429 Matching Annotations
  1. Dec 2015
    1. Congress on Friday adopted a $1.15 trillion spending package that included a controversial cybersecurity measure that only passed because it was slipped into the US government's budget legislation. House Speaker Paul Ryan, a Republican of Wisconsin, inserted the Cybersecurity Information Sharing Act (CISA) into the Omnibus Appropriations Bill—which includes some $620 billion in tax breaks for business and low-income wage earners. Ryan's move was a bid to prevent lawmakers from putting a procedural hold on the CISA bill and block it from a vote. Because CISA was tucked into the government's overall spending package on Wednesday, it had to pass or the government likely would have had to cease operating next week.

      House 316-113<br> Senate 65-33

      The Verge "This morning, Congress passed the Cybersecurity Information Sharing Act of 2015, attached as the 14th rider to an omnibus budget bill. The bill is expected to be signed into law by the president later today."

      Techdirt 15 Dec

      1. Allows data to be shared directly with the NSA and DOD, rather than first having to go through DHS.
      2. Removes restrictions on using the data for surveillance activities.
      3. Removes limitation on using the data for cybersecurity purposes, and allows it to be used for investigating other crimes -- making it likely that the DEA and others will abuse CISA.
      4. Removes the requirement to "scrub" the data of personal information unrelated to a cybersecurity threat before sharing the data.

      ACLU

    1. THE INTERCEPT HAS OBTAINED a secret, internal U.S. government catalogue of dozens of cellphone surveillance devices used by the military and by intelligence agencies.

      MANY OF THE DEVICES in the catalogue, including the Stingrays and dirt boxes, are cell-site simulators, which operate by mimicking the towers of major telecom companies like Verizon, AT&T, and T-Mobile.

      Today nearly 60 law enforcement agencies in 23 states are known to possess a Stingray or some form of cell-site simulator, though experts believe that number likely underrepresents the real total. In some jurisdictions, police use cell-site simulators regularly. The Baltimore Police Department, for example, has used Stingrays more than 4,300 times since 2007.

      “The same grant programs that paid for local law enforcement agencies across the country to buy armored personnel carriers and drones have paid for Stingrays,” said Soghoian.

      Police cite the war on terror as their reason for purchasing surveillance equipment. But they use it for domestic cases, including minor ones.

      “The full extent of the secrecy surrounding cell-site simulators is completely unjustified and unlawful,” said EFF’s Lynch. “No police officer or detective should be allowed to withhold information from a court or criminal defendant about how the officer conducted an investigation.”

    1. Negotiated in secret and tucked in legislation thousands of pages long, Congress is about to pass an awful surveillance bill under the guise of “cybersecurity” that could open the door to the NSA acquiring much more private information of Americans.
    1. And the latest is that it's getting worse. Not only is Congress looking to include it in the end of year omnibus bill -- basically a "must pass" bill -- to make sure it gets passed, but it's clearly dropping all pretense that CISA isn't about surveillance. Here's what we're hearing from people involved in the latest negotiations. The latest version of CISA that they're looking to put into the omnibus:
    1. A group of 19 civil liberties organizations from across the political spectrum this morning issued a letter to the White House and Congress urging lawmakers to oppose the final “conferenced” version of a dangerous cyber bill that experts say will dramatically expand government surveillance while failing to make us safer from cyber attacks.
    1. The San Bernardino shootings are also being cited by some Republicans, including presidential candidate Sen. Marco Rubio, as a reason to reinstate the warrantless bulk collection of domestic telephone data — the one program that was shut down by Congress after NSA whistleblower Edward Snowden revealed a massive, secret surveillance dragnet. An Associated Press story on Saturday added fuel to the fire when it claimed that as a result of the shutdown, the government could no longer access historical call records by the San Bernardino couple. But as Emptywheel blogger Marcy Wheeler amply explained, the FBI has plenty of other ways of getting the information.
    1. The National Security Letter (NSL) is a potent surveillance tool that allows the government to acquire a wide swath of private information—all without a warrant. Federal investigators issue tens of thousands of them each year to banks, ISPs, car dealers, insurance companies, doctors, and you name it. The letters don't need a judge's signature and come with a gag to the recipient, forbidding the disclosure of the NSL to the public or the target.
  2. Nov 2015
    1. The key lesson of the post-9/11 abuses — from Guantanamo to torture to the invasion of Iraq — is that we must not allow military and intelligence officials to exploit the fear of terrorism to manipulate public opinion. Rather than blindly believe their assertions, we must test those claims for accuracy.
    2. In sum, Snowden did not tell the terrorists anything they did not already know. The terrorists have known for years that the U.S. government is trying to monitor their communications.What the Snowden disclosures actually revealed to the world was that the U.S. government is monitoring the Internet communications and activities of everyone else: hundreds of millions of innocent people under the largest program of suspicionless mass surveillance ever created, a program that multiple federal judges have ruled is illegal and unconstitutional.
    3. Bodies were still lying in the streets of Paris when CIA operatives began exploiting the resulting fear and anger to advance long-standing political agendas. They and their congressional allies instantly attempted to heap blame for the atrocity not on Islamic State but on several preexisting adversaries: Internet encryption, Silicon Valley's privacy policies and Edward Snowden.
    1. In this rush to blame a field that is largely unknowable to the public and therefore at once alluring and terrifying, little attention has been paid to facts: The Paris terrorists did not use encryption, but coordinated over SMS, one of the easiest to monitor methods of digital communication. They were still not caught, indicating a failure in human intelligence and not in a capacity for digital surveillance.
    1. In the wake of the cowardly terrorist attacks in Paris, many politicians, intelligence officials and pundits are predictably calling for a return to discredited policies of the past that would weaken Americans’ security, violate their privacy and do little or nothing to protect us from terrorists.

      Senator Ron Wyden of Oregon takes the position in favor of strong encryption, and against mass surveillance, with links to supporting articles.

    1. As dishonest as the “debate” over encryption has been, the dark descension of the Republican party into outright racism and cynically playing off the irrational fears of the public over the Syrian refugee crisis has been worse. We now know the attackers weren’t Syrian and weren’t even refugees. It was a cruel rumor or hoax that one was thought to have come through Europe with a Syrian passport system, but that was cleared up days ago. But in the world of Republican primaries, who cares about facts?
    2. as of Tuesday, it was clear that American and/or French intelligence agencies had seven of the eight identified attackers on their radar prior to the attacks. The attackers used Facebook to communicate. The one phone found on the scene showed the terrorists had coordinated over unencrypted SMS text messages – just about the easiest form of communication to wiretap that exists today. (The supposed ringleader even did an interview in Isis’s English magazine in February bragging that he was already in Europe ready to attack.)
    1. Another provision of the proposed Investigatory Powers Bill is that internet service providers (ISPs) must retain a record of all the websites you visit (more specifically, all the IP addresses you connect to) for one year. This appears to be another measure to weaken privacy while strengthening security – but in fact, it is harmful to both privacy and security. In order to maintain a record of every website you have visited in the last year, the ISP must store that information somewhere accessible. Information that is stored somewhere accessible will sooner or later be stolen by attackers.
    2. I’ll say it again, to be absolutely clear: any mechanism that can allow law enforcement legitimate access to data can inevitably be abused by hostile foreign intelligence services, and even technically sophisticated individuals, to break into systems and gain unauthorised access to the same data.
    3. If the law enforcement services can remotely break into the device of a suspect, then sooner or later criminals will find ways to use the same mechanism to break into devices and steal or destroy your personal data.
    4. Any method that provides exceptional access immediately exposes the system to attacks by malicious parties, rendering the protection of encryption essentially worthless. Exceptional access would probably require that government departments have some kind of master keys that allowed them to decrypt any communication if required. Those master keys would obviously have to be kept extremely secret: if they were to become public, the entire security infrastructure of the internet would crumble into dust. How good are government agencies at keeping secrets?
  3. Jul 2015
  4. Jun 2015
  5. May 2015
    1. However, it will take time to inform FBI field offices of the new guidance, and there are certain types of information that it won't be able to get.

      Yes, that's the whole freaking point. They shouldn't be able to get this information.

    2. a never-used program to monitor potential "lone wolf" suspects who haven't been tied to terrorist groups

      How are we supposed to believe this hasn't been used when the Director of National Intelligence, James Clapper, is widely regarded by the public to have lied to Congress under oath about surveillance programs?

  6. Apr 2015
    1. For targeted communities, there is little to no expectation of privacy from government or corporate surveillance. Instead, we are watched, either as criminals or as consumers. We do not expect policies to protect us. Instead, we’ve birthed a complex and coded culture—from jazz to spoken dialects—in order to navigate a world in which spying, from AT&T and Walmart to public benefits programs and beat cops on the block, is as much a part of our built environment as the streets covered in our blood.
  7. Jan 2015
    1. After 2004, I believed the story that the protesters in Ukraine and elsewhere were mobilized through text messaging and blogs.

      believes the story ... it's a story he believes.

    2. We were supposed to be saving the world by helping to promote democracy, but it seemed clear to me that many people, even in countries like Belarus or Moldova, or in the Caucasus, who could have been working on interesting projects with new media on their own, would eventually be spoiled by us.

      Applies to these activities wherever undertaken, including any country in the West, he just so happens to be interested in former Soviet Block countries

  8. Dec 2014
  9. Sep 2014
    1. All Palestinians are exposed to non-stop monitoring without any legal protection. Junior soldiers can decide when someone is a target for the collection of information. There is no procedure in place to determine whether the violation of the individual’s rights is necessarily justifiable. The notion of rights for Palestinians does not exist at all. Not even as an idea to be disregarded.
  10. Aug 2014
    1. Phones can only work when they know where they are and are telling the phone company that. It’s not surveillance, it’s how radio waves work. This is the first reason for the network to work the way it does. The second? Billing. In fact, most of the surveillance networks in the world weren’t built to surveil at all, but to make things work at a fundamental level, and to bill people. Surveillance and intrusion are opportunistically inserted into good infrastructure.