Boing Boing » surveillance

How London cops use social media to spy on protest movements

Cory Doctorow — Thu, 23 May 2013 21:00:51 +0000

Juha sez, "If you're going to build a protest movement, it might be better to stay off Facebook and Twitter because the cops are fully tuned into social media these days. The Open Source Intelligence Unit at London's Metropolitan Police Service has a staff of seventeen who work seven days a week - to track social media feed back and to monitor community tension. Having a sense of humour and understanding of slang gives humans the edge over social media surveillance software, UK cops reckon. The British cops are worried about 4G mobile broadband though because it'll generate much more data such as video."

The unit monitored some 32 million social media articles during the Olympics, with 10,300 tweets being posted every second during the opening ceremony.
“Companies will tell your that sentiment analysis from a piece of software is about 56 percent accurate … we would say it's lower, because it doesn’t pick up humour or slang,” Ertogral said.
In addition to looking at trends, he said the unit was also exploring association to establish influencers, particularly for protest movements.
“So we’re trying to build friend lists on Facebook, who’s connected to who, who are the influencers out there etc.”

Police tap social media in wake of London attack [Charis Palmer/IT News]

(Thanks, Juha!)

Privacy, public health and the moral hazard of surveillance

Cory Doctorow — Wed, 22 May 2013 02:48:59 +0000

My new Guardian column, "Privacy, public health and the moral hazard of surveillance," discusses the way that the governments' reliance on social networks for intelligence purposes means that they can't intervene to help their populations get better at trading their privacy for services.

That's a crisis. If online oversharing is a public health problem, then the state's decision to harness it for its own purposes means that huge, powerful forces within government will come to depend on oversharing. It will be vital to their jobs – their pay-packets will literally depend on your inability to gauge the appropriateness of your online disclosure.
They will be on the same side as the companies that profit from oversharing, because they will, effectively, be just another firm that benefits from oversharing.
It's as though Scotland Yard decreed that obesity was critical to its ability to catch slow-moving, easily winded suspects. It's as though the NHS announced it would cope with the expense of an aging population by encouraging chain-smoking. The dangers of oversharing are hard enough to manage when it's just the private sector that benefits from them.

Privacy, public health and the moral hazard of surveillance

Utah wants to tax power consumed by the NSA's massive, illegal data-processing facility

Cory Doctorow — Tue, 21 May 2013 18:37:44 +0000

Remember the gigantic data-center that the NSA is building in Utah in order to (illegally) process the electronic communications of the whole world? Turns out that the state of Utah plans on taxing the titanic amounts of electricity it will consume at 6%. The NSA is pissed.

"We are quite concerned [about] this," Harvey Davis, NSA director of installations and logistics, wrote in the April 26 email, obtained through a Utah open records law request.
In a follow-up email Davis sent 31 minutes later, he explained: "The long and short of it is: Long-term stability in the utility rates was a major factor in Utah being selected as our site for our $1.5 billion construction at Camp Williams. HB325 runs counter to what we expected."
HB325, which Herbert signed into law April 1, benefits the Utah Military Installation Development Authority (MIDA). It allows the entity, which was set up to put select military properties on the public tax rolls, to collect a tax of up to 6 percent on Rocky Mountain Power electricity used by the Utah Data Center.

In surprise to NSA, Utah Data Center may pay tax on electricity [Nate Carlisle/The Salt Lake Tribune]

(via /.)

Internet of Things and surveillance

Cory Doctorow — Tue, 21 May 2013 15:57:44 +0000

Bruce Schneier's got smart things to say about surveillance in the age of the Internet of Things:

In the longer term, the Internet of Things means ubiquitous surveillance. If an object "knows" you have purchased it, and communicates via either Wi-Fi or the mobile network, then whoever or whatever it is communicating with will know where you are. Your car will know who is in it, who is driving, and what traffic laws that driver is following or ignoring. No need to show ID; your identity will already be known. Store clerks could know your name, address, and income level as soon as you walk through the door. Billboards will tailor ads to you, and record how you respond to them. Fast food restaurants will know what you usually order, and exactly how to entice you to order more. Lots of companies will know whom you spend your days --and night -- with. Facebook will know about any new relationship status before you bother to change it on your profile. And all of this information will all be saved, correlated, and studied. Even now, it feels a lot like science fiction.
Will you know any of this? Will your friends? It depends. Lots of these devices have, and will have, privacy settings. But these settings are remarkable not in how much privacy they afford, but in how much they deny. Access will likely be similar to your browsing habits, your files stored on Dropbox, your searches on Google, and your text messages from your phone. All of your data is saved by those companies -- and many others -- correlated, and then bought and sold without your knowledge or consent. You'd think that your privacy settings would keep random strangers from learning everything about you, but it only keeps random strangers who don't pay for the privilege -- or don't work for the government and have the ability to demand the data. Power is what matters here: you'll be able to keep the powerless from invading your privacy, but you'll have no ability to prevent the powerful from doing it again and again.

Surveillance and the Internet of Things

Computer scientists to FBI: don't require all our devices to have backdoors for spies

Cory Doctorow — Fri, 17 May 2013 17:59:45 +0000

In an urgent, important blog post, computer scientist and security expert Ed Felten lays out the case against rules requiring manufacturers to put wiretapping backdoors in their communications tools. Since the early 1990s, manufacturers of telephone switching equipment have had to follow a US law called CALEA that says that phone switches have to have a deliberate back-door that cops can use to secretly listen in on phone calls without having to physically attach anything to them. This has already been a huge security problem -- through much of the 1990s, AT&T's CALEA controls went through a Solaris machine that was thoroughly compromised by hackers, meaning that criminals could listen in on any call; during the 2005/6 Olympic bid, spies used the CALEA backdoors on the Greek phone company's switches to listen in on the highest levels of government.

But now, thanks to the widespread adoption of cryptographically secured messaging services, law enforcement is finding that its CALEA backdoors are of declining utility -- it doesn't matter if you can intercept someone else's phone calls or network traffic if the data you're captured is unbreakably scrambled. In response, the FBI has floated the idea of "CALEA II": a mandate to put wiretapping capabilities in computers, phones, and software.

As Felten points out, this is a terrible idea. If your phone is designed to secretly record you or stream video, location data, and messages to an adverse party, and to stop you from discovering that it's doing this, it puts you at huge risk when that facility is hijacked by criminals. It doesn't matter if you trust the government not to abuse this power (though, for the record, I don't -- especially since anything mandated by the US government would also be present in devices used in China, Belarus and Iran) -- deliberately weakening device security makes you vulnerable to everyone, including the worst criminals:

Our report argues that mandating a virtual wiretap port in endpoint systems is harmful. The port makes it easier for attackers to capture the very same data that law enforcement wants. Intruders want to capture everything that happens on a compromised computer. They will be happy to see a built-in tool for capturing and extracting large amounts of audio, video, and text traffic. Better yet (for the intruder), the capability will be stealthy by design, making it difficult for the user to tell that anything is amiss.
Beyond this, the mandate would make it harder for users to understand, monitor, and fix their own systems—which is bad for security. If a system’s design is too simple or its operation too transparent or too easy to monitor, then wiretaps will be evident. So a wiretappability mandate will push providers toward complex, obfuscated designs that are harder to secure and raise the total cost of building and operating the system.
Finally, our report argues that it will not be possible to block non-compliant implementations. Many of today’s communication tools are open source, and there is no way to hide a capability within an open source code base, nor to prevent people from simply removing or disabling an undesired feature. Even closed source systems are routinely modified by users—as with jailbreaking of phones—and users will find ways to disable features they don’t want. Criminals will want to disable these features. Ordinary users will also want to disable them, to mitigate their security risks.

Felten's remarks summarize a report [PDF] signed by 20 distinguished computer scientists criticizing the FBI's proposal. It's an important read -- maybe the most important thing you'll read all month. If you can't trust your devices, you face enormous danger.

CALEA II: Risks of wiretap modifications to endpoints

Former FBI counterterrorism agent implies that US records all US phone calls

Cory Doctorow — Mon, 06 May 2013 18:35:48 +0000

Glenn Greenwald notes the alarming revelation from a CNN Out Front interview between host Erin Burnett and Tim Clemente, "a former FBI counterterrorism agent," where Clemente claimed that the FBI had access to recordings of every phone call made in America:

BURNETT: Tim, is there any way, obviously, there is a voice mail they can try to get the phone companies to give that up at this point. It's not a voice mail. It's just a conversation. There's no way they actually can find out what happened, right, unless she tells them?
CLEMENTE: "No, there is a way. We certainly have ways in national security investigations to find out exactly what was said in that conversation. It's not necessarily something that the FBI is going to want to present in court, but it may help lead the investigation and/or lead to questioning of her. We certainly can find that out.
BURNETT: "So they can actually get that? People are saying, look, that is incredible.
CLEMENTE: "No, welcome to America. All of that stuff is being captured as we speak whether we know it or like it or not."

Are all telephone calls recorded and accessible to the US government? (via /.)

Why "connecting the dots" is the wrong way to think about stopping terrorism

Cory Doctorow — Fri, 03 May 2013 23:13:57 +0000

Bruce Schneier has a great op-ed on CNN on why it's stupid to talk about whether the FBI should have "connected the dots" on the Boston bomber. As Bruce points out, it's only in hindsight that there's a neat trail of dots to connect, a narrative we can make sense of. Before the fact, it's a hairy, swirling hotchpotch of mostly irrelevancies, and it's only the "narrative fallacy" that makes it seem like a neat story in retrospect. The risk here is that intelligence agencies and the press will push this fallacy as grounds for taking away more rights and more privacy in order to "connect the dots" next time.

Rather than thinking of intelligence as a simple connect-the-dots picture, think of it as a million unnumbered pictures superimposed on top of each other. Or a random-dot stereogram. Is it a sailboat, a puppy, two guys with pressure-cooker bombs or just an unintelligible mess of dots? You try to figure it out.

It's not a matter of not enough data, either.

Piling more data onto the mix makes it harder, not easier. The best way to think of it is a needle-in-a-haystack problem; the last thing you want to do is increase the amount of hay you have to search through.

The television show "Person of Interest" is fiction, not fact.

There's a name for this sort of logical fallacy: hindsight bias.

Why FBI and CIA didn't connect the dots (Thanks, Bruce!)

(Image: connect-the-dots, a Creative Commons Attribution Share-Alike (2.0) image from whitneywaller's photostream)

CISPA is not dead! It's coming back -- get ready!

Cory Doctorow — Thu, 02 May 2013 20:42:33 +0000

Evan from Fight for the Future sez, "All of your phone calls, emails, petition signatures, and tweets are working. The privacy-killing back-from-the-dead zombie bill CISPA is a bit stalled in the Senate, with over $605 million in lobbying spent on it already, it's bound to be back to haunt us in some form soon. So we made an infographic to get everyone up to speed. This Spring, we'll be organizing the largest online privacy protest in history, to send this bill back where it belongs. Join us?"

Why do governments get Internet surveillance so wrong?

Cory Doctorow — Mon, 29 Apr 2013 13:36:45 +0000

The UK Open Rights Group has just published "Why the Snoopers’ Charter is the wrong approach: A call for targeted and accountable investigatory powers," a digital paper on why and how governments go terribly wrong with Internet surveillance proposals, and what a reasonable and accountable form of surveillance would look like. Jim Killock from ORG sez,

After the Snoopers' Charter debacle, the Open Rights Group asks why intrusive new laws are being suggested, if they are needed at all and what the alternatives are. Some of the UK's most prominent surveillance experts examine the history of UK surveillance law and the challenges posed by the explosion of digital datasets. Contributors include journalist Duncan Campbell, legal expert Angela Patrick from Justice, Richard Clayton of Cambridge University Computer Labs and Peter Sommer, Visiting Professor at De Montfort University.

Digital Surveillance (Thanks, Jim!)

(Disclaimer: I am proud to have co-founded the Open Rights Group, and to volunteer on its advisory council)

CISPA is dead! (again) (for now)

Cory Doctorow — Fri, 26 Apr 2013 14:24:15 +0000

After months of activist agitation and a crushing disappointment from the cowards in the House of Representatives, the US senate has effectively killed CISPA, a sweeping Internet surveillance proposal. This is astoundingly great news! But CISPA died once before, and came back from the dead, and it will not likely stay dead this time around either. The price of liberty is eternal vigilance, etc etc etc:

Sen. Jay Rockefeller (D-WV), the chairman of the U.S. Senate Committee on Commerce, Science and Transportation, said in a statement on April 18 that CISPA's privacy protections are "insufficient."
A committee aide told ZDNet on Thursday that Rockefeller believes the Senate will not take up CISPA. The White House has also said the President won't sign the House bill.
Staff and senators are understood to be "drafting separate bills" that will maintain the cybersecurity information sharing while preserving civil liberties and privacy rights.
Rockefeller's comments are significant as he takes up the lead on the Commerce Committee, which will be the first branch of the Senate that will debate its own cybersecurity legislation.
Michelle Richardson, legislative council with the American Civil Liberties Union, told the publication she thinks CISPA is "dead for now," and said the Senate will "probably pick up where it left off last year."

CISPA 'dead' in Senate, privacy concerns cited [Zack Whittaker/ZDNet]

Snooper's Charter is dead! (for now)

Cory Doctorow — Fri, 26 Apr 2013 06:50:34 +0000

Aw, yeah! The UK Communications Data Bill -- AKA the "Snooper's Charter," a sweeping, totalitarian universal Internet surveillance bill that the Conservative government had sworn to pass -- is dead! Yesterday, Nick Clegg, leader of the Liberal Democrats in Parliament, announced that his party would not support the bill, and effectively killed it. Though I've been bitterly disappointed with some of the terminal compromises the LibDems have made, this makes me grateful to have them in Parliament. The kind of universal surveillance proposed in the Snooper's Charter was broadly supported by the last Labour government, which radically expanded state surveillance powers, and by the Tories -- thank goodness for the LibDems mustering a scrap of backbone at last!

The only downside is that the Open Rights Group had a whole series of great "Professor Elemental" videos that used pointed, excellent humour to mock and undermine the bill and drum up opposition to it, and now that's all going to go to waste (I blogged episode one yesterday).

Aw, who'm I kidding? This kind of thing never stays dead.

The snooper's charter has reminded Nick Clegg, finally, he is a liberal

UK Home Office commissions a super villain-catching-machine from Prof. Elemental

Cory Doctorow — Wed, 24 Apr 2013 08:34:27 +0000

In this startling debut episode, the renowned Professor Elemental receives a commission from the government to build a marvellous snooping machine with which to catch the badduns. The Home Secretary has the right man for the job -- with the good professor's marvellous device, the Home Office will be able to spy on every communique that traverses the British Information Superhighway!

(It's all about the Snooper's Charter, the barmy UK legislative proposal to give nearly unlimited snooping powers to the government and police, and this video is courtesy of the good people at the Open Rights Group.

Professor Elemental build a Great Machine for Catching Villains Chapter One (Thanks, Jim!)

UK ISPs betray customers, collaborate on government surveillance

Cory Doctorow — Tue, 23 Apr 2013 14:00:26 +0000

Britain's Communications Data Bill -- AKA the Snooper's Charter -- would effectively eliminate private communications in the UK, giving government and the police the power to spy on virtually everything you do online (which is rapidly merging with everything you do, full stop). The major ISPs in the UK have apparently been turned to the government's cause, and have been quietly supporting the bill, which strips their customers of any semblance of privacy.

The government defends this proposal by saying that they're not intercepting "messages," only "envelopes." That is, they'll get the subject lines, social graph data, who is talking, where, how often, and who replies, how long the messages are, and so on. I like to imagine Alan Turing taking this approach to informational significance: "Mr Churchill, I'm sorry, there's no point in what you're asking us to do: all we can decode from the Nazis is who is sending messages, who receives them, what they're about, where they're sent from, how often they're sent, and how long they are. Nothing compromising." (Then I imagine the ghost of Turing haunting Home Secretary Teresa May, who claims that none of that kind of data compromises Britons' privacy).

In an open letter to the major ISPs, the Open Rights Group, Big Brother Watch, and Privacy International accuse the ISPs of entering into a conspiracy of silence on the surveillance system:

It has become clear that a critical component of the Communications Data Bill is that UK communication service providers will be required by law to create data they currently do not have any business purpose for, and store it for a period of 12 months.
Plainly, this crosses a line no democratic country has yet crossed – paying private companies to record what their customers are doing solely for the purposes of the state.
These proposals are not fit for purpose, which possibly explains why the Home Office is so keen to ensure they are not aired publicly.
There has been no public consultation, while on none of your websites is there any reference to these discussions. Meetings have been held behind closed doors as policy has been developed in secret, seemingly the same policy formulated several years ago despite widespread warnings from technical experts.
That your businesses appear willing to be co-opted as an arm of the state to monitor every single one of your customers is a dangerous step, exacerbated by your silence
Consumers are increasingly concerned about their privacy, both in terms of how much data is collected about them and how securely that data is kept. Many businesses have made a virtue of respecting consumer privacy and ensuring safe and secure internet access.
Sadly, your customers have not had the opportunity to comment on these proposals. Indeed, were it not for civil society groups and the media, they would have no idea such a policy was being considered.
We believe this is a critical failure not only of Government, but a betrayal of your customers' interests. You appear to be engaged in a conspiracy of silence with the Home Office, the only concern being whether or not you will be able to recover your costs.

ISPs In ‘Conspiracy Of Silence’ With Government On Snooper’s Charter (via ./)

Prediction: success from Boston surveillance in bombing manhunt will lead to more spying everywhere

Xeni Jardin — Mon, 22 Apr 2013 01:13:30 +0000

"The images captured in Boston are validation of a three-year project in St. Louis to link 150 surveillance cameras into a single security system throughout the city’s central corridor, from the riverfront to Forest Park," reports Doug Moore at stltoday.com. This despite a statement by Boston's police chief that facial recognition technology system did not help find the suspects. How much you wanna bet the "surveillance imaging solved this crime" argument will lead to more forceful pushes for expanded surveillance imaging in any number of other American cities? (HT: @kgosztola)

CISPA: Congress wants to create unlimited Internet spying powers - KILL THIS BILL! KILL IT WITH FIRE!

Cory Doctorow — Wed, 17 Apr 2013 15:44:34 +0000

Rep. Rogers says #CISPA opponents are probably 14-year-olds in a basement. Tell him how wrong he is by tweeting to @repmikerogers.
— EFF (@EFF) April 16, 2013

CISPA is the latest Congressional proposal to do something unbelievably horrible with the Internet -- this time, it's letting US law enforcement and intelligence service raid all of your data, all the time, without letting you know, regardless of your service provider's privacy policy, in the name of preventing "cyberattacks," whatever they are.

It's about as horrible as it can be: the House Rules Committee won't even allow privacy-protecting amendments on the agenda; the bill's sponsor Rep. Mike Rogers dismisses people who oppose CISPA as 14-year-olds in their parents' basements; and a bunch of tech companies are lobbying in favor of CISPA because the bill cannily immunizes them from liability for firehosing your personal, sensitive information all over the place.

The sole bright light is this: the Obama White House has taken an uncharacteristically progressive stance on privacy this time around, and has threatened to veto the bill.

The Electronic Frontier Foundation is, as always, the best place to go to find things you can (and should, and MUST) do to kill this insane proposal.

Obama's regressive record makes Nixon look like Che

Cory Doctorow — Mon, 08 Apr 2013 16:06:32 +0000

Redditor Federal Reservations has made a handy post enumerating all the regressive, authoritarian, corporatist policies enacted by the Obama administration in its one-and-a-bit terms. You know, for someone the right wing press likes to call a socialist, Obama sure makes Richard Nixon look like Che Guevara. And what's more, this is only a partial list, and excludes the parade of copyright horrors and bad Internet policy emanating from the White House, via Joe Biden's push for Six Strikes, the US Trade Rep's push for secret Internet censorship and surveillance treaties like TPP and ACTA and TAFTA; the DoJ's push to criminalize every Internet user by expanding the CFAA, and much, much more.

Obama extends Patriot Act without reform - [1]
http://articles.nydailynews.com/2011-05-27/news/29610822_1_terrorist-groups-law-enforcement-secret-intelligence-surveillance
Signs NDAA 2011 (and 2012, and 2013) - [2]
http://www.forbes.com/sites/erikkain/2012/01/02/president-obama-signed-the-national-defense-authorization-act-now-what/
Appeals the Federal Court decision that “indefinite detention” is unconstitutional - [3]
http://www.activistpost.com/2013/02/ndaa-hedges-v-obama-did-bill-of-rights.html
Double-taps a 16-year-old American-born US citizen living in Yemen, weeks after the boy's father was killed. Administration's rationale? He "should have [had] a far more responsible father" - [4]
http://www.washingtonpost.com/world/national-security/anwar-al-awlakis-family-speaks-out-against-his-sons-deaths/2011/10/17/gIQA8kFssL_story.html
Continues to approve drone strikes that kill thousands of innocent civilians including women and children in Pakistan, Yemen, and other countries that do not want the US intervening; meanwhile, according to the Brookings Institute's Daniel Byman, we are killing 10 civilians for every one mid- to high- level Al Qaeda/Taliban operative. This is particularly disturbing, since now any military-aged male in a strike zone is now officially considered an enemy combatant - [5]
http://www.telegraph.co.uk/news/worldnews/asia/pakistan/7361630/One-in-three-killed-by-US-drones-in-Pakistan-is-a-civilian-report-claims.html
Protects Bush’s war crimes as State Secrets - [6] [7] [8]
http://www.salon.com/2010/09/08/obama_138/
https://www.eff.org/deeplinks/2009/04/obama-doj-worse-than-bush
http://washingtonindependent.com/33985/in-torture-cases-obama-toes-bush-line
Waives sections of a law meant to prevent the recruitment of child soldiers in Africa in order to deepen military relationship with countries that have poor human rights records -[9]
http://thecable.foreignpolicy.com/posts/2010/10/26/why_is_obama_easing_restrictions_on_child_soldiers

Appoints Monsanto, GMO company with multiple unsafe practice violations, lobbyist to head the FDA - [10]
http://www.washingtonpost.com/blogs/blogpost/post/monsanto-petition-tells-obama-cease-fda-ties-to-monsanto/2012/01/30/gIQAA9dZcQ_blog.html
DOJ raids marijuana dispensaries that are now legal pursuant state law - [11]
http://www.liveleak.com/view?i=685_1342311527
Obama protects AG Holder from Congressional “Fast and Furious” gun walking investigations - [12]
http://abcnews.go.com/blogs/politics/2012/06/white-house-invokes-executive-privilege-on-fast-and-furious-documents/
Brings no criminal charges against bank executives that misused bailouts - [13]
http://www.nytimes.com/2012/08/26/opinion/sunday/no-crime-no-punishment.html
Engages in a war on whistleblowers - [14]
http://dailycaller.com/2012/07/31/the-obama-administrations-war-on-whistleblowers/
Grants immunity to CIA torturers - [15]
http://www.guardian.co.uk/commentisfree/2012/aug/31/obama-justice-department-immunity-bush-cia-torturer
Quadruples Bush's warrantless wiretapping program - [16]
http://www.aclu.org/blog/national-security-technology-and-liberty/new-justice-department-documents-show-huge-increase
Allows innocent man to die at gitmo - [17]
http://www.huffingtonpost.com/suzanne-nossel/the-death-of-guantanamo_b_1878375.html
Increases Drug War budget - [18]
http://www.whitehouse.gov/ondcp/the-national-drug-control-budget-fy-2013-funding-highlights
Supports intrusive TSA pat-downs and body scans - [19]
http://www.cnn.com/2010/TRAVEL/11/20/obama.tsa/index.html
Says it’s legal to track individuals by pinpointing their cellphone without warrant - [20]
http://www.businessinsider.com/government-says-its-to-track-cell-phones-2012-10
Renews FISA and NSA’s unregulated spying and banking of all wireless communication - [21] [22]
http://www.nytimes.com/2010/04/01/us/01nsa.html
http://www.democracynow.org/2012/4/20/whistleblower_the_nsa_is_lying_us Appeals SCOTUS ruling that warrantless installation of tracking devices on cars is unconstitutional - [23]
http://www.thenewamerican.com/usnews/constitution/item/11591-obama-admin-argues-no-warrant-required-for-gps-tracking-of-citizens
DOJ overzealously prosecutes [read: persecutes] activist Aaron Swartz, ultimately leading to his suicide in the face of trumped-up charges brought forth to silence his movement for open information - [24]
http://rt.com/usa/secret-service-accused-of-misconduct-in-aaron-swartz-case-020/ Obama nominates JP Morgan defense lawyer to head the SEC, the regulatory agency in charge of keeping Wall Street in line - [25]
http://www.rollingstone.com/politics/blogs/taibblog/choice-of-mary-jo-white-to-head-sec-puts-fox-in-charge-of-hen-house-20130125
Picks Goldman Sachs partner Bruce Heyman—who, along with his wife, raised $1 million for Obama—as an ambassador to Canada - [26]
http://www.cbc.ca/news/business/story/2013/04/03/pol-us-ambassador-to-canada-obama.html

Thanks Obama!

Walk 1.4 mi. in London, take photos of 140+ CCTVs

Cory Doctorow — Mon, 08 Apr 2013 00:34:32 +0000

James Bridle photographed every CCTV between his home in east London and Dalston Junction, a 1.4mi walk with about 140 cameras. Welcome to London, where we have 11 CCTVs per red blood cells.

Every CCTV camera between my house and Dalston Junction (via Super Punch)

What problem are we trying to solve in the copyright wars?

Cory Doctorow — Thu, 28 Mar 2013 20:13:11 +0000

My latest Guardian column is "Copyright wars are damaging the health of the internet" and it looks at what we really need from proposed solutions to the copyright wars:

I've sat through more presentations about the way to solve the copyright wars than I've had hot dinners, and all of them has fallen short of the mark. That's because virtually everyone with a solution to the copyright wars is worried about the income of artists, while I'm worried about the health of the internet.
Oh, sure, I worry about the income of artists, too, but that's a secondary concern. After all, practically everyone who ever set out to earn a living from the arts has failed – indeed, a substantial portion of those who try end up losing money in the bargain. That's nothing to do with the internet: the arts are a terrible business, one where the majority of the income accrues to a statistically insignificant fraction of practitioners – a lopsided long tail with a very fat head. I happen to be one of the extremely lucky lotto winners in this strange and improbable field – I support my family with creative work – but I'm not parochial enough to think that my destiny and the destiny of my fellow 0.0000000000000000001 percenters are the real issue here.
What is the real issue here? Put simply, it's the health of the internet.

CIA director promotes woman who approved destruction of CIA "harsh interrogation" videos

Xeni Jardin — Wed, 27 Mar 2013 13:05:31 +0000

A woman has been placed in charge of the CIA’s clandestine service for the first time in the agency’s history, reports the Washington Post. She's a veteran officer whom many in the agency support, and the high-level appointment is seen as a step forward for women in Washington. That's the good news! The bad news is...

[S]he also helped run the CIA’s detention and interrogation program after the Sept. 11, 2001, attacks and signed off on the 2005 decision to destroy videotapes of prisoners being subjected to treatment critics have called torture. The woman, who remains undercover and cannot be named, was put in the top position on an acting basis when the previous chief retired last month. The question of whether to give her the job permanently poses an early quandary for [CIA Director John] Brennan, who is already struggling to distance the agency from the decade-old controversies.

More: "CIA director faces a quandary over clandestine service appointment". [The Washington Post, via @dabeard]

There's some speculation it's this person. [Gawker]

We have a choice about the world that technology will give us

Cory Doctorow — Sat, 23 Mar 2013 15:31:26 +0000

Phil Windley, former CTO of Utah and now CTO of a startup called Kynetx, has an inspiring, brief piece on how technologists can help build a technological world where technology helps us live better lives over which we have more control, and how a failure to do something to build this world will give us a place where we are continuously spied upon and manipulated.

We probably don’t really have a choice about whether a $0.03 wireless sensor platform will exist. Technology marches on.

But we do have a choice about how it will be employed. If we follow the path we’re on now, all those devices will be controlled by some company somewhere that is providing the service behind them. All that data that all those devices are gathering about you will be streamed back to a walled garden via an encrypted channel to end up as fodder for some big data analytics platform that will be used by someone to sell you more stuff. You will be spied on by everything around you with no rational way to understand where all that data is going and how it’s being used. We’ll create government regulations that will do little to rationalize your world or help you understand it because they will only succeed in further Balkanizing it.

There is another path: in this alternate world all the devices that are related to you will push their data into a place that you control. This will seem rational and natural because the model will follow the structure of the world you’re already used to with clear delineations between public and private spaces and easy-to-understand controls over how data is used and shared. I say “natural” in a literal way. This is the way the physical world works and we’re all used to it. In this alternate world you are in control.

Build the World You Want to Live In (via Hack the Planet)

Space spy? NASA researcher, a Chinese national, arrested on plane bound for China

Xeni Jardin — Wed, 20 Mar 2013 17:53:04 +0000

Aerospace contractor Bo Jiang, who is accused by U.S. Rep. Frank Wolf (R-VA) of being a spy, made a first appearance in federal court on Monday. The Chinese national worked on contract at NASA's Langley's Research Center in Hampton, VA.

Federal agents grabbed him over the weekend just as he was boarding a flight from Dulles airport (in DC) to Beijing. He is charged with making false statements to U.S. authorities by failing to disclose all of the electronic devices he was carrying on his one-way flight, and has since been jailed.

From congressman Wolf's statement, which references the text of the federal warrant:

On Friday, March 15, federal agents learned that Mr. Jiang "was leaving the United States abruptly to return to China on a one-way ticket."
On Saturday, March 16, Mr. Jiang traveled by plane from Norfolk to Dulles to connect to a flight to China. While at Dulles he boarded a plane to Beijing. During a "border stop," federal agents conducted a search of Jiang's personal items.
And I'm quoting now directly from the arrest warrant: "During the consensual encounter, federal agents asked Jiang what electronic media he had with him. Jiang told the Homeland Security agent that he had a cellphone, a memory stick, and external hard drive and a new computer. However, during the search, other media items were located that Jiang did not reveal. Such items include an additional laptop, an old hard drive and a SIM card."
The warrant also notes that the FBI "believes this to be material to the federal investigation, in that it was important to learn what electronic media Jiang was taking out of the United States." It also mentions that agents are aware that Mr. Jiang previously traveled to China with a laptop belonging to NASA that agents believe to have contained sensitive information.

NASAWatch has links to all the early coverage.

CBS News has an updated account here. The Atlantic has an explainer post here, and the arrest warrant.

Sen. John Kerry has a planned trip to China coming up in the next few weeks. I'd imagine the Chinese government will not be happy about this case, which by any measure has so far provided all involved with more questions than answers.

(Thanks, Aileen Graef)

In-depth explanation of EFF's courtroom victory over the FBI's "National Security Letters"

Cory Doctorow — Tue, 19 Mar 2013 18:51:46 +0000

Last week, we brought you the wonderful news that a district court in San Francisco had struck down the law that allowed the FBI to issue its own "National Security Letters" (NSLs) -- secret search-warrants with permanent gag orders. Now, Matt Zimmerman, a senior staff attorney at the Electronic Frontier Foundation (who brought the case on behalf of an unnamed telco), explains in depth what EFF asked the court to recognize, how far they got, and what happens next:

The court made five critical findings. First, Judge Illston quickly rejected the government's dangerous argument that NSL recipients had no power to review the constitutionality of the statute. The government had suggested that the court could only review specific problems with specific NSLs, meaning that larger structural problems with the statute would remain untouched. As the court correctly noted, however, the statute specifically allows a court to determine whether an NSL is "unreasonable" or "unlawful" which includes determining whether the statute itself is unconstitutional.
Second, the district court found that the statute impermissibly authorizes the FBI to limit speech without constitutionally-mandated procedural protections. The Supreme Court articulated the scope for such protections in 1965 in Freedman vs. Maryland, a case in which it struck down a Maryland licensing scheme that required films to be submitted to a government ratings board prior to public showings. The problem with the statute wasn't necessarily its substantive reach as it was possible that films could be banned without violating the First Amendment -- if, for example, they met the First Amendment definition of "obscene." Instead, the court was concerned that the procedures for challenging a ban stacked the deck against theater owners...
... Fourth, the district court found that the statute was not "severable," meaning that Congress designed the NSL tool as a whole and that the powers it granted to the FBI were not intended to function separately if one of the powers was found to be unconstitutional. Because the nondisclosure provision was found to be unconstitutional on its face, the power to compel the disclosure of customer records must also fall. NSL statistics are consistent with this observation: 97% of all NSLs are delivered with a gag order.
Finally, the district court found that, regardless of other failings, the statute's standard of review violated separation of powers principles by forcing the courts to defer to the FBI's determinations and preventing independent review. It noted that a "[c]ourt can only sustain nondisclosure based on a searching standard of review." While courts do largely defer to the executive branch's judgment in national security matters, the standard in this statute required the court to consider the government's decision "conclusive" and only allowing the court to consider whether it was made in "bad faith." The court rightly noted that real judicial review requires more.

In Depth: The District Court's Remarkable Order Striking Down the NSL Statute

Canadian government muzzles librarians and archivists, creates snitch line to report those who speak online or in public without permission

Cory Doctorow — Tue, 19 Mar 2013 18:12:24 +0000

Canada's Conservative government has issued new regulations to librarians and archvists governing their free speech in public forums and online media. According to the Harper government, public servants owe a "duty of loyalty" to the "duly elected government" and must get permission from their ~~political officers~~ managers before making any public utterance -- or even a private utterance in an online forum that may eventually leak to the public, to prevent "conflicts" or "risks" their departments.

The Tories have also rolled out a snitch-line where those loyal to the party line can report on their co-workers for failing to maintain ideological purity.

“Once you start picking on librarians and archivists, it’s pretty sad,” says Toni Samek, a professor of library and information studies at the University of Alberta. She specializes in intellectual freedom and describes several clauses in the code as “severe” and “outrageous.”
The code is already having a “chilling” effect on federal archivists and librarians, who used to be encouraged to actively engage and interact with groups interested in everything from genealogy to preserving historical documents, says archivist Loryl MacDonald at the University of Toronto.
“It is very disturbing and disconcerting to have included speaking at conferences and teaching as so-called ‘high risk’ activities,” says MacDonald, who is president of the Association of Canadian Archivists, a non-profit group representing some 600 archivists across the country.

Regular readers will remember that Canada's librarians and archivists led a charge to save Canada's National Archives when the Harper Tories broke up the irreplaceable collections and flogged them off to private collectors at fire-sale prices.

Federal librarians fear being ‘muzzled’ under new code of conduct that stresses ‘duty of loyalty’ to the government [Margaret Munro/National Post]

(Thanks, Dad!)

EFF explains yesterday's National Security Letter ruling

Cory Doctorow — Sat, 16 Mar 2013 18:42:48 +0000

Further to Xeni's post from yesterday about the landmark ruling by a San Francisco district court judge that the FBI may not issue "national security letters" (NSLs), the Electronic Frontier Foundation, who fought the case, has posted a good explanation about what NSLs are and why they were so creepy:

The controversial NSL provisions EFF challenged on behalf of the unnamed client allow the FBI to issue administrative letters -- on its own authority and without court approval -- to telecommunications companies demanding information about their customers. The controversial provisions also permit the FBI to permanently gag service providers from revealing anything about the NSLs, including the fact that a demand was made, which prevents providers from notifying either their customers or the public. The limited judicial review provisions essentially write the courts out of the process.
In today's ruling, the court held that the gag order provisions of the statute violate the First Amendment and that the review procedures violate separation of powers. Because those provisions were not separable from the rest of the statute, the court declared the entire statute unconstitutional. In addressing the concerns of the service provider, the court noted: "Petitioner was adamant about its desire to speak publicly about the fact that it received the NSL at issue to further inform the ongoing public debate."
"The First Amendment prevents the government from silencing people and stopping them from criticizing its use of executive surveillance power," said EFF Legal Director Cindy Cohn. "The NSL statute has long been a concern of many Americans, and this small step should help restore balance between liberty and security."

I am so proud of my friends at EFF this morning. Go team!

National Security Letters Are Unconstitutional, Federal Judge Rules

LibDems leave over support for secret trials; I resign from the party

Cory Doctorow — Tue, 12 Mar 2013 07:02:57 +0000

Philippe Sands, a professor of international law and prominent practicing lawyer, has resigned from the UK Liberal Democrats party. He is the third well-known party member to leave the LibDems this month. Dinah Rose, a respected human rights lawyer who represented Guantánamo detainee Binyam Mohamed, quit last week, and Jo Shaw, who ran for the LibDems in 2010 resigned from the party after giving a speech at the party conference in Brighton last weekend.

These principled people have quit over the LibDems' support of the "justice and security bill," which establishes a system of secret courts in Britain in which people who sue the government over torture and kidnapping will not be able to see the government evidence offered against them. The LibDem leadership supported this law, whipped their MPs to vote for it, and all but seven of the sitting LibDem MPs did, despite the enormous public outcry against it, including a condemnation from Lord Neuberger, the country's most senior judge.

The Lords -- a chamber full of senior lawyers and judges -- has rejected this legislation and sent it back, calling for a system of safeguards to be put in place before upsetting the principle of open justice going back to the Magna Carta. Parliament has ripped up the Lords' amendments, refusing even the most basic of safeguards in this legislation.

We voted for the LibDems to be the "party of liberty," but they've been anything but. With this latest betrayal of party principles, the leadership has scuttled any credibility it had left. There is simply no case for this measure. The proponents of the law act as though there is a flood of baseless claims of torture and kidnapping that the government has had to settle in order to avoid revealing the secrets of Britain's spies. The truth is that the government has had to apologise for lying about its role in illegal torture and kidnapping, and that most of its victims are unable to get justice even today. Indeed, we don't know for sure that the practice has stopped, and we can't, because we've had more than a decade of "war on terror" nonsense that says that the public must be spied upon at all times, but that politicians and police must be able to operate in unaccountable secrecy.

Here is some of Professor Sands's resignation, published in the Guardian today:

This part of the bill is a messy and unhappy compromise. It is said to have been demanded by the US (which itself has stopped more or less any case that raises 'national security' issues from reaching court), on the basis that it won't share as much sensitive intelligence information if the UK doesn't rein in its courts. Important decisions on intelligence taken at the instigation of others are inherently unreliable. We remember Iraq, which broke a bond of trust between government and citizen.
There is no floodgate of cases, nothing in the coalition agreement, nor any widely supported call for such a draconian change. There is every chance that, if the bill is adopted, this and future governments will spend years defending the legislation in UK courts and Strasbourg. There will be claims that it violates rights of fair trial under the Human Rights Act and the European convention (no doubt giving rise to ever-more strident calls from Theresa May and Chris Grayling that both should be scrapped). Other countries with a less robust legal tradition favouring the rule of law and an independent judiciary will take their lead from the UK, as they did with torture and rendition.
I accept that there may be times when the country faces a threat of such gravity and imminence that the exceptional measure of closed material proceedings might be needed. This is not such a time, and the bill is not such a measure. Under conditions prevailing today, this part of the bill is not pragmatic or proportionate. It is wrong in principle, and will not deliver justice. It will be used to shield governmental wrongdoing from public and judicial scrutiny under conditions that are fair and just. The bill threatens greater corrosion of the rights of the individual in the UK, in the name of "national security".

I've read each of these peoples' resignations with growing unease. I am a member of the LibDems, raised funds for them in the last election, campaigned for them, endorsed them, and voted for them.

I cannot, in good conscience, remain a member or supporter of the LibDems. There comes a point where the broken promises and corruption overwhelms the pretty words in the party manifesto. Deeds speak louder than words. The LibDems are the party of talking about liberty and voting in tyranny.

I resign from the party.

Update: Mark Thomspon sez, "Me and a Labour friend Emma Burnell record a weekly podcast called 'House of Comments' which is an informal chat about the week's (mainly UK) politics. I thought you might be interested in the latest one. I couldn't make it but Emma chatted to former Lib Dem Jo Shaw and current Lib Dem Linda Jack about Secret Courts and having edited it yesterday I think we got some very interesting insights into what has been going on behind the scenes on this issue."

This is a fascinating analysis of the bubble of unreality that the LibDem leadership now inhabits.

Philippe Sands quits Lib Dems in protest at support for secret courts

Inside the awful world of RATters - the men who spy on people through their computers with "remote administration tools"

Cory Doctorow — Mon, 11 Mar 2013 15:39:07 +0000

Nate Anderson's long Ars Technica piece on RATters -- men who use "Remote Administration Tools" to spy on others, mostly women, via their laptop cameras, and to plunder their computers for files and passwords -- is a must-read. Anderson lays out the way that online communities like Hack Forums provide expertise, tools, and, most importantly, validation for the men who participate in this "game." Anderson explains the power of software like DarkComet, which allows for near-total control of compromised computers (everything from opening the CD trays to disabling the Start menu in Windows); the dehumanizing language used by Ratters (they call their victims "slaves"); and the way that these tools have found their way into the arsenals of totalitarian governments, like the Assad regime in Syria, which used these tools to spy on rebels.

For many ratters, though, the spying remains little more than a game. It might be an odd hobby, but it's apparently no big deal to invade someone's machine, rifle through the personal files, and watch them silently from behind their own screens. "Most of my slaves are boring," wrote one aspiring ratter. "Wish I could get some more girls with webcams. It makes it more exciting when you can literally spy on someone. Even if they aren't getting undressed!"
One poster said he had already archived 200GB of webcam material from his slaves. "Mostly I pick up the best bits (funny parts, the 'good' [sexual] stuff) and categorize them (name, address, passwords etc.), just for funsake," he wrote. "For me I don't have the feeling of doing something perverted, it's more or less a game, cat and mouse game, with all the bonuses included. The weirdest thing is, when I see the person you've been spying on in real life, I've had that a couple of times, it just makes me giggle, especially if it's someone with an uber-weird-nasty habit."
By finding their way to forums filled with other ratters, these men—and they appear to be almost exclusively men—gain community validation for their actions. "lol I have some good news for u guys we will all die sometime, really glad to know that there are other people like me who do this shit," one poster wrote. "Always thought it was some kind of wierd sick fetish because i enjoy messing with my girl slaves."

Everything we do today involves computers and everything we do tomorrow will require computers. It's imperative that computers be designed to reveal themselves to their users and owners -- every program and process accessible to users and owners by design. But we continue to erode this fundamental through bans on jailbreaking and unlocking, and through the governmental trade in "zero-day" exploits intended for use in so-called cyberwar.

Meet the men who spy on women through their webcams [Nate Anderson/Ars Technica]

New bill to protect your webmail and location privacy needs your support

Cory Doctorow — Sat, 09 Mar 2013 20:00:15 +0000

The Electronic Communications Privacy Act (ECPA) of 1986 is an ancient law that governs the privacy of the files you keep on servers, including your webmail and other private stuff. The 1986 law assumes that any file left on a server for more than six months is abandoned, and gives law enforcement the power to retrieve it without a warrant. Many attempts have been made to update this, but the nation's law enforcement apparatus always kicks up a huge fuss when anyone proposes closing this glaring loophole.

Now there's a new, bipartisan bill from Representatives Zoe Lofgren (D-Calif.), Ted Poe (R-Texas) and Suzan DelBene (D-Wash.) that will update electronic privacy law for the bold world of the 1990s (at least!). The Electronic Frontier Foundation's Rainey Reitman has more:

We’re pleased to see Representatives Lofgren, Poe, and DelBene take up this crucial issue, but the current draft isn’t a perfect solution to all ECPA woes. For example, the bill has room for improvement on the issue of evidence suppression for email content collected without a warrant. We hope this already promising bill can be further improved through amendments.

By introducing this reform bill, the 113^th Congress has an opportunity to enact powerful protections for everyday Internet users – which would be particularly appreciated, since all too often Congress uses its power to try to undermine our digital civil liberties.

If you agree that the government shouldn’t be snooping through inboxes without a warrant, then please sign our petition, which will automatically send an email to Congress demanding they reform ECPA.

New Bill Would Ensure Law Enforcement Gets a Warrant Before Reading Email

RU Sirius on the history of cypherpunk

David Pescovitz — Thu, 07 Mar 2013 22:44:35 +0000

Over at The Verge, our pal RU Sirius writes about the history of "cypherpunk," a term coined in 1992 by legendary hacker St. Jude Milhon (RIP), and now used by Wikileaks founder Julian Assange in the title of his new book, Cypherpunks: Freedom and the Future of the Internet. From RU's piece at The Verge:

(EFF co-founder) John Gilmore summed up the accomplishments of the cypherpunks in a recent email: "We did reshape the world," he wrote. "We broke encryption loose from government control in the commercial and free software world, in a big way. We built solid encryption and both circumvented and changed the corrupt US legal regime so that strong encryption could be developed by anyone worldwide and deployed by anyone worldwide," including WikiLeaks.
As the 1990s rolled forward, many cypherpunks went to work for the man, bringing strong crypto to financial services and banks (on the whole, probably better than the alternative). Still, crypto-activism continued and the cypherpunk mailing list blossomed as an exchange for both practical encryption data and spirited, sometimes-gleeful argumentation, before finally peaking in 1997. This was when cypherpunk’s mindshare seemed to recede, possibly in proportion to the utopian effervescence of the early cyberculture. But the cypherpunk meme may now be finding a sort of rebirth in one of the biggest and most important stories in the fledgeling 21st century.

"Cypherpunk rising: WikiLeaks, encryption, and the coming surveillance dystopia"

MacLeod's dystopian masterpiece Intrusion in paperback

Cory Doctorow — Wed, 06 Mar 2013 12:35:08 +0000

Ken Macleod's amazing dystopian novel Intrusion is out in paperback today. Here's my review from last March:

Ken MacLeod's new novel Intrusion is a new kind of dystopian novel: a vision of a near future "benevolent dictatorship" run by Tony Blair-style technocrats who believe freedom isn't the right to choose, it's the right to have the government decide what you would choose, if only you knew what they knew.
Set in North London, Intrusion begins with the story of Hope, a mother who has become a pariah because she won't take "the fix," a pill that repairs known defects in a gestating fetus's genome. Hope has a "natural" toddler and is pregnant with her second, and England is in the midst of a transition from the fix being optional to being mandatory for anyone who doesn't have a "faith-based" objection. Hope's objection isn't based on religion, and she refuses to profess a belief she doesn't have, and so the net of social services and laws begins to close around her.
MacLeod widens the story from Hope, and her husband Hugh (a carpenter working with carbon-sequestering, self-forming "New Wood") who has moved to London from an independent Scotland, and whose childhood hides a series of vivid hallucinations of ancient people from the Ice Age-locked past. Soon we're learning about the bioscientists who toil to improve the world's genomes, the academics who study their work, the refuseniks who defy the system in small and large ways, and the Naxals, city-burning wreckers who would obliterate all of society. The Naxals, along with a newly belligerent India and Russia, are a ready-made excuse for a war-on-terror style crackdown on every corner of human activity that includes ubiquitous CCTV, algorithmic behavior monitors, and drones in every corner of the sky.
With Intrusion, MacLeod pays homage to Orwell, showing us how a society besotted with paternalistic, Cass Sunstein-style "nudging" of behavior can come to the same torturing, authoritarian totalitarianism of brutal Stalinism. MacLeod himself is a Marxist who is lauded by libertarians, and his unique perspective, combined with a flair for storytelling, yields up a haunting, gripping story of resistance, terror, and an all-consuming state that commits its atrocities with the best of intentions.

Intrusion

Supreme Court turns down ACLU bid to kill NSA warrantless wiretapping

Cory Doctorow — Wed, 27 Feb 2013 17:02:45 +0000

The US Supreme Court has dismissed Clapper v. Amnesty International, which sought to overturn the secret, mass surveillance of the Internet by the NSA. EFF has its own lawsuit, which is still proceeding:

The court didn’t address the constitutionality of the FAA itself, but instead ruled that the plaintiffs—a group of lawyers, journalists, and human rights advocates who regularly communicate with likely "targets" of FAA wiretapping—couldn’t prove the surveillance was "certainly impending," so therefore didn’t have the "standing" necessary to sue. In other words, since the Americans did not have definitive proof that they were being surveilled under the FAA—a fact the government nearly always keeps secret—they cannot challenge the constitutionality of the statute. p> It’s shameful that the courts again have cut off another avenue for accountability regarding the NSA's warrantless and unconstitutional surveillance activities. But as disappointing as the Clapper decision is, the good news is the decision likely won't adversely affect our Jewel v. NSA lawsuit, which we argued in district court in December of 2012. Indeed, the Clapper decision makes the Jewel case one of the last remaining hopes for a court ruling on the legality of the warrantless surveillance of Americans, now conducted for over a decade.
The Ninth Circuit has already ruled that the Jewel plaintiffs have standing under settled law. The court's decision is based on solid ground because we have presented the court with evidence that dragnet warrantless surveillance has already occurred, through testimony and documents from AT&T and NSA whistleblowers. In fact, the court specifically differentiated the two cases in its Jewel opinion: “Jewel has much stronger allegations of concrete and particularized injury than did the plaintiffs in Amnesty International. Whereas they anticipated or projected future government conduct, Jewel’s complaint alleges past incidents of actual government interception of her electronic communications."

Supreme Court Dismisses Challenge to FISA Amendments Act; EFF's Lawsuit Over NSA Warrantless Wiretapping Remains