[liberationtech] Social Research in the Digital Age
‘SOCIAL RESEARCH IN THE DIGITAL AGE’ We are pleased to invite you to the Social Research Association's annual conference on Monday 10 December 2012 at the British Library in London. The digital revolution increasingly affects how we do social research. It brings fresh opportunities and challenges in every area, from new data collection tools and methods to innovations in the way that findings are analysed, presented and shared. This year’s SRA annual conference brings it all together, with perspectives from across the academic, non-profit and commercial research sectors. A wide range of topics will be covered in plenary and workshop sessions, including data visualisation, video ethnography, online longitudinal panels, analysing visual data, using social media, digital inclusion, and maximising the impact of research. * Plenary speakers: Dr Grant Blank (University of Oxford), Vanessa Cuthill (ESRC), Nick Leon (Naked Eye Research), lan Smith (ONS Data Visualisation Centre). * Confirmed panellists: Richard Bartholomew (GSR), Michelle Harrison, (TNS-BMRB), Karl Wilding (NCVO). * Confirmed workshop speakers include: Vicki Belt (CES), Lisa Calderwood (IoE), Andrew Charlesworth (ONS), Helen Lomax (Open University), Jerry Latter (Ipsos Mori), Peter Lynn (ISER), Rob Procter (University of Manchester), Liam Reynolds (Shelter), Nicki Senior (University of Manchester), Heather Wardle (NatCen Social Research). To find out more, please visit the SRA website: www.the-sra.org.uk/events Thanks to sponsors GIDE, and Taylor Francis, we have been able to keep delegate rates low: members from £65 to £125, non-members £160. The day will include lunch and tea/coffee, plus a free early evening drinks reception – all in the British Library’s state-of-the-art conference centre. Come and join us on 10 December to stay informed about the latest developments in your area of social research, and meet up with colleagues at this lively and friendly event. With best regards, The SRA Events Group www.the-sra.org.uk -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle Dangerous to Cryptography Software Development
Hi Nadim, I largely agree with your assessment of Silent Circle and I offer these thoughts in an effort to increase my understanding of the issue. The product is a packaged solution clearly targeted towards business customers focused on corporate privacy. And while the company offeres regular transparency statements on government requests and strives to minimize storage of some types of data (and you're right that payment info is problematic) the company is clearly interested in paying for privacy assurances and seems less focused on supporting activists. However, is Silent Circle dangerous to the development of cryptography software or simply an example of poor implementation of how to do it well? I would argue that it is the latter. I think it can be helpful for the development of cryptography. First and foremost, while many on this list understand the import of encryption and privacy, increasing mainstream digital security. One way to do this is offering a service and ease of use. I agree that charging for services increases barriers but I also think that increased availability also helps raise the profile of why digital security is important. I make no claims or defense of the actually security of Silent Circle. It might be fine for some people and it might have built-in backdoors that would revealed through a security audit. Either way, I would not recommend it for sensitive uses. Where there is a perceived demand there will always be someone ready to offer a product. Not necessarily a good one, but something nonetheless. Concluding, I think there are two main important themes here. First, I see Silent Circle as an example of increased understanding of security threats and thus increased demand for secure communications. Secondly, conversations of best and worst practices of cryptography are vibrant in this community but not necessarily mainstream. I think Silent Circle is an opportunity discuss what people need to look for in a secure communications tool, and when not to trust it. *TL:DR *I don't think Silent Circle is dangerous for the development of cryptography software but demonstrates potential demand and can spark a discussion of best and worst practices of crypto software development. Nadim and others I'm curious of your thoughts. J On Thu, Oct 11, 2012 at 5:41 PM, Nadim Kobeissi na...@nadim.cc wrote: My blog post on the matter: http://log.nadim.cc/?p=89 Your feedback is appreciated, thank you! NK -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle Dangerous to Cryptography Software Development
On 10/11/2012 12:04 PM, James Losey wrote: Hi Nadim, I largely agree with your assessment of Silent Circle and I offer these thoughts in an effort to increase my understanding of the issue. The product is a packaged solution clearly targeted towards business customers focused on corporate privacy. And while the company offeres regular transparency statements on government requests and strives to Unless hit by a search warrant and a gag order at the same time, or a federal subpoena. minimize storage of some types of data (and you're right that payment info is problematic) the company is clearly interested in paying for privacy assurances and seems less focused on supporting activists. However, is Silent Circle dangerous to the development of cryptography software or simply an example of poor implementation of how to do it well? I would argue that it is the latter. I think it can be helpful for the development of cryptography. First and foremost, while many on this list understand the import of encryption and privacy, increasing mainstream digital security. One way to do this is offering a service and ease of use. I agree that charging for services increases barriers but I also think that increased availability also helps raise the profile of why digital security is important. James, you can charge for a service and leave it as open source software. This has been done countless times over the years and has functioned successfully. I am not against Silent Circle costing money - I'm against it being closed source software. I make no claims or defense of the actually security of Silent Circle. It might be fine for some people and it might have built-in backdoors that would revealed through a security audit. Either way, I would not recommend it for sensitive uses. Where there is a perceived demand there will always be someone ready to offer a product. Not necessarily a good one, but something nonetheless. Concluding, I think there are two main important themes here. First, I see Silent Circle as an example of increased understanding of security threats and thus increased demand for secure communications. Secondly, conversations of best and worst practices of cryptography are vibrant in this community but not necessarily mainstream. I think Silent Circle is an opportunity discuss what people need to look for in a secure communications tool, and when not to trust it. *TL:DR *I don't think Silent Circle is dangerous for the development of cryptography software but demonstrates potential demand and can spark a discussion of best and worst practices of crypto software development. How did you jump to this? Even the softest cryptography software still has to allow for an audit, and Silent Circle operates from a culture that doesn't. It is still dangerous. Nadim and others I'm curious of your thoughts. J On Thu, Oct 11, 2012 at 5:41 PM, Nadim Kobeissi na...@nadim.cc mailto:na...@nadim.cc wrote: My blog post on the matter: http://log.nadim.cc/?p=89 Your feedback is appreciated, thank you! NK -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle Dangerous to Cryptography Software Development
*TL:DR *I don't think Silent Circle is dangerous for the development of cryptography software but demonstrates potential demand and can spark a discussion of best and worst practices of crypto software development. How did you jump to this? Even the softest cryptography software still has to allow for an audit, and Silent Circle operates from a culture that doesn't. It is still dangerous. It is possible that I am misunderstanding something in your post but perspective I am coming from is that insecure (or closed) attempts at offering secure communications software is not necessarily bad for the development of software writ large but an example of how to do it wrong that needs to be highlighted as well as an opportunity to say why access to code and independent verification is so important. J On Thu, Oct 11, 2012 at 6:15 PM, Nadim Kobeissi na...@nadim.cc wrote: On 10/11/2012 12:04 PM, James Losey wrote: Hi Nadim, I largely agree with your assessment of Silent Circle and I offer these thoughts in an effort to increase my understanding of the issue. The product is a packaged solution clearly targeted towards business customers focused on corporate privacy. And while the company offeres regular transparency statements on government requests and strives to Unless hit by a search warrant and a gag order at the same time, or a federal subpoena. minimize storage of some types of data (and you're right that payment info is problematic) the company is clearly interested in paying for privacy assurances and seems less focused on supporting activists. However, is Silent Circle dangerous to the development of cryptography software or simply an example of poor implementation of how to do it well? I would argue that it is the latter. I think it can be helpful for the development of cryptography. First and foremost, while many on this list understand the import of encryption and privacy, increasing mainstream digital security. One way to do this is offering a service and ease of use. I agree that charging for services increases barriers but I also think that increased availability also helps raise the profile of why digital security is important. James, you can charge for a service and leave it as open source software. This has been done countless times over the years and has functioned successfully. I am not against Silent Circle costing money - I'm against it being closed source software. I make no claims or defense of the actually security of Silent Circle. It might be fine for some people and it might have built-in backdoors that would revealed through a security audit. Either way, I would not recommend it for sensitive uses. Where there is a perceived demand there will always be someone ready to offer a product. Not necessarily a good one, but something nonetheless. Concluding, I think there are two main important themes here. First, I see Silent Circle as an example of increased understanding of security threats and thus increased demand for secure communications. Secondly, conversations of best and worst practices of cryptography are vibrant in this community but not necessarily mainstream. I think Silent Circle is an opportunity discuss what people need to look for in a secure communications tool, and when not to trust it. *TL:DR *I don't think Silent Circle is dangerous for the development of cryptography software but demonstrates potential demand and can spark a discussion of best and worst practices of crypto software development. How did you jump to this? Even the softest cryptography software still has to allow for an audit, and Silent Circle operates from a culture that doesn't. It is still dangerous. Nadim and others I'm curious of your thoughts. J On Thu, Oct 11, 2012 at 5:41 PM, Nadim Kobeissi na...@nadim.cc mailto:na...@nadim.cc wrote: My blog post on the matter: http://log.nadim.cc/?p=89 Your feedback is appreciated, thank you! NK -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Join eCampaigning Forum Europe Nov 7-9 in Austria?
Hi everyone, This might interest a few of you..and if not you might know who it would interest. In just under a month, the 2012 European eCampaigning Forum (e-campaigning = digital activism for anyone in the US) is taking place near Vienna, Austria on November 7-9. See more here http://europe.ecampaigningforum.comand the latest participant list: http://europe.ecampaigningforum.com/participants Most of the event is 'open space' style (aka unconference style) which means lots of opportunity to engage with other participants rather than being talked at. However we also have two keynotes: 1) Ryan Davies to give us his insider perspective of how the Obama Campaign's use of digital tools compared from 2008 to 2012 2) Paula Hannemann from Germany (former WWF Germany, now Change.org) to share her thoughts on the trends in Europe. If you work with NGOs in Europe, it would be VERY useful to let them know about this event. European (excluding the UK) NGOs are quite a bit behind in this area and the event aims to help them accelerate their adoption of sound strategies and best practices. I know this isn't as lib-tech focused as most of the conversations here (I lurk and learn on this list), but the expertise and perspective you have would be a nice compliment to what others participating would bring. Andre Rebentisch (on this list) spoke last year and used the paper-rock-scissors game as a model for how campaigning strategy should adapt/evolve...so I'd love to get more cross-fertilisation/provocation from this group. Hope to see some of you in Austria. If you have any questions, just ask. Cheers, Duane Duane Raymond FairSay - Making Campaigning Count UK: +44 (0)207 993 4200 Switzerland: +41 (0)43 538 3641 IM: fairsay (Skype, Yahoo!, Google, MSN) Blog: http://fairsay.com/blog/ Bookmarks: http://del.icio.us/fairsay Web: http://fairsay.com/ Twitter: http://twitter.com/fairsay FairSay is a ltd. company registered in England and Wales. Reg. No. 5244802 -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle Dangerous to Cryptography Software Development
On 10/11/2012 09:15 AM, Nadim Kobeissi wrote: James, you can charge for a service and leave it as open source software. This has been done countless times over the years and has functioned successfully. I am not against Silent Circle costing money - I'm against it being closed source software. The problem is that if you have an enterprise focus, you can't sell a service, you have to sell software. Serviced-based models have certainly made inroads into the enterprise, but they still want to host security-focused stuff themselves (even if it's encrypted end-to-end). It's hard to sell an expensive site license for your software if the software is freely available. In general, I'm not actually convinced that OSS is a necessity for secure communication tools. Protocols can generally be verified on the wire, and unfortunately, the number of people who are going to be able to look at software-based cryptography and find vulnerabilities is very small -- and two of them put their names behind Silent Circle. It's certainly great if secure communication tools are open source, but I think that I'd gladly trade OSS for tools that are crisp, incredibly well polished, accessible, and a joy to use. Not that they're necessarily mutually exclusive, and not that we're necessarily going to get that here. Much has been made about the fact that Phil Z and Jon Callas are responsible for this effort, but the cryptography is the easy part. I'd be much more interested if some really great software developers or designers were starting a secure communications company. - moxie -- http://www.thoughtcrime.org -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle Dangerous to Cryptography Software Development
On 10/11/2012 1:54 PM, Moxie Marlinspike wrote: In general, I'm not actually convinced that OSS is a necessity for secure communication tools. Protocols can generally be verified on the wire, and unfortunately, the number of people who are going to be able to look at software-based cryptography and find vulnerabilities is very small -- and two of them put their names behind Silent Circle. Protocols aren't half the story. There is much more in a piece of cryptography software to consider. Backdoors, to say the very least. NK -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle Dangerous to Cryptography Software Development
Having sat for the better part of the day with Phil Zimmerman with activists and journalists in a room, here is what I learned: On Oct 11, 2012, at 12:15 PM, Nadim Kobeissi wrote: On 10/11/2012 12:04 PM, James Losey wrote: Hi Nadim, I largely agree with your assessment of Silent Circle and I offer these thoughts in an effort to increase my understanding of the issue. The product is a packaged solution clearly targeted towards business customers focused on corporate privacy. And while the company offeres regular transparency statements on government requests and strives to Unless hit by a search warrant and a gag order at the same time, or a federal subpoena. Zimmerman stated that servers are located in Canada to avoid US subpoenas (not a lawyer, not sure what's that worth in the end). According to the Silent Circle website: Websites and products that don’t list the people behind the technology or where their servers are located, how the encryption keys are held or even how you can verify that your data is actually encrypted, are typical of the industry and provide only pseudo-security based on a lot of unverifiable trust. Our secure communications products use “Device to Device Encryption” – putting the keys to your security in the palm of your hand (except for Silent Mail, which is configured for PGP Universal and utilizes server side key encryption). We DO NOT have the ability to decrypt your communications across our network and nor will anyone else - ever. Silent Phone, Silent Text and Silent Eyes all use peer-to-peer technology and erase the session keys from your device once the call or text is finished. Our servers don’t hold the keys…you do. Our secure encryption keeps unauthorized people from understanding your transmissions. It keeps criminals, governments, business rivals, neighbors and identity thieves from stealing your data and from destroying your personal or corporate privacy. There are no back doors, nor will there ever be. More importantly, Zimmerman noted that Silent Circle code will be made available for audit. minimize storage of some types of data (and you're right that payment info is problematic) the company is clearly interested in paying for privacy assurances and seems less focused on supporting activists. According to Zimmerman (who was keenly interested in use cases for activists) will make licenses available to activists at no cost. They have not figured out the process for this yet, but we'll certainly follow up with them. Katrin -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle Dangerous to Cryptography Software Development
On 10/11/2012 2:14 PM, Katrin Verclas wrote: Having sat for the better part of the day with Phil Zimmerman with activists and journalists in a room, here is what I learned: On Oct 11, 2012, at 12:15 PM, Nadim Kobeissi wrote: On 10/11/2012 12:04 PM, James Losey wrote: Hi Nadim, I largely agree with your assessment of Silent Circle and I offer these thoughts in an effort to increase my understanding of the issue. The product is a packaged solution clearly targeted towards business customers focused on corporate privacy. And while the company offeres regular transparency statements on government requests and strives to Unless hit by a search warrant and a gag order at the same time, or a federal subpoena. Zimmerman stated that servers are located in Canada to avoid US subpoenas (not a lawyer, not sure what's that worth in the end). His entire IP block is connected to servers in the United States. I am very skeptical of that claim. Furthermore, this is nonsense; the issue isn't being protected against *one* country's subpoena, it's being protected against *any* subpoena. According to the Silent Circle website: Websites and products that don’t list the people behind the technology or where their servers are located, how the encryption keys are held or even how you can verify that your data is actually encrypted, are typical of the industry and provide only pseudo-security based on a lot of unverifiable trust. Our secure communications products use “Device to Device Encryption” – putting the keys to your security in the palm of your hand (except for Silent Mail, which is configured for PGP Universal and utilizes server side key encryption). We DO NOT have the ability to decrypt your communications across our network and nor will anyone else - ever. The closed-source nature of the software makes pushing government-mandated backdoors incredibly easy and extremely difficult to detect if done right. This is a tall claim not backed by evidence or the possibility of review. Silent Phone, Silent Text and Silent Eyes all use peer-to-peer technology and erase the session keys from your device once the call or text is finished. Our servers don’t hold the keys…you do. Our secure encryption keeps unauthorized people from understanding your transmissions. It keeps criminals, governments, business rivals, neighbors and identity thieves from stealing your data and from destroying your personal or corporate privacy. There are no back doors, nor will there ever be. ...unless they're served a court order, in which case Silent Circle will either implement a backdoor or go to jail, thank you very much. More importantly, Zimmerman noted that Silent Circle code will be made available for audit. Skype, too, says that its code is available for audit, and then only lets a single academic audit it via an auditing that they themselves fund. This is likely PR; I will not be satisfied unless anyone can audited the code, and the source code is kept updated with every new release. minimize storage of some types of data (and you're right that payment info is problematic) the company is clearly interested in paying for privacy assurances and seems less focused on supporting activists. According to Zimmerman (who was keenly interested in use cases for activists) will make licenses available to activists at no cost. They have not figured out the process for this yet, but we'll certainly follow up with them. This is just really scary -- a piece of closed source, unaudited, unverifiable software that costs money for corporations, but is free for activists? Katrin -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech NK -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle Dangerous to Cryptography Software Development
I like to see them deliver on the code audits before jumping to judgment since the product is not even released. Zimmerman gets those reservations, for sure, so let's see whether they can do a lot better than some companies before them. For now, the fact that Zimmerman and another staffer took significant time with activists and journalists under threat to understand specific use cases was interesting. We shall see... Cheers, Katrin On Oct 11, 2012, at 2:24 PM, Nadim Kobeissi wrote: On 10/11/2012 2:14 PM, Katrin Verclas wrote: Having sat for the better part of the day with Phil Zimmerman with activists and journalists in a room, here is what I learned: On Oct 11, 2012, at 12:15 PM, Nadim Kobeissi wrote: On 10/11/2012 12:04 PM, James Losey wrote: Hi Nadim, I largely agree with your assessment of Silent Circle and I offer these thoughts in an effort to increase my understanding of the issue. The product is a packaged solution clearly targeted towards business customers focused on corporate privacy. And while the company offeres regular transparency statements on government requests and strives to Unless hit by a search warrant and a gag order at the same time, or a federal subpoena. Zimmerman stated that servers are located in Canada to avoid US subpoenas (not a lawyer, not sure what's that worth in the end). His entire IP block is connected to servers in the United States. I am very skeptical of that claim. Furthermore, this is nonsense; the issue isn't being protected against *one* country's subpoena, it's being protected against *any* subpoena. According to the Silent Circle website: Websites and products that don’t list the people behind the technology or where their servers are located, how the encryption keys are held or even how you can verify that your data is actually encrypted, are typical of the industry and provide only pseudo-security based on a lot of unverifiable trust. Our secure communications products use “Device to Device Encryption” – putting the keys to your security in the palm of your hand (except for Silent Mail, which is configured for PGP Universal and utilizes server side key encryption). We DO NOT have the ability to decrypt your communications across our network and nor will anyone else - ever. The closed-source nature of the software makes pushing government-mandated backdoors incredibly easy and extremely difficult to detect if done right. This is a tall claim not backed by evidence or the possibility of review. Silent Phone, Silent Text and Silent Eyes all use peer-to-peer technology and erase the session keys from your device once the call or text is finished. Our servers don’t hold the keys…you do. Our secure encryption keeps unauthorized people from understanding your transmissions. It keeps criminals, governments, business rivals, neighbors and identity thieves from stealing your data and from destroying your personal or corporate privacy. There are no back doors, nor will there ever be. ...unless they're served a court order, in which case Silent Circle will either implement a backdoor or go to jail, thank you very much. More importantly, Zimmerman noted that Silent Circle code will be made available for audit. Skype, too, says that its code is available for audit, and then only lets a single academic audit it via an auditing that they themselves fund. This is likely PR; I will not be satisfied unless anyone can audited the code, and the source code is kept updated with every new release. minimize storage of some types of data (and you're right that payment info is problematic) the company is clearly interested in paying for privacy assurances and seems less focused on supporting activists. According to Zimmerman (who was keenly interested in use cases for activists) will make licenses available to activists at no cost. They have not figured out the process for this yet, but we'll certainly follow up with them. This is just really scary -- a piece of closed source, unaudited, unverifiable software that costs money for corporations, but is free for activists? Katrin -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech NK -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech Katrin Verclas MobileActive.org kat...@mobileactive.org skype/twitter: katrinskaya (347) 281-7191 A global network of people using mobile technology for social impact http://mobileactive.org -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle Dangerous to Cryptography Software Development
Eric King btw is the name of the person who is the head of research at Privacy International. https://www.privacyinternational.org/people/eric-king Eric is head of research at Privacy International, where he runs the Big Brother Incorporated project, an investigation of the international trade in surveillance technologies. His work focuses on the intersection of human rights, privacy and technology. He is the secret prisons technical adviser at Reprieve, is on the advisory council of the Foundation for Information Policy Research and holds a degree in law from the London School of Economics. regards -- R. Guerra Phone/Cell: +1 202-905-2081 Twitter: twitter.com/netfreedom Email: rgue...@privaterra.org On 2012-10-11, at 2:36 PM, Julian Oliver wrote: ..on Thu, Oct 11, 2012 at 02:24:54PM -0400, Nadim Kobeissi wrote: The closed-source nature of the software makes pushing government-mandated backdoors incredibly easy and extremely difficult to detect if done right. This is a tall claim not backed by evidence or the possibility of review. A chap on Twitter by the name of Eric King wrote that I don't have a URL yet but Phil said yesterday he was releasing the source code. In any case, even with the source (including server-side) it is unclear as to whether protection is not compromised by this suite. With a credit-card payment system the client list is practically a click away for any Government client, itself a worry. Having the servers located on Canadian soil garners little, I think: software in a position like this configures the distributor under responsibility to the juristiction in which its business is registered whilst foreign governments become potential clients. Ultimately software promising this level of privacy needs to reflect that people come from differing geo-political contexts. As such both client and server needs to be freely distributed and installable such that communities can then manage their own communication needs, taking risks within their techno-political context as they see fit. Cheers, -- Julian Oliver http://julianoliver.com http://criticalengineering.org -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle Dangerous to Cryptography Software Development
That's great -- I'm going to hold up until there is some actual source code. NK On 10/11/2012 2:41 PM, Robert Guerra wrote: Eric King btw is the name of the person who is the head of research at Privacy International. https://www.privacyinternational.org/people/eric-king Eric is head of research at Privacy International, where he runs the Big Brother Incorporated project, an investigation of the international trade in surveillance technologies. His work focuses on the intersection of human rights, privacy and technology. He is the secret prisons technical adviser at Reprieve, is on the advisory council of the Foundation for Information Policy Research and holds a degree in law from the London School of Economics. regards -- R. Guerra Phone/Cell: +1 202-905-2081 Twitter: twitter.com/netfreedom Email: rgue...@privaterra.org On 2012-10-11, at 2:36 PM, Julian Oliver wrote: ..on Thu, Oct 11, 2012 at 02:24:54PM -0400, Nadim Kobeissi wrote: The closed-source nature of the software makes pushing government-mandated backdoors incredibly easy and extremely difficult to detect if done right. This is a tall claim not backed by evidence or the possibility of review. A chap on Twitter by the name of Eric King wrote that I don't have a URL yet but Phil said yesterday he was releasing the source code. In any case, even with the source (including server-side) it is unclear as to whether protection is not compromised by this suite. With a credit-card payment system the client list is practically a click away for any Government client, itself a worry. Having the servers located on Canadian soil garners little, I think: software in a position like this configures the distributor under responsibility to the juristiction in which its business is registered whilst foreign governments become potential clients. Ultimately software promising this level of privacy needs to reflect that people come from differing geo-political contexts. As such both client and server needs to be freely distributed and installable such that communities can then manage their own communication needs, taking risks within their techno-political context as they see fit. Cheers, -- Julian Oliver http://julianoliver.com http://criticalengineering.org -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle Dangerous to Cryptography Software Development
On 10/11/2012 11:24 AM, Nadim Kobeissi wrote: Zimmerman stated that servers are located in Canada to avoid US subpoenas (not a lawyer, not sure what's that worth in the end). His entire IP block is connected to servers in the United States. I am very skeptical of that claim. Furthermore, this is nonsense; the issue isn't being protected against *one* country's subpoena, it's being protected against *any* subpoena. This is also not going to be technically possible in a mature product. If all servers were located in Canada, that would mean two people having an encrypted conversation in Europe would have an additional 300ms latency added to their call. Getting low-latency audio working on many mobile platforms is extremely difficult, even when you don't have the network working against you. - moxie -- http://www.thoughtcrime.org -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle Dangerous to Cryptography Software Development
I just wanted to note that hosting things in Canada isn't inherently, or necessarily, safer than hosting in other countries. Canadian courts are as able as American courts to apply pressure towards 'privacy sensitive' companies, with Hushmail being a good example. I would also note that Canada's lawful access legislation - perhaps on ice now, but something that will likely come back to life at some point - includes a decryption requirement that could have serious implications for companies providing encryption services/encrypting data in transit. A colleague of mine and I have written a piece on those decryption requirements (which is available at http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2148060) as they would affect cloud services, and it might be of interest to people on this list. Cheers, Chris -- ** Christopher Parsons Doctoral Candidate Political Science, University of Victoria http://www.christopher-parsons.com ** Julian Oliver 11 October, 2012 11:36 AM A chap on Twitter by the name of Eric King wrote that "I don't have a URL yetbut Phil said yesterday he was releasing the source code."In any case, even with the source (including server-side) it is unclear as towhether protection is not compromised by this suite. With a credit-card payment system the client list is practically a click awayfor any Government client, itself a worry. Having the servers located onCanadian soil garners little, I think: software in a position like thisconfigures the distributor under responsibility to the juristiction in which itsbusiness is registered whilst foreign governments become potential clients. Ultimately software promising this level of privacy needs to reflect that peoplecome from differing geo-political contexts. As such both client and server needsto be freely distributed and installable such that communities can then managetheir own communication needs, taking risks within their techno-politicalcontext as they see fit.Cheers, Nadim Kobeissi 11 October, 2012 11:24 AM On 10/11/2012 2:14 PM, Katrin Verclas wrote: Having sat for the better part of the day with Phil Zimmerman with activists and journalists in a room, here is what I learned: On Oct 11, 2012, at 12:15 PM, Nadim Kobeissi wrote: On 10/11/2012 12:04 PM, James Losey wrote: Hi Nadim, I largely agree with your assessment of Silent Circle and I offer these thoughts in an effort to increase my understanding of the issue. The product is a packaged "solution" clearly targeted towards business customers focused on corporate privacy. And while the company offeres regular transparency statements on government requests and strives to Unless hit by a search warrant and a gag order at the same time, or a federal subpoena. Zimmerman stated that servers are located in Canada to avoid US subpoenas (not a lawyer, not sure what's that worth in the end). His entire IP block is connected to servers in the United States. I am very skeptical of that claim. Furthermore, this is nonsense; the issue isn't being protected against *one* country's subpoena, it's being protected against *any* subpoena. According to the Silent Circle website: Websites and products that don’t list the people behind the technology or where their servers are located, how the encryption keys are held or even how you can verify that your data is actually encrypted, are typical of the industry and provide only pseudo-security based on a lot of unverifiable trust. Our secure communications products use “Device to Device Encryption” – putting the keys to your security in the palm of your hand (except for Silent Mail, which is configured for PGP Universal and utilizes server side key encryption). We DO NOT have the ability to decrypt your communications across our network and nor will anyone else - ever. The closed-source nature of the software makes pushing government-mandated backdoors incredibly easy and extremely difficult to detect if done right. This is a tall claim not backed by evidence or the possibility of review. Silent Phone, Silent Text and Silent Eyes all use peer-to-peer technology and erase the session keys from your device once the call or text is finished. Our servers don’t hold the keys…you do. Our secure encryption keeps unauthorized people from understanding your transmissions. It keeps criminals, governments, business rivals, neighbors and identity thieves from stealing your data and from destroying your personal or corporate privacy. There are no back doors, nor will there ever be. ...unless they're served a court order, in which case Silent Circle will either implement a backdoor or go to jail, thank you very much. More importantly, Zimmerman noted that Silent Circle code will be made available for audit. Skype, too, says that its code is available for audit, and then only lets a single academic
Re: [liberationtech] best practices - roundup
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/09/2012 03:03 PM, Lindsay Beck wrote: Thanks for compiling these resources! Another great tool that is perfect for traveling is TAILS, which stands for The Amnesiac Incognito Live System ... For what it's worth, I was traveling OCONUS last week and was using TAILS v0.12.1 installed on a microSD card (the laptop in question was booted from a USB adapter). I'm very impressed with how well it works, and as a general purpose I need to get stuff done in an untrustworthy environment it did an excellent job. I've yet to write an article on the specifics because I'm still digging out at work, but when I do I'll get the link out there. - -- The Doctor [412/724/301/703] [ZS] Developer, Project Byzantium: http://project-byzantium.org/ PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ Sing loud! -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlB3G9AACgkQO9j/K4B7F8GjiQCgliQdwzjS2GyU2hpk9Jp6GD80 YGMAoO1REt/EEWvjF+UST56XYTCjv0er =zM+i -END PGP SIGNATURE- -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Silent Circle to publish source code?
Dan Gillmor @dangillmor: @kaepora Phil Zimmerman told me yesterday that Silent Circle (contrary to what you say in your post) will publish source code. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle to publish source code?
It would have been much nicer to create this thread based on real source code, instead of a tweet based on word of mouth. We'll see. NK On 10/11/2012 3:27 PM, Yosem Companys wrote: Dan Gillmor @dangillmor: @kaepora Phil Zimmerman told me yesterday that Silent Circle (contrary to what you say in your post) will publish source code. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] CryptoParty Handbook
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/10/2012 06:10 AM, Julian Oliver wrote: Seth, your comments about the Quantum Crypto text are excellent and, on looking more closely, factually correct. I personally don't think such material has a place in a handbook like this but with your clarifications it will at least render it great reference material. Your comments about journaled file-systems and shredders/wipers were super and so will be added to the next edition. I think that quantum crypto needs to be explained in the 'book, at least at a high level. In some discussions I've had with people about crypto, someone's always brought up Quantum computers broke all crypto anyway, so there's no reason to do all of this, followed by a mostly uphill fight to convince them that there's no reliable evidence that there are quantum computers at Ft. Meade pwning us all. In other words, some solid ground to stand on when the trolls come 'round (and the do). I've forked the repo on Github and when I get some time this weekend I'll start working on some stuff. Missing chapters like Threat Modeling (introducing it to newbies, first of all) This. So much this. need to be written, as well as an unintimidating reference table for strength of encryption by type and threat context. This is something that came up in I think there is some pretty reliable research out there that can be referenced in the 'book. Still, I don't think it justifies those few security pros clumsily (and somewhat destructively) writing off the book entirely. Rather than being black and white More 'dead duck' discussions, I take it? when it comes to security it's far more constructive to let people into the process of learning to think for themselves by understanding such particular risks; to be aware, agile and vigilant. Security itself is a process in constant Toolkits, not cookbooks. - -- The Doctor [412/724/301/703] [ZS] Developer, Project Byzantium: http://project-byzantium.org/ PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ Sing loud! -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlB3IkYACgkQO9j/K4B7F8EXMACgryyoLanzR9QkyYK9LYRkqu6p JSYAni4rpH18lvs0uE6IsoD7zeuQFS0k =Ocm4 -END PGP SIGNATURE- -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle to publish source code?
We both received the same messages from Ryan Gallagher and Dan Gillmor: @rj_gallagher: @kaepora FYI I met with SC's CEO today for piece I'm doing + he told me they'll be making everything open source. That's why I added the question mark, in case someone on the list knew anymore (for example, when -- what date? -- do they plan to publish the code). I've contacted @Silent_Circle via Twitter and invited them on to Liberationtech. If anyone knows how to reach someone on the team directly, please let me know. It'd be nice to send them a personal invitation, so we can talk to the team directly rather than have a secondhand conversation. Best, Yosem On Thu, Oct 11, 2012 at 12:35 PM, Nadim Kobeissi na...@nadim.cc wrote: It would have been much nicer to create this thread based on real source code, instead of a tweet based on word of mouth. We'll see. NK On 10/11/2012 3:27 PM, Yosem Companys wrote: Dan Gillmor @dangillmor: @kaepora Phil Zimmerman told me yesterday that Silent Circle (contrary to what you say in your post) will publish source code. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle to publish source code?
Copying Susan Alderson, VP of Informatics, Silent Circle who was also in the meeting Eric and I referred to. Susan, forwarding you a thread from the Liberation Tech discussion list about Silent Circle source code, location of servers, etc. Please feel free to chime in, and nice to meet you! Cheers, Katrin On Oct 11, 2012, at 3:48 PM, Yosem Companys wrote: We both received the same messages from Ryan Gallagher and Dan Gillmor: @rj_gallagher: @kaepora FYI I met with SC's CEO today for piece I'm doing + he told me they'll be making everything open source. That's why I added the question mark, in case someone on the list knew anymore (for example, when -- what date? -- do they plan to publish the code). I've contacted @Silent_Circle via Twitter and invited them on to Liberationtech. If anyone knows how to reach someone on the team directly, please let me know. It'd be nice to send them a personal invitation, so we can talk to the team directly rather than have a secondhand conversation. Best, Yosem On Thu, Oct 11, 2012 at 12:35 PM, Nadim Kobeissi na...@nadim.cc wrote: It would have been much nicer to create this thread based on real source code, instead of a tweet based on word of mouth. We'll see. NK On 10/11/2012 3:27 PM, Yosem Companys wrote: Dan Gillmor @dangillmor: @kaepora Phil Zimmerman told me yesterday that Silent Circle (contrary to what you say in your post) will publish source code. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech Katrin Verclas MobileActive.org kat...@mobileactive.org skype/twitter: katrinskaya (347) 281-7191 A global network of people using mobile technology for social impact http://mobileactive.org -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle to publish source code?
Can someone explain what this big secret briefing was? Are they making the PR rounds in DC? Yosem Companys compa...@stanford.edu wrote: We both received the same messages from Ryan Gallagher and Dan Gillmor: @rj_gallagher: @kaepora FYI I met with SC's CEO today for piece I'm doing + he told me they'll be making everything open source. That's why I added the question mark, in case someone on the list knew anymore (for example, when -- what date? -- do they plan to publish the code). I've contacted @Silent_Circle via Twitter and invited them on to Liberationtech. If anyone knows how to reach someone on the team directly, please let me know. It'd be nice to send them a personal invitation, so we can talk to the team directly rather than have a secondhand conversation. Best, Yosem On Thu, Oct 11, 2012 at 12:35 PM, Nadim Kobeissi na...@nadim.cc wrote: It would have been much nicer to create this thread based on real source code, instead of a tweet based on word of mouth. We'll see. NK On 10/11/2012 3:27 PM, Yosem Companys wrote: Dan Gillmor @dangillmor: @kaepora Phil Zimmerman told me yesterday that Silent Circle (contrary to what you say in your post) will publish source code. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle to publish source code?
Here's my prediction: Silent Circle will not fundamentally change anything. It will have no where near the impact that Phil's work on open cryptography standards has. It may be a great niche product for businesses, professional journalist groups and large NGOs looking for a turnkey solution. It will not be relevant for the majority people on the ground in high risk places with state based surveillance. It will not satisfy the most privacy concerned users in free countries either. Ultimately it is a *commercial product* aiming to package up complex capabilities into a promise of a tidy easy to use solutions. It is a worthy endeavor but there are many, many people out there trying to go the business route and I don't believe there is actually enough of a market for this to satisfy a venture capitalist or organic revenue to sustain itself. Cryptophone, WaveSecure, Cryptcell, IronKey, ZeroBank, Hushmail are just a few attempted similar efforts. All worthy efforts... but niche and ultimately not having the large impact we all might hope, and perhaps some even doing damage by promoting forked, out of date solutions. I fundamentally believe you can't design a product both for CEOs and revolutionaries. The threat models are entirely different. You can't be all things to all people especially if you are charging 20 USD per user per month, on top of a users existing 3g data plan. +n8fr8 Nadim Kobeissi na...@nadim.cc wrote: It would have been much nicer to create this thread based on real source code, instead of a tweet based on word of mouth. We'll see. NK On 10/11/2012 3:27 PM, Yosem Companys wrote: Dan Gillmor @dangillmor: @kaepora Phil Zimmerman told me yesterday that Silent Circle (contrary to what you say in your post) will publish source code. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle to publish source code?
On 10/11/2012 5:51 PM, Ryan Gallagher wrote: To Nadim: I'm interested to know, did you contact anyone at SC before writing your blog post? Seems to me you arrived at your rather scathing conclusion largely on the basis of an assumption. A sort of shoot first, ask questions later approach. It actually says on the SC website that SC will use Open Source Peer-Reviewed Encryption. It also says, unambiguously, /We believe in open source/. It's almost impossible to develop the software Silent Circle is attempting to develop without using at least one open source library - this is in fact accentuated in my blog post. I sincerely apologize if my post is jumping the gun a bit, but aside from reassurances in private press conferences, Silent Circle hasn't made any statement that supports their releasing their code as open source. In fact, they have been very ambiguous on this issue prior to their alleged private statements yesterday and today. I will update my blog post the moment they announce that Silent Circle will be open source. I don't mean to shoot first, ask questions later, but rather highlight serious potential dangers. From: compa...@stanford.edu Date: Thu, 11 Oct 2012 12:48:03 -0700 To: liberationtech@lists.stanford.edu Subject: Re: [liberationtech] Silent Circle to publish source code? We both received the same messages from Ryan Gallagher and Dan Gillmor: @rj_gallagher: @kaepora FYI I met with SC's CEO today for piece I'm doing + he told me they'll be making everything open source. That's why I added the question mark, in case someone on the list knew anymore (for example, when -- what date? -- do they plan to publish the code). I've contacted @Silent_Circle via Twitter and invited them on to Liberationtech. If anyone knows how to reach someone on the team directly, please let me know. It'd be nice to send them a personal invitation, so we can talk to the team directly rather than have a secondhand conversation. Best, Yosem On Thu, Oct 11, 2012 at 12:35 PM, Nadim Kobeissi na...@nadim.cc wrote: It would have been much nicer to create this thread based on real source code, instead of a tweet based on word of mouth. We'll see. NK On 10/11/2012 3:27 PM, Yosem Companys wrote: Dan Gillmor @dangillmor: @kaepora Phil Zimmerman told me yesterday that Silent Circle (contrary to what you say in your post) will publish source code. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle to publish source code?
On 10/11/2012 18:26 PM, Nadim Kobeissi wrote: I sincerely apologize if my post is jumping the gun a bit, but aside from reassurances in private press conferences, Silent Circle hasn't made any statement that supports their releasing their code as open source. In fact, they have been very ambiguous on this issue prior to their alleged private statements yesterday and today. Hmm. It says on the SC website that it will use Open Source Peer-Reviewed Encryption, Peer Reviewed Encryption and Hashing Algorithms, and also says we believe in open source. Is that very ambiguous? Date: Thu, 11 Oct 2012 18:26:28 -0400 From: na...@nadim.cc To: liberationtech@lists.stanford.edu Subject: Re: [liberationtech] Silent Circle to publish source code? On 10/11/2012 5:51 PM, Ryan Gallagher wrote: To Nadim: I'm interested to know, did you contact anyone at SC before writing your blog post? Seems to me you arrived at your rather scathing conclusion largely on the basis of an assumption. A sort of shoot first, ask questions later approach. It actually says on the SC website that SC will use Open Source Peer-Reviewed Encryption. It also says, unambiguously, /We believe in open source/. It's almost impossible to develop the software Silent Circle is attempting to develop without using at least one open source library - this is in fact accentuated in my blog post. I sincerely apologize if my post is jumping the gun a bit, but aside from reassurances in private press conferences, Silent Circle hasn't made any statement that supports their releasing their code as open source. In fact, they have been very ambiguous on this issue prior to their alleged private statements yesterday and today. I will update my blog post the moment they announce that Silent Circle will be open source. I don't mean to shoot first, ask questions later, but rather highlight serious potential dangers. From: compa...@stanford.edu Date: Thu, 11 Oct 2012 12:48:03 -0700 To: liberationtech@lists.stanford.edu Subject: Re: [liberationtech] Silent Circle to publish source code? We both received the same messages from Ryan Gallagher and Dan Gillmor: @rj_gallagher: @kaepora FYI I met with SC's CEO today for piece I'm doing + he told me they'll be making everything open source. That's why I added the question mark, in case someone on the list knew anymore (for example, when -- what date? -- do they plan to publish the code). I've contacted @Silent_Circle via Twitter and invited them on to Liberationtech. If anyone knows how to reach someone on the team directly, please let me know. It'd be nice to send them a personal invitation, so we can talk to the team directly rather than have a secondhand conversation. Best, Yosem On Thu, Oct 11, 2012 at 12:35 PM, Nadim Kobeissi na...@nadim.cc wrote: It would have been much nicer to create this thread based on real source code, instead of a tweet based on word of mouth. We'll see. NK On 10/11/2012 3:27 PM, Yosem Companys wrote: Dan Gillmor @dangillmor: @kaepora Phil Zimmerman told me yesterday that Silent Circle (contrary to what you say in your post) will publish source code. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] One year later: German police unable to develop ‘state trojan’
http://annalist.noblogs.org/post/2012/10/12/one-year-later-german-police-unable-to-develop-state-trojan/ One year after the Chaos Computer Club found and analysed an illegal trojan virus used by German police, the so-called “state trojan”, and one year after the German Federal Minister of Justice, Sabine Leutheusser-Schnarrenberger had promised “total transparency and clarification” German police still don’t have an alternative to relying on software by private companies for the infiltration of computers. Recent answers of the interior ministry to questions by Jan Korte, MP Left party, clearly state that the ministry one year later is still lacking the capacity to do as promised: to develop a software for lawful interception that complies with a decision by Germany’s Federal Constitutional Court. (The original German document can be downloaded here http://annalist.noblogs.org/files/2012/10/121010_SchriftlichenFragenStaatstrojaner.pdf - no official translation into English yet) The original “state trojan” by Digitask did far more than what is allowed by German law: The Chaos Computer Club (CCC) has recently received a newer version of the “Staatstrojaner”, a government spyware. The comparison with the older version, already analyzed by the CCC with the actual Sniffer-code from December 2010, revealed new evidence. Despite the claims of the responsible parties, the Trojan can still be remote-controlled, loaded with any code and also the allegedly “revision-proof logging” can be manipulated. (CCC, 26 Oct 2011) Also see Several German states admit to use of controversial spy software http://www.dw.de/dw/article/0,,15449054,00.html (Deutsche Welle). The German minister of the Interior, Hans-Peter Friedrich, then promised that the software was going to be produced in-house. The new replies by the ministry prove him wrong: The software by DigiTask GmbH that was used in the past for computer surveillance (lawful interception) is not currently being used by federal public authorities anymore. The software that will be used for computer surveillance will be developed by a competence centre established within the Federal Criminal Police Office. It will be safeguarded that the source code will be audited regarding its range of functions by qualified experts. It will also be accessible for the relevant authorities for data protection (among others the Federal Commissioner for Data Protection). For the time until the afore mentioned in-house development is completed the Federal Criminal Police Office is preparing a commercial interim solution. The source code of that software has to undergo extensive audits with respect to the demands by the Federal Constitutional Court. (my translation, A.R.) In a reply to the second question by MP Korte the ministry states that it doesn’t know whether software by DigiTask or other commercial developers designed for lawful interception is being used by state police forces in Germany. Further details are classified and only accessible to MP Korte. The spokesman on domestic policy of Angela Merkels conservative party in parliament, Hans-Peter Uhl, commented: The development of a software by the Federal Criminal Office is presumably going to take months if not years. We may even have to ruefully admit that we lack the capability completely. -- http://about.me/annalist http://pgp.mit.edu:11371/pks/lookup?op=vindexsearch=0x7689407F942951E2 -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle to publish source code?
Hi Nadim, You didn't directly respond to Ryan's question. Have you actually spoken to anyone at Silent Circle? The Silent Circle App isn't available for download to the general public yet. As such, I think the company can be forgiven for not having source code available just yet. Why not wait until the product is actually available for download before you jump the gun and state that the company is damaging the state of the cryptography community? I've met with the CEO a couple times in person and I've spoken with Phil and Jon. Although I'm by no means ready to bless the product -- not only do I want to see it open sourced, but I also want to see a published, thorough audit by a respected security consulting firm -- I am at least excited to see folks building a business around encrypted communications (where the crypto is the selling point, rather than an unadvertised feature, like Skype). Jon and Phil is are not strangers to the security community and their email addresses can be found with about 2 seconds of Googling. If you have questions, why not contact them? Chris [Full disclosure: They've loaned me an ipod touch with a beta copy of the app so that I can try it out. As soon as the Android version is ready to go, I'll promptly give the iPod back to them. I'm not a Silent Circle investor, consultant, etc] On Thu, Oct 11, 2012 at 6:26 PM, Nadim Kobeissi na...@nadim.cc wrote: On 10/11/2012 5:51 PM, Ryan Gallagher wrote: To Nadim: I'm interested to know, did you contact anyone at SC before writing your blog post? Seems to me you arrived at your rather scathing conclusion largely on the basis of an assumption. A sort of shoot first, ask questions later approach. It actually says on the SC website that SC will use Open Source Peer-Reviewed Encryption. It also says, unambiguously, /We believe in open source/. It's almost impossible to develop the software Silent Circle is attempting to develop without using at least one open source library - this is in fact accentuated in my blog post. I sincerely apologize if my post is jumping the gun a bit, but aside from reassurances in private press conferences, Silent Circle hasn't made any statement that supports their releasing their code as open source. In fact, they have been very ambiguous on this issue prior to their alleged private statements yesterday and today. I will update my blog post the moment they announce that Silent Circle will be open source. I don't mean to shoot first, ask questions later, but rather highlight serious potential dangers. From: compa...@stanford.edu Date: Thu, 11 Oct 2012 12:48:03 -0700 To: liberationtech@lists.stanford.edu Subject: Re: [liberationtech] Silent Circle to publish source code? We both received the same messages from Ryan Gallagher and Dan Gillmor: @rj_gallagher: @kaepora FYI I met with SC's CEO today for piece I'm doing + he told me they'll be making everything open source. That's why I added the question mark, in case someone on the list knew anymore (for example, when -- what date? -- do they plan to publish the code). I've contacted @Silent_Circle via Twitter and invited them on to Liberationtech. If anyone knows how to reach someone on the team directly, please let me know. It'd be nice to send them a personal invitation, so we can talk to the team directly rather than have a secondhand conversation. Best, Yosem On Thu, Oct 11, 2012 at 12:35 PM, Nadim Kobeissi na...@nadim.cc wrote: It would have been much nicer to create this thread based on real source code, instead of a tweet based on word of mouth. We'll see. NK On 10/11/2012 3:27 PM, Yosem Companys wrote: Dan Gillmor @dangillmor: @kaepora Phil Zimmerman told me yesterday that Silent Circle (contrary to what you say in your post) will publish source code. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle to publish source code?
I'm sorry but this could easily refer to open source libraries, and commonly does. I will update my blog post again once source code is available, which should hopefully be when the app is released next week. NK On Oct 11, 2012 6:49 PM, Ryan Gallagher r...@rjgallagher.co.uk wrote: On 10/11/2012 18:26 PM, Nadim Kobeissi wrote: I sincerely apologize if my post is jumping the gun a bit, but aside from reassurances in private press conferences, Silent Circle hasn't made any statement that supports their releasing their code as open source. In fact, they have been very ambiguous on this issue prior to their alleged private statements yesterday and today. Hmm. It says on the SC website that it will use Open Source Peer-Reviewed Encryption, Peer Reviewed Encryption and Hashing Algorithms, and also says we believe in open source. Is that very ambiguous? Date: Thu, 11 Oct 2012 18:26:28 -0400 From: na...@nadim.cc To: liberationtech@lists.stanford.edu Subject: Re: [liberationtech] Silent Circle to publish source code? On 10/11/2012 5:51 PM, Ryan Gallagher wrote: To Nadim: I'm interested to know, did you contact anyone at SC before writing your blog post? Seems to me you arrived at your rather scathing conclusion largely on the basis of an assumption. A sort of shoot first, ask questions later approach. It actually says on the SC website that SC will use Open Source Peer-Reviewed Encryption. It also says, unambiguously, /We believe in open source/. It's almost impossible to develop the software Silent Circle is attempting to develop without using at least one open source library - this is in fact accentuated in my blog post. I sincerely apologize if my post is jumping the gun a bit, but aside from reassurances in private press conferences, Silent Circle hasn't made any statement that supports their releasing their code as open source. In fact, they have been very ambiguous on this issue prior to their alleged private statements yesterday and today. I will update my blog post the moment they announce that Silent Circle will be open source. I don't mean to shoot first, ask questions later, but rather highlight serious potential dangers. From: compa...@stanford.edu Date: Thu, 11 Oct 2012 12:48:03 -0700 To: liberationtech@lists.stanford.edu Subject: Re: [liberationtech] Silent Circle to publish source code? We both received the same messages from Ryan Gallagher and Dan Gillmor: @rj_gallagher: @kaepora FYI I met with SC's CEO today for piece I'm doing + he told me they'll be making everything open source. That's why I added the question mark, in case someone on the list knew anymore (for example, when -- what date? -- do they plan to publish the code). I've contacted @Silent_Circle via Twitter and invited them on to Liberationtech. If anyone knows how to reach someone on the team directly, please let me know. It'd be nice to send them a personal invitation, so we can talk to the team directly rather than have a secondhand conversation. Best, Yosem On Thu, Oct 11, 2012 at 12:35 PM, Nadim Kobeissi na...@nadim.cc wrote: It would have been much nicer to create this thread based on real source code, instead of a tweet based on word of mouth. We'll see. NK On 10/11/2012 3:27 PM, Yosem Companys wrote: Dan Gillmor @dangillmor: @kaepora Phil Zimmerman told me yesterday that Silent Circle (contrary to what you say in your post) will publish source code. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle to publish source code?
Hi Chris, I regrettably did not speak to anyone from Silent Circle. This is off-topic, but I find it kind of ironic for you to be asking me this; you have written scathing critiques involving my own software efforts without once contacting me, and I believe you to be much more guilty of jumping the gun than I could be in this occasion. But this is beside the point. I've spoken to people who have been contacted by Phil and John and I have been told prior to writing my post that both have been very ambiguous regarding the availability of Silent Circle source code in its entirety on the day of release. No formal statement has yet been made by Silent Circle; If the source code is released when the software ships, I have absolutely no problem admitting that I jumped the gun a bit; but aside from references to open source (which could very well be limited to libraries (such as libssl) or protocols (such as ZRTP), I'm still waiting on the status of the software. NK On Oct 11, 2012 7:10 PM, Christopher Soghoian ch...@soghoian.net wrote: Hi Nadim, You didn't directly respond to Ryan's question. Have you actually spoken to anyone at Silent Circle? The Silent Circle App isn't available for download to the general public yet. As such, I think the company can be forgiven for not having source code available just yet. Why not wait until the product is actually available for download before you jump the gun and state that the company is damaging the state of the cryptography community? I've met with the CEO a couple times in person and I've spoken with Phil and Jon. Although I'm by no means ready to bless the product -- not only do I want to see it open sourced, but I also want to see a published, thorough audit by a respected security consulting firm -- I am at least excited to see folks building a business around encrypted communications (where the crypto is the selling point, rather than an unadvertised feature, like Skype). Jon and Phil is are not strangers to the security community and their email addresses can be found with about 2 seconds of Googling. If you have questions, why not contact them? Chris [Full disclosure: They've loaned me an ipod touch with a beta copy of the app so that I can try it out. As soon as the Android version is ready to go, I'll promptly give the iPod back to them. I'm not a Silent Circle investor, consultant, etc] On Thu, Oct 11, 2012 at 6:26 PM, Nadim Kobeissi na...@nadim.cc wrote: On 10/11/2012 5:51 PM, Ryan Gallagher wrote: To Nadim: I'm interested to know, did you contact anyone at SC before writing your blog post? Seems to me you arrived at your rather scathing conclusion largely on the basis of an assumption. A sort of shoot first, ask questions later approach. It actually says on the SC website that SC will use Open Source Peer-Reviewed Encryption. It also says, unambiguously, /We believe in open source/. It's almost impossible to develop the software Silent Circle is attempting to develop without using at least one open source library - this is in fact accentuated in my blog post. I sincerely apologize if my post is jumping the gun a bit, but aside from reassurances in private press conferences, Silent Circle hasn't made any statement that supports their releasing their code as open source. In fact, they have been very ambiguous on this issue prior to their alleged private statements yesterday and today. I will update my blog post the moment they announce that Silent Circle will be open source. I don't mean to shoot first, ask questions later, but rather highlight serious potential dangers. From: compa...@stanford.edu Date: Thu, 11 Oct 2012 12:48:03 -0700 To: liberationtech@lists.stanford.edu Subject: Re: [liberationtech] Silent Circle to publish source code? We both received the same messages from Ryan Gallagher and Dan Gillmor: @rj_gallagher: @kaepora FYI I met with SC's CEO today for piece I'm doing + he told me they'll be making everything open source. That's why I added the question mark, in case someone on the list knew anymore (for example, when -- what date? -- do they plan to publish the code). I've contacted @Silent_Circle via Twitter and invited them on to Liberationtech. If anyone knows how to reach someone on the team directly, please let me know. It'd be nice to send them a personal invitation, so we can talk to the team directly rather than have a secondhand conversation. Best, Yosem On Thu, Oct 11, 2012 at 12:35 PM, Nadim Kobeissi na...@nadim.cc wrote: It would have been much nicer to create this thread based on real source code, instead of a tweet based on word of mouth. We'll see. NK On 10/11/2012 3:27 PM, Yosem Companys wrote: Dan Gillmor @dangillmor: @kaepora Phil Zimmerman told me yesterday that Silent Circle (contrary to what you say in your post) will
Re: [liberationtech] Silent Circle to publish source code?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Is this a case of people (lib tech/security community) trusting people of up-to-now good security community reputation (Phil Zimmerman and Jon Callas) combined with public statements (to the affect of we will be releasing the source code) combined with briefings with selected groups? Just curious. It goes back to the discussion about trusting open source software, or trusting people who we believe to have good intentions. Bernard PS: To try and keep the mood light: I wonder if the founders are fans of mid-80s German Euro-disco bands? On 12 Oct 2012, at 00:09, Christopher Soghoian wrote: Hi Nadim, You didn't directly respond to Ryan's question. Have you actually spoken to anyone at Silent Circle? The Silent Circle App isn't available for download to the general public yet. As such, I think the company can be forgiven for not having source code available just yet. Why not wait until the product is actually available for download before you jump the gun and state that the company is damaging the state of the cryptography community? I've met with the CEO a couple times in person and I've spoken with Phil and Jon. Although I'm by no means ready to bless the product -- not only do I want to see it open sourced, but I also want to see a published, thorough audit by a respected security consulting firm -- I am at least excited to see folks building a business around encrypted communications (where the crypto is the selling point, rather than an unadvertised feature, like Skype). Jon and Phil is are not strangers to the security community and their email addresses can be found with about 2 seconds of Googling. If you have questions, why not contact them? Chris [Full disclosure: They've loaned me an ipod touch with a beta copy of the app so that I can try it out. As soon as the Android version is ready to go, I'll promptly give the iPod back to them. I'm not a Silent Circle investor, consultant, etc] On Thu, Oct 11, 2012 at 6:26 PM, Nadim Kobeissi na...@nadim.cc wrote: On 10/11/2012 5:51 PM, Ryan Gallagher wrote: To Nadim: I'm interested to know, did you contact anyone at SC before writing your blog post? Seems to me you arrived at your rather scathing conclusion largely on the basis of an assumption. A sort of shoot first, ask questions later approach. It actually says on the SC website that SC will use Open Source Peer-Reviewed Encryption. It also says, unambiguously, /We believe in open source/. It's almost impossible to develop the software Silent Circle is attempting to develop without using at least one open source library - this is in fact accentuated in my blog post. I sincerely apologize if my post is jumping the gun a bit, but aside from reassurances in private press conferences, Silent Circle hasn't made any statement that supports their releasing their code as open source. In fact, they have been very ambiguous on this issue prior to their alleged private statements yesterday and today. I will update my blog post the moment they announce that Silent Circle will be open source. I don't mean to shoot first, ask questions later, but rather highlight serious potential dangers. From: compa...@stanford.edu Date: Thu, 11 Oct 2012 12:48:03 -0700 To: liberationtech@lists.stanford.edu Subject: Re: [liberationtech] Silent Circle to publish source code? We both received the same messages from Ryan Gallagher and Dan Gillmor: @rj_gallagher: @kaepora FYI I met with SC's CEO today for piece I'm doing + he told me they'll be making everything open source. That's why I added the question mark, in case someone on the list knew anymore (for example, when -- what date? -- do they plan to publish the code). I've contacted @Silent_Circle via Twitter and invited them on to Liberationtech. If anyone knows how to reach someone on the team directly, please let me know. It'd be nice to send them a personal invitation, so we can talk to the team directly rather than have a secondhand conversation. Best, Yosem On Thu, Oct 11, 2012 at 12:35 PM, Nadim Kobeissi na...@nadim.cc wrote: It would have been much nicer to create this thread based on real source code, instead of a tweet based on word of mouth. We'll see. NK On 10/11/2012 3:27 PM, Yosem Companys wrote: Dan Gillmor @dangillmor: @kaepora Phil Zimmerman told me yesterday that Silent Circle (contrary to what you say in your post) will publish source code. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at:
Re: [liberationtech] Silent Circle Dangerous to Cryptography Software Development
Hi all, When considering the threat of legally compelled assistance, I think it is useful to spell out the specific threats. The two big ones, IMHO, are 1. Compelled disclosure of data retained about users. 2. Compelled insertion of backdoors into the product. Now, folks on this list are throwing around a lot of legal terms (subpoenas, warrants, gag orders), but the specific types of legal process matter less once you consider the data that Silent Circle has and doesn't have. [Note, the following is focused largely on the audio/video service aspect of the service, since AFAIK the text service uses some new protocol called SCimp about which there isn't really any public info] If conversations are taking place over ZRTP, and, assuming that the crypto works, and that there isn't a backdoor, then the only data that silent circle should have access to is conversation metadata and data about the subscribers (IP addresses, an email address, and whatever info is required for credit card billing, such as a name/address). [I'm not a lawyer, but I know a bit about US surveillance law. Even so, this isn't legal advice] Under US law, law enforcement agencies only need a warrant to compel the production of stored communications content. Non-content data doesn't require a warrant. I would argue that a court order order issued under 18 USC 2703(d) would be required to compel the production of stored metadata records of silent circle conversations, however, 18 USC 2703(c)(2)(C) permits the compelled disclosure of local and long distance telephone connection records, or records of session times and durations pursuant to a mere subpoena (no judge required). As such, the specific form of legal process required to compel the production of Silent Circle conversation metadata depends on whether or not Silent Circle is more like an Internet communications service (such as e-mail or IM) or a telephone service. As such, I don't think the right question is what if silent circle receives a search warrant, but rather, either a 2703(d) order or subpoena. The answer to this really depends on their metadata retention policy, which we currently don't know much about. I want to see more info about this before I trust the service. Now, you may be asking at this point, who cares about US surveillance law if the data is held on servers in Canada? At least when it comes to requests from the US gov, the location of the data probably doesn't really matter if the execs and most of the staff are in the US. The US government will no doubt argue that US law applies to the compelled production of stored data, regardless of where the servers happen to be located. Ok - as for the basic subscriber records the company keeps, they are apparently going to offer prepaid calling cards (see: http://www.fastcompany.com/3001938/phil-zimmermanns-silent-circle-builds-secure-seductive-fortress-around-your-smartphone). Hopefully, these will eventually be available for purchase from 3rd party retailers or even from a brickmortar vendors via cash, which would go a long way to removing the need for Silent Circle to know basic identifying info about their customers. However, if you sign up over the web and give a credit card, the company could be required to disclose this basic subscriber info with a mere subpoena. Finally, with regard to the compelled insertion of backdoors in the service, this is obviously a serious threat (and something that governments have done in the past to other technology providers). I look forward to hearing public details from Silent Circle about what their plans are on this front. I'm not even sure what specific legal method would be used to compel such a backdoor in the US, since CALEA specifically addresses (and largely shields) communications service providers that provide encrypted communications but do not have access to the key. See: http://paranoia.dubfire.net/2010/09/calea-and-encryption.html However, on the compelled backdoor front, if this is a threat you are worried about, I would be equally (if not far more) worried about the government compelling Google or Apple to covertly push a malware update to your phone. Cheers, Chris On Thu, Oct 11, 2012 at 2:36 PM, Julian Oliver jul...@julianoliver.comwrote: With a credit-card payment system the client list is practically a click away for any Government client, itself a worry. Having the servers located on Canadian soil garners little, I think: software in a position like this configures the distributor under responsibility to the juristiction in which its business is registered whilst foreign governments become potential clients. Ultimately software promising this level of privacy needs to reflect that people come from differing geo-political contexts. As such both client and server needs to be freely distributed and installable such that communities can then manage their own communication needs, taking risks within their techno-political context as
Re: [liberationtech] Silent Circle to publish source code?
Thanks for spelling it out, and Nathan. NK On Oct 11, 2012 8:12 PM, Nathan nat...@freitas.net wrote: Ryan, mm. It says on the SC website that it will use Open Source Peer-Reviewed Encryption, Peer Reviewed Encryption and Hashing Algorithms, and also says we believe in open source. Is that very ambiguous As a reporter working on a piece, you should make sure you understand the different between using open-source and being open-source. Having code availability for private audit or dumping a zip file of code that doesn't quite build entirely is very different from bring a fully transparent open-source project. I am not splitting hairs here, just trying to make sure that you look beyond vague statements and perhaps ask where's your git repo going to be hosted? or what license are you planning to use? or even will an independent developer be able to compile and run their own version of your software?. As an example, Phil's much heralded ZRTP protocol was openly published but server code to enable Asterisk support for it had a very ambiguous license that made it unusable in anything but a pure academic setting. Like organic, open-source is a term that is easily claimed but not often truly fulfilled. Nadim should be given more credit for the completely transparent and engaged open-source project he runs, and for defending an approach and philosophy that he is completely living up to. +n8fr8 -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle to publish source code?
Nathan writes: Like organic, open-source is a term that is easily claimed but not often truly fulfilled. Nadim should be given more credit for the completely transparent and engaged open-source project he runs, and for defending an approach and philosophy that he is completely living up to. Further to that, I hope people in situations like this won't be sloppy with the distinction between open source and viewable source code. Publishing source code gives some of the important benefits of open source, but not all of them. Open source doesn't just mean access to the source code. http://opensource.org/osd.html -- Seth Schoen sch...@eff.org Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 454 Shotwell Street, San Francisco, CA 94110 +1 415 436 9333 x107 -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Tech Challenge for Atrocity Prevention Website Goes Live
USAID and Humanity United’s *Tech Challenge for Atrocity Prevention*website, www.thetechchallenge.org, has gone live today. The website identifies five specific challenges around atrocity prevention, the first two of which will launch on October 31st. We’re grateful for the support of everyone who helped us craft these problem statements, paving the way for us to solicit exciting and innovative ideas. In supporting President Obama’s vision of preventing atrocities worldwide, the *Tech Challenge for Atrocity Prevention* encourages individuals from all backgrounds to bring new perspectives to some of the most daunting issues in this arena. We are looking for those who can contribute innovative tech tools and solutions -- big and small -- to make real advances in preventing atrocities. Humanity United and USAID will award prizes as large as $10,000 per challenge for creative ideas and prototypes that respond to the problem statements. We hope that new or existing solutions in fields such as global health, education, and the private sector can be transformative when applied to preventing atrocities. *We need your help in spreading the word about this challenge! *Please share the website http://thetechchallenge.org/and the short videohttp://www.youtube.com/watch?v=6tGo867Qs2gas far and wide as you can on your social media networks and particularly to your networks of dedicated and passionate activists, techies and innovators. Thank you for your support, Donald Steinberg Deputy Administrator USAID * * http://www.thetechchallenge.org/*Please contact Mark Goldenbaum at USAID **(**mgoldenb...@usaid.gov**) **or Abby Long at Humanity United (** al...@humanityunited.org**) **for more information. * -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech