The American Bear

Sunshine/Lollipops

When considering the implications of the massive digital Panopticon being developed today, it is important to reflect upon the impact upon individual liberty which even crude, old-fashioned surveillance causes. With the revelation that the New York Police Department had been conducting blanket-spying on Muslims living in New York City and its environs - using methods such as paid informants, wiretapping, detailed cataloguing of Muslim neighbourhoods, documentation of Muslim-owned businesses, infiltration of houses of worship, and many other invasive tactics, it can be observed what effects intensive monitoring can have on ordinary individuals.

Throughout six years of spying on entire communities for no other reason than their religion, not a single lead or terrorism investigation was generated by the programme. Nonetheless, the damage done to the psyches of individuals who knew their community was deeply infiltrated was palpable. Communities and personal relationships were torn apart by government-induced suspicion and paranoia, as people became too afraid to speak or even associate with one another.

… Given what relatively crude means of surveillance can do to a community, what long-term effect will a pervasive, technologically-advanced, multi-billion dollar national spying programme have on the fabric of society? One means of combatting seditious and unwanted speech is to simply make ordinary people too afraid to speak and commiserate with each other whatsoever, and the surveillance state being built today may ultimately accomplish this goal.

Murtaza Hussain, An increasingly unchecked surveillance state

“Every day, collection systems at the National Security Agency intercept and store 1.7 billion e-mails, phone calls and other types of communications.”

DOJ Releases Completely Blacked-Out Memo on Surveillance of Text Messages

The Justice Department has released 15 pages of completely blacked-out material in response to a request for information about how text messages from cellphones are intercepted. The American Civil Liberties Union says the Obama administration is reading emails and other electronic communications without a warrant, despite a court ruling against the practice. In response to a recent Freedom of Information Act request on the issue, the Justice Department released a memo with black rectangles covering every bit of text except the title, sender and recipient. ACLU spokesperson Josh Bell told ABC News: “We got very little information about the policy on text messages. [The document] does not even show the date, let alone what the policy is.”

Paperclipped to the last page of the redacted document was a sheet of white paper, blank, except for the phrase, perfectly centered both vertically and horizontally, “Go Fuck Yourself” in 12 pt. brush script.

FBI's Latest Proposal for a Wiretap-Ready Internet Should Be Trashed | Julian Sanchez

“The FBI’s plan would effectively make an entire category of emerging secure platforms — such as the encrypted voice app Silent Circle or the Dropbox-like cloud storage service Spider Oak — illegal overnight.”

The FBI has some strange ideas about how to “update” federal surveillance laws: They’re calling for legislation to penalize online services that provide users with too much security.

I’m not kidding. The proposal was revealed in The Washington Post last week — and a couple days ago, a front-page story in The New York Times reported the Obama administration is preparing to back it.

Why? Federal law enforcement agencies like the FBI have long feared their wiretap capabilities would begin “going dark” as criminals and terrorists — along with ordinary citizens — shift from telephone networks, which are required to be wiretap-ready under the 1994 Communications Assistance for Law Enforcement Act (CALEA), to the dizzying array of online communications platforms available today.

While it’s not yet clear how dire the going-dark scenario really is, the statutory “cure” proposed by the FBI — with fines starting at $25,000 a day for companies that aren’t wiretap capable — would surely be worse than the disease.

The FBI’s misguided proposal would impose costly burdens on thousands of companies (and threaten to entirely kill those whose business model centers on providing highly secure encrypted communications), while making cloud solutions less attractive to businesses and users. It would aid totalitarian governments eager to spy on their citizens while distorting business decisions about software design. Perhaps worst of all, it would treat millions of law-abiding users with legitimate security needs as presumed criminals — while doing little to hamper actual criminals.

Read more

Obama May Back F.B.I. to Wiretap Web Users

WASHINGTON — The Obama administration, resolving years of internal debate, is on the verge of backing a Federal Bureau of Investigation plan for a sweeping overhaul of surveillance laws that would make it easier to wiretap people who communicate using the Internet rather than by traditional phone services, according to officials familiar with the deliberations.

The F.B.I. director, Robert S. Mueller III, has argued that the bureau’s ability to carry out court-approved eavesdropping on suspects is “going dark” as communications technology evolves, and since 2010 has pushed for a legal mandate requiring companies like Facebook and Google to build into their instant-messaging and other such systems a capacity to comply with wiretap orders.

(Source: thepeoplesrecord, via randomactsofchaos)

Google’s Spymasters Are Now Worried About Your Secrets

A recent article in The Wall Street Journal by Google Executive Chairman Eric Schmidt, “The Dark Side of the Digital Revolution,” makes for very scary reading. It is not so much because of what he and co-author Jared Cohen, the director of Google Ideas, have to say about how dictators can use new information technology to suppress dissent; we know those guys are evil. What is truly frightening is that the techniques of the totalitarian state are the same ones pioneered by so-called democracies where commercial companies, like Google, have made a hash of the individual’s constitutionally guaranteed right to be secure in his or her private space.

The dictators, mired in more technologically primitive societies, didn’t develop the fearsome new implements of control of the National Security State. Google and other leaders in this field of massively mined and shared information did. As the authors concede and expand on in their new book:

“Despite the expense, everything a regime would need to build an incredibly intimidating digital police state—including software that facilitates data mining and real-time monitoring of citizens—is commercially available right now. … Companies that sell data-mining software, surveillance cameras and other products will flaunt their work with one government to attract new business. It’s the digital analog to arms sales. …”

The Google execs have inadvertently let us in on the world that they inhabit, where the data mining of individual preferences—for such interests as sex and politics—can be cross filed and tabulated by supercomputers to be exploited for commercial gain. The drive for ever more detailed information on individual behavior is on with a vengeance in the profit-driven world of data mining, as anyone who observes the ads that mysteriously pop up during Internet browsing sessions well knows. But that invasive technology is now undergoing a massive revolutionary upgrade provided by the collection of vast numbers of biometric markers.

“Don’t think the data being collected by autocracies is limited to Facebook posts or Twitter comments,” Schmidt and Cohen warn. “The most important data they will collect in the future is biometric information, which can be used to identify individuals through their unique physical and biological attributes. Fingerprints, photographs and DNA testing are all familiar biometric data types today. … With cloud computing, it takes just seconds to compare millions of faces. … By indexing our biometric signatures, some governments will try to track our every move and word, both physically and digitally.” [++]

Surveillance State Unchecked: Secret Spy Court Rejected Zero Requests in 2012 | The Dissenter

An annual report to the United States Senate by the Justice Department shows the Foreign Intelligence Surveillance Court did not deny one single request made to the court by federal law enforcement. All applications to conduct electronic surveillance or “physical searches for foreign intelligence purposes” were granted.

Firefox maker says British surveillance company has hijacked its brand to help spy on targets

The maker of one of the Internet’s most popular browsers is taking on one of the world’s best-known purveyors of surveillance software, accusing a British company of hijacking the Mozilla brand to camouflage its espionage products.

The Mozilla Foundation — responsible for the Firefox browser — said late Tuesday that Gamma International Ltd. was passing off its FinFisher spy software as a Firefox product to avoid detection. Mozilla described the tactic as abusive.

“We are sending Gamma, the FinFisher parent company, a cease and desist letter demanding that these practices be stopped immediately,” Mozilla executive Alex Fowler said in a statement from the company, based in Mountain View, California.

Gamma, based in Andover, England, did not respond to seven emails. The company has ignored repeated questions from The Associated Press for more than a month.

Gamma’s FinFisher is one of many corporate-made viruses which have attracted scrutiny after the wave of Arab revolutions exposed the high-tech tools used by repressive regimes to stifle dissent. FinFisher — which can log keystrokes, record Skype calls, and turn webcams and cellphones into improvised surveillance devices — drew particular attention after a sales pitch for the spyware was discovered in an Egyptian state security building in 2011.

Citizen Lab, a research group based at the University of Toronto’s Munk School of Global Affairs, has since linked FinFisher to servers in 36 countries and found the virus hidden in documents including news updates from Bahrain and photographs of Ethiopian opposition figures. In a report published late Tuesday, Citizen Lab said that it had also found a FinFisher sample hiding in a document about Malaysia’s upcoming general election.

Citizen Lab’s Morgan Marquis-Boire said the evidence fell short of proving that FinFisher was being used by one government or another, but said its dispersal hinted at the global reach of espionage programs.

“It really shows the ubiquity of this type of software,” he said.

That ubiquity has already given Gamma a public relations headache. In March, the company was identified as one of five “corporate enemies of the Internet” by journalists’ lobbying group Reporters Without Borders. Earlier this month the rights group Privacy International sued the British government over allegations that Gamma had illegally exported its surveillance technology — an accusation the company has denied.

Senate committee advances bill to prevent warantless email searches | guardian.co.uk

A bipartisan committee voted on Thursday to advance a bill to clamp down on warrantless government searches of email and other private electronic information.

The bill seeks to modify the 1986 Electronic Communications Privacy Act (ECPA) and require government and law enforcement agencies to get a judge’s approval in most cases in order to access electronic communications. A vote is now expected next month, but while the bill has cross-party support law officials, regulators and some senators are pushing for amendments to weaken its impact.

Democratic senator Patrick Leahy, co-sponsor of the bill with Utah’s Republican senator Mike Lee, said: “I think Americans are very concerned about unwanted intrusions into our private lives in cyberspace. There’s no question if someone wants to go into your house and go through your files and draws you are going to need a search warrant. But if you have those same files in the cloud you ought to have the same sense of privacy.”

ACLU: CISPA Is Dead (For Now)

CISPA is all but dead, again.

The controversial cybersecurity bill known as the Cyber Information Sharing and Protection Act, which passed the House of Representatives last week, will almost certainly be shelved by the Senate, according to a representative of the U.S. Senate Committee on Commerce, Science and Transportation.

The bill would have allowed the federal government to share classified “cyber threat” information with companies, but it also provided provisions that would have allowed companies to share information about specific users with the government.* Privacy advocates also worried that the National Security Administration would have gotten involved.

“We’re not taking [CISPA] up,” the committee representative says. “Staff and senators are divvying up the issues and the key provisions everyone agrees would need to be handled if we’re going to strengthen cybersecurity. They’ll be drafting separate bills.”

Sen. Jay Rockefeller, D-W.V., chairman of the committee, said the passage of CISPA was “important,” but said the bill’s “privacy protections are insufficient.”

* This is goodish news. However, “provisions that would have allowed companies to share information about specific users with the government” already exist, without CISPA, thanks to the Obama DOJ: U.S. gives big, secret push to Internet surveillance | CNET

h/t quickhits

U.S. gives big, secret push to Internet surveillance | CNET

Senior Obama administration officials have secretly authorized the interception of communications carried on portions of networks operated by AT&T and other Internet service providers, a practice that might otherwise be illegal under federal wiretapping laws.

The secret legal authorization from the Justice Department originally applied to a cybersecurity pilot project in which the military monitored defense contractors’ Internet links. Since then, however, the program has been expanded by President Obama to cover all critical infrastructure sectors including energy, healthcare, and finance starting June 12.

“The Justice Department is helping private companies evade federal wiretap laws,” said Marc Rotenberg, executive director of the Electronic Privacy Information Center, which obtained over 1,000 pages of internal government documents and provided them to CNET this week. “Alarm bells should be going off.”

Those documents show the National Security Agency and the Defense Department were deeply involved in pressing for the secret legal authorization, with NSA director Keith Alexander participating in some of the discussions personally. Despite initial reservations, including from industry participants, Justice Department attorneys eventually signed off on the project.

The Justice Department agreed to grant legal immunity to the participating network providers in the form of what participants in the confidential discussions refer to as “2511 letters,” a reference to the Wiretap Act codified at 18 USC 2511 in the federal statute books.

The Wiretap Act limits the ability of Internet providers to eavesdrop on network traffic except when monitoring is a “necessary incident” to providing the service or it takes place with a user’s “lawful consent.” An industry representative told CNET the 2511 letters provided legal immunity to the providers by agreeing not to prosecute for criminal violations of the Wiretap Act. It’s not clear how many 2511 letters were issued by the Justice Department.

[…]

Because it overrides all federal and state privacy laws, including the Wiretap Act, legislation called CISPA would formally authorize the program without the government resorting to 2511 letters. In other words, if CISPA, which the U.S. House of Representatives approved last week, becomes law, any data-sharing program would be placed on a solid legal footing. AT&T, Verizon, and wireless and cable providers have all written letters endorsing CISPA. [continue]

House passes controversial “cybersecurity” bill CISPA in 288-127 vote | Ars Technica

The United States House of Representatives approved the Cyber Intelligence Sharing and Protection Act (CISPA) [Thursday] by a comfortable 288 to 127 margin. Almost half of the House’s Democrats joined 196 Republicans in supporting the measure.

The legislation grants companies broad legal immunity when they share information related to online threats with one another and with the federal government. Advocates argue that the legislation is needed to allow companies to quickly and efficiently share information in order to help secure their networks.

But critics such as the American Civil Liberties Union and the Electronic Frontier Foundation describe the legislation as an attack on user privacy. They worry that companies will use the broad immunity offered by CISPA to ignore other laws that protect consumer privacy. And in a veto threat issued on Tuesday, the White House echoed these arguments.

“The bill does not require private entities to take reasonable steps to remove irrelevant personal information when sending cybersecurity data to the government or other private sector entities,” the Obama administration said on Tuesday.

“The US House just passed CISPA, undermining the privacy of millions of Internet users,” the Electronic Frontier Foundation said in a tweet. “Now we take this fight to the Senate.”

“I voted against #CISPA because it does not adequately protect the civil liberties of Americans,” Rep. Anna G. Eshoo (D-CA) tweeted. “People deserve both privacy and security.”

So far, the CISPA debate has been a repeat of last year’s legislative process. An earlier version of CISPA passed the House in 2012 despite the objection of civil liberties groups, but companion legislation got bogged down in the Senate.