Loss of Privacy

Keeping you informed on recent losses to privacy and civil rights worldwide.

Browsing Posts tagged surveillance

Power exists to be used. Some wish for cyber safety, which they will not get. Others wish for cyber order, which they will not get. Some have the eye to discern cyber policies that are “the least worst thing;” may they fill the vacuum of wishful thinking.

This is Dan Greer‘s keynote speech at Black Hat 2014. The transcript is worth reading as well.

As if it needed saying, cyber security is now a riveting concern, a top issue in many venues more important than this one. This is not to insult Black Hat; rather it is to note that every speaker, every writer, every practitioner in the field of cyber security who has wished that its topic, and us with it, were taken seriously has gotten their wish. Cyber security *is* being taken seriously, which, as you well know is not the same as being taken usefully, coherently, or lastingly. Whether we are talking about laws like the Digital Millenium Copyright Act or the Computer Fraud and Abuse Act, or the non-lawmaking but perhaps even more significant actions that the Executive agencies are undertaking, “we” and the cyber security issue have never been more at the forefront of policy. And you ain’t seen nothing yet.

Not only has cybersecurity reached the highest levels of attention, it has spread into nearly every corner. If area is the product of height and width, then the footprint of cybersecurity has surpassed the grasp of any one of us.

Greer’s speech was broken down into 10 sections: Mandatory reporting, net neutrality, source code liability, strike back, fall backs and resiliency, vulnerability finding, right to be forgotten, Internet voting, abandonment, and convergence.

Papers, Please has a nice breakdown of some of the more pertinent privacy and identification issues.

flattr this!

Appelbaum spoke of a NSA program that allows its analysts to search through vast databases containing e-mails, IMs and the browsing histories of millions of people. Called XKeyscore, the program was designed to develop intelligence from the Internet.

Jacob Appelbaum discusses the fallacy of Americans thinking that they won’t be targeted, passive and active surveillance methods, AI and human analyst systems working together, satellite networks, deep packet inspection & injection, military contractors getting special access to surveillance programs, proprietary vs open source software, OTR messaging, hoarding exploits for self-gain.

If you are having trouble viewing the audio or video, there is a cleaned up version here.

What Appelbaum is talking about at 17:30 is the video below.

flattr this!

The New America Foundation held a discussion on National Security Agency (NSA) surveillance threats to cybersecurity, Internet freedom and the economy, and what can be done from both a personal and policy level to counter these threats.

Video cannot be embedded, but is worth watching.

flattr this!

Tor-Anonymity-Tor-path

In a shocking story on the German site Tagesschau (Google translate), Lena Kampf, Jacob Appelbaum and John Goetz report on the rules used by the NSA to decide who is a “target” for surveillance.

You can read more at Boing Boing.

From Panorama:

The investigation discloses the following:

Two servers in Germany – in Berlin and Nuremberg – are under surveillance by the NSA.
Merely searching the web for the privacy-enhancing software tools outlined in the XKeyscore rules causes the NSA to mark and track the IP address of the person doing the search. Not only are German privacy software users tracked, but the source code shows that privacy software users worldwide are tracked by the NSA.
Among the NSA’s targets is the Tor network funded primarily by the US government to aid democracy advocates in authoritarian states.
The XKeyscore rules reveal that the NSA tracks all connections to a server that hosts part of an anonymous email service at the MIT Computer Science and Artificial Intelligence Laboratory (CSAIL) in Cambridge, Massachusetts. It also records details about visits to a popular internet journal for Linux operating system users called “the Linux Journal – the Original Magazine of the Linux Community”, and calls it an “extremist forum”.

The authors of the Tagesschau story have seen the “deep packet inspection” rules used to determine who is considered to be a legitimate target for deep surveillance, and the results are bizarre.

According to the story, the NSA targets anyone who searches for online articles about Tails — like this one that we published in April, or this article for teens that I wrote in May — or Tor (The Onion Router, which we’ve been posted about since 2004). Anyone who is determined to be using Tor is also targeted for long-term surveillance and retention.

Bruce Schneier thinks there may be a second leaker.

I do not believe that this came from the Snowden documents. I also don’t believe the TAO catalog came from the Snowden documents. I think there’s a second leaker out there.

EDITED TO ADD (7/3): More news stories. Thread on Reddit. I don’t expect this to get much coverage in the US mainstream media.

Hacker News and Slashdot threads. ArsTechnica and Wired articles.

There is also the live blog [in German] of William Binney in front of the German Parliament.

There is also another post on reddit. After reading all of these links the last few days, I’m probably on the NSA’s list now too.

The facts also bear out that all this surveillance to protect us is useless. You are eight times more likely to be killed by a police officer and 6 times more likely to die from hot weather than a terrorist attack.

Feel free to download Tor.

Read/download the XKeyscore rules.

flattr this!

The smooth, perforated sheaths of metal are decorative, but their job is to protect and conceal a system of data-collection sensors that will measure air quality, light intensity, sound volume, heat, precipitation and wind. The sensors will also count people by measuring wireless signals on mobile devices.

Some experts caution that efforts like the one launching here to collect data from people and their surroundings pose concerns of a Big Brother intrusion into personal privacy.

In particular, sensors collecting cellphone data make privacy proponents nervous. But computer scientist Charlie Catlett said the planners have taken precautions to design their sensors to observe mobile devices and count contact with the signal rather than record the digital address of each device.

Many cities around the globe have tried in recent years to collect enormous piles of “big data” in order to better understand their people and surroundings, but scientists say Chicago’s project to create a permanent data collection infrastructure is unusual.

Sounds innocent enough, until you keep reading.

Data-hungry researchers are unabashedly enthusiastic about the project, but some experts said that the system’s flexibility and planned partnerships with industry beg to be closely monitored. Questions include whether the sensors are gathering too much personal information about people who may be passing by without giving a second thought to the amount of data that their movements — and the signals from their smartphones — may be giving off.

But such an effort could still lead to gathering more sensitive information than is intended, said Fred Cate, an expert on privacy matters related to technology who teaches at Indiana University’s law school.

“Almost any data that starts with an individual is going to be identifiable,” Cate said. When tracking activity from mobile phones, “you actually collect the traffic. You may not care about the fact that it’s personally identifiable. It’s still going to be personally identifiable.”

King, the Harvard sociologist and data expert, agreed that the Chicago scientists will inevitably scoop up personally identifiable data.

“If they do a good job they’ll collect identifiable data. You can (gather) identifiable data with remarkably little information,” King said. “You have to be careful. Good things can produce bad things.”

Researchers hope these sensors will eventually expand into neighborhoods.

flattr this!