Submit a link Features Reviews Podcasts Video Forums More ▾

Eric Schmidt on the NSA* (*translated from original bullshitese)

Bruce Schneier: "At SXSW earlier this month, CEO Eric Schmidt tried to reassure the audience by saying that he was 'pretty sure that information within Google is now safe from any government's prying eyes.' A more accurate statement might be, 'Your data is safe from governments, except for the ways we don't know about and the ways we cannot tell you about. And, of course, we still have complete access to it all, and can sell it at will to whomever we want.'" Cory 22

NSA wiretapped 122 world leaders; GCHQ penetrated German satellite companies for mass surveillance potential


Newly disclosed documents from the trove Edward Snowden provided to journalists reveal the existence of the "Nymrod" database that listed 122 world leaders, many from nations friendly to the USA, that were spied upon by the NSA. Included in the list is German Chancellor Angela Merkel, who was already known to have been wiretapped by the NSA thanks to an earlier disclosure. Nymrod's "Target Knowledge Database" combed through the NSA's pool of global intercepts to amass dossiers of private communications -- emails, faxes, calls and Internet traffic -- related to the leaders.

Additionally, the UK spy agency GCHQ infiltrated and compromised two German satellite communications companies -- Stellar and Cetel -- and IABG, a company that supplied them with equipment. It wiretapped their senior executives as well. None of these companies are accused of having done anything amiss, but were targeted by British spies because their services carried Internet traffic and were a convenient "access chokepoint" from which to conduct mass-surveillance programs.

Read the rest

Microsoft changes policy: won't read your Hotmail anymore to track down copyright infringement or theft without a court order


Microsoft read the email of Hotmail users without a warrant, in order to catch someone who'd leaked some Microsoft software. When they were caught out, the pointed out that they'd always reserved the right to read Hotmail users' email, and tried to reassure other Hotmail users by saying that they were beefing up the internal process by which they decided whose mail to read and when.

Now, citing the "'post-Snowden era' in which people rightly focus on the ways others use their personal information," the company has announced that it will not read its users' email anymore when investigating theft or copyright violations -- instead, it will refer this sort of thing to the police in future (they still reserve the right to read your Hotmail messages without a court order under other circumstances).

As Techdirt's Mike Masnick points out, this is a most welcome change. The message announcing the change by Brad Smith (General Counsel & Executive Vice President, Legal & Corporate Affairs) is thoughtful and forthright. It announces a future round-table on the questions raised by the company's snooping that the Electronic Frontier Foundation can participate in.

Smith asks a seemingly rhetorical question: "What is the best way to strike the balance in other circumstances that involve, on the one hand, consumer privacy interests, and on the other hand, protecting people and the security of Internet services they use?" That is indeed a fascinating question, but in the specific case of Hotmail, I feel like it has a pretty obvious answer: change your terms of service so that you promise not to read your customers' email without a court order. Then, if you think there's a situation that warrants invading your customers' privacy, get a court order. This is just basic rule-of-law stuff, and it's the kind of thing you'd hope Microsoft's General Counsel would find obvious.

The fact that the question is being raised casts more light on Microsoft's extensive "Scroogled" campaign, which (rightly) took Google to task for having a business-model that was predicated on harvesting titanic amounts of personal data. The takeaway here is that while Microsoft's business-model (at the moment) is less privacy-invading than Google's, that is not due to any inherent squeamishness about spying on people -- rather, it's just a practical upshot of its longstanding practices.

Read the rest

Big Data Kafka: US Government Watchlists and the secrecy whose justification is a secret


In the ACLU's new paper U.S. Government Watchlisting: Unfair Process and Devastating Consequences [PDF], the group describes strange world of terrorist watchlists, including no-fly lists, where it's nearly impossible to discover if you're on a list, and nearly impossible to find out why you're on a list, and nearly impossible to get removed from a list. As the ACLU points out, this is Orwell by way of Kafka, where we're not allowed to know what surveillance is taking place or why surveillance is taking place -- and we're not allowed to know why we're not allowed to know.

The ACLU says that the national terrorism watchlist has 1.1 million names on it, and an AP report from 2012 found 21,000 people on the no-fly list. Recently, Rahinah Ibrahim became the first person to be officially, publicly removed from a no-fly list, after the government was forced to admit that she'd been placed there due to a bureaucratic error. All through the Ibrahim case, the government argued that disclosing any facts about her no-fly status would endanger national security, but ultimately it was obvious that the only potential risk was that the government's sloppiness would be disclosed. The state was willing to spend millions of dollars and ruin an innocent person's life rather than admitting that an FBI agent literally ticked the wrong box.

In the 13 years since 9/11, one person has managed to successfully challenge the system of secret and unaccountable watchlists. It's clear that she wasn't the only person who deserved to be removed, though. This is Big Data Kafka: the algorithm says you're guilty, and you're not allowed to see the data or the algorithm because it was not designed to work if the people who it judged knew about its parameters.

Read the rest

Ethiopia: the first "off-the-shelf" surveillance state


"They Know Everything We Do", a new, exhaustive report from Human Rights Watch, details the way the young state of modern Ethiopia has become a kind of pilot program for the abuse of "off-the-shelf" surveillance, availing itself of commercial products from the US, the UK, France, Italy and China in order to establish an abusive surveillance regime that violates human rights and suppresses legitimate political opposition under the guise of a anti-terrorism law that's so broadly interpreted as to be meaningless.

The Electronic Frontier Foundation is representing a victim of Ethiopian state surveillance: Mr. Kidane had his computer hacked by Ethiopian spies while he was in the USA, and they planted spyware that gave them access to his Skype and Google traffic.

Read the rest

UK tax authority used anti-terror law to spy on whistleblower who disclosed sweetheart deal for Goldman Sachs


The UK tax authority HMRC abused the country's controversial anti-terrorism law to spy on a whistleblower and journalists at the Guardian after it was embarrassed by the revelation that it had given a sweetheart deal to Goldman Sachs. Osita Mba revealed a government oversight body that HMRC forgave GBP10M in interest owed by Goldman Sachs after a failed tax-evasion scheme, and in the ensuing public furore, HMRC's top executives invoked RIPA, the country's anti-terror law, to spy on its employees and on Guardian journalists in order to discover the identity of the leaker. Under RIPA, HMRC is able to spy on the nation's emails, Internet traffic, text messages, phone records and other sensitive data.

Lin Homer, the head of HMRC has appeared before a Parliamentary committee to explain its use of anti-terror spying powers to uncover the identity of a whistleblower whose personal information is protected by legislation, and was unrepentant, and would not rule out doing it again in the future.

Margaret Hodge, the committee chair, expressed shock at this. But it was under her party's last government, the Blair regime, that RIPA was put into place, over howls of protest from campaigners who predicted that it would be used in just this way.

Read the rest

Obama administration will make tiny, nearly meaningless changes to illegal bulk phone spying


The Obama administration will unveil a plan to sunset the bulk collection of US telephone data by American spies. Instead, it will plunder data that the carriers are required to retain for 18 months (America's spies currently warehouse phone data for five years) on the strength of warrants issued by its secret, rubberstamp Foreign Intelligence "court." This won't take place for at least 90 days, and for those 90 days, the administration expects the "court" to renew the spies' power to harvest bulk phone data as it has until now (despite that fact that Obama's appointed independent commission concluded that this program is illegal). Spies will only be able to explore phone data within two "hops" of their persons of interest, rather than the "three hop" rule they claim they've followed until now. Civil liberties groups are very slightly cheered by all this news.

Read the rest

Jake Appelbaum reads his Homeland afterword, with bonus Atari Teenage Riot vocoder mix

Two of my friends contributed afterwords to my novel Homeland: Aaron Swartz and Jacob Appelbaum. In this outtake from the independently produced Homeland audiobook (which you can get for the next week exclusively through the Humble Ebook Bundle), Jake reads his afterword at The Hellish Vortex Studio in Berlin, where he is in exile after several harrowing adventures at the US border. Hellish Vortex is run by Alec Empire, founding member of Atari Teenage Riot. Alec recorded this clip (MP3), and also mixed an alternate version.

Originally Jake had intended for his afterword to be anonymous (I didn't understand this at the time, and there was no harm done!). In keeping with this, Alec mixed this vocoder edition (MP3), that is pretty awesome.

Humble Ebook Bundle

LAPD says every car in Los Angeles is part of an ongoing criminal investigation


The Electronic Frontier Foundation is trying to figure out what the LAPD is doing with the mountains (and mountains) of license-plate data that they're harvesting in the city's streets without a warrant or judicial oversight. As part of the process, they've asked the LAPD for a week's worth of the data they're collecting, and in their reply brief, the LAPD argues that it can't turn over any license-plate data because all the license-plates they collect are part of an "ongoing investigation," because every car in Los Angeles is part of an ongoing criminal investigation, because some day, someone driving that car may commit a crime.

As EFF's Jennifer Lynch says, "This argument is completely counter to our criminal justice system, in which we assume law enforcement will not conduct an investigation unless there are some indicia of criminal activity."

This reminds me of the NSA's argument that they're collecting "pieces of a puzzle" and Will Potter's rebuttal: "The reality is that the NSA isn't working with a mosaic or a puzzle. What the NSA is really advocating is the collection of millions of pieces from different, undefined puzzles in the hopes that sometime, someday, the government will be working on a puzzle and one of those pieces will fit." The same thing could be said of the LAPD.

Read the rest

Turkey orders block of Twitter's IP addresses

Just a few days after Turkey's scandal-rocked government banned Twitter by tweaking national DNS settings, the state has doubled down by ordering ISPs to block Twitter's IP addresses, in response to the widespread dissemination of alternative DNS servers, especially Google's 8.8.8.8 and 8.8.4.4 (these numbers were even graffitied on walls).

Following the ban, Turkey's Twitter usage grew by 138 percent. Now that Twitter's IP range is blocked, more Turkish Internet users are making use of Tor and VPNs, and they continue to use SMS for access to the service.

It's interesting that Prime Minister Recep Tayyip Erdoğan has singled out Twitter for his attacks ("Twitter, schmitter! We will wipe out Twitter. I don’t care what the international community says.") Why not Facebook or Google Plus? I'm not certain, but my hypothesis is that Facebook and Google's "real names" policy -- which make you liable to disconnection from the service if you're caught using an alias -- make them less useful for political dissidents operating in an environment in which they fear reprisals.

Read the rest

NSA hacked Huawei, totally penetrated its networks and systems, stole its sourcecode


A new Snowden leak details an NSA operation called SHOTGIANT through which the US spies infiltrated Chinese electronics giant Huawei -- ironically, because Huawei is a company often accused of being a front for the Chinese Peoples' Liberation Army and an arm of the Chinese intelligence apparatus. The NSA completely took over Huawei's internal network, gaining access to the company's phone and computer networks and setting itself up to conduct "cyberwar" attacks on Huawei's systems.

The program apparently reached no conclusion about whether Huawei was involved in espionage. However, the NSA did identify many espionage opportunities in compromising Huawei, including surveillance of an undersea fiber optic cable that Huawei is involved with.

Read the rest

Your metadata reveals sensitive, private information

In MetaPhone: The Sensitivity of Telephone Metadata a pair of Stanford researchers recruited test-subjects who were willing to install spyware on their phones that logged the same "metadata" that the NSA harvests -- and that the NSA and President Obama claims is not sensitive or privacy-invading. The researchers applied basic analytics to the data and uncovered -- surprise! -- incredibly compromising information about the personal lives, health, and finances of their subjects, just by looking at metadata. What's more, harvesting the subjects' metadata also revealed sensitive information about the subjects' contacts' lives. (via Techdirt) Cory 7

Help Muckrock scour DHS social media spying guidelines and figure out what to FOIA next

Michael from Muckrock sez, "With a Freedom of Information Act request, MuckRock has received copies of two of the guides Homeland Security uses to monitor social media, one on standard procedures and a desktop binder for analysts. Now we're asking for help to go through it: See something worth digging into? Say something, and share it with others so we know what to FOIA next."

Read the rest

Microsoft has always reserved the right to read and disclose your Hotmail messages

Microsoft's "Scroogled" campaign (no relation) boastfully compared Hotmail's privacy framework to Gmail's, condemning Google for "reading your mail." Now, Microsoft has admitted that it scoured the Hotmail messages belonging the contacts of a suspected leaker in order to secure his arrest, and points out that Hotmail's terms of service have always given Microsoft the right to read your personal mail for any of a number nebulously defined, general reasons.

The company says that is had an undisclosed "rigorous process" to determine when it is allowed to read and publish your private email. In a statement, it sets out what the process will be from now on (though it doesn't say what the process has been until now) and vows to include the instances in which it reads its users' mail in its transparency reports, except when it is secretly reading the Hotmail accounts of people who also work for Microsoft.

Here's a PGP tool that claims to work with Hotmail, and would theoretically leave your Hotmail messages unreadable to Microsoft, though the company could still mine your metadata (subject lines, social graph, etc).

Read the rest

EFF Policy Fellowship for students: 10 week summer program

If you're a student interested in Internet and technology policy, you're eligible to apply for an EFF Policy Fellowship, a ten week placement with public interest orgs in Africa, Asia, Europe, Latin America and North America. It pays $7500, and you get to work on global surveillance, censorship, and intellectual property. "Applicants must have strong research skills, the ability to produce thoughtful original policy analysis, and a talent for communicating with many different types of audiences." Cory 3