Point, via The Guardian: The United Nations moved a step closer to calling for an end to excessive surveillance on Tuesday in a resolution that reaffirms the “human right to privacy” and calls for the UN’s human rights commissioner to conduct an inquiry into the impact of mass digital snooping.
Counterpoint, via Foreign Policy: The United States and its key intelligence allies are quietly working behind the scenes to kneecap a mounting movement in the United Nations to promote a universal human right to online privacy, according to diplomatic sources and an internal American government document obtained by The Cable.
Meantime, via Techrunch: Sir Tim Berners-Lee Blasts “Insidious, Chilling Effects” Of Online Surveillance, Says We Should Be Protecting Whistleblowers Like Snowden.
TOR was compromised and some other items on that list are just plain and simple idiotic and impossible to the common user - information like this to people on a site where they take it to heart really quickly isn’t the best idea… — Anonymous
As this message from our inbox notes, earlier this year a compromise was discovered in the Tor browser.
This is true. But once the vulnerability was discovered an update came out that resolved it.
"We will never be able to de-anonymize all Tor users all the time” but “with manual analysis we can de-anonymize a very small fraction of Tor users.”
Of course, no system or defense mechanism is foolproof and that should always be remembered. If you really need absolute privacy, leave your tracking device (read: phone) at home and go for a walk in a very loud place with whoever you need to communicate with.
But don’t succumb to privacy nihilism. As Bruce Schneier writes in The Guardian, “The NSA has turned the fabric of the internet into a vast surveillance platform, but they are not magical. They’re limited by the same economic realities as the rest of us, and our best defense is to make surveillance of us as expensive as possible.”
One way to do that is to encrypt and anonymize, and help your friends and networks do the same.
For more information about defensive technology and steps you can take to secure your communications, visit this primer from the EFF. It covers browser, email, chat, phones and secure deletion of your files.
The intelligence community has worried about ‘going dark’ forever, but today they are conducting instant, total invasion of privacy with limited effort. This is the golden age of spying.
Paul Kocher, president and chief scientist of Cryptography Research, in an interview about the NSA’s ability to crack mobile and Internet encryption technologies in order to eavesdrop on online communications and other activities. ProPublica, Revealed: The NSA’s Secret Campaign to Crack, Undermine Internet Security.
The News: The Guardian, The New York Times and ProPublica have partnered on the Edward Snowden NSA leaks to reveal that “the NSA has secretly and successfully worked to break many types of encryption, the widely used technology that is supposed to make it impossible to read intercepted communications.”
Key Takeaway, Part 01: “For the past decade, NSA has led an aggressive, multipronged effort to break widely used Internet encryption technologies… [Now] vast amounts of encrypted Internet data which have up till now been discarded are now exploitable.”
Key Takeaway, Part 02: “Some of the agency’s most intensive efforts have focused on the encryption in universal use in the United States, including Secure Sockets Layer, or SSL; virtual private networks, or VPNs; and the protection used on fourth-generation, or 4G, smartphones.”
Key Takeaway, Part 03: “Beginning in 2000, as encryption tools were gradually blanketing the Web, the NSA invested billions of dollars in a clandestine campaign to preserve its ability to eavesdrop. Having lost a public battle in the 1990s to insert its own “back door” in all encryption, it set out to accomplish the same goal by stealth.”
FJP: “Stealth” is an interesting word choice here. The reason for that is that back in the 90s, the NSA wanted backdoor access to encryption technologies via what it called the Clipper Chip. Proposed during the Clinton administration, and debated publicly, the effort went nowhere with critics pointing out the obvious privacy concerns as well as the economic concerns of US companies being required to allow intelligence agencies access to its encryption technologies. (Read: why would any foreign entity — government, business, individual or otherwise — choose a US technology solution that it knew wasn’t secure?)
As Techdirt notes, “That fight ended with the NSA losing… and now it appears that they just ignored that and effectively spent the past few decades doing the same exact thing, but in secret.”
Very Interesting Aside, Part 01: “Intelligence officials asked The Times and ProPublica not to publish this article, saying that it might prompt foreign targets to switch to new forms of encryption or communications that would be harder to collect or read. The news organizations removed some specific facts but decided to publish the article because of the value of a public debate about government actions that weaken the most powerful tools for protecting the privacy of Americans and others.”
Very Interesting Aside, Part 02: ProPublica explains why it published the story.
They were threatening me all the time and saying I would be put in jail if I didn’t co-operate. They treated me like I was a criminal or someone about to attack the UK… It was exhausting and frustrating, but I knew I wasn’t doing anything wrong.
David Miranda, in an interview with The Guardian about his nine-hour detention at Heathrow Airport under England’s Schedule Seven of its Terrorism Act “which allows officers to stop, search and question individuals at airports, ports and border areas.”
Miranda is the partner of The Guardian’s Glenn Greenwald, the journalist who broke the NSA surveillance story. Miranda tells The Guardian that “he was not allowed to call [Greenwald], who is a qualified lawyer in the US, nor was he given an interpreter, despite being promised one because he felt uncomfortable speaking in a second language… His carry-on bags were searched and, he says, police confiscated a computer, two pen drives, an external hard drive and several other electronic items.”
Miranda was passing through England from Berlin where he had met Laura Poitras, a documentary filmmaker also working on the NSA leaks. He says the drives he carried contained “materials” being passed between Poitras and Greenwald.
This isn’t a story about whether one agrees with Edward Snowden’s decision to leak classified National Security Agency documents, or what one thinks of Glenn Greenwald’s journalism. It is a story about whether sweeping powers passed with the understanding they’d be used against terrorists will henceforth be marshaled against anyone Western governments want to target, even if there is zero chance that they are associated with Al Qaeda or its affiliates. This is a story about whether national security journalism is already being treated as terrorism so that government officials can bring more powerful tools to bear against leaks of classified information. And it’s a story about the impropriety of targeting the loved ones of journalists in adversarial relationships with the government in order to intimidate them or others.
"I worry a lot about the outsourcing of email at a news organization. We only have two layers of protection, right? One is technological and one is legal," Angwin says. "So certainly our lawyers at a news organization are gonna fight to protect our emails. But, if they don’t fully control them technically, they can’t mount a very good argument.
“If Gmail is handling our emails, then we have to rely on them to mount our legal arguments,” she adds. “And that’s not a situation that news organizations have been in, in the past.”
To evaluate the nothing-to-hide argument, we should begin by looking at how its adherents understand privacy. Nearly every law or policy involving privacy depends upon a particular understanding of what privacy is. The way problems are conceived has a tremendous impact on the legal and policy solutions used to solve them. As the philosopher John Dewey observed, “A problem well put is half-solved.
I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit. After significant soul searching, I have decided to suspend operations. I wish that I could legally share with you the events that led to my decision. I cannot. I feel you deserve to know what’s going on—the first amendment is supposed to guarantee me the freedom to speak out in situations like this. Unfortunately, Congress has passed laws that say otherwise. As things currently stand, I cannot share my experiences over the last six weeks, even though I have twice made the appropriate requests.
Ladar Levison, Owner and Operator, Lavabit LLC, in an open letter to users.
Background: Lavabit is an encrypted email service that was reportedly used by Edward Snowden, among 350,000 other customers. The Guardian reports that the closure occurred after the company rejected “a court order for cooperation with the US government to participate in surveillance on its customers.”
Related: Lavabit isn’t alone. Silent Circle, a company that creates encrypted communication applications for text, phone and video, is preemptively shutting down its email service. In a notice to its customers, the company writes:
Silent Mail has similar security guarantees to other secure email systems, and with full disclosure, we thought it would be valuable.
However, we have reconsidered this position. We’ve been thinking about this for some time, whether it was a good idea at all. Today, another secure email provider, Lavabit, shut down their system lest they “be complicit in crimes against the American people.” We see the writing the wall, and we have decided that it is best for us to shut down Silent Mail now. We have not received subpoenas, warrants, security letters, or anything else by any government, and this is why we are acting now.
Welcome to surveillance.