace of your activity on either your computer or the drive. It comes with a full suite multimedia creation, communications, and utility software, all configured to be as secure as possible out of the box.

It was Edward Snowden's tradecraft tool of choice for harvesting and exfiltrating NSA documents. Yesterday, it went 1.0. If you need to turn a computer whose operating system you don't trust into one that you can use with confidence, download the free disk image. (Note: TAILS won't help you defend against hardware keyloggers, hidden CCTVs inside the computer, or some deep malware hidden in the BIOS). It's free as in speech and free as in beer, and anyone can (and should) audit it.

Effectively, this is the ParanoidLinux I fictionalized in my novel Little Brother.

Read the rest

Petition against UK sell-off of private tax data

Pam writes, "The Open Rights Group has set up a petition in response to last week's news that the British government is planning to sell access to private tax records."

Read the rest

How the Russian surveillance state works

In case you (like Edward Snowden) want to know about the full scope of Russia's program of mass domestic and international surveillance, World Policy's overview of the Russian surveillance state is brilliant and terrifying. As Snowden said, "I blew the whistle on the NSA's surveillance practices not because I believed that the United States was uniquely at fault, but because I believe that mass surveillance of innocents – the construction of enormous, state-run surveillance time machines that can turn back the clock on the most intimate details of our lives – is a threat to all people, everywhere, no matter who runs them."

The World Policy report has impeccable credentials, having been jointly researched by Agentura.Ru, CitizenLab, and Privacy International.

Read the rest

Eternal vigilance app for social networks: treating privacy vulnerabilities like other security risks

Social networking sites are Skinner boxes designed to train you to undervalue your privacy. Since all the compromising facts of your life add less than a dollar to the market-cap of the average social network, they all push to add more "sharing" by default, with the result that unless you devote your life to it, you're going to find your personal info shared ever-more-widely by G+, Facebook, Linkedin, and other "social" services.

Arvind Narayanan has proposed a solution to this problem: a two-part system through which privacy researchers publish a steady stream of updates about new privacy vulnerabilities introduced by the social networking companies (part one), and your computer sifts through these and presents you with a small subset of the alerts that pertain to you and your own network use.

Read the rest