Archive | US

US tech gigants to Obama: End bulk collection mass surveillance

TechCrunch reports that US “technology companies, tech trade groups and privacy organizations sent a letter today to the President Barack Obama, various members of Congress, and governmental security officials, urging reform of the U.S. government’s surveillance practices.” From the letter…

“There must be a clear, strong, and effective end to bulk collection practices under the USA PATRIOT Act, including under the Section 215 records authority and the Section 2 214 authority regarding pen registers and trap & trace devices. Any collection that does occur under those authorities should have appropriate safeguards in place to protect privacy and users’ rights.”

TechCrunch: Tech Giants Call For “Clear, Strong And Effective End” To NSA’s Phone Metadata Surveillance »

0

US government still hunting Wikileaks

The Guardian reports…

The US government is conducting an active, long-term criminal investigation into WikiLeaks, a federal judge has confirmed in court documents.

Five years after Julian Assange and his team began publishing the massive dump of US state secrets leaked by an army intelligence analyst, two wings of the Department of Justice and the FBI remain engaged in a criminal investigation of the open-information website that is of a “long-term duration”, “multi-subject” in nature and that “remains in the investigative state”.

Read more »

0

Hot air from Washington on encryption (and a rather chaotic summit on extremism)

US president Barack Obama has been expected to present his policy on encryption for some time now. And, finally, he did. Kind of. Or not.

Ars Technica reports…

“I think the only concern is… our law enforcement is expected to stop every plot. Every attack. Any bomb on a plane. The first time that attack takes place, where it turns out we had a lead and couldn’t follow up on it, the public’s going to demand answers. This is a public conversation that we should be having,” Obama said in a Friday interview with Re/Code. “I lean probably further in the direction of strong encryption than some do inside law enforcement. But I am sympathetic to law enforcement, because I know the kind of pressure they’re under to keep us safe. And it’s not as black and white as it’s sometimes portrayed. Now, in fairness, I think those in favor of air tight encryption also want to be protected from terrorists.”

See the interview at Re/Code here. »

Another presidential quote…

“One of the interesting things about being in this job, is that it does give you a bird’s-eye view. You are smack dab in the middle of these tensions that exist. But, there are times where folks who see this through a civil liberties or privacy lens reject that there’s any tradeoffs involved. And, in fact, there are. And you’ve got to own the fact that it may be that we want to value privacy and civil liberties far more than we do the safety issues. But we can’t pretend that there are no tradeoffs whatsoever.”

The man is clearly stalling.

So what about the international security summit in Washington this week? Well, it seems to have changed in nature towards something more of a high level conference on extremism — to smooth over the fact that President Obama didn’t go to Paris after the terroris attacks. The BBC reports…

Still the planning seems a bit chaotic. Invitations to the summit went out to foreign embassies on 29 January, a State Department official told me.

At an event at the Atlantic Council in Washington on the following day, European officials said they still weren’t sure which minister would be appropriate to send to Washington.

Even those who are passionate about the goals of the summit – combating violent extremism – wonder about the optics – a term the Washington political class use to describe how an event is perceived.

In the end, it all boiled down to being a back drop for president Obama to deliver yet another very Kum Ba Yah speech.

The trip to Washington did however provide an opportunity for a plethora of meetings between EU and US politicians and security officials. Which is probably where all the interesting stuff went on. The stuff the general public is not supposed to know about — yet.

/ HAX

Links:
The Obama interview at Re/Code »
Ars Technica: Obama hedges position on encryption. It’s good. It’s bad. »
Slate: Tech Whiplash: Obama Endorses, Then Undermines, Encryption »
BBC: Extremism summit: Too little, too late, too chaotic? »
White House: Remarks by the President in Closing of the Summit on Countering Violent Extremism »
Breitbart: Extremists Attending Obama’s ‘Countering Extremism’ Summit »

0

The EU and a global ban on encryption

Will encryption become illegal? Will governments demand “golden keys” to commonly used encryption? If governments will go after encryption, will they make a difference between encryption used in Internet “base traffic” and encryption used by people to protect their mail and hard drives? What about apps? Nobody seems to know. All we do know is that governments would like to have access to all our communications.

Even if they have tried to keep it under wraps EU member states would like to circumvent encryption. In a leaked dokument from the informal meeting with EU justice and home affairs ministers the other week (PDF), we have it in writing…

“Since the Snowden revelations, internet and telecommunications companies have started to use often de-centralized encryption which increasingly makes lawful interception by the relevant national authorities technically difficult or even impossible. The Commission should be invited to explore rules obliging internet and telecommunications companies operating in the EU to provide under certain conditions as set out in the relevant national laws and in full compliance with fundamental rights access of the relevant national authorities to communications (i.e. share encryption keys). “

So, we pretty much know what the EU stance will be at the Global Security Summit, in the US nest week.

Interestingly, the European Parliament seems to have an opposite position. In its resolution on mass surveillance of March 2014, the Parliament states that…

[The EP] calls on the Commission to […] ensure a high level of security of telecommunication networks and services, including by way of requiring state-of-the-art end-to-end encryption of communications.

[The EP] calls for the EU to take the lead in […] rerouting of Internet traffic or full end-to-end encryption of all Internet traffic so as to avoid the current risks associated with unnecessary routing of traffic through the territory of countries that do not meet basic standards on fundamental rights, data protection and privacy.

[The EP] calls for the promotion of … encrypting communication in general, including email and SMS communication.

Apparently the European Parliament takes a very different stand, compared to EU member states.

And the Council of Europe (a parlament-like assembly with representatives from most European countries, including non-EU states) makes its position clear in a report…

“The assembly is deeply worried about threats to internet security by the practice of certain intelligence agencies […] of seeking out systematically, using and even creating “back doors” […] which could easily be exploited also by terrorists and cyber-terrorists or other criminals. […] The creation of “back doors” or any other techniques to weaken or circumvent security measures or exploit their existing weaknesses should be strictly prohibited.”

Again, this is a clear standpoint, the very opposite to that of EU member states.

To continue, we have a study from the European Parliament’s Science and Technology Options Assessment unit stating…

“The only way for citizens to counteract surveillance and prevent breach of privacy consists in guaranteeing uncorrupted end-to-end encryption of content and transport channel in all their communications.”

“The EU should invest in resilient open source implementations of different encryption specifications that can be verified and validated for correctness … providing users with unbreakable cryptographic protection. … The EU should invest in making users aware […] how [they] can reduce their digital footprint by following behavioural rules and applying encryption and anonymising principles.”

To put it simply: EU member states would love to have a ban on encryption or a “golden key”. Other relevant European institutions take an opposite standpoint — valuing and defending encryption.

But it will be the EU member states (and the EU Counter-Terrorism Coordinator) who are present at the Global Security Summit in Washington the coming week. And they will try to make their position global policy.

There is a way to get an encryption ban / golden key out of the summits agenda. That is to make this a public issue, to get the media involved and for people to speak out against this madness.

What we do right now will define our future.

/ HAX

Links:
• Not this again! Europe mustn’t backtrack on its support of encryption and rejection of surveillance »
• Next Week, World Leaders Will Meet to Talk About How Much They Hate Encryption »
• Council of the European Union (EU member states) PDF »
• Council of Europe (PDF) »
• UK Surveillance Consultation Suggests It Is End-Point Security, Not Encryption, That Cameron Wants To Subvert »
• In two weeks time, world leaders may decide to undermine encryption »

0

In two weeks time, world leaders may decide to undermine encryption

There are telltale signs that the US administration will move against encryption. The latest comes from Bob Litt, the General Counsel for the Office of the US Director of National Intelligence (ODNI).

In a speech this week he echoed the demand that government should be allowed access to all our information. Among other things, he touched on the idea of a magical golden key.

I’m not a cryptographer, but I am an optimist: I believe that if our businesses and academics put their mind to it, they will find a solution that does not compromise the integrity of encryption technology but that enables both encryption to protect privacy and decryption under lawful authority to protect national security.

Even if this is not a ban on encryption, it is very serious. Mike Masnick at  Techdirt explains…

I’m not sure how many times in how many different ways this needs to be explained, but what they’re asking for is a fantasy. You cannot put a backdoor in encryption and create a magic rule that says “only the government can use this in lawful situations.” That’s just not how it works. At all. The very idea of decryption by a third party “compromises the integrity of the encryption technology,” almost by definition.

But I’m not sure this will be considered as a valid argument by our ignorant politicians.

It would make little sense for the US to go for a “magical golden key” on its own. Likely other members of the NSA Five Eyes group (UK, Canada, Australia and New Zeeland) will do the same.

And the EU? Europe normally follows the US in these matters. There will be an Global Security Summit in Washington later this month. And there are reasons to believe that also politicians in most EU member states would like to give their authorities the ability to circumvent encryption.

As EU member state ministers for justice and home affairs made their last meeting (in Riga) an informal one, this topic might very well have been up for discussion. (But the public is not allowed to know exactly what went on.) This is exactly what you might expect — and exactly the kind of thing the Council would keep under wraps, to avoid debate and protests until it’s too late. And the timing is just right.

The way the world is right now (Ukraine, IS and potential monetary crises) it should be no problem for world leaders to package the whole thing as “emergency legislation”.

The European Parliament will object, no doubt. But it will be sidestepped. All EU member states have to do is to agree to make this national legislation in all (or most) member states.

As a matter of fact, the EU has no formal competence when it comes to national security matters. So it will have to be a multilateral arrangement.

All the European Parliament can do is to try to protect human and civil rights in a wider sense. But that will probably not go beyond a sharply formulated resolution.

The matter can be sent to the European Court of Justice (for breach of the EU Charter of Fundamental Rights) or the European Court of Human Rights (upholding the European Convention on Human Rights). But in both cases a court process may drag out for years.

In this matter, politicians can do almost as they want. And they will not fail to make use of current world events as an excuse. (Never waste a good crisis.) The only thing that might stop them is general outcry — on a massive scale.

Soon we will know. All eyes on the Global Security Summit in the US on February 18.

/ HAX

Techdirt: Intelligence Community’s Top Lawyer Endorses Desire For Unicorns, Leprechauns & Golden Keys That Don’t Undermine Encryption »

2

Obama to make policy decision on encryption

The New York Times reports…

“Decisions remain to be made, for example, on whether the government will accede to the review group’s insistence that the intelligence agencies support stronger encryption of data to protect against hacking — at a moment when the F.B.I. and many intelligence officials are protesting that new encryption technologies used by Apple for its iPhones and other firms are making it all but impossible to decode the communications of suspected criminals or terrorists. Mr. Obama is expected to make decisions on those issues in the coming weeks.”

Read more: President Tweaks the Rules on Data Collection »

2

International Bullshit Day

Today (January 28) is Data Protection Day (Europe) or Data Privacy Day (US and Canada).

From Wikipedia…

Data Privacy Day’s educational initiative originally focused on raising awareness among businesses as well as users about the importance of protecting the privacy of their personal information online, particularly in the context of social networking. The educational focus has expanded over the past four years to include families, consumers and businesses. In addition to its educational initiative, Data Privacy Day promotes events and activities that stimulate the development of technology tools that promote individual control over personally identifiable information; encourage compliance with privacy laws and regulations; and create dialogues among stakeholders interested in advancing data protection and privacy. The international celebration offers many opportunities for collaboration among governments, industry, academia, nonprofits, privacy professionals and educators.

Splendid! Or..?

Let’s follow the money. Among participating organisations and corporate supporters are: FTC, FCC, FBI, New York State Attorney General Office, UK Information Commissioner, Microsoft and Verizon.

Yeah, right!

The core question when it comes data protection / privacy is: Who is the owner of your personal data? Is it you? Or someone else?

The EU is in the process of hammering-out new data protection laws. In this work US government and corporate lobbyists, as well as most EU member states are working hard to take away your control over your personal data.

They paint one image. But the do the opposite.

So–IMHO–Data Protection Day / Data Privacy Day is mostly astroturf.

If you really want to celebrate January 28 – you should support European Digital Rights (EDRi) and the Electronic Frontier Foundation (EFF).

/ HAX

0

Google, Wikileaks and the U.S. Government

The Independent (UK) reports…

Google handed over emails and data belonging to WikiLeaks and was unable to tell the group that it had done so for three years. (…)

The data requests are thought to be related to an ongoing investigation into WikiLeaks, launched in 2010. It is related to the publication of hundreds of thousands of US government secrets tand cables that were provided by Chelsea Manning.

Link: Google secretly handed over WikiLeaks emails and personal data to US government »

0

Riga Council meeting: EU to step up War on Terror

UK Prime Minister David Cameron as well as EU Counter-Terrorism Coordinator Gilles de Kerchove have floated the idea that governments should be able to access all our communications–including encrypted information.

This would not only have privacy implications. The practical effects and problems would be monumental.

A ban on encryption is only one of many ideas and suggestions that will be on the agenda at the EU justice and home affairs ministers meeting in Riga next week.

PC World reports…

Next week’s EU ministerial meeting will be an informal one behind closed doors, where no formal decisions will be made. The ministers will discuss broadly how to implement all the counter terrorism measures that have been discussed in the last month, the Commission official said, adding that in addition to De Kerchove’s advice, ministers will also take into account suggestions made by the Commission and EU member states.

The fact that this is an “informal” meeting is cause for vigilance. This way the ministers can initiate projects and proposals under the radar.

Closed doors will also be a perfect opportunity for them to discuss how to “harmonize” EU and U.S. antiterror legislation. (In preparation for the EU and U.S. security summit in February.)

All eyes on Riga, next Thursday.

/ HAX

1

Barrett Brown sentenced today: 63 months in prison

After a month long delay, today U.S. journalist Barrett Brown was sentenced to 63 months in prison. He should be released in the spring of 2017.

This is a disappointment as there where hopes that he would be released today, after time served.

Barret Brown is the journalist who used material obtained by the Anonymous network to start an investigative project about outsourcing of U.S. intelligence operations to private contractors: Project PM.

He was supposed to be sentenced back in December last year, but there was a delay until today. Here you can read the blog post I wrote about the case back then.

And here you can read the speech Brown gave in court today.

This is not the rule of law, Your Honor, it is the rule of Law Enforcement, and it is very dangerous.

This is a very disturbing affair–with far reaching implications for journalism and transparency. It is a part of a pattern where the U.S. Government is hunting down journalists, to prevent them from exposing the truth.

/ HAX

Update:

After receiving his sentence Barrett Brown released the following statement:

“Good news! — The U.S. government decided today that because I did such a good job investigating the cyber-industrial complex, they’re now going to send me to investigate the prison-industrial complex. For the next 35 months, I’ll be provided with free food, clothes, and housing as I seek to expose wrongdgoing by Bureau of Prisons officials and staff and otherwise report on news and culture in the world’s greatest prison system. I want to thank the Department of Justice for having put so much time and energy into advocating on my behalf; rather than holding a grudge against me for the two years of work I put into in bringing attention to a DOJ-linked campaign to harass and discredit journalists like Glenn Greenwald, the agency instead labored tirelessly to ensure that I received this very prestigious assignment. — Wish me luck!”

0