posts about or somewhat related to ‘surveillance’

Where there is good journalism, there will be scoops
As of 12:45 pm today, Jeremy Scahill and Ryan Devereaux published a new in-depth piece at The Intercept called "Watch Commander: Barack Obama’s Secret Terrorist-Tracking System, by the Numbers" examining the government’s Terrorist Screening Database, as discovered in classified documents the news outlet obtained. The article breaks down the system piece by piece, with startling observations from classified documents.

The second-highest concentration of people designated as “known or suspected terrorists” by the government is in Dearborn, Mich.—a city of 96,000 that has the largest percentage of Arab-American residents in the country.

Even if you don’t live in Dearborn, you should be concerned. 

…officials don’t need “concrete facts” or “irrefutable evidence” to secretly place someone on the list—only a vague and elastic standard of “reasonable suspicion.

According to information from the documents, during the Obama administration, there are more people in the TIDE (Terrorist Identities Datamart Environment) than ever before (an even bigger system with an even lower bar for making the list), there are 47,000 people on the government’s “No Fly” list, as well as a disproportionate about of suspects on the watchlist based on their assumed terrorist group affiliation (see above pie chart). Which is skewed, because the estimated size of Al-Qaeda in Iraq, for example, is significantly smaller than the amount of people on the AQI watchlist:


If this information doesn’t make you want to put on a tinfoil hat and anti-surveillance coat and go off the grid for a while, on top of all of that, the story itself was scooped by a government agency and handed to the AP. The AP story in question, written by Eileen Sullivan, came out just minutes before the Intercept piece. 
From HuffPo:

The government, it turned out, had “spoiled the scoop,” an informally forbidden practice in the world of journalism. To spoil a scoop, the subject of a story, when asked for comment, tips off a different, typically friendlier outlet in the hopes of diminishing the attention the first outlet would have received. Tuesday’s AP story was much friendlier to the government’s position, explaining the surge of individuals added to the watch list as an ongoing response to a foiled terror plot.

As Hina Shamsi, director of the ACLU’s National Security Project, told The Intercept, 

We’re getting into Minority Report territory when being friends with the wrong person can mean the government puts you in a database and adds DMV photos, iris scans, and face recognition technology to track you secretly and without your knowledge.

TLDNR; We’re probably all on a secret watchlist. And as soon as we find out we are, the government will know we know. 
-Mariana
Images: Chart via The Intercept ”Who’s on the watchlist?” that breaks down the list by affiliated terrorist group, and screenshot from Ryan Devereaux’s Twitter.

Where there is good journalism, there will be scoops

As of 12:45 pm today, Jeremy Scahill and Ryan Devereaux published a new in-depth piece at The Intercept called "Watch Commander: Barack Obama’s Secret Terrorist-Tracking System, by the Numbers" examining the government’s Terrorist Screening Database, as discovered in classified documents the news outlet obtained. The article breaks down the system piece by piece, with startling observations from classified documents.

The second-highest concentration of people designated as “known or suspected terrorists” by the government is in Dearborn, Mich.—a city of 96,000 that has the largest percentage of Arab-American residents in the country.

Even if you don’t live in Dearborn, you should be concerned. 

…officials don’t need “concrete facts” or “irrefutable evidence” to secretly place someone on the list—only a vague and elastic standard of “reasonable suspicion.

According to information from the documents, during the Obama administration, there are more people in the TIDE (Terrorist Identities Datamart Environment) than ever before (an even bigger system with an even lower bar for making the list), there are 47,000 people on the government’s “No Fly” list, as well as a disproportionate about of suspects on the watchlist based on their assumed terrorist group affiliation (see above pie chart). Which is skewed, because the estimated size of Al-Qaeda in Iraq, for example, is significantly smaller than the amount of people on the AQI watchlist:

image

If this information doesn’t make you want to put on a tinfoil hat and anti-surveillance coat and go off the grid for a while, on top of all of that, the story itself was scooped by a government agency and handed to the AP. The AP story in question, written by Eileen Sullivan, came out just minutes before the Intercept piece. 

From HuffPo:

The government, it turned out, had “spoiled the scoop,” an informally forbidden practice in the world of journalism. To spoil a scoop, the subject of a story, when asked for comment, tips off a different, typically friendlier outlet in the hopes of diminishing the attention the first outlet would have received. Tuesday’s AP story was much friendlier to the government’s position, explaining the surge of individuals added to the watch list as an ongoing response to a foiled terror plot.

As Hina Shamsi, director of the ACLU’s National Security Project, told The Intercept, 

We’re getting into Minority Report territory when being friends with the wrong person can mean the government puts you in a database and adds DMV photos, iris scans, and face recognition technology to track you secretly and without your knowledge.

TLDNR; We’re probably all on a secret watchlist. And as soon as we find out we are, the government will know we know

-Mariana

Images: Chart via The Intercept ”Who’s on the watchlist?” that breaks down the list by affiliated terrorist group, and screenshot from Ryan Devereaux’s Twitter.

Evade Surveillance, Fashionably

Via Forbes

Clothing has historically played an important role in protecting our privacy, namely by covering up our “private parts.” But it can do even more to protect us. At hacker conference Hope X, designer Becky Stern of Adafruit gave a whirlwind tour of “disruptive wearable technology” — “disruptive” not in the Silicon Valley “oh-my-god-the-iWatch-is-coming” sense but in that it interferes with people’s attempts to invade your physical and virtual space. Instead of defending against lances and swords, this modern armor promises to thwart surveillance cameras, TSA agents, drone strikes, subway crowding, and cellular connectivity.

Read through to watch Stern’s presentation and see other clothing, makeup and accessory innovations.

Images: “The CHBL Jammer Coat is a piece of clothing that enables its user to disappear… The piece is made of metallized fabrics, which are blocking radio waves and shielding the wearer against tracking devices. You are no longer reachable on your mobile phone and no information from your credit card can be captured. The Wave Circle pattern of the fabric gives an illusion of strange multiple body parts, which hides and frees the individual physicality.” Via COOP HIMMELB(L)AU.

Report: US Surveillance Harming Journalism, Law and Society
Human Rights Watch and the American Civil Liberties Union released a report this week outlining the effect the US surveillance state is having on journalism, law and society. In particular, the two groups interviewed “50 journalists covering intelligence, national security, and law enforcement for outlets including the New York Times, the Associated Press, ABC, and NPR.”
Via Human Rights Watch:

[The report] documents how national security journalists and lawyers are adopting elaborate steps or otherwise modifying their practices to keep communications, sources, and other confidential information secure in light of revelations of unprecedented US government surveillance of electronic communications and transactions. The report finds that government surveillance and secrecy are undermining press freedom, the public’s right to information, and the right to counsel, all human rights essential to a healthy democracy…
…Surveillance has magnified existing concerns among journalists and their sources over the administration’s crackdown on leaks. The crackdown includes new restrictions on contact between intelligence officials and the media, an increase in leak prosecutions, and the Insider Threat Program, which requires federal officials to report one another for “suspicious” behavior that might betray an intention to leak information.
Journalists interviewed for the report said that surveillance intimidates sources, making them more hesitant to discuss even unclassified issues of public concern. The sources fear they could lose their security clearances, be fired, or – in the worst case – come under criminal investigation.
"People are increasingly scared to talk about anything," observed one Pulitzer Prize winner, including unclassified matters that are of legitimate public concern.

The report, With Liberty to Monitor All: How Large-Scale US Surveillance is Harming Journalism, Law, and American Democracy, can be downloaded here (PDF). The online Executive Summary is here.
Meantime, via The New York Times: “An internal investigation by the Central Intelligence Agency has found that its officers improperly penetrated a computer network used by the Senate Intelligence Committee in preparing its report on the C.I.A.’s detention and interrogation program.”
Image: Anonymous quote from a journalist interviewed for the report. Via Human Rights Watch.

Report: US Surveillance Harming Journalism, Law and Society

Human Rights Watch and the American Civil Liberties Union released a report this week outlining the effect the US surveillance state is having on journalism, law and society. In particular, the two groups interviewed “50 journalists covering intelligence, national security, and law enforcement for outlets including the New York Times, the Associated Press, ABC, and NPR.”

Via Human Rights Watch:

[The report] documents how national security journalists and lawyers are adopting elaborate steps or otherwise modifying their practices to keep communications, sources, and other confidential information secure in light of revelations of unprecedented US government surveillance of electronic communications and transactions. The report finds that government surveillance and secrecy are undermining press freedom, the public’s right to information, and the right to counsel, all human rights essential to a healthy democracy…

…Surveillance has magnified existing concerns among journalists and their sources over the administration’s crackdown on leaks. The crackdown includes new restrictions on contact between intelligence officials and the media, an increase in leak prosecutions, and the Insider Threat Program, which requires federal officials to report one another for “suspicious” behavior that might betray an intention to leak information.

Journalists interviewed for the report said that surveillance intimidates sources, making them more hesitant to discuss even unclassified issues of public concern. The sources fear they could lose their security clearances, be fired, or – in the worst case – come under criminal investigation.

"People are increasingly scared to talk about anything," observed one Pulitzer Prize winner, including unclassified matters that are of legitimate public concern.

The report, With Liberty to Monitor All: How Large-Scale US Surveillance is Harming Journalism, Law, and American Democracy, can be downloaded here (PDF). The online Executive Summary is here.

Meantime, via The New York Times: “An internal investigation by the Central Intelligence Agency has found that its officers improperly penetrated a computer network used by the Senate Intelligence Committee in preparing its report on the C.I.A.’s detention and interrogation program.”

Image: Anonymous quote from a journalist interviewed for the report. Via Human Rights Watch.

Attack on Tor Has Likely Stripped Users of Anonymity →

Via Gizmodo:

Tor, the network used specifically for privacy and anonymity, just warned users of an attack meant to deanonymize people on the service. Anyone who used Tor from February 2014 through this July 4 can assume they were impacted.

Who’s behind the attacks? It appears researchers from Carnegie Mellon. Via The Verge:

The Tor team suspects the CERT division of Carnegie Mellon University’s Software Engineering Institute (SEI). Earlier this month, CERT abruptly canceled a Black Hat conference talk called “You Don’t Have to be the NSA to Break Tor: Deanonymizing Users on a Budget.” The NSA has famously attempted to break Tor, to limited success.

So what’s the big deal?: If it was the team from CERT, consider the attack a proof of concept. If they can get in, so to can more malicious actors. According to The Guardian, the CERT talk at the Black Hat conference would explain “how anyone with $3,000 could de-anonymise users of Tor.”

Somewhat related: US Government increases funding for Tor, via The Guardian.

Tor, the internet anonymiser, received more than $1.8m in funding from the US government in 2013, even while the NSA was reportedly trying to destroy the network.

According to the Tor Project’s latest annual financial statements, the organisation received $1,822,907 from the US government in 2013. The bulk of that came in the form of “pass-through” grants, money which ultimately comes from the US government distributed through some independent third-party.

Sorta Somewhat Related, Tinfoil Hat Edition: Back in January, Reuters reported that the NSA funneled $10 million to RSA, a computer security firm whose encryption tools are an industry standard. The Reuters report indicates that the funding helped ensure that a less secure encryption system was used as the default setting in an RSA “software tool called Bsafe that is used to enhance security in personal computers and many other products.”

Surveillance is the business model of the Internet. We build systems that spy on people in exchange for services. Corporations call it marketing.

Bruce Schneier, security technologist, in a presentation at the SOURCE Boston conference.

Via Security Week:

The data economy—the growth of mass data collection and tracking—is changing how power is perceived, Schneier said in his keynote speech. The Internet and technology has changed the impact a group can have on others, where dissidents can use the Internet to amplify their voices and extend their reach. Governments already have a lot of power to begin with, so when they take advantage of technology, their power is magnified, he said.

“That’s how you get weird situations where Syrian dissidents use Facebook to organize, and the government uses Facebook to arrest its citizens,” Schneier said.

Over the past few years, it’s become easier and cheaper to store data and search for the necessary item rather than to sort and delete. Email is a very good example of this shift in behavior. This change, spurred by the popularity of mobile devices and the push to move more data and services to the cloud has also made it easier to track user behavior. When corporations track users for marketing purposes, it seems benign, but the same actions come across as sinister when it’s the government…

…The government didn’t tell anyone they have to carry around a tracking device, but people now carry mobile devices. The government doesn’t require users to notify any agency about their relationships. Users will tell Facebook soon enough, Schneier noted. “Fundamentally, we have reached the golden age of surveillance because we are all being surveilled ubiquitously.”

Somewhat related programming note: Read up on Heartbleed, change your passwords everywhere.

Unless we have an open, neutral internet we can rely on without worrying about what’s happening at the back door, we can’t have open government, good democracy, good healthcare, connected communities and diversity of culture. It’s not naive to think we can have that, but it is naive to think we can just sit back and get it.

On its 25th birthday, Web creator Tim Berners-Lee calls for an online bill of rights. The Guardian, An online Magna Carta: Berners-Lee calls for bill of rights for web.

Via the Web We Want:

March 12 2014 is the World Wide Web’s 25th Birthday. On this day in 1989, Sir Tim Berners-Lee filed the memo that led to the creation of the Web.

To mark this occasion, Berners-Lee and two organisations close to him, the World Wide Web Foundation and the World Wide Web Consortium are inviting everyone, everywhere to wish the Web a happy birthday using #web25. They have also joined forces to create webat25.org, a site where a selection of global birthday greetings will be displayed and worldwide events to celebrate the anniversary will be publicised.

And back to The Guardian:

Berners-Lee has been an outspoken critic of the American and British spy agencies’ surveillance of citizens following the revelations by National Security Agency whistleblower Edward Snowden. In the light of what has emerged, he said, people were looking for an overhaul of how the security services were managed.

His views also echo across the technology industry, where there is particular anger about the efforts by the NSA and Britain’s GCHQ to undermine encryption and security tools – something many cybersecurity experts say has been counterproductive and undermined everyone’s security.

Principles of privacy, free speech and responsible anonymity would be explored in the Magna Carta scheme. “These issues have crept up on us,” Berners-Lee said. “Our rights are being infringed more and more on every side, and the danger is that we get used to it. So I want to use the 25th anniversary for us all to do that, to take the web back into our own hands and define the web we want for the next 25 years.”

The web constitution proposal should also examine the impact of copyright laws and the cultural-societal issues around the ethics of technology.

As The Guardian notes, “While regional regulation and cultural sensitivities would vary, Berners-Lee said he believed a shared document of principle could provide an international standard for the values of the open web.”

Bonus: Read Berners-Lee’s birthday announcement at WebAt25.org where he briefly outlines some challenges and opportunities for the next 25 years.

How to spot the difference between a terrorist and a journalist →

A note to governments from Index on Censorship:

Index on Censorship here. We’ve noticed some you have had trouble telling the difference between terrorists and journalist lately (yes, you too Barack: put the BlackBerry down). So we thought as people with some experience of the journalism thing, we could offer you a few handy tips to refer to the next time you find yourself asking: journalist or terrorist?

Have a look at your suspect. Is he carrying a) a notebook with weird squiggly lines on it, or b) an RPG-7. If the latter, odds on he’s a terrorist. The former? Most likely a journalist. Those squiggly lines are called “shorthand” – it’s what reporters do when they’re writing things down for, er, reporting. It might look a bit like Arabic, but it’s not, and even if it was, that wouldn’t be a good enough reason to lock the guy up.

Still not clear? Let’s move on to the questioning part.

Background: In Egypt, Al Jazeera journalists are on trial for having links to a “terrorist organization”; in England, a court ruled that the detention of Glenn Greenwald’s partner at Heathrow Airport was legal because carrying the Edward Snowden NSA documents is, um, terroristy; in Morocco, a journalist was charged last fall with “inciting terrorism” because he linked to an Al Qaeda video; and in the United States the government admits that journalists could be targeted with counter-terrorism laws as they do their jobs (see here, here, and here for all things depressing). 

We could go on.

How Covert Agents Infiltrate the Internet to Manipulate, Deceive, and Destroy Reputations →

Via Glenn Greenwald / The Intercept:

One of the many pressing stories that remains to be told from the Snowden archive is how western intelligence agencies are attempting to manipulate and control online discourse with extreme tactics of deception and reputation-destruction. It’s time to tell a chunk of that story, complete with the relevant documents…

…Among the core self-identified purposes of [the Joint Threat Research Intelligence Group] are two tactics: (1) to inject all sorts of false material onto the internet in order to destroy the reputation of its targets; and (2) to use social sciences and other techniques to manipulate online discourse and activism to generate outcomes it considers desirable. To see how extremist these programs are, just consider the tactics they boast of using to achieve those ends: “false flag operations” (posting material to the internet and falsely attributing it to someone else), fake victim blog posts (pretending to be a victim of the individual whose reputation they want to destroy), and posting “negative information” on various forums…

The broader point is that, far beyond hacktivists, these surveillance agencies have vested themselves with the power to deliberately ruin people’s reputations and disrupt their online political activity even though they’ve been charged with no crimes, and even though their actions have no conceivable connection to terrorism or even national security threats. As Anonymous expert Gabriella Coleman of McGill University told me, “targeting Anonymous and hacktivists amounts to targeting citizens for expressing their political beliefs, resulting in the stifling of legitimate dissent.” Pointing to this study she published, Professor Coleman vehemently contested the assertion that “there is anything terrorist/violent in their actions.”

Read through for source documents demonstrating how this done.

War on Anonymous: British Spies Attacked Hackers →

NBC News reports that British intelligence engaged in a distributed denial of service (DDoS) attack on Anonymous:

A secret British spy unit created to mount cyber attacks on Britain’s enemies has waged war on the hacktivists of Anonymous and LulzSec, according to documents taken from the National Security Agency by Edward Snowden and obtained by NBC News.

The blunt instrument the spy unit used to target hackers, however, also interrupted the web communications of political dissidents who did not engage in any illegal hacking. It may also have shut down websites with no connection to Anonymous.

According to the documents, a division of Government Communications Headquarters (GCHQ), the British counterpart of the NSA, shut down communications among Anonymous hacktivists by launching a “denial of service” (DDOS) attack – the same technique hackers use to take down bank, retail and government websites – making the British government the first Western government known to have conducted such an attack.

Writing in Wired, McGill University’s Gabriella Coleman says the British government tactics are an extrajudicial danger that affects us all:

Whether you agree with the activities of Anonymous or not — which have included everything from supporting the Arab Spring protests to DDoSing copyright organizations to doxing child pornography site users — the salient point is that democratic governments now seem to be using their very tactics against them.

The key difference, however, is that while those involved in Anonymous can and have faced their day in court for those tactics, the British government has not. When Anonymous engages in lawbreaking, they are always taking a huge risk in doing so. But with unlimited resources and no oversight, organizations like the GCHQ (and theoretically the NSA) can do as they please. And it’s this power differential that makes all the difference

…But here’s the thing: You don’t even need to believe in or support DDoS as a protest tactic to find the latest Snowden revelations troubling. There are clearly defined laws and processes that a democratic government is supposed to follow. Yet here, the British government is apparently throwing out due process and essentially proceeding straight to the punishment — using a method that is considered illegal and punishable by years in prison.

FJP: Read that last line again. So, for example, a hacker fined $183,000 and put on probation for participating in 1 minute of a DDoS attack. And here’s a search across the FBI’s Web site for its prosecutions for DDoS attacks.

NSA, British Intelligence is Tracking You on Angry Birds
Via ProPublica:

When a smartphone user opens Angry Birds, the popular game application, and starts slinging birds at chortling green pigs, spy agencies have plotted how to lurk in the background to snatch data revealing the player’s location, age, sex and other personal information, according to secret British intelligence documents.
In their globe-spanning surveillance for terrorism suspects and other targets, the National Security Agency and its British counterpart have been trying to exploit a basic byproduct of modern telecommunications: With each new generation of mobile phone technology, ever greater amounts of personal data pour onto networks where spies can pick it up.
According to dozens of previously undisclosed classified documents, among the most valuable of those unintended intelligence tools are so-called leaky apps that spew everything from users’ smartphone identification codes to where they have been that day.

Read through for the details.

NSA, British Intelligence is Tracking You on Angry Birds

Via ProPublica:

When a smartphone user opens Angry Birds, the popular game application, and starts slinging birds at chortling green pigs, spy agencies have plotted how to lurk in the background to snatch data revealing the player’s location, age, sex and other personal information, according to secret British intelligence documents.

In their globe-spanning surveillance for terrorism suspects and other targets, the National Security Agency and its British counterpart have been trying to exploit a basic byproduct of modern telecommunications: With each new generation of mobile phone technology, ever greater amounts of personal data pour onto networks where spies can pick it up.

According to dozens of previously undisclosed classified documents, among the most valuable of those unintended intelligence tools are so-called leaky apps that spew everything from users’ smartphone identification codes to where they have been that day.

Read through for the details.

Internet governance is too important to be left just to governments.

— Patricia Lewis, Research Director, International Security at Chatham House to The Guardian. Independent commission to investigate future of internet after NSA revelations.

The choice is not whether to allow the NSA to spy. The choice is between a communications infrastructure that is vulnerable to attack at its core and one that, by default, is intrinsically secure for its users. Every country, including our own, must give intelligence and law-enforcement authorities the means to pursue terrorists and criminals, but we can do so without fundamentally undermining the security that enables commerce, entertainment, personal communication, and other aspects of 21st-century life. We urge the US government to reject society-wide surveillance and the subversion of security technology, to adopt state-of-the-art, privacy-preserving technology, and to ensure that new policies, guided by enunciated principles, support human rights, trustworthy commerce, and technical innovation.

An Open Letter from US Researchers in Cryptography and Information Security.

As TechDirt points out, “One of the things that’s been glaring about all of the investigations and panels and research into these [surveillance] programs is that they almost always leave out actual technologists, and especially leave out security experts. That seems like a big weakness, and now those security researchers are speaking out anyway. At some point, the politicians backing these programs are going to have to realize that almost no one who actually understands this stuff thinks what they’re doing is the right way to go about this.

Guardian journalists could face criminal charges over Edward Snowden leaks →

Via The Telegraph:

Employees of The Guardian newspaper could face criminal charges over their role in publishing secrets leaked by Edward Snowden, Britain’s most senior counter-terrorism officer has signalled.

Cressida Dick, an assistant commissioner at Scotland Yard, confirmed for the first time that detectives were examining whether staff at the newspaper had committed an offence.

She also told MPs that her officers are looking at potential breaches of a specific anti-terrorism law which makes it unlawful to communicate information about British intelligence agents. The offence carries up to 10 years’ imprisonment.

Rationale? Exactly what you’d think: “[L]ast month Sir John Sawers, the MI6 chief, said terrorists were ‘rubbing their hands with glee’ at the Snowden disclosures.”

Dear subscriber, you are registered as a participant in a mass disturbance.

Via Vice:

That’s a text message that thousands of Ukrainian protesters spontaneously received on their cell phones today, as a new law prohibiting public demonstrations went into effect. It was the regime’s police force, sending protesters the perfectly dystopian text message to accompany the newly minted, perfectly dystopian legislation.

Via The New York Times:

The government’s opponents said three recent actions had been intended to incite the more radical protesters and sow doubt in the minds of moderates: the passing of laws last week circumscribing the right of public assembly, the blocking of a protest march past the Parliament building on Sunday and the sending of cellphone messages on Tuesday to people standing in the vicinity of the fighting that said, “Dear subscriber, you are registered as a participant in a mass disturbance.”…

…The phrasing of the message, about participating in a “mass disturbance,” echoed language in a new law making it a crime to participate in a protest deemed violent. The law took effect on Tuesday. And protesters were concerned that the government seemed to be using cutting-edge technology from the advertising industry to pinpoint people for political profiling.