Submit a link Features Reviews Podcasts Video Forums More ▾

Australian attorney general wants the power to launch man-in-the-middle attacks on secure Internet connections


The Australian attorney general has mooted a proposal to require service providers to compromise their cryptographic security in order to assist in wiretaps. The proposal is given passing mention in a senate submission from the AG's office, where it is referenced as "intelligibility orders" that would allow "law enforcement, anti-corruption and national security agencies" to secure orders under which providers like Google, Facebook and Yahoo would have to escrow their cryptographic keys with the state in order to facilitate mass surveillance.

Edward Snowden referenced this possibility in his SXSW remarks, pointing out that any communications that are decrypted by service providers are vulnerable to government surveillance, because governments can order providers to reveal their keys. This is why Snowden recommended the use of "end-to-end" security, where only the parties in the discussion -- and not the software vendor -- have the ability to spy on users.

The "intelligibility order" is the same kind of order that led to the shutdown of Lavabit, the secure email provider used by Snowden, whose creator shut the service down rather than compromising his users' security.

Read the rest

Congress was giving spies a pass back in 1975, too


If you are outraged by American spies getting a free pass from their political masters (and you really should be), remember that this is an age-old tradition. Matt Stoller revisits the 1975 Congressional hearings in which radical Congresswoman Bella Abzug grilled CIA director William Colby over the CIA's records of the membership rolls of peaceful, domestic protest groups, only to have Arizona Congressman Sam Steiger suck up to the spook-in-chief, expressing concern that anti-American terrorists could destroy the CIA by sending it too many Freedom of Information Act requests.

Read the rest

British spies lied about getting super-censorship powers over Youtube

Turns out that the claims made by British spies about Youtube granting them the power to censor Youtube videos that they didn't like (but weren't illegal) were bullshit.

The "super-flagger" status they got from Google just means that their complaints get quicker scrutiny, but are (theoretically, anyway) judged by the same criteria as all other complaints about videos that violate Youtube's community standards.

But as Techdirt's Mike Masnick points out, the fact that senior UK government ministers believe that Youtube should remove anything "that may not be illegal, but certainly is unsavoury" is a pretty disturbing insight into the mindset of our censorious masters.

Zuckerberg phones Obama to complain about NSA spying


The day after a Snowden leak revealed that the NSA builds fake versions of Facebook and uses them to seed malicious software in attacks intended to hijack "millions" of computers, Facebook CEO and founder Mark Zuckerberg telephoned President Obama to complain about the NSA's undermining of the Internet's integrity.

As many have pointed out, it would have been nice to hear Zuckerberg taking the Internet's side before his own stock portfolio was directly affected, but better late than never. Zuckerberg's post on his conversation excoriates the US government for its Internet sabotage campaign, and calls on the USG to "be the champion for the internet, not a threat." Curiously, Zuckerberg calls for "transparency" into the NSA's attacks on the Internet, but stops short of calling for an end to government-sponsored attacks against the net.

In the end, though, Zuckerberg calls on companies to do a better job of securing themselves and their users against intrusive spying. It's not clear how that will work for Facebook, though: its business model is predicated on tricking, cajoling, and siphoning personal data out of its users and warehousing it forever in a neat package that governments are unlikely to ignore. I'm told that 90% of US divorce proceedings today include Facebook data; this is a microcosm of the wider reality when you make it your business to stockpile the evidentiary chain of every human being's actions.

Read the rest

How the NSA plans to automatically infect "millions" of computers with spyware




A new Snowden leak, detailed in a long, fascinating piece in The Intercept, explains the NSA's TURBINE initiative, intended to automate malicious software infections. These infections -- called "implants" in spy jargon -- have historically been carried out on a narrow, surgical scale, targeted at people of demonstrated value to spies, due to the expense and difficulty of arranging the attacks.

But TURBINE, which was carried out with other "Five Eyes" spy agencies as part of the NSA's $67.6M "Owning the Net" plan, is intended to automate the infection process, allowing for "millions" of infections at once.

The article mentions an internal NSA message-board posting called "I hunt sys admins," sheds some light on the surveillance practices at the NSA. In the post, an NSA operative explains that he targets systems administrators at companies, especially telecoms companies, as a "means to an end" -- that is, infiltrating the companies' networks. As Glenn Greenwald and Ryan Gallagher point out, this admission shows that malware attacks are not targeted solely or even particularly at people suspected of terrorism or other crimes -- rather, they are aimed at the people who maintain the infrastructure of critical networks and systems to allow the NSA to control those systems.

The malware that TURBINE implants can compromise systems in a variety of ways, including hijacking computer cameras and microphones, harvesting Web-browsing history and email traffic, logging passwords and other keystrokes, etc.

Read the rest

Snowden at SXSW: immediate impressions


Yesterday at SXSW, Barton Gellman and I did a one-hour introductory Q&A before Edward Snowden's appearance. Right after Snowden and his colleagues from the ACLU wrapped up, I sat down and wrote up their event for The Guardian, who've just posted my impressions:

Read the rest

Kansas Rep Pompeo wants to cancel Snowden's SXSW appearance

Edward Snowden is speaking at SXSW on Monday at an event that I'm also part of.Rep Mike Pompeo (R-KS), who sits on the House Intelligence Committee (and on whose watch the abuses that Snowden has detailed occurred) has demanded that his appearance be cancelled. Pompeo says that Snowden lacks credibility in the area of "privacy, surveillance, and online monitoring." Pompeo demonstrably lacks credibility in the area of the First Amendment. Cory 23

Middle schooler wins C-SPAN prize for doc about NSA spying

Dave from the Electronic Frontier Foundation sez, "Remember when Rep. Mike Rogers likened opponents of pernicious cybersecurity legislation to 14-year-olds? It turns out that middle-school-age students are also well-prepared to debate him on the NSA's programs as well. EFF congratulates students from two middle schools who took home top prizes in the C-SPAN StudentCam 2014 competition for young filmmakers with their documentaries on the debate over mass surveillance."

Read the rest

Modeling privacy rules on environmental regulations

Michael Froomkin writes, "My latest privacy paper, Regulating Mass Surveillance as Privacy Pollution: Learning from Environmental Impact Statements, has a new take on how to regulate mass surveillance in the US where the EU privacy model has not taken root, and where the 1st Amendment creates obstacles to stopping some data sharing."

Read the rest

UK Deputy PM commissions independent review of spy powers

Glyn sez, "UK Deputy PM Nick Clegg has commissioned a review into the new intrusive capabilities of British intelligence agencies and the legal framework in which they operate."

Read the rest

Trustycon: how to redesign NSA surveillance to catch more criminals and spy on a lot fewer people

The Trustycon folks have uploaded over seven hours' worth of talks from their event, an alternative to the RSA security conference founded by speakers who quit over RSA's collusion with the NSA. I've just watched Ed Felten's talk on "Redesigning NSA Programs to Protect Privacy" (starts at 6:32:33), an absolutely brilliant talk that blends a lucid discussion of statistics with practical computer science with crimefighting, all within a framework of respect for privacy, liberty and the US Bill of Rights.

Felten's talk lays out how the NSA's mass-collection program works, what its theoretical basis is for finding terrorists in all that data, and then explains how this is an incredibly inefficient and risky and expensive way of actually fighting crime. Then he goes on to propose an elegant alternative that gets better intelligence while massively reducing the degree of surveillance and the risk of disclosure.

I'm using Vid to MP3 to convert the whole seven hours' worth of talks to audio and plan on listening to them over the next couple of days.

Update: Here's that MP3 -- it's about 1GB. Thanks to the Internet Archive for hosting it!

TrustyCon - Live from San Francisco

Doc film on surveillance seeks fund to film Syrian activist subjected to state surveillance

Charles Koppelman writes, "Zero Day (working title) is a documentary film being produced and directed by Charles Koppelman. BBC Storyville is co-producing and intends to air it. The film begins with the story of a single malware attack by the Assad regime in Syria using Skype as a platform. This targeted phishing attack used a Remote Access Tool (Xtreme RAT) to infect an activist’s computer. He was then tracked surreptitiously by security forces. He suffered very real physical consequences — detention, jail, and torture. His jailers showed him a file with hundreds of pages of email, web posts and surveillance reports on his movements. It is well-documented that he was the first Syrian activist to be attacked in the ongoing cyberwar conducted by the Assad regime. The Assad regime uses this same digital surveillance tool to compromise countless other activists and citizen journalists."

Read the rest

GCHQ spied on millions of Yahoo video chats, harvested sexual images of chatters, compared itself to "Tom Cruise in Minority Report"



A stunning new Snowden leak reveals that the UK spy agency GCHQ harvested images and text from millions of Yahoo video chats, including chats in which one or both of the participants was British or American. Between 3 and 11 percent of the chats they intercepted were sexual in nature, and revealing images of thousands of people were captured and displayed to spies. The programme, called OPTIC NERVE, focused on people whose usernames were similar to those of suspects, and ran from at least 2008 until at least 2010. The leak reveals that GCHQ intended to expand the programme to Xbox 360 Kinect cameras and "fairly normal webcam traffic." The programme was part of a facial recognition research effort that GCHQ compared to "Tom Cruise in Minority Report." While the documents do not detail efforts as widescale as those against Yahoo users, one presentation discusses with interest the potential and capabilities of the Xbox 360's Kinect camera, saying it generated "fairly normal webcam traffic" and was being evaluated as part of a wider program. Beyond webcams and consoles, GCHQ and the NSA looked at building more detailed and accurate facial recognition tools, such as iris recognition cameras – "think Tom Cruise in Minority Report", one presentation noted.

Read the rest

DiscoTech events: discover anti-surveillance technology


Sasha writes, "The MIT Civic Media Codesign Studio is organizing, hosting, participating in, and supporting several Countersurveillance DiscoTechs this weekend. A DiscoTech (Discovering Technology event) is a workshop/faire style event for people of all skill levels to learn about, explore, and play with a set of technologies. Countersurveillance DiscoTech Locations:"

Read the rest

GCHQ's dirty-tricking psyops groups: infiltrating, disrupting and discrediting political and protest groups


In a piece on the new Omidyar-funded news-site "The Intercept," Glenn Greenwald pulls together the recent Snowden leaks about the NSA's psyops programs, through which they sought to attack, undermine, and dirty-trick participants in Anonymous and Occupy. The new leaks describe the NSA' GCHQs use of "false flag" operations (undertaking malicious actions and making it look like the work of a group they wish to discredit), the application of "social science" to disrupting and steering online activist discussions, luring targets into compromising sexual situations, deploying malicious software, and posting lies about targets in order to discredit them.

As Greenwald points out, the unit that conducted these actions, "Jtrig" (Joint Threat Research Intelligence Group), does not limit itself to attacking terrorists -- it explicitly targets protest groups, and political groups that have no connection with national security, including garden-variety criminals who are properly the purview of law enforcement agencies, not intelligence agencies.

The UK spy agency GCHQ operates a programme, called the "Human Science Operations Cell," whose remit is "strategic influence and disruption."

Some of the slides suggest pretty dubious "social science" (see below) -- they read like a mix between NLP hucksters and desperate Pick Up Artist losers.

Read the rest