The American Bear

Sunshine/Lollipops

Government standards agency “strongly” suggests dropping its own encryption standard | Ars Technica

Following revelations about the National Security Agency’s (NSA) covert influence on computer security standards, the National Institute of Standards and Technology, or NIST, announced earlier this week it is revisiting some of its encryption standards. But in a little-noticed footnote, NIST went a step further, saying it is “strongly” recommending against even using one of the standards.

Steve Wozniak: 'I felt about Edward Snowden the way I felt about Daniel Ellsberg'

The Apple co-founder Steve Wozniak has backed NSA whistleblower Edward Snowden and admitted he feels “a little bit guilty” that new technologies had introduced new ways for governments to monitor people.

“I felt about Edward Snowden the same way I felt about Daniel Ellsberg, who changed my life, who taught me a lot,” he said.

When Morgan suggested the government would not be able to keep such a close eye on citizens without the work of innovators like him, Wozniak acknowledged: “I actually feel a little guilty about that – but not totally. We created the computers to free the people up, give them instant communication anywhere in the world; any thought you had, you could share freely. That it was going to overcome a lot of the government restrictions.

“We didn’t realise that in the digital world there were a lot of ways to use the digital technology to control us, to snoop on us, to make things possible that weren’t. In the old days of mailing letters, you licked it, and when you got an envelope that was still sealed, nobody had seen it; you had private communication. Now they say, because it’s email, it cannot be private; anyone can listen.”

Asked about US surveillance programmes in an earlier interview with a Spanish technology news site, FayerWayer, Wozniak said: “All these things about the constitution, that made us so good as people – they are kind of nothing.

“They are all dissolved with the Patriot Act. There are all these laws that just say ‘we can secretly call anything terrorism and do anything we want, without the rights of courts to get in and say you are doing wrong things’. There’s not even a free open court any more. Read the constitution. I don’t know how this stuff happened. It’s so clear what the constitution says.”

He said he had been brought up to believe that “communist Russia was so bad because they followed their people, they snooped on them, they arrested them, they put them in secret prisons, they disappeared them – these kinds of things were part of Russia. We are getting more and more like that.”

(Source: stopprism, via patternsofbehavior)

I.B.M.’s Watson, the supercomputing technology that defeated human Jeopardy! champions in 2011, is a prime example of the power of data-intensive artificial intelligence. Watson-style computing, analysts said, is precisely the technology that would make the ambitious data-collection program of the N.S.A. seem practical. Computers could instantly sift through the mass of Internet communications data, see patterns of suspicious online behavior and thus narrow the hunt for terrorists. Both the N.S.A. and the Central Intelligence Agency have been testing Watson in the last two years, said a consultant who has advised the government and asked not to be identified because he was not authorized to speak. Revelations Give Look at Spy Agency’s Wider Reach

The section on ‘repressive autocracies’ describes, disapprovingly, various repressive surveillance measures: legislation to insert back doors into software to enable spying on citizens, monitoring of social networks and the collection of intelligence on entire populations. All of these are already in widespread use in the United States. In fact, some of those measures — like the push to require every social-network profile to be linked to a real name — were spearheaded by Google itself. The Banality of Google’s ‘Don’t Be Evil’ (via azspot)

(via azspot)

Judge orders Google to comply with FBI's secret NSL demands | CNET

A federal judge has ruled that Google must comply with the FBI’s warrantless requests for confidential user data, despite the search company’s arguments that the secret demands are illegal.

CNET has learned that U.S. District Judge Susan Illston in San Francisco rejected Google’s request to modify or throw out 19 so-called National Security Letters, a warrantless electronic data-gathering technique used by the FBI that does not need a judge’s approval. Her ruling came after a pair of top FBI officials, including an assistant director, submitted classified affidavits.

The litigation taking place behind closed doors in Illston’s courtroom — a closed-to-the-public hearing was held on May 10 — could set new ground rules curbing the FBI’s warrantless access to information that Internet and other companies hold on behalf of their users. The FBI issued 192,499 of the demands from 2003 to 2006, and 97 percent of NSLs include a mandatory gag order.

It wasn’t a complete win for the Justice Department, however: Illston all but invited Google to try again, stressing that the company has only raised broad arguments, not ones “specific to the 19 NSLs at issue.” She also reserved judgment on two of the 19 NSLs, saying she wanted the government to “provide further information” prior to making a decision.

NSLs are controversial because they allow FBI officials to send secret requests to Web and telecommunications companies requesting “name, address, length of service,” and other account information about users as long as it’s relevant to a national security investigation. No court approval is required, and disclosing the existence of the FBI’s secret requests is not permitted.

Because of the extreme secrecy requirements, documents in the San Francisco case remain almost entirely under seal. Even Google’s identity is redacted from Illston’s four-page opinion, which was dated May 20 and remained undisclosed until now. But, citing initial filings, Bloomberg disclosed last month that it was Google that had initiated the legal challenge.

While the FBI’s authority to levy NSL demands predates the Patriot Act, it was that controversial 2001 law that dramatically expanded NSLs by broadening their use beyond espionage-related investigations. The Patriot Act also authorized FBI officials across the country, instead of only in Washington, D.C., to send NSLs. [more]

DOJ Releases Completely Blacked-Out Memo on Surveillance of Text Messages

The Justice Department has released 15 pages of completely blacked-out material in response to a request for information about how text messages from cellphones are intercepted. The American Civil Liberties Union says the Obama administration is reading emails and other electronic communications without a warrant, despite a court ruling against the practice. In response to a recent Freedom of Information Act request on the issue, the Justice Department released a memo with black rectangles covering every bit of text except the title, sender and recipient. ACLU spokesperson Josh Bell told ABC News: “We got very little information about the policy on text messages. [The document] does not even show the date, let alone what the policy is.”

Paperclipped to the last page of the redacted document was a sheet of white paper, blank, except for the phrase, perfectly centered both vertically and horizontally, “Go Fuck Yourself” in 12 pt. brush script.

FBI's Latest Proposal for a Wiretap-Ready Internet Should Be Trashed | Julian Sanchez

“The FBI’s plan would effectively make an entire category of emerging secure platforms — such as the encrypted voice app Silent Circle or the Dropbox-like cloud storage service Spider Oak — illegal overnight.”

The FBI has some strange ideas about how to “update” federal surveillance laws: They’re calling for legislation to penalize online services that provide users with too much security.

I’m not kidding. The proposal was revealed in The Washington Post last week — and a couple days ago, a front-page story in The New York Times reported the Obama administration is preparing to back it.

Why? Federal law enforcement agencies like the FBI have long feared their wiretap capabilities would begin “going dark” as criminals and terrorists — along with ordinary citizens — shift from telephone networks, which are required to be wiretap-ready under the 1994 Communications Assistance for Law Enforcement Act (CALEA), to the dizzying array of online communications platforms available today.

While it’s not yet clear how dire the going-dark scenario really is, the statutory “cure” proposed by the FBI — with fines starting at $25,000 a day for companies that aren’t wiretap capable — would surely be worse than the disease.

The FBI’s misguided proposal would impose costly burdens on thousands of companies (and threaten to entirely kill those whose business model centers on providing highly secure encrypted communications), while making cloud solutions less attractive to businesses and users. It would aid totalitarian governments eager to spy on their citizens while distorting business decisions about software design. Perhaps worst of all, it would treat millions of law-abiding users with legitimate security needs as presumed criminals — while doing little to hamper actual criminals.

Read more

Firefox maker says British surveillance company has hijacked its brand to help spy on targets

The maker of one of the Internet’s most popular browsers is taking on one of the world’s best-known purveyors of surveillance software, accusing a British company of hijacking the Mozilla brand to camouflage its espionage products.

The Mozilla Foundation — responsible for the Firefox browser — said late Tuesday that Gamma International Ltd. was passing off its FinFisher spy software as a Firefox product to avoid detection. Mozilla described the tactic as abusive.

“We are sending Gamma, the FinFisher parent company, a cease and desist letter demanding that these practices be stopped immediately,” Mozilla executive Alex Fowler said in a statement from the company, based in Mountain View, California.

Gamma, based in Andover, England, did not respond to seven emails. The company has ignored repeated questions from The Associated Press for more than a month.

Gamma’s FinFisher is one of many corporate-made viruses which have attracted scrutiny after the wave of Arab revolutions exposed the high-tech tools used by repressive regimes to stifle dissent. FinFisher — which can log keystrokes, record Skype calls, and turn webcams and cellphones into improvised surveillance devices — drew particular attention after a sales pitch for the spyware was discovered in an Egyptian state security building in 2011.

Citizen Lab, a research group based at the University of Toronto’s Munk School of Global Affairs, has since linked FinFisher to servers in 36 countries and found the virus hidden in documents including news updates from Bahrain and photographs of Ethiopian opposition figures. In a report published late Tuesday, Citizen Lab said that it had also found a FinFisher sample hiding in a document about Malaysia’s upcoming general election.

Citizen Lab’s Morgan Marquis-Boire said the evidence fell short of proving that FinFisher was being used by one government or another, but said its dispersal hinted at the global reach of espionage programs.

“It really shows the ubiquity of this type of software,” he said.

That ubiquity has already given Gamma a public relations headache. In March, the company was identified as one of five “corporate enemies of the Internet” by journalists’ lobbying group Reporters Without Borders. Earlier this month the rights group Privacy International sued the British government over allegations that Gamma had illegally exported its surveillance technology — an accusation the company has denied.

Senate committee advances bill to prevent warantless email searches | guardian.co.uk

A bipartisan committee voted on Thursday to advance a bill to clamp down on warrantless government searches of email and other private electronic information.

The bill seeks to modify the 1986 Electronic Communications Privacy Act (ECPA) and require government and law enforcement agencies to get a judge’s approval in most cases in order to access electronic communications. A vote is now expected next month, but while the bill has cross-party support law officials, regulators and some senators are pushing for amendments to weaken its impact.

Democratic senator Patrick Leahy, co-sponsor of the bill with Utah’s Republican senator Mike Lee, said: “I think Americans are very concerned about unwanted intrusions into our private lives in cyberspace. There’s no question if someone wants to go into your house and go through your files and draws you are going to need a search warrant. But if you have those same files in the cloud you ought to have the same sense of privacy.”