privacy  

U.S. Republican congressional staff said in a report released Wednesday that previous efforts to regulate privacy technology were flawed and that lawmakers need to learn more about technology before trying to regulate it. The 25-page white paper is entitled Going Dark, Going Forward: A Primer on the Encryption Debate and it does not provide any solution to the encryption fight. However, it is notable for its criticism of other lawmakers who have tried to legislate their way out of the encryption debate. It

Source: US Efforts To Regulate Encryption Have Been Flawed, Government Report Finds – Slashdot

Newsmax reports that according to according to KRC Research about 64 percent of Americans familiar with Snowden hold a negative opinion of him. However 56 percent of Americans between the ages of 18 and 34 have a positive opinion of Snowden which contrasts sharply with older age cohorts. Among those aged 35-44, some 34 percent have positive attitudes toward him. For the 45-54 age cohort, the figure is 28 percent, and it drops to 26 percent among Americans over age 55, U.S. News reported. Americans overall say by plurality that Snowden has done "more to hurt" U.S. national security (43 percent) than help it (20 percent). A similar breakdown was seen with views on whether Snowden helped or hurt efforts to combat terrorism, though the numbers flip on whether his actions will lead to greater privacy protections. "The broad support for Edward Snowden among Millennials around the world should be a message to democratic countries that change is coming," says Anthony D. Romero, executive director of the American Civil Liberties Union. "They are a generation of digital natives who don’t want government agencies tracking them online or collecting data about their phone calls." Opinions of millennials are particularly significant in light of January 2015 findings by the U.S. Census Bureau that they are projected to surpass the baby-boom generation as the United States’ largest living generation this yea

via Except For Millennials, Most Americans Dislike Snowden – Slashdot.

anonymity

notes from Paula Marie Helm’s talk on “On the Relationship between Addiction, Autonomy and Anonymity”.

Anonymity can help to regain formal autonomy.

1 – works as a crutch to overcome fear
2 – serves as a protection for the collective, it safeguards common values so they will not be corrupted by ego-driven individuals
3 – a performative practice that shapes personalities. anon is an educational and therapeutic instrument, as it teaches people to distance themselves form vain, pride and ego-centrism, and helps them to be more social and less selfish.

As former CIA officer John Stockwell observed both large corporations and intelligence services are “vigorously committed to supporting the system.” Another former CIA officer, Philip Agee, explained this dynamic more bluntly, stating that the intelligence services are the “logical, necessary manifestations of a ruling class’s determination to retain power and privilege.” These assertions have been rigorously documented by activists like William Blum and filmmakers like Scott Noble.In a nutshell, US intelligence pursues the interests of private capital. Snowden indicated as much in an open letter to Brazil. He warned, in no uncertain terms, that the surveillance state has little to do with preventing terrorism and that instead it was focused on “economic spying, social control, and diplomatic manipulation.” There’s no doubt whom this sort of activity actually benefits.

via Forgetting the Lesson of Cypherpunk History: Cryptography Is Underhanded.

Adobe has just given us a graphic demonstration of how not to handle security and privacy issues.A hacker acquaintance of mine has tipped me to a huge security and privacy violation on the part of Adobe. That anonymous acquaintance was examining Adobe’s DRm for educational purposes when they noticed that Digital Editions 4, the newest version of Adobe’s Epub app, seemed to be sending an awful lot of data to Adobe’s servers.My source told me, and I can confirm, that Adobe is tracking users in the app and uploading the data to their servers. Adobe was contacted in advance of publication, but declined to respond. Edit: Adobe responded Tuesday night.And just to be clear, I have seen this happen, and I can also tell you that Benjamin Daniel Mussler, the security researcher who found the security hole on Amazon.com, has also tested this at my request and saw it with his own eyes.

via Adobe is Spying on Users, Collecting Data on Their eBook Libraries – The Digital Reader.

Home StoryFBI chief: Apple, Google phone encryption perilousBy Ken DilanianAssociated PressPosted: 09/25/2014 02:06:09 PM PDT# Comments | Updated: about 18 hours agoWASHINGTON — The FBI director on Thursday criticized the decision by Apple and Google to encrypt smartphones data so it can be inaccessible to law enforcement, even with a court order.James Comey told reporters at FBI headquarters that U.S. officials are in talks with the two companies, which he accused of marketing products that would let people put themselves beyond the law’s reach.Comey cited child-kidnapping and terrorism cases as two examples of situations where quick access by authorities to information on cellphones can save lives. Comey did not cite specific past cases that would have been more difficult for the FBI to investigate under the new policies, which only involve physical access to a suspect’s or victim’s phone when the owner is unable or unwilling to unlock it for authorities.FILE – In this Sept. 23, 2014 file photo, FBI Director James Comey speaks at the FBI Albany Field Office in Albany, N.Y.FILE – In this Sept. 23, 2014 file photo, FBI Director James Comey speaks at the FBI Albany Field Office in Albany, N.Y. Mike Groll/AP Photo”What concerns me about this is companies marketing something expressly to allow people to hold themselves beyond the law,” Comey said. At another point, he said he feared a moment when “when people with tears in their eyes look at me and say, ‘What do you mean you can’t?'”

via FBI chief: Apple, Google phone encryption perilous – San Jose Mercury News.

4chan adopts DMCA policy after nude celebrity photo postingsSite agrees to remove “bona fide” infringing material if asked.

via 4chan adopts DMCA policy after nude celebrity photo postings | Ars Technica.

As evidence mounts, it’s getting harder to defend Edward Snowden – Skating on Stilts.

The evidence is mounting that Edward Snowden and his journalist allies have helped al Qaeda improve their security against NSA surveillance. In May, Recorded Future, a predictive analytics web intelligence firm, published a persuasive timeline showing that Snowden’s revelations about NSA’s capabilities were followed quickly by a burst of new, robust encryption tools from al-Qaeda and its affiliates:

This is hardly a surprise for those who live in the real world. But it was an affront to Snowden’s defenders, who’ve long insisted that journalists handled the NSA leaks so responsibly that no one can identify any damage that they have caused.

In damage control mode, Snowden’s defenders first responded to the Recorded Future analysis by pooh-poohing the terrorists’ push for new encryption tools. Bruce Schneier declared that the change might actually hurt al Qaeda: “I think this will help US intelligence efforts. Cryptography is hard, and the odds that a home-brew encryption product is better than a well-studied open-source tool is slight.”

Schneier is usually smarter than this. In fact, the product al Qaeda had been recommending until the leaks, Mujahidin Secrets, probably did qualify as “home-brew encryption.” Indeed, Bruce Schneier dissed Mujahidin Secrets in 2008 on precisely that ground, saying “No one has explained why a terrorist would use this instead of PGP.”

But as a second Recorded Future post showed, the products that replaced Mujahidin Secrets relied heavily on open-source and proven encryption software. Indeed, one of them uses Schneier’s own, well-tested encryption algorithm, Twofish.

Faced with facts that contradicted his original defense of Snowden, Schneier was quick to offer a new reason why Snowden’s leaks and al Qaeda’s response to them still wouldn’t make any difference:

Whatever the reason, Schneier says, al-Qaida’s new encryption program won’t necessarily keep communications secret, and the only way to ensure that nothing gets picked up is to not send anything electronically. Osama bin Laden understood that. That’s why he ended up resorting to couriers.

Upgrading encryption software might mask communications for al-Qaida temporarily, but probably not for long, Schneier said….”It is relatively easy to find vulnerabilities in software,” he added. “This is why cybercriminals do so well stealing our credit cards. And it is also going to be why intelligence agencies are going to be able to break whatever software these al-Qaida operatives are using.”

So, if you were starting to think that Snowden and his band of journalist allies might actually be helping the terrorists, there’s no need to worry, according to Schneier, because all encryption software is so bad that NSA will still be able to break the terrorists’ communications and protect us. Oddly, though, that’s not what he says when he isn’t on the front lines with the Snowden Defense Corps. In a 2013 Guardian article entitled “NSA surveillance: A guide to staying secure,“ for example, he offers very different advice, quoting Snowden:

“Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on.”

Scheier acknowledges that hacking of communication endpoints can defeat even good encryption, but he’s got an answer for that, too:

Try to use public-domain encryption that has to be compatible with other implementations. …Since I started working with Snowden’s documents, I have been using GPGSilent CircleTailsOTRTrueCryptBleachBit, and a few other things I’m not going to write about.…

The NSA has turned the fabric of the internet into a vast surveillance platform, but they are not magical. They’re limited by the same economic realities as the rest of us, and our best defense is to make surveillance of us as expensive as possible.

Trust the math. Encryption is your friend. Use it well, and do your best to ensure that nothing can compromise it. That’s how you can remain secure even in the face of the NSA.

It sounds as though al Qaeda took Bruce Schneier’s advice to heart, thanks to leaks from Edward Snowden — even if Schneier is still doing everything he can to avoid admitting it.

UPDATE: The description of Recorded Future was changed at the request of the company, which said, “While this may seem like splitting hairs, in the world of data analysis software “predictive analytics” has specific technical meaning which implies something different. We use the term web intelligence to reduce this confusion.”

Austrian Tor Exit Node Operator Found Guilty As An Accomplice Because Someone Used His Node To Commit A crime

from the bad,-bad-news dept

Three years ago we wrote about how Austrian police had seized computers from someone running a Tor exit node. This kind of thing happens from time to time, but it appears that folks in Austria have taken it up a notch by… effectively now making it illegal to run a Tor exit node. According to the report, which was confirmed by the accused, the court found that running the node violated §12 of the Austrian penal code, which effectively says:

Not only the immediate perpetrator commits a criminal action, but also anyone who appoints someone to carry it out, or anyone who otherwise contributes to the completion of said criminal action.

In other words, it’s a form of accomplice liability for criminality. It’s pretty standard to name criminal accomplices liable for “aiding and abetting” the activities of others, but it’s a massive and incredibly dangerous stretch to argue that merely running a Tor exit node makes you an accomplice that “contributes to the completion” of a crime. Under this sort of thinking, Volkswagen would be liable if someone drove a VW as the getaway car in a bank robbery. It’s a very, very broad interpretation of accomplice liability, in a situation where it clearly does not make sense.

via Austrian Tor Exit Node Operator Found Guilty As An Accomplice Because Someone Used His Node To Commit A crime | Techdirt.

NSA: Linux Journal is an “extremist forum” and its readers get flagged for extra surveillance

 

A new story published on the German site Tagesschau and followed up by BoingBoing and DasErste.de has uncovered some shocking details about who the NSA targets for surveillance including visitors to Linux Journal itself.

While it has been revealed before that the NSA captures just about all Internet traffic for a short time, the Tagesschau story provides new details about how the NSA’s XKEYSCORE program decides which traffic to keep indefinitely. XKEYSCORE uses specific selectors to flag traffic, and the article reveals that Web searches for Tor and Tails–software I’ve covered here in Linux Journal that helps to protect a user’s anonymity and privacy on the Internet–are among the selectors that will flag you as “extremist” and targeted for further surveillance. If you just consider how many Linux Journal readers have read our Tor and Tails coverage in the magazine, that alone would flag quite a few innocent people as extremist.

While that is troubling in itself, even more troubling to readers on this site is that linuxjournal.com has been flagged as a selector! DasErste.de has published the relevant XKEYSCORE source code, and if you look closely at the rule definitions, you will see linuxjournal.com/content/linux* listed alongside Tails and Tor. According to an article on DasErste.de, the NSA considers Linux Journal an “extremist forum”. This means that merely looking for any Linux content on Linux Journal, not just content about anonymizing software or encryption, is considered suspicious and means your Internet traffic may be stored indefinitely.

 

via NSA: Linux Journal is an “extremist forum” and its readers get flagged for extra surveillance | Linux Journal.

f the world starts looking like a scene from “Matrix 3” where everyone has Agent Smith’s face, you can thank Leo Selvaggio.

His rubber mask aimed at foiling surveillance cameras features his visage, and if he has his way, plenty of people will be sporting the Personal Surveillance Identity Prosthetic in public. It’s one of three products made by the Chicago-based artist’s URME Surveillance, a venture dedicated to “protecting the public from surveillance and creating a safe space to explore our digital identities.”

via Anti-surveillance mask lets you pass as someone else – CNET.

Snowden Used the Linux Distro Designed For Internet Anonymity – Slashdot.

 

“When Edward Snowden first emailed Glenn Greenwald, he insisted on using email encryption software called PGP for all communications. Now Klint Finley reports that Snowden also used The Amnesic Incognito Live System (Tails) to keep his communications out of the NSA’s prying eyes. Tails is a kind of computer-in-a-box using a version of the Linux operating system optimized for anonymity that you install on a DVD or USB drive, boot your computer from and you’re pretty close to anonymous on the internet. ‘Snowden, Greenwald and their collaborator, documentary film maker Laura Poitras, used it because, by design, Tails doesn’t store any data locally,’ writes Finley. ‘This makes it virtually immune to malicious software, and prevents someone from performing effective forensics on the computer after the fact. That protects both the journalists, and often more importantly, their sources.’

The developers of Tails are, appropriately, anonymous. They’re protecting their identities, in part, to help protect the code from government interference. ‘The NSA has been pressuring free software projects and developers in various ways,’ the group says. But since we don’t know who wrote Tails, how do we know it isn’t some government plot designed to snare activists or criminals? A couple of ways, actually. One of the Snowden leaks show the NSA complaining about Tails in a Power Point Slide; if it’s bad for the NSA, it’s safe to say it’s good for privacy. And all of the Tails code is open source, so it can be inspected by anyone worried about foul play. ‘With Tails,’ say the distro developers, ‘we provide a tongue and a pen protected by state-of-the-art cryptography to guarantee basic human rights and allow journalists worldwide to work and communicate freely and without fear of reprisal.'”

Why should I even bother to back up my existing data? If I lose it, I’ll just get what I want from the cloud hereafter — I’m 100 percent positive I wouldn’t bother to re-rip all my CDs for the third time. Sure, the cloud is the physical embodiment of the surveillance state. But its siren song works too well to turn it off.

via Big Brother is in your Spotify: How music became the surveillance state’s Trojan horse – Salon.com.

Wikileaks represents a new type of (h)activism, which shifts the source of potential threat from a few, dangerous hackers and a larger group of mostly harmless activists — both outsiders to an organization — to those who are on the inside. For insiders trying to smuggle information out, anonymity is a necessary condition for participation. Wikileaks has demonstrated that the access to anonymity can be democratized, made simple and user friendly.

Read the rest of this entry »

DAILY YOMIURI ONLINE (The Daily Yomiuri)

The Kyoto District Court sentenced a man to 18 months in prison Thursday, suspended for three years, for distributing popular TV animation footage using the Share file-sharing software without the permission of the copyright holders.

The Register

The BPI has written to 800 Virgin Media customers warning them to stop sharing music files or risk losing their broadband connection.

The letters came in an envelope marked: “Important. If you don’t read this, your broadband could be disconnected.” But Virgin told Radio 1’s Newsbeat that the phrase was a mistake and the letters were part of an education campaign. Virgin said it was not making any kind of accusation and that it was possible someone other than the account holder was involved.

When the Virgin campaign was revealed last month the company assured us that the letters were not part of a “three strikes” process. The BPI has pushed ISPs to warn users three times for copyright infringement before cutting off their broadband.

The individuals were identified by the BPI which, as we exclusively revealed , is working on a similar scheme with BT. The BPI letter sent on by BT warns of further action including “litigation and suspension by BT your internet connection”.

At least one Virgin customer who received a letter in June told Newsbeat he was certain it was not him or his flatmates who were responsible for downloading the Amy Winehouse song. He said it was possible that someone had used the flat’s wireless network.

Will McGree said: “The campaign is doomed to fail. Virgin will lose a lot of customers over this because people don’t like to be accused of stealing music over their morning coffee.

“It made me feel betrayed. I was under the impression that I paid a broadband company to keep my internet connection protected.”

The BPI has been busy lobbying the government for stronger laws against file sharing. But the government seems to be resisting the pressure and is instead pushing the music industry and ISPs to get talking to find a licensed, and paid for, form of file sharing.

Although BT and Virgin are supporting the BPI’s approach others, notably Carphone Warehouse, are refusing to co-operate.

A survey last month found 63 per cent of internet users were downloading unlicensed music.

EDRI

The Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) issued a press release on 13 March 2008, explaining that the private companies can’t systematically monitor the activities of peer-to-peer (P2P) users that share files on the Internet, for the purpose of identifying and suing them.

The decision was taken on 28 February 2008 in the very controversial Peppermint case.