HAX

Month: December 2014

  • Future of Copyright in the EU

    German Pirate Party member of the European Parliament Julia Reda – on the future of copyright in the EU, at the 31c3 Conference in Hamburg.

    Youtube »

  • New Snowden files on NSA and VPN

    The latest from the 31c3 conference in Hamburg, via Spiegel Online:

    Prying Eyes: Inside the NSA’s War on Internet Security »
    NSA Documents: Attacks on VPN, SSL, TLS, SSH, Tor »
    NSA Powerpoint on VPN (PDF) »

    This ought to give you a rather detailed picture.

  • NSA and the God effect

    In a way, it’s strange that governments are so secretive about mass surveillance.

    For thousands of years religion has been used to control peoples behaviour. The notion of an omnipresent, all-seeing, all-knowing entity has been used to make people follow different sets of rules.

    He knows if you have been bad. So you better behave.

    The same can be said about blanket mass surveillance. If you break the rules, government might know–and go after you. So you better co-operate, participate and obey.

    Obviously, this has a downside. It will kill a free and open conversation, it will dampen opposition, it will discourage protests and it will deter free and investigative journalism. It will lead to self-censorship and it will foster a nation of spineless serfs.

    So… governments ought to love that the cat is out of the bag.

    / HAX

  • Privacy in a sharing, interconnected world

    The PewResearch Internet Project has released a very long (over six individual, thematic webpages), very interesting, must read piece on the future of privacy.

    2,511 respondents (“experts and Internet builders” including most people who are anybody in the net business) have given their view on security, liberty and privacy online.

    Link: The Future of Privacy »

    Here you will find the optimistic, the dystopian, the visionary, the defatist and the defiant voices. Among others.

    Just a few quotes. Let’s start with Vint Cerf

    “The public will become more sophisticated about security and safety. Corporations and service providers will feel pressure to implement practices including two-factor authentication and end-to-end cryptography. Users will insist on having the ability to encrypt their email at need. They will demand much more transparency of the private sector and, especially, their governments. Privacy conventions will evolve in online society—violations of personal privacy will become socially unacceptable. Of course, there will be breaches of all these things, but some will be accompanied by serious social and economic downsides and, in some cases, criminal charges. By 2025, people will be much more aware of their own negligent behavior, eroding privacy for others, and not just themselves. The uploading and tagging of photos and videos without permission may become socially unacceptable. As in many other matters, the social punishment may have to be accompanied by legislation—think about seat belts and smoking by way of example. We may be peculiarly more tolerant of lack of privacy, but that is just my guess.”

    Justin Reich at Harvard University’s Berkman Center for Internet & Society…

    “The risks of privacy violations are too abstract and distal, the benefits of surrendering privacy too immediate and valued. A very small number of organizations will continue to battle on behalf of the public for stronger privacy protections, probably having some success against the most extreme transgressions, but businesses will lobby against protections under the banner of consumer choice, and harms against consumers will remain too difficult to communicate. This might be different if we have a Hoover-esque government transgression. Broadly, people do not care about Internet privacy. And, as youth who grow up in a culture of exchanging data for service get older, the public will, on average, care even less about their privacy and data security by 2025. If the Snowden revelations do not shift public opinion, what will?”

    Barbara Simons, a highly decorated retired IBM computer scientist, former president of the ACM, and current board chair for Verified Voting…

    “Unfortunately, I think the most likely scenario is that technically savvy people might be able to communicate privately, but most folks will not have that option. I hope I’m wrong… It would help if people would stop saying that privacy is dead—get over it. There is no law of physics that says that it is impossible to have privacy. We can have privacy, if that is what we as a society choose.”

    Nilofer Merchant, author of The New How: Creating Business Solutions Through Collaborative Strategy

    “Privacy will be reformed by 2025 by new ‘protocol’ leaders who advocate for new freedoms. Freedom in 2025 will be understood as being able to manage your data, your privacy.”

    Jeremy Epstein, senior computer scientist at SRI International…

    “Consumers do not care enough about their privacy to create the incentives necessary to protect privacy rights. As a result, I doubt that there will be a method for offering individual choices for protecting personal information. Consumers will continue to complain about privacy, but they will not be willing to do anything about it. We will still give up our information for a ten-cent discount on a cup of coffee or shorter lines at the tollbooth. It will be similar to the (mythical) boiling frog—we will continue to lose privacy one degree at a time, until there is none left at all.”

    Niels Ole Finnemann, professor and director of Netlab, DigHumLab in Denmark

    “The citizens will divide between those who prefer convenience and those who prefer privacy.”

    And these are just a few of a huge number of interesting, insightful, thought-provoking responses and comments.

    This is a must read piece. Really!

    The Future of Privacy: Part 1 » | Part 2 » | Part 3 » | Part 4 » | Part 5 » | Part 6 »

  • Friend or foe in the surveillance state?

    In Norway and Sweden, false mobile telephone base stations of unknown origin have been discovered in government quarters. In both cases the media, not the authorities, has been behind the discovery.

    The question is who? And why?

    The prime suspect is Russia. Lately, the country has been military active in the Scandinavian neighbourhood. And what good are military provocations, if you cannot get feedback about the reactions?

    Another possibility is the US and the NSA. If they can listen in on German politicians–why not Norwegian and Swedish ones?

    Then there is a chilling possibility that national intelligence organisations are spying on their own governments. (The Swedish police has got the equipment to set up false base stations. Probably the Norwegian has, as well.)

    These days it’s not a given who is friend or foe.

    / HAX

  • EU to sell out data protection in new trade agreement?

    Free Trade is a good thing. But–as I have written earlier–international trade agreements seems to be about everything but free trade.

    The latest example is the Trade in Services Agreement (TISA). This agreement is to be signed by the EU, the US and many others. Among other things, it covers E-commerce. So far, so good.

    The problem is that TISA (as most other international trade agreements) surpass some pretty important local rules. In this case, it might throw out European data protection rules.

    The EU is in the process of setting up a new data protection framework. This rises questions like: Who owns your personal data? Is it you? Or do you have nothing to say about the matter?

    In this context it is alarming that the EU is about to enter an international agreement stating that “No Party may prevent a service supplier of another Party from transferring, accessing, processing or storing information, including personal information, within or outside the Party’s territory, where such activity is carried out in connection with the conduct of the service supplier’s business.”

    The EU and the US have had an agreement (the Safe Harbour agreement) stating that American companies must handle data about european customers in accordance with European data protection rules. As it has turned out, this agreement has been almost totally ignored by the US.

    And now, the TISA agreement seems to sidestep European data protection all together.

    While some members of the European Parliament (like German Pirate Party MEP Julia Reda) is trying to ensure a strong European data protection package–the usual suspects (most MEP:s from traditional parties) are prepared to sell out.

    / HAX

  • 16 December: Sentencing in the Barrett Brown Case

    Today–Tuesday December 16–a Dallas federal court will deliver its sentence in the Barrett Brown case. It all started with copy-pasting a link.

    Writer, journalist and hacktivist Barrett Brown was the leading force in Project PM–a journalistic project scrutinizing private intelligence and security firms running outsourced contracts for the US Government.

    The material came from a data dump retrieved by hackers said to belong to the Anonymous network. Even though Brown did not take part in this operation himself, he had access to the site where the information was stored.

    His problems started when he copy-pasted a link to this site to Project PM. As the data dump contained all sorts of information (e.g. credit card information) it was possible for the authorities to go after him. From the Free Barret Brown website

    “Having previously been raided by the FBI on March 6, 2012 and not arrested or charged, on September 12, 2012 Barrett Brown was again raided and this time arrested by the Federal Bureau of Investigation while he was online participating in a Tinychat session. He was subsequently denied bail and detained without charge and adequate medical treatment for over two weeks while in the custody of US Marshals. In the first week of October 2012, he was finally indicted on three counts, related to alleged activities or postings on popular websites such as Twitter and YouTube.”

    “On December 4, 2012 Barrett was indicted by a federal grand jury on twelve additional counts related to data from the Stratfor breach. Despite his lack of direct involvement in the operation and stated opposition to it, he faces these charges simply for allegedly pasting a hyperlink online. On January 23rd, 2013 he was indicted a third time on two more counts, relating to the March 2012 FBI raid(s) on his apartment and his mother’s house.”

    After that, everything was blown out of proportion. The Daily Beast reports…

    “The government’s actions in this case have been extreme. Prosecutors in the Northern District of Texas have written that Brown, along with the activist group Anonymous, sought to overthrow the U.S. government. They tried to seize funds that were raised for his legal defense. They obtained a gag order against the defendant and his lawyers restricting what they could say about the case for several months. They sought to identify contributors to a website where Brown and others dissected leaks and researched shady links between intelligence contractors and governments. Perhaps most egregious of all, they pursued a case against Brown’s mother, who was forced to plead guilty to a misdemeanor related to a separate FBI raid on her home, resulting in six months probation and a $1,000 fine.”

    This far into the case, Brown faced a life time prison sentence and accepted a plea agreement.

    Dallas Morning News describes what happened next…

    “But the U.S. attorney’s office asked Lindsay to drop those charges in March. The charges, which were dismissed, accused Brown of trafficking in stolen data and aggravated identity theft.”

    “The most serious charge remaining against Brown was the one involving threats to the FBI agents. Brown made some of the expletive-laced threats in a YouTube video he posted in which he said he would shoot any federal agents who came for him. Brown also said in a video that he would ruin one FBI agent’s life and look into his kids.”

    Today we will know the outcome of this affair. Prosecutors seek a 8.5 year prison sentence. And the defence is going for time served.

    Governments (not only the US Government) outsourcing intelligence and security operations to private companies is a problem–as it withdraws information about what is going on from democratic oversight.

    The Barrett Brown case also is a matter of freedom of the press.

    In the wake of the Snowden files exposing NSA mass surveillance, one should be extra vigilant. From the Project PM we already have had a glimpse of what is going on. For instance private US intelligence contractors have been involved in secret operations to discredit and damage Wikileaks and its editor in chief Julian Assange.

    On a tragic side note–renowned US national security journalist Michael Hastings was about to dig deeper into the Project PM material (and the Barrett Brown case)–when he reportedly found himself being investigated by the FBI. Unfortunately Hastings died when his car exploded in a single car crash in Los Angeles, in the early morning hours of June 18, 2013.

    This really is an intriguing and disturbing affair.

    Free Barrett Brown | Project PM | Barrett Brown on Wikipedia

    / HAX
    (proud contributor to the Barret Brown defense fund)

    Some additional links:
    Peter Ludlow: Barrett Brown case smacks of oppression »
    Sentencing Looms for Barrett Brown, Advocate for “Anonymous” »
    Why everyone should care about journalist Barrett Brown’s sentencing today »
    Journalist Barrett Brown Faces Sentencing on Tuesday After Two Years Behind Bars »

    Update: Barrett Brown sentencing delayed until January 22, 2015 »

    Update 2: The Intercept–The Latest Twist in the Bizarre Prosecution of Barrett Brown »

  • Mass surveillance, power and control

    There seems to be an irreversible flow of power–from the people to the government.

    It happens all over the world, on all levels. In the EU there is also a flow of power from member states to Bussels. And power moves from democratic institutions to non-elected officials and bureaucrats.

    Whilst this is a general problem–blanket mass surveillance makes it even more severe. It accentuates and accelerates the ongoing power shift.

    Politics is the business of power. In principle, no one in a leading political position would be there unless he or she is willing to fight and outmaneuver others. Politicians are appointed by a method of selection by domination that rewards characteristics that are disagreeable, objectionable and dangerous. The same goes for career bureaucrats and most high functionaries.

    Giving such people a tool like mass surveillance is unwise. They will use it for their own purposes. Because they can.

    This is not about fighting terrorism or criminals. It’s all about power. And it works in two different ways.

    The first is because information is power: Controlling and tapping into the flow of information is a source of power in it self.

    The second is control: Mass surveillance is there to make sure that people obey. To identify and to stifle dissent. To protect the people in power from the general public. In the name of some supposed “national interest”.

    This is not how things are supposed to be in a democracy.

    / HAX

  • What will the world look like without the Pirate Bay?

    After a police raid in Stockholm, the worlds leading file sharing site The Pirate Bay is still offline. It might be back at any moment. Or it might be gone for ever.

    The real tragedy is that a gigant cluster of information might be gone with it. Even tough TPB was a haven for illegal file sharing, it was also an open and popular platform for legal file sharing.

    Personally, I used TPB to distribute a book of mine under a Creative Commons license. In the same way TPB has been used by thousands and thousands of artists–knowing that obscurity is a worse problem than pirate copying.

    TPB was (or is) an open, easy to use channel for distribution of information. No need for registration, no credit card needed and no questions asked. As it should be.

    TPB also had (has) critical mass. Being the world leading site for file sharing–almost everything you want or can imagine was (is) available. No one really can compete with that.

    A world without TPB would be a poorer, duller and worse off place.

    Regardless if TPB will be back or not–there should be a TPB II. A truly open and decentralised system for trouble free file sharing. A system without a singe point of failure.

    / HAX

    TorrentFreak: The Pirate Bay HAS NOT Been Resurrected – YET »
    Forbes: Can Pirate Bay Weather The Storm? »

  • Falkvinge on Bitcoin (part 3)

    Youtube » | Part 2 » | Part 1 »