The American Bear

› DOJ Releases Completely Blacked-Out Memo on Surveillance of Text Messages

The Justice Department has released 15 pages of completely blacked-out material in response to a request for information about how text messages from cellphones are intercepted. The American Civil Liberties Union says the Obama administration is reading emails and other electronic communications without a warrant, despite a court ruling against the practice. In response to a recent Freedom of Information Act request on the issue, the Justice Department released a memo with black rectangles covering every bit of text except the title, sender and recipient. ACLU spokesperson Josh Bell told ABC News: “We got very little information about the policy on text messages. [The document] does not even show the date, let alone what the policy is.”

Paperclipped to the last page of the redacted document was a sheet of white paper, blank, except for the phrase, perfectly centered both vertically and horizontally, “Go Fuck Yourself” in 12 pt. brush script.

› Syria internet down for second time this month | Al Akhbar English

› FBI's Latest Proposal for a Wiretap-Ready Internet Should Be Trashed | Julian Sanchez

“The FBI’s plan would effectively make an entire category of emerging secure platforms — such as the encrypted voice app Silent Circle or the Dropbox-like cloud storage service Spider Oak — illegal overnight.”

The FBI has some strange ideas about how to “update” federal surveillance laws: They’re calling for legislation to penalize online services that provide users with too much security.

I’m not kidding. The proposal was revealed in The Washington Post last week — and a couple days ago, a front-page story in The New York Times reported the Obama administration is preparing to back it.

Why? Federal law enforcement agencies like the FBI have long feared their wiretap capabilities would begin “going dark” as criminals and terrorists — along with ordinary citizens — shift from telephone networks, which are required to be wiretap-ready under the 1994 Communications Assistance for Law Enforcement Act (CALEA), to the dizzying array of online communications platforms available today.

While it’s not yet clear how dire the going-dark scenario really is, the statutory “cure” proposed by the FBI — with fines starting at $25,000 a day for companies that aren’t wiretap capable — would surely be worse than the disease.

The FBI’s misguided proposal would impose costly burdens on thousands of companies (and threaten to entirely kill those whose business model centers on providing highly secure encrypted communications), while making cloud solutions less attractive to businesses and users. It would aid totalitarian governments eager to spy on their citizens while distorting business decisions about software design. Perhaps worst of all, it would treat millions of law-abiding users with legitimate security needs as presumed criminals — while doing little to hamper actual criminals.

Read more →

› Firefox maker says British surveillance company has hijacked its brand to help spy on targets

The maker of one of the Internet’s most popular browsers is taking on one of the world’s best-known purveyors of surveillance software, accusing a British company of hijacking the Mozilla brand to camouflage its espionage products.

The Mozilla Foundation — responsible for the Firefox browser — said late Tuesday that Gamma International Ltd. was passing off its FinFisher spy software as a Firefox product to avoid detection. Mozilla described the tactic as abusive.

“We are sending Gamma, the FinFisher parent company, a cease and desist letter demanding that these practices be stopped immediately,” Mozilla executive Alex Fowler said in a statement from the company, based in Mountain View, California.

Gamma, based in Andover, England, did not respond to seven emails. The company has ignored repeated questions from The Associated Press for more than a month.

Gamma’s FinFisher is one of many corporate-made viruses which have attracted scrutiny after the wave of Arab revolutions exposed the high-tech tools used by repressive regimes to stifle dissent. FinFisher — which can log keystrokes, record Skype calls, and turn webcams and cellphones into improvised surveillance devices — drew particular attention after a sales pitch for the spyware was discovered in an Egyptian state security building in 2011.

Citizen Lab, a research group based at the University of Toronto’s Munk School of Global Affairs, has since linked FinFisher to servers in 36 countries and found the virus hidden in documents including news updates from Bahrain and photographs of Ethiopian opposition figures. In a report published late Tuesday, Citizen Lab said that it had also found a FinFisher sample hiding in a document about Malaysia’s upcoming general election.

Citizen Lab’s Morgan Marquis-Boire said the evidence fell short of proving that FinFisher was being used by one government or another, but said its dispersal hinted at the global reach of espionage programs.

“It really shows the ubiquity of this type of software,” he said.

That ubiquity has already given Gamma a public relations headache. In March, the company was identified as one of five “corporate enemies of the Internet” by journalists’ lobbying group Reporters Without Borders. Earlier this month the rights group Privacy International sued the British government over allegations that Gamma had illegally exported its surveillance technology — an accusation the company has denied.

› Government Seeks to Fine Companies for Not Complying With Wiretap Orders | Threat Level

The legislation is intended to force these companies into finding technology solutions that would enable real-time surveillance.

› New FCC chairman is “former lobbyist for cable and wireless industries” | Ars Technica

› Senate committee advances bill to prevent warantless email searches | guardian.co.uk

A bipartisan committee voted on Thursday to advance a bill to clamp down on warrantless government searches of email and other private electronic information.

The bill seeks to modify the 1986 Electronic Communications Privacy Act (ECPA) and require government and law enforcement agencies to get a judge’s approval in most cases in order to access electronic communications. A vote is now expected next month, but while the bill has cross-party support law officials, regulators and some senators are pushing for amendments to weaken its impact.

Democratic senator Patrick Leahy, co-sponsor of the bill with Utah’s Republican senator Mike Lee, said: “I think Americans are very concerned about unwanted intrusions into our private lives in cyberspace. There’s no question if someone wants to go into your house and go through your files and draws you are going to need a search warrant. But if you have those same files in the cloud you ought to have the same sense of privacy.”

› U.S. gives big, secret push to Internet surveillance | CNET

Senior Obama administration officials have secretly authorized the interception of communications carried on portions of networks operated by AT&T and other Internet service providers, a practice that might otherwise be illegal under federal wiretapping laws.

The secret legal authorization from the Justice Department originally applied to a cybersecurity pilot project in which the military monitored defense contractors’ Internet links. Since then, however, the program has been expanded by President Obama to cover all critical infrastructure sectors including energy, healthcare, and finance starting June 12.

“The Justice Department is helping private companies evade federal wiretap laws,” said Marc Rotenberg, executive director of the Electronic Privacy Information Center, which obtained over 1,000 pages of internal government documents and provided them to CNET this week. “Alarm bells should be going off.”

Those documents show the National Security Agency and the Defense Department were deeply involved in pressing for the secret legal authorization, with NSA director Keith Alexander participating in some of the discussions personally. Despite initial reservations, including from industry participants, Justice Department attorneys eventually signed off on the project.

The Justice Department agreed to grant legal immunity to the participating network providers in the form of what participants in the confidential discussions refer to as “2511 letters,” a reference to the Wiretap Act codified at 18 USC 2511 in the federal statute books.

The Wiretap Act limits the ability of Internet providers to eavesdrop on network traffic except when monitoring is a “necessary incident” to providing the service or it takes place with a user’s “lawful consent.” An industry representative told CNET the 2511 letters provided legal immunity to the providers by agreeing not to prosecute for criminal violations of the Wiretap Act. It’s not clear how many 2511 letters were issued by the Justice Department.

[…]

Because it overrides all federal and state privacy laws, including the Wiretap Act, legislation called CISPA would formally authorize the program without the government resorting to 2511 letters. In other words, if CISPA, which the U.S. House of Representatives approved last week, becomes law, any data-sharing program would be placed on a solid legal footing. AT&T, Verizon, and wireless and cable providers have all written letters endorsing CISPA. [continue]

› AT&T getting secret immunity from wiretapping laws for government surveillance

Internal government documents obtained by the Electronic Privacy Information Center have revealed that the US Department of Justice is secretly helping AT&T and other service providers evade wiretapping laws so that the US government can conduct surveillance on parts of their networks. The legal immunity comes from authorizations granted by the Justice Department through special “2511” letters that absolve carriers in the event that the surveillance is found to run afoul of federal law.

(Source: sigma-x)

› The Electronic Frontier Foundation set up a quick way to contact your congresscritters before the CISPA 2.0 vote

Takes less than a minute.

› Obama’s CISPA privacy surprise | Salon.com

It’s a sign of just how badly the Obama administration’s record on civil liberties is regarded that the first reaction to the news that the White House is threatening to veto the Cyber Intelligence Sharing and Protection Act (CISPA) was a sense of surprise.

CISPA is designed to make it easier for private companies to share information about “cybersecurity” issues — hacker attacks, Chinese sabotage, etc. — with government agencies. Under CISPA companies such as Facebook or Microsoft could freely hand over personal information — emails, texts, news feed postings — without having to worry about potential negative consequences, including litigation from outraged users. Naturally, CISPA enjoys wide support from by the tech lobby; IBM sent more than 200 executives to Washington this week to push for its passage. The bill also enjoys bipartisan backing. The House of Representatives is set to vote on the bill either Wednesday or Thursday.

But the White House wants stronger protections for privacy and civil liberties, and stated flatly on Tuesday that “if the bill, as currently crafted, were presented to the President, his senior advisors would recommend that he veto the bill.”

The Administration… remains concerned that the bill does not require private entities to take reasonable steps to remove irrelevant personal information when sending cybersecurity data to the government or other private sector entities. Citizens have a right to know that corporations will be held accountable – and not granted immunity – for failing to safeguard personal information adequately.

Privacy activists are delighted by the news. Even if the House ends up passing the bill as it stands, opposition from the White House could doom the legislation’s chances of being taken up in the Senate — a replay of what happened last year, when an earlier version of CISPA failed to become law.

› Profit On-Demand | Jacobin

On Robert W. McChesney’s latest book, Digital Disconnect: How Capitalism is Turning the Internet Against Democracy:

[In] the United States, personal information is bought and sold, without consent, by unidentified third parties. Most users don’t even know if or when they’re being tracked. It should be criminal. But it makes sense to the rulers of the Web, it’ll generate profits. McChesney: “In short, the rational course for these firms—even the ones not presently working closely with the military and security agencies—is to cooperate with the national security state. Any other course of action would threaten their profitability. It’s a no-brainer.”

So when McChesney makes the claim that the, “evidence is clear: the Internet corporations place a lower priority on human rights and the rule of law than they do on profits,” it isn’t the ramblings of a conspiracy theorist. The amble, and always approachable, context he has provided reinforces his perceptiveness, rather than writing him off as some sort of academic outlier. The Internet, once seen as a great democratizing engine, might actually be an indispensable tool for the powerful to remain so.

The Internet is here to stay. That is not in doubt. It is too useful, too entertaining, too enmeshed in everyday life to go the way of the dodo. But it doesn’t seem to be the gift from the gods it once was. Consider: “In 1935, New Republic editor Bruce Bliven characterized himself as among those ‘who find advertising so obnoxious that they wish the radio had never been invented.’ One wonders if the Internet will produce its modern Blivenites—or if, as with broadcasting, people will come to accept its degradation as the natural way of the world and barely recognize, let alone question, what is taking place.”

Read more →