Every 27 seconds, Canadian telcos hand over subscriber data to cops (mostly without a warrant)

Michael Geist writes, "These stunning disclosures, which were released by the Office of the Privacy Commissioner of Canada, comes directly from the telecom industry after years of keeping their disclosure practices shielded from public view. Every 27 seconds. Minute after minute, hour after hour, day after day, week after week, month after month. Canadian telecommunications providers, who collect massive amounts of data about their subscribers, are asked to disclose basic subscriber information to Canadian law enforcement agencies every 27 seconds. In 2011, that added up to 1,193,630 requests. Given the volume, most likely do not involve a warrant or court oversight (2010 RCMP data showed 94% of requests involving customer name and address information was provided voluntarily without a warrant).

Read the rest

TAILS: Snowden's favorite anonymous, secure OS goes 1.0


TAILS -- The Amnesiac Incognito Live System -- is a highly secure operating system intended to be booted from an external USB stick without leaving behind any trace of your activity on either your computer or the drive. It comes with a full suite multimedia creation, communications, and utility software, all configured to be as secure as possible out of the box.

It was Edward Snowden's tradecraft tool of choice for harvesting and exfiltrating NSA documents. Yesterday, it went 1.0. If you need to turn a computer whose operating system you don't trust into one that you can use with confidence, download the free disk image. (Note: TAILS won't help you defend against hardware keyloggers, hidden CCTVs inside the computer, or some deep malware hidden in the BIOS). It's free as in speech and free as in beer, and anyone can (and should) audit it.

Effectively, this is the ParanoidLinux I fictionalized in my novel Little Brother.

Read the rest

Petition against UK sell-off of private tax data

Pam writes, "The Open Rights Group has set up a petition in response to last week's news that the British government is planning to sell access to private tax records."

Read the rest

How the Russian surveillance state works

In case you (like Edward Snowden) want to know about the full scope of Russia's program of mass domestic and international surveillance, World Policy's overview of the Russian surveillance state is brilliant and terrifying. As Snowden said, "I blew the whistle on the NSA's surveillance practices not because I believed that the United States was uniquely at fault, but because I believe that mass surveillance of innocents – the construction of enormous, state-run surveillance time machines that can turn back the clock on the most intimate details of our lives – is a threat to all people, everywhere, no matter who runs them."

The World Policy report has impeccable credentials, having been jointly researched by Agentura.Ru, CitizenLab, and Privacy International.

Read the rest

Eternal vigilance app for social networks: treating privacy vulnerabilities like other security risks

Social networking sites are Skinner boxes designed to train you to undervalue your privacy. Since all the compromising facts of your life add less than a dollar to the market-cap of the average social network, they all push to add more "sharing" by default, with the result that unless you devote your life to it, you're going to find your personal info shared ever-more-widely by G+, Facebook, Linkedin, and other "social" services.

Arvind Narayanan has proposed a solution to this problem: a two-part system through which privacy researchers publish a steady stream of updates about new privacy vulnerabilities introduced by the social networking companies (part one), and your computer sifts through these and presents you with a small subset of the alerts that pertain to you and your own network use.

Read the rest

UK tax authority caught sneaking in plan to sell Britons' private financial records

Just weeks after a plan to sell "anonymized" sets of British health-records collapsed in the face of massive public criticism, a new plan has emerged to sell the country's tax records to companies and researchers, prompting an even more critical response. One Tory MP called the plan "borderline insane," and tax professionals are in an uproar. The plan was buried as a brief mention in the autumn budget. HMRC's defense rests on the idea that the information in the datasets will be anonymized, something that computer scientists widely believe is effectively impossible.

Read the rest

EFF seeks student activists for campus network


The Electronic Frontier Foundation is launching a major campus organizing initiative and is looking to build a network of trusted campus activists to work with. They're sending staffers on a road-trip to speak at universities and colleges and want to hear from you. They've released a set of community organizing tools to help you get started.

There are plenty of ways to take part, no matter how much organizing experience you have.

* Start a group: Talk to friends and community members to gauge who else in your network is interested in digital freedom. Form a group that can discuss the issues and plan ways of advocating for your rights. For some tips on getting started, check out our guide on how to build a coalition on campus and in your community.

* Bring digital rights to an existing group: These issues are everybody's issues, no matter where on the political spectrum you lie. You can work with existing political, civil liberties, activist, and computer-related groups and urge members to take on a digital rights campaign.

* Organize an event: We have plenty of suggestions for events you can throw, from film screenings to rallies, parties to speaker series.

* Let your voice be heard: We are all part of the digital rights movement together, and your voice is as important as ours. Learn how to coordinate with local and national campaigns, and amplify your message by reading our tips on engaging with the press.

While many student groups and local community organizations are working on surveillance reform in light of the recent disclosures about massive government spying, it’s not only the NSA that we’re fighting: we’re demanding open access to publicly funded research; we’re fighting to protect the future of innovation from patent trolls; we’re urging companies and institutions to deploy encryption; we're defending the rights of coders and protecting the free speech rights of bloggers worldwide—the list goes on.

EFF is Expanding into Student and Community Organizing, and We Need Your Help

NSA spies on human rights groups, including those in the USA

During video testimony to the Council of Europe, whistleblower Edward Snowden reiterated that the NSA targets human rights groups, including those in the USA, for surveillance. It uses its Xkeyscore technology to "fingerprint" communications from these groups and targets them for deep surveillance. Groups that have been targeted in this way include UNICEF and many others. Cory 23

EU's highest court strikes down mass surveillance under the Data Retention Directive

The European Court of Justice, the highest court in the EU, has invalidated the European Parliament's Data Retention Directive, which required phone companies and ISPs to store your clicks, email subjects and to/from info, your location data, and other sensitive "metadata" for up to two years. The ECJ cited the UN Human Rights Committee's condemnation of this sort of data-retention and its call for the USA to halt its surveillance. We have Digital Rights Ireland and AK Vorrat Austria to thank for the ruling.

Read the rest

Animation: How Google views user privacy

Mark from Screen Novelties sends us "This little animation we did for Google regarding user privacy. We happened to direct this at the same time the whole Snowden/NSA stuff went down last year. Google finally decided to release this to the public a few days ago. Just wanted to share. It's done in stop motion to give the feeling of the old school board games."

Way of a Warrant

Hacker Hymn [Jasmina Tesanovic]

Recently I saw a movie on the life and death of Aaron Swartz, who is nowadays often called a martyr for the freedom of the Internet.

People, nations and governments like martyrs. They love them, they need them. Martyrs are part of our bipolar, black and white society constructed from good and bad guys, who always do good and bad deeds. Martyrs are those who have escaped our human condition, of being judged by people as people. Martyrs are beyond judgement, they become the scapegoats for our biggest failures, for the banality of evil, as Hannah Arendt phrased it.

Read the rest

Spyware increasingly a part of domestic violence

Australian Simon Gittany murdered his girlfriend, Lisa Harnum, after an abusive relationship that involved his surveillance of her electronic communications using off-the-shelf spyware marketed for purposes ranging from keeping your kids safe to spotting dishonest employees. As Rachel Olding writes in The Age, surveillance technology is increasingly a factor in domestic violence, offering abusive partners new, thoroughgoing ways of invading their spouses' privacy and controlling them.

The spyware industry relies upon computers -- laptops, mobile devices, and soon, cars and TVs and thermostats -- being insecure. In this, it has the same goals as the NSA and GCHQ, whose BULLRUN/EDGEHILL program sought to weaken the security of widely used operating systems, algorithms and programs. Every weakness created at taxpayer expense was a weakness that spyware vendors could exploit for their products.

Likewise, the entertainment industry wants devices that are capable of running code that users can't terminate or inspect, so that they can stop you from killing the programs that stop you from saving Netflix streams, running unapproved apps, or hooking unapproved devices to your cable box.

And Ratters, the creeps who hijack peoples' webcams in order to spy on them and blackmail them into sexual performances, also want computers that can run code that users can't stop. And so do identity thieves, who want to run keyloggers on your computer to get your banking passwords. And so do cops, who want new powers to insert malware into criminals' computers.

There are a lot of ways to slice the political spectrum -- left/right, authoritarian/anti-authoritarian, centralist/decentralist. But increasingly, the 21st century is being defined by the split between people who think your computer should do what you tell it, and people who think that you can't be trusted to control your own computer, and so they should be able to run code on it against your will, without your knowledge, and to your detriment.

Pick a side.

Spyware's role in domestic violence [Rachel Olding/The Age]

(via Geek Feminism)

Microsoft changes policy: won't read your Hotmail anymore to track down copyright infringement or theft without a court order


Microsoft read the email of Hotmail users without a warrant, in order to catch someone who'd leaked some Microsoft software. When they were caught out, the pointed out that they'd always reserved the right to read Hotmail users' email, and tried to reassure other Hotmail users by saying that they were beefing up the internal process by which they decided whose mail to read and when.

Now, citing the "'post-Snowden era' in which people rightly focus on the ways others use their personal information," the company has announced that it will not read its users' email anymore when investigating theft or copyright violations -- instead, it will refer this sort of thing to the police in future (they still reserve the right to read your Hotmail messages without a court order under other circumstances).

As Techdirt's Mike Masnick points out, this is a most welcome change. The message announcing the change by Brad Smith (General Counsel & Executive Vice President, Legal & Corporate Affairs) is thoughtful and forthright. It announces a future round-table on the questions raised by the company's snooping that the Electronic Frontier Foundation can participate in.

Smith asks a seemingly rhetorical question: "What is the best way to strike the balance in other circumstances that involve, on the one hand, consumer privacy interests, and on the other hand, protecting people and the security of Internet services they use?" That is indeed a fascinating question, but in the specific case of Hotmail, I feel like it has a pretty obvious answer: change your terms of service so that you promise not to read your customers' email without a court order. Then, if you think there's a situation that warrants invading your customers' privacy, get a court order. This is just basic rule-of-law stuff, and it's the kind of thing you'd hope Microsoft's General Counsel would find obvious.

The fact that the question is being raised casts more light on Microsoft's extensive "Scroogled" campaign, which (rightly) took Google to task for having a business-model that was predicated on harvesting titanic amounts of personal data. The takeaway here is that while Microsoft's business-model (at the moment) is less privacy-invading than Google's, that is not due to any inherent squeamishness about spying on people -- rather, it's just a practical upshot of its longstanding practices.

Read the rest

Ethiopia: the first "off-the-shelf" surveillance state


"They Know Everything We Do", a new, exhaustive report from Human Rights Watch, details the way the young state of modern Ethiopia has become a kind of pilot program for the abuse of "off-the-shelf" surveillance, availing itself of commercial products from the US, the UK, France, Italy and China in order to establish an abusive surveillance regime that violates human rights and suppresses legitimate political opposition under the guise of a anti-terrorism law that's so broadly interpreted as to be meaningless.

The Electronic Frontier Foundation is representing a victim of Ethiopian state surveillance: Mr. Kidane had his computer hacked by Ethiopian spies while he was in the USA, and they planted spyware that gave them access to his Skype and Google traffic.

Read the rest

Obama administration will make tiny, nearly meaningless changes to illegal bulk phone spying


The Obama administration will unveil a plan to sunset the bulk collection of US telephone data by American spies. Instead, it will plunder data that the carriers are required to retain for 18 months (America's spies currently warehouse phone data for five years) on the strength of warrants issued by its secret, rubberstamp Foreign Intelligence "court." This won't take place for at least 90 days, and for those 90 days, the administration expects the "court" to renew the spies' power to harvest bulk phone data as it has until now (despite that fact that Obama's appointed independent commission concluded that this program is illegal). Spies will only be able to explore phone data within two "hops" of their persons of interest, rather than the "three hop" rule they claim they've followed until now. Civil liberties groups are very slightly cheered by all this news.

Read the rest