Ted Kramer is CEO and co-founder of Six4Three, a creepy US-based machine-learning startup whose debut product was a Facebook app called Pinkini that let you search your friends' photos for pictures of them in bikinis; when Facebook shut down the app after a terms-of-service change, Six4Three sued Facebook and obtained a key trove of internal Facebook documents through the discovery process. Read the rest
Getting all your data to flow through the Tor network can be tricky -- the desktop Tor Browser only tunnels your web-traffic through the privacy-protecting service, and the mobile apps can be tricky and uncertain. Read the rest
If you live in the UK and watch live TV or use the Iplayer video-on-demand service, you have to pay a "license fee" that directly supports public media in the UK (in other countries, public media is funded out of the tax-coffers, but in the UK, it's a direct transfer from viewers to the media, which is meant to make the BBC independent of the whims of government and thus more able to hold it to account). Read the rest
As the world's governments exercise exciting new gag-order snooping warrants that companies can never, ever talk about, companies are trying out a variety of "Ulysses pacts" that automatically disclose secret spying orders, putting them out of business. Read the rest
High Court judges ruled that the Data Retention and Investigatory Powers Act (#DRIP) was inconsistent with the European convention on human rights. Read the rest
I met Caspar in 2001 while working for EFF; he was working for the Foundation for Internet Policy Research, which tirelessly lobbied the Lords and Parliament on the new surveillance powers that the Blair government wanted to bring in. Read the rest
The secret, emergency snooping law that the UK Tories plan on ramming through Parliament this week without debate has been published. It's bad, and the leadership of Labour and the Libdems are complicit in the plan to make it law. Read the rest
The UK tax authority HMRC abused the country's controversial anti-terrorism law to spy on a whistleblower and journalists at the Guardian after it was embarrassed by the revelation that it had given a sweetheart deal to Goldman Sachs. Osita Mba revealed a government oversight body that HMRC forgave GBP10M in interest owed by Goldman Sachs after a failed tax-evasion scheme, and in the ensuing public furore, HMRC's top executives invoked RIPA, the country's anti-terror law, to spy on its employees and on Guardian journalists in order to discover the identity of the leaker. Under RIPA, HMRC is able to spy on the nation's emails, Internet traffic, text messages, phone records and other sensitive data.
Lin Homer, the head of HMRC has appeared before a Parliamentary committee to explain its use of anti-terror spying powers to uncover the identity of a whistleblower whose personal information is protected by legislation, and was unrepentant, and would not rule out doing it again in the future.
Margaret Hodge, the committee chair, expressed shock at this. But it was under her party's last government, the Blair regime, that RIPA was put into place, over howls of protest from campaigners who predicted that it would be used in just this way. Read the rest
The Australian attorney general has mooted a proposal to require service providers to compromise their cryptographic security in order to assist in wiretaps. The proposal is given passing mention in a senate submission from the AG's office, where it is referenced as "intelligibility orders" that would allow "law enforcement, anti-corruption and national security agencies" to secure orders under which providers like Google, Facebook and Yahoo would have to escrow their cryptographic keys with the state in order to facilitate mass surveillance.
Edward Snowden referenced this possibility in his SXSW remarks, pointing out that any communications that are decrypted by service providers are vulnerable to government surveillance, because governments can order providers to reveal their keys. This is why Snowden recommended the use of "end-to-end" security, where only the parties in the discussion -- and not the software vendor -- have the ability to spy on users.
The "intelligibility order" is the same kind of order that led to the shutdown of Lavabit, the secure email provider used by Snowden, whose creator shut the service down rather than compromising his users' security. Read the rest
UK Labour Member of Parliament Tom Watson writes, "I thought you might be interested to read the latest developments on the drones and data collection front. I've asked privacy expert Jemima Stratford QC for her legal opinion on aspects of the Snowden revelations. Contrary to reassurance from the Foreign Secretary and Chair of the ISC she finds [PDF]:
1. interception of 'internal' contents data of British citizens in the UK is unlawful under RIPA [ed: the Regulation of Investigatory Powers Act 2000; the UK's controversial spying bill]
2. the RIPA framework is outdated and not fit for purpose, leaving British citizens exposed to unlawful interference
3. transfer of data to NSA, which shares data with CIA, leaves GCHQ officials exposed to charges of aiding murder in the UK where the government knows that data is available for use to direct drone strikes against non-combatants
Further, she argues:
4. the government should agree and publish a new memorandum of understanding with the US specifying how data from UK can be stored and used by foreign agents.
Watson doesn't do the report justice, really -- Stratford's opinion includes that UK participation in US drone strikes opens up individual UK intelligence operatives to being charged as accessories to murder. Watson sent copies of the report to all the members of the all-party parliamentary drone group, which of which he is chair. He's also sending it to the parliamentary intelligence and security committee for their own hearings on surveillance.
The Guardian has a great summary of the memo here, but really, you should read it yourself [PDF] -- it's a very quick and easy read. Read the rest
The Guardian has published information from another Edward Snowden leak, this one detailing a British wiretapping program by the UK spy agency GCHQ that puts Prism to shame. The GCHQ program, called Tempora, stores all submarine cable traffic and all domestic traffic (Internet packets and recordings of phone-calls) for 30 days, using NSA tools to sort and search it; the quid-pro-quo being that the NSA gets to access this data, too. The program is reportedly staffed by 300 GCHQ spies and 250 NSA spies, and the data produced by the taps is made available to 850,000 NSA employees and contractors. This is all carried out under the rubric of RIPA, the controversial Regulation of Investigatory Powers Act, a UK electronic spying law passed by Tony Blair's Labour government.
Read the restThe GCHQ mass tapping operation has been built up over five years by attaching intercept probes to transatlantic fibre-optic cables where they land on British shores carrying data to western Europe from telephone exchanges and internet servers in north America.
This was done under secret agreements with commercial companies, described in one document as "intercept partners".
The papers seen by the Guardian suggest some companies have been paid for the cost of their co-operation and GCHQ went to great lengths to keep their names secret. They were assigned "sensitive relationship teams" and staff were urged in one internal guidance paper to disguise the origin of "special source" material in their reports for fear that the role of the companies as intercept partners would cause "high-level political fallout".
