Submit a link Features Reviews Podcasts Video Forums More ▾

Bruce Sterling's closing remarks from SXSW Interactive: who isn't in the room?

As ever, Bruce Sterling's closing remarks to the SXSW Interactive festival were a barn-burner; in them, Sterling rattles off a list of people who should be in the room, either because they know something that is lost on mainstream geekdom, or because they serve as examples for what not to become -- from GCHQ spies to Italian net-politics ninjas, from the Dread Pirate Roberts to Barrett Brown. Sterling dips into the future ("the future is full of cities full of old people who are scared of the sky") and wonders where Silicon Valley will decamp to once California is destroyed by climate change.

It's 45 minutes of funny, uncomfortable, storming invective, and a bracing way to pass the Ides of March. Here's an unauthorized MP3 rip in case you want to listen on the go (warning, may not work very well!).

Bruce Sterling Closing Remarks - SXSW Interactive 2014

Congress was giving spies a pass back in 1975, too


If you are outraged by American spies getting a free pass from their political masters (and you really should be), remember that this is an age-old tradition. Matt Stoller revisits the 1975 Congressional hearings in which radical Congresswoman Bella Abzug grilled CIA director William Colby over the CIA's records of the membership rolls of peaceful, domestic protest groups, only to have Arizona Congressman Sam Steiger suck up to the spook-in-chief, expressing concern that anti-American terrorists could destroy the CIA by sending it too many Freedom of Information Act requests.

Read the rest

British spies lied about getting super-censorship powers over Youtube

Turns out that the claims made by British spies about Youtube granting them the power to censor Youtube videos that they didn't like (but weren't illegal) were bullshit.

The "super-flagger" status they got from Google just means that their complaints get quicker scrutiny, but are (theoretically, anyway) judged by the same criteria as all other complaints about videos that violate Youtube's community standards.

But as Techdirt's Mike Masnick points out, the fact that senior UK government ministers believe that Youtube should remove anything "that may not be illegal, but certainly is unsavoury" is a pretty disturbing insight into the mindset of our censorious masters.

Zuckerberg phones Obama to complain about NSA spying


The day after a Snowden leak revealed that the NSA builds fake versions of Facebook and uses them to seed malicious software in attacks intended to hijack "millions" of computers, Facebook CEO and founder Mark Zuckerberg telephoned President Obama to complain about the NSA's undermining of the Internet's integrity.

As many have pointed out, it would have been nice to hear Zuckerberg taking the Internet's side before his own stock portfolio was directly affected, but better late than never. Zuckerberg's post on his conversation excoriates the US government for its Internet sabotage campaign, and calls on the USG to "be the champion for the internet, not a threat." Curiously, Zuckerberg calls for "transparency" into the NSA's attacks on the Internet, but stops short of calling for an end to government-sponsored attacks against the net.

In the end, though, Zuckerberg calls on companies to do a better job of securing themselves and their users against intrusive spying. It's not clear how that will work for Facebook, though: its business model is predicated on tricking, cajoling, and siphoning personal data out of its users and warehousing it forever in a neat package that governments are unlikely to ignore. I'm told that 90% of US divorce proceedings today include Facebook data; this is a microcosm of the wider reality when you make it your business to stockpile the evidentiary chain of every human being's actions.

Read the rest

From Snowden to Decoded: spies in China


Jeffrey sez, "Paul French, who recently won an Edgar in the true crime category, uses the forthcoming US publication of Decoded, the first spy novel by a PRC author to be translated into English, as a jumping off point for a Los Angeles Review of Books 'China Blog' post on the ongoing allure of Asian settings for authors of fictional works of intrigue."

Read the rest

Tim Berners-Lee calls for Web "Magna Carta" - does the "Web we want" have DRM in it?


The Web is 25 today, and its inventor, Tim Berners-Lee, has called for a "Magna Carta" for the Web, through which the people of the world will articulate how they want to curtail their governments' adversarial attacks on Internet freedom. Berners-Lee is particularly concerned with the Edward Snowden revelations about mass surveillance and systematic government sabotage of Internet security.

I'm delighted to see Berners-Lee tackling this. Everything we do today involves the Web and everything we do tomorrow will require it; getting Web policy right is the first step to getting everything else right.

I hope that this also signals a re-think of Berners-Lee's endorsement of the idea of standardizing "digital rights management" technology for Web browsers through the W3C. The majority of the Web's users live in a country in which it is illegal to report on vulnerabilities in DRM, because doing so might help to defeat the DRM's locks. The standardization of DRM in the deep structures of the Web means that our browsers will become reservoirs of long-lived, critical bugs that can be used to attack Web users -- just as Web users are massively expanding the activities that are mediated through their browsers.

If we are to have a Web that is fit for a free and fair world, it must be a Web where researchers are free to warn users about defects in their tools. We wouldn't countenance a rule that banned engineers from telling you if your house was structurally unsound. By standardizing DRM in browsers, the W3C is setting in place rules that will make it virtually impossible to know if your digital infrastructure is stable and secure.

Read the rest

How the NSA plans to automatically infect "millions" of computers with spyware




A new Snowden leak, detailed in a long, fascinating piece in The Intercept, explains the NSA's TURBINE initiative, intended to automate malicious software infections. These infections -- called "implants" in spy jargon -- have historically been carried out on a narrow, surgical scale, targeted at people of demonstrated value to spies, due to the expense and difficulty of arranging the attacks.

But TURBINE, which was carried out with other "Five Eyes" spy agencies as part of the NSA's $67.6M "Owning the Net" plan, is intended to automate the infection process, allowing for "millions" of infections at once.

The article mentions an internal NSA message-board posting called "I hunt sys admins," sheds some light on the surveillance practices at the NSA. In the post, an NSA operative explains that he targets systems administrators at companies, especially telecoms companies, as a "means to an end" -- that is, infiltrating the companies' networks. As Glenn Greenwald and Ryan Gallagher point out, this admission shows that malware attacks are not targeted solely or even particularly at people suspected of terrorism or other crimes -- rather, they are aimed at the people who maintain the infrastructure of critical networks and systems to allow the NSA to control those systems.

The malware that TURBINE implants can compromise systems in a variety of ways, including hijacking computer cameras and microphones, harvesting Web-browsing history and email traffic, logging passwords and other keystrokes, etc.

Read the rest

Security as a public health discipline, not an engineering one

In my latest Guardian column, If GCHQ wants to improve national security it must fix our technology, I argue that computer security isn't really an engineering issue, it's a public health issue. As with public health, it's more important to be sure that our pathogens are disclosed, understood and disclosed than it is to keep them secret so we can use them against our enemies.

Read the rest

Snowden at SXSW: immediate impressions


Yesterday at SXSW, Barton Gellman and I did a one-hour introductory Q&A before Edward Snowden's appearance. Right after Snowden and his colleagues from the ACLU wrapped up, I sat down and wrote up their event for The Guardian, who've just posted my impressions:

Read the rest

Livestream: Edward Snowden at SXSW

I'm at SXSW, having just done the panel introducing Edward Snowden's first live address to the USA. He will be appearing momentarily. The livestream is provisioned for 1M simultaneous sessions -- watch above.

Read the rest

Edward Snowden's magnificent testimony to the EU

NSA whistleblower Edward Snowden has submitted written testimony [PDF] to an EU committee investigating mass surveillance. Glyn Moody's Techdirt post gives a great tl;dr summary of the document, but you should really read it for yourself. It's ten single-spaced pages, but Snowden turns out to be an extremely talented writer who beautifully lays out his arguments, managing the trick of being dispassionate while simultaneously conveying the import of his subject matter.

Snowden makes the point that his testimony doesn't disclose anything that the press hasn't already published, but there's been so much that it's worth reviewing some of it. He directs our attention to something I'd missed: the NSA's Foreign Affairs Division (FAD) spends an extraordinary amount of time lobbying EU nations (and other countries) to change their laws so that the NSA can legally spy on everyone in the country. What's more, they cook these deals -- for example, they'll get German permission to listen in on everything by non-Germans and get a Danish deal that covers all the non-Danes, but since the Internet backbones traverse both countries, they can spy on Germans in Denmark and Danes in Germany. As Snowden says, "The surest way for any nation to become subject to unnecessary surveillance is to allow its spies to dictate its policy."

Read the rest

CIA spied on Senate committee writing damning torture report and Obama knew about it

The CIA's Inspector General has asked the Justice Department to consider criminally charging CIA agents who spied on a senate committee that was engaged in writing a report that was highly critical of the CIA's use of torture. Senator Mark Udall, who sits on a CIA oversight committee and whose staff was spied on by the CIA alleges that the CIA surveilled overseeing senators and their staff with Obama's knowledge and consent.

In a recent hearing, Senator Ron Wyden asked the CIA director repeatedly whether the Computer Fraud and Abuse Act, America's major anti-hacking statute, applied to the CIA, and whether the CIA spied domestically. CIA director John Brennan replied "yes" and "no," respectively. If Udall's allegations are correct, this means that Brennan lied to Congress (in the second instance) and committed a felony (in the first instance).

The report that caused some CIA agents to spy on their bosses was about how the CIA was wasting time, getting nowhere and doing something illegal and cruel when it kidnapped terror suspects and tortured the shit out of them.

Read the rest

Boeing's self-destructing, tamper-resistant spookphone: the Black


Boeing has sought regulatory approval from the FCC for a tamper-resistant phone intended to self-destruct if its case is opened. The phone, called "Black," runs Android, and is intended for use under the DoD Mobile Classified Capabilities guidelines. It will be sold with a nondisclosure agreement prohibiting tampering or service, and opening the case will trigger a system intended to wipe the phone's data.

Interestingly, it has a removable battery (something that's become increasingly scarce in smartphones). Best operational security practice holds that you should remove your phone's battery when you want to be sure that it's off, because any malware that turned your phone into a bug could also cause it to simulate being switched off while it remained running.

It's an intriguing technical problem. I'm intuitively skeptical of the security model. I can believe that this phone will be tamper-evident, but I don't know if it will be all that tamper-resistant. That is, it may be capable of preventing an attacker from surreptitiously opening the case to access the components, but how about an adversary willing to simply smash the screen to get at the components beneath?

The manufacturer could make a phone whose accelerometer tried to detect these events and wipe the device as a precaution, but I suspect there'd be a lot of spooks who'd end up cursing their self-destructing phones every time they butterfingered them while getting them out of a pocket while walking down the street. I'm pretty sure that I can use tools to remove my phone's screen in a way that generates less detectable stress than it receives during everyday knockabout and drops.

Read the rest

GCHQ spied on millions of Yahoo video chats, harvested sexual images of chatters, compared itself to "Tom Cruise in Minority Report"



A stunning new Snowden leak reveals that the UK spy agency GCHQ harvested images and text from millions of Yahoo video chats, including chats in which one or both of the participants was British or American. Between 3 and 11 percent of the chats they intercepted were sexual in nature, and revealing images of thousands of people were captured and displayed to spies. The programme, called OPTIC NERVE, focused on people whose usernames were similar to those of suspects, and ran from at least 2008 until at least 2010. The leak reveals that GCHQ intended to expand the programme to Xbox 360 Kinect cameras and "fairly normal webcam traffic." The programme was part of a facial recognition research effort that GCHQ compared to "Tom Cruise in Minority Report." While the documents do not detail efforts as widescale as those against Yahoo users, one presentation discusses with interest the potential and capabilities of the Xbox 360's Kinect camera, saying it generated "fairly normal webcam traffic" and was being evaluated as part of a wider program. Beyond webcams and consoles, GCHQ and the NSA looked at building more detailed and accurate facial recognition tools, such as iris recognition cameras – "think Tom Cruise in Minority Report", one presentation noted.

Read the rest

GCHQ's dirty-tricking psyops groups: infiltrating, disrupting and discrediting political and protest groups


In a piece on the new Omidyar-funded news-site "The Intercept," Glenn Greenwald pulls together the recent Snowden leaks about the NSA's psyops programs, through which they sought to attack, undermine, and dirty-trick participants in Anonymous and Occupy. The new leaks describe the NSA' GCHQs use of "false flag" operations (undertaking malicious actions and making it look like the work of a group they wish to discredit), the application of "social science" to disrupting and steering online activist discussions, luring targets into compromising sexual situations, deploying malicious software, and posting lies about targets in order to discredit them.

As Greenwald points out, the unit that conducted these actions, "Jtrig" (Joint Threat Research Intelligence Group), does not limit itself to attacking terrorists -- it explicitly targets protest groups, and political groups that have no connection with national security, including garden-variety criminals who are properly the purview of law enforcement agencies, not intelligence agencies.

The UK spy agency GCHQ operates a programme, called the "Human Science Operations Cell," whose remit is "strategic influence and disruption."

Some of the slides suggest pretty dubious "social science" (see below) -- they read like a mix between NLP hucksters and desperate Pick Up Artist losers.

Read the rest