Re: [liberationtech] EFF Resigns from Global Network Initiative
I am sure that was a very hard move by EFF after being part of this group for five years. Corporate members being meddled with in regard to their security practices about their internal privacy and security systems is no way to effectively run any civil society that is hopeful of keeping people safe regarding their human rights. I hope others may also consider making the hard decision to join EFF in leaving this group until they can be more effective. It is scary to think that faith in a group of this nature can no longer be trusted because of government meddling. I think this is an important move. One that highlights just some of the dangers of this meddling. From the article: We know that many within the industry do not like or approve of such government interference, and GNI has, in statements, made it clear that member companies want permission from the US government to engage in greater transparency, EFF's International Director Danny O'Brien and Director for International Freedom of Expression Jillian C. York write in aletter to GNI leadership. However, until serious reforms of the US surveillance programs are in place, we no longer feel comfortable participating in the GNI process when we are not privy to the serious compromises GNI corporate members may be forced to make. Nor do we currently believe that audits of corporate practice, no matter how independent, will uncover the insecurities produced by the US government's—and potentially other governments'—behavior when operating clandestinely in the name of national security. On Thu, Oct 10, 2013 at 4:33 PM, Yosem Companys compa...@stanford.edu wrote: From: pressl...@eff.org Electronic Frontier Foundation Media Release For Immediate Release: Thursday, October 10, 2013 Contact: Jillian C. York Director for International Freedom of Expression Electronic Frontier Foundation jill...@eff.org +1 415 436-9333 x118 EFF Resigns from Global Network Initiative Citing Concerns Over NSA’s Impact on Corporate Members, EFF Leaves Industry Group San Francisco - The Electronic Frontier Foundation (EFF) today withdrew from the Global Network Initiative (GNI), citing a fundamental breakdown in confidence that the group's corporate members are able to speak freely about their own internal privacy and security systems in the wake of the National Security Agency (NSA) surveillance revelations. EFF has been a civil society member of the multi-stakeholder human rights group since GNI was founded in 2008 to advance freedom of expression and privacy in the global information and communication technologies sector. While much has been accomplished in these five years, EFF can no longer sign its name on joint statements knowing now that GNI's corporate members have been blocked from sharing crucial information about how the US government has meddled with these companies' security practices through programs such as PRISM and BULLRUN. We know that many within the industry do not like or approve of such government interference, and GNI has, in statements, made it clear that member companies want permission from the US government to engage in greater transparency, EFF's International Director Danny O'Brien and Director for International Freedom of Expression Jillian C. York write in a letter to GNI leadership. However, until serious reforms of the US surveillance programs are in place, we no longer feel comfortable participating in the GNI process when we are not privy to the serious compromises GNI corporate members may be forced to make. Nor do we currently believe that audits of corporate practice, no matter how independent, will uncover the insecurities produced by the US government's--and potentially other governments'--behavior when operating clandestinely in the name of national security. EFF's involvement with GNI included helping to define its founding principles over two years of negotiations; coordinating opposition to the United Kingdom's Communications Data Bill in 2011; releasing a paper addressing free-speech issues surrounding account deactivation and content removal; and collaborating with fellow members in internal international technical and policy analysis. However, EFF can no longer stand behind the credibility of what had been one of GNI's most significant achievements--third-party privacy and freedom of expression assessments of service providers, including Google, Microsoft and Yahoo. Moving forward, EFF plans to continue to provide guidance to the GNI and engage companies directly, but as an external organization. EFF supports the other organizations and individuals that continue to work within the GNI for the free speech and privacy rights of users worldwide. Although EFF is taking a step back, GNI can still serve an important role as a collaborative project between human rights groups, companies, investors and academics, York said. If the United States
Re: [liberationtech] EFF Resigns from Global Network Initiative
I believe it was The right thing to do, just like eating Quaker Oats. Best Regards | Cordiales Saludos | Grato, Andrés L. Pacheco Sanfuentes a...@acm.org +1 (817) 271-9619 On Fri, Oct 11, 2013 at 8:43 AM, LilBambi lilba...@gmail.com wrote: I am sure that was a very hard move by EFF after being part of this group for five years. Corporate members being meddled with in regard to their security practices about their internal privacy and security systems is no way to effectively run any civil society that is hopeful of keeping people safe regarding their human rights. I hope others may also consider making the hard decision to join EFF in leaving this group until they can be more effective. It is scary to think that faith in a group of this nature can no longer be trusted because of government meddling. I think this is an important move. One that highlights just some of the dangers of this meddling. From the article: We know that many within the industry do not like or approve of such government interference, and GNI has, in statements, made it clear that member companies want permission from the US government to engage in greater transparency, EFF's International Director Danny O'Brien and Director for International Freedom of Expression Jillian C. York write in aletter to GNI leadership. However, until serious reforms of the US surveillance programs are in place, we no longer feel comfortable participating in the GNI process when we are not privy to the serious compromises GNI corporate members may be forced to make. Nor do we currently believe that audits of corporate practice, no matter how independent, will uncover the insecurities produced by the US government's—and potentially other governments'—behavior when operating clandestinely in the name of national security. On Thu, Oct 10, 2013 at 4:33 PM, Yosem Companys compa...@stanford.edu wrote: From: pressl...@eff.org Electronic Frontier Foundation Media Release For Immediate Release: Thursday, October 10, 2013 Contact: Jillian C. York Director for International Freedom of Expression Electronic Frontier Foundation jill...@eff.org +1 415 436-9333 x118 EFF Resigns from Global Network Initiative Citing Concerns Over NSA’s Impact on Corporate Members, EFF Leaves Industry Group San Francisco - The Electronic Frontier Foundation (EFF) today withdrew from the Global Network Initiative (GNI), citing a fundamental breakdown in confidence that the group's corporate members are able to speak freely about their own internal privacy and security systems in the wake of the National Security Agency (NSA) surveillance revelations. EFF has been a civil society member of the multi-stakeholder human rights group since GNI was founded in 2008 to advance freedom of expression and privacy in the global information and communication technologies sector. While much has been accomplished in these five years, EFF can no longer sign its name on joint statements knowing now that GNI's corporate members have been blocked from sharing crucial information about how the US government has meddled with these companies' security practices through programs such as PRISM and BULLRUN. We know that many within the industry do not like or approve of such government interference, and GNI has, in statements, made it clear that member companies want permission from the US government to engage in greater transparency, EFF's International Director Danny O'Brien and Director for International Freedom of Expression Jillian C. York write in a letter to GNI leadership. However, until serious reforms of the US surveillance programs are in place, we no longer feel comfortable participating in the GNI process when we are not privy to the serious compromises GNI corporate members may be forced to make. Nor do we currently believe that audits of corporate practice, no matter how independent, will uncover the insecurities produced by the US government's--and potentially other governments'--behavior when operating clandestinely in the name of national security. EFF's involvement with GNI included helping to define its founding principles over two years of negotiations; coordinating opposition to the United Kingdom's Communications Data Bill in 2011; releasing a paper addressing free-speech issues surrounding account deactivation and content removal; and collaborating with fellow members in internal international technical and policy analysis. However, EFF can no longer stand behind the credibility of what had been one of GNI's most significant achievements--third-party privacy and freedom of expression assessments of service providers, including Google, Microsoft and Yahoo. Moving forward, EFF plans to continue to provide guidance to the GNI and engage companies directly, but as an external organization. EFF supports the other organizations and individuals that continue to work within
[liberationtech] Gpg4win woes
TL;DR - Gpg4win is unusable for the average internet user == Okay, I had a hard drive die on me a couple of weeks ago and I just reinstalled Windows and all the drivers on it last night. This morning when I was installing software, I thought I'd install gpg4win before Tor Browser Bundle and see if I could verify the signature since I've heard complaints that nobody ever does it. And this is what happened: https://twitter.com/voodooKobra/status/388611802923139072/photo/1 @r00tcore was kind enough to point out that there is documentation that basically says Yes it's OK. Confusing. So I try it with GPA instead, following the instructions on the attached documentation. This is what I get: https://twitter.com/voodooKobra/status/388683362233102336/photo/1 There was no hand-waving in the documentation for this error. So this leads me to believe one of two things: 1) I've somehow found myself at the top of a nation state actor's hit list and am actively being targeted by all sorts of attacks (MITM, rogue certificate, etc.). Or the more likely... 2) I'm doing something terribly wrong, and there is no way for me to figure out what exactly that is. I'm relatively sure that I have more patience than an average internet user (the Facebook addict variant, anyway), and I'm about fed up with it. It's easier to do gpg from the command line on Linux than to do it from a GUI on Windows. Here are the problems I faced when I attempted to perform this simple task: Verify the signature on the Tor Browser Bundle. 1. Where is the public key used to verify the signature? I couldn't click and find this, I had to actually search on Google. I saw a @matthew_d_green tweet the other day that said something akin to, Every click of the mouse loses half of your users, when talking about default settings. The Tor project links to the signature for each package on the downloads page, but any reference to their public key is hidden from the public's eye. 2. Kleopatra (the program that pops up when you right click More GpgEX options Verify) was perfectly happy to announce that there was no GPG data in the .exe when I attempted to verify it directly. While this might be silly to hackers, users will do this! Adding language that says Please make sure you select the signature file, not the message or executable, will help move things along. Making a system that intelligently goes, Oh, you probably meant file.exe.asc not file.exe, since they're both in the same folder, even if it asks the user to verify the correction instead of blindly switching it out, would also be a huge boon for usability. 3. Kleopatra scared me into believing that the signature was invalid, then documentation told me it was OK. Then GPA told me the signature was bad. Now I don't know what to believe or what to do next. I've fallen straight through the cracks. In closing, if the Tor website was designed to make signature verification easier, it was much easier to verify packages on Windows from Explorer, and Kleopatra and GPA used language to help users better troubleshoot issues, I think asking the average user to verify their packages would be a much less daunting task. Since this is long, I'm sticking the TL;DR in the beginning. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] 10 reasons not to start using PGP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/10/13 01:14, carlo von lynX wrote: No one anywhere has solved the problem of asynchronous, forward-secret group cryptography. I think you have to be a bit opportunistic about it. Briar does it somehow, if I understood correctly. Yes and no. I think Elijah's referring to the problem of encrypting a message to a group of recipients, so that any recipient can decrypt it up until a certain time, and nobody can decrypt it after that. We haven't solved that problem, but we do have a different solution for asynchronous forward-secret group communication. No crypto innovation is involved, it's just a matter of group members disseminating the message over forward-secret pairwise links. I think Retroshare might do the same... but who knows? ;) Cheers, Michael -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJSWCifAAoJEBEET9GfxSfM4esH/0kheDnkp2Mo/Y8d7nkPWc0t dhduAGTZg+kDkNyhXvCbrPoQ8yCHca6Os8Tg+yMrtNP2PHrz1w6nmdTLDCfFQ9pt kWAT1klqG0wRMJKGwYXeUfukR2y04gNJvLhpPcE8XUehY2tRtF1myTWLr8CD4CJw XG0E8YmkaUFeIFoH5+tW9uwsM+8Gl81U0zeZ279unAMOSmaxOccirZ4i2eWCqNEP VZ8JWr0C8FHDI2A8PIh6nJGSBALkxADSrSicDdSfF7w1RILyz12+ot5RH4j7nZHv 3nx1GFCvA3wtySqcYsBWXNRZKgbu9JuAIq7LTVgyyPx6mXWzsxg0QdwnB8bpldc= =vWGC -END PGP SIGNATURE- -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] 10 reasons not to start using PGP
Gregory Maxwell: My other big technical complaint about PGP is (3) in the post, that every encrypted message discloses what key you're communicating with. PGP easily _undoes_ the privacy that an anonymity network like tor can provide. It's possible to use --hidden-recipient but almost no one does. i am often a bit confused as to why people take issue with the fact that gpg/pgp isn't anonymous. i don't recall the technology ever being proposed as such. rather, effort was made to have mechanisms to verify the identity of a sender. however, if one creates an identity and keypair that as only been used over tor, what's the problem? creating and maintaining anonymity is an entirely different subject that gpg/pgp was not created to address. i'm going to have to cosign with jillian and others who took issue with this list. i don't think it provided good reasons to not use gpg/pgp. in fact, i struggled with figuring out what threat models the author was addressing in the various points, as it jumped around a bit without providing much detail. that lack of detail made the conclusion a bit irresponsible. - VFEmail.net - http://www.vfemail.net $24.95 ONETIME Lifetime accounts with Privacy Features! 15GB disk! No bandwidth quotas! Commercial and Bulk Mail Options! -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] CPJ: Solidarity in the face of surveillance
Great piece here by Josh Stearns of Free Press and Freedom of the Press Foundation for the Committee to Protect Journalists' Journalist Security Blog. http://cpj.org/security/2013/10/solidarity-in-the-face-of-surveillance.php Solidarity in the face of surveillance By Josh Stearns/CPJ guest blogger One way for journalists to build more secure newsrooms and safer networks would be for more of them to learn and practice digital hygiene and information security. But that's not enough. We also need journalists to stand together across borders, not just as an industry, but as a community, against government surveillance. The Obama administration, in its attempt to control government leaks, has issued subpoenas and conducted unprecedented surveillance of journalists, as CPJ documented in a report this week. But the United States is hardly the only democratic nation that has been trying to unveil reporters' sources and other professional secrets. In August, U.S. journalist Glenn Greenwald's partner, David Miranda, was detained by U.K. authorities at London's Heathrow airport as he was flying back to their home in Brazil. Greenwald's editor at the London-based Guardian, Alan Rusbridger, soon revealed that the British government had been trying for months to stop the Guardian from reporting on mass surveillance programs revealed by former U.S. National Security Agency contractor Edward Snowden, threatening unspecified action. Finally, two agents from the U.K. Government Communications Headquarters, a British intelligence agency, oversaw the physical destruction of computer hard drives in the basement of the Guardian's London offices. The Guardian continued reporting, however, but it also forged partnerships with The New York Times and ProPublica. A Guardian spokeswoman told BuzzFeed, In a climate of intense pressure from the U.K. government, The Guardian decided to bring in a U.S. partner to work on the GCHQ documents. This partnership goes beyond a simple editorial collaboration, and seems tantamount to a journalistic act of civil disobedience in order to serve the public. One colleague, Laura Poitras, a Berlin-based U.S. filmmaker and journalist, with whom Greenwald has broken some of the U.S. surveillance documents provided by Snowden, last month shared a byline with New York Times intelligence reporter James Risen, who himself remains subject to a U.S. court subpoena for his reporting on other U.S. intelligence activities. (Greenwald's partner Miranda was stopped in London after meeting with Poitras in Berlin.) Increasingly, journalists are finding strength in this kind of global solidarity that connects newsrooms and crosses borders. New York University journalism professor and critic Jay Rosen has suggested that journalists as a community need a new kind of sunlight coalition to oppose what now seem like the increasingly united government forces of mass surveillance and press suppression. The coalition should bring together journalists, whistleblowers, technologists, advocates, audiences, and more. They are trying to make journalism harder, slower, and less secure, by working together against you, Rosen wrote, addressing governments in the third person and colleagues in the second (italics are his). You have to work together against them to publish anyway and put the necessary materials beyond their reach. U.S. journalists saw examples of this kind of solidarity following the revelations about the Justice Department's mass seizure of phone records from the Associated Press, the department's labeling of a Fox News reporter as a co-conspirator, and the continued push by Obama administration officials for James Risen to testify about his source. But if colleagues like Rusbridger and Rosen are to be heeded, journalists now need to move from a reactive posture to a proactive one designed to address the mounting culture of harassment and intimidation of the press. In the wake of Snowden's revelations, and in seeing what it has taken for Greenwald, Poitras, and others to report those stories, there has been an increased emphasis on and interest in digital security for journalists. The most trusted encryption and security technologies tend to be open-source, meaning their programming codes remain open to inspection by anyone to ensure that there are no hidden vulnerabilities or built-in back doors allowing government intelligence agencies access to encrypted information. Open-source software is a model built on solidarity, one of showing your work, sharing your work, and supporting each other's work But when it comes to digital security, no one can do it alone. Both the sender and receiver of an encrypted message must know how to use the encryption software for any secrets to hold. Given the expansion of mass surveillance and the new threats facing journalists in a digital age, it is not enough to have a few passionate journalism nerds preaching the benefits of encryption. Many
Re: [liberationtech] 10 reasons not to start using PGP
On Fri, Oct 11, 2013 at 10:24 AM, Tempest temp...@tushmail.com wrote: Gregory Maxwell: My other big technical complaint about PGP is (3) in the post, that every encrypted message discloses what key you're communicating with. PGP easily _undoes_ the privacy that an anonymity network like tor can provide. It's possible to use --hidden-recipient but almost no one does. i am often a bit confused as to why people take issue with the fact that gpg/pgp isn't anonymous. i don't recall the technology ever being proposed as such. rather, effort was made to have mechanisms to verify the identity of a sender. however, if one creates an identity and keypair that as only been used over tor, what's the problem? creating and maintaining anonymity is an entirely different subject that gpg/pgp was not created to address. Security is a complicated subject. The exact properties you need to be secure depend on your threat model. You add encryption via PGP because you know you need encryption in order to be secure against your threat model. But without it being very obvious PGP has written a long term identity fingerprint encoded in the opaque base64 data which distinguishes your messages by recipients. This long term identity key can _increase_ your vulnerability to traffic analysis over using nothing at all. It does so invisibly to many users. It may be a very bad thing for your threat model. I think communications security tools ought to avoid increasing vulnerability to any common threats to the greatest extent that they can, and when they must compromise they should make it obvious. Both for non-repudiation and resistance to traffic analysis PGP dramatically reduces user security and does so in a way which is not obvious to any except the most advanced users. Both of these could be fixed with basically no user impact: Make hidden-recipient the default and allow optional clear-text recipient list on ascii armored output; add an authentication mode which is used by default instead of signing for encrypted messages that uses ring signatures (and don't allow unauthenticated encryption, geesh). effort was made to have mechanisms to verify the identity of a sender PGP actually has no mechanism for that. Thats authentication. Instead PGP substitutes non-repudiation for that purpose, which is a superset of authentication which reduces security in many situations. PGP provides basically no way for me to convince you that I'm the author of a message without also making it possible for you to prove it to the whole world. Sometimes you want this— for contracts and such— but usually you just want authentication. if one creates an identity and keypair that as only been used over tor Say you are a famous anonymous developer that creates software for dissidents to help them connect to tor. You have a nice anonymous key that is well known to belong to you. Do you think any of your users should want to send you email to anonymous one time use tech support mailboxes using that key, provably showing they were communicating to you to anyone who can monitor their email? Do you think your users will even realize that sending you messages will expose them? -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] 10 reasons not to start using PGP
On Thu, Oct 10, 2013 at 3:23 PM, carlo von lynX l...@time.to.get.psyced.org wrote: We had some debate on this topic at the Circumvention Tech Summit and I got some requests to publish my six reasons not to use PGP. Well, I spent a bit more time on it and now they turned into 10 reasons not to. Some may appear similar or identical, but actually they are on top of each other. Corrections and religious flame wars are welcome. YMMV. I love the detail put into this but I think it's a poorly delivered message for multiple reasons: 1) It puts an over-abundance of faith in toolsets in opening and closing You have to get used to learning new software frequently. Realistically if this was a toolsets problem then EFF and EPIC wouldn't exist - it's not. It's a problem of State that can only be fought through OPSEC, policy, and risk management. Since it's not entirely reasonable to have end-users living the spook lifesystem then it leaves ~policy~ as the best out for end-users with tools (like PGP) being the defensive linemen. 2) Combined with (1) - then providing no immediate alternative - it creates the environment in which snake oil fills the gaps. Then we're back out fighting the snakeoil because we were too busy eating our young (or old in this case) to pay attention to the collateral damage to our end-users. 3) It groups multiple problem sets into the responsibilty domain of PGP - when it/they don't have to be, perhaps even undesirable to be so (from both technical and sociological viewpoints). So in terms of broad proclamations I think it's prudent to keep those at a policy level - and the rest behind transparent but loosely narrow doors until the collective geekdom we can get traction on better alternatives. -Ali -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] 10 reasons not to start using PGP
Gregory Maxwell: Do you think any of your users should want to send you email to anonymous one time use tech support mailboxes using that key, provably showing they were communicating to you to anyone who can monitor their email? Do you think your users will even realize that sending you messages will expose them? a fair point. but one could significantly address this issue by hosting the public key on a tor hidden service. that would greater ensure that, in order to get your key, they would be using a system that protects against such threats. hardly an easy solution. but it can be solved with a little extra planning. - VFEmail.net - http://www.vfemail.net $24.95 ONETIME Lifetime accounts with Privacy Features! 15GB disk! No bandwidth quotas! Commercial and Bulk Mail Options! -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] 10 reasons not to start using PGP
On Fri, Oct 11, 2013 at 12:10 PM, Tempest temp...@tushmail.com wrote: a fair point. but one could significantly address this issue by hosting the public key on a tor hidden service. that would greater ensure that, in order to get your key, they would be using a system that protects against such threats. hardly an easy solution. but it can be solved with a little extra planning. Of course, if you can do this and the HS is secure, then you can just dispense with the PGP altogether. You can work around the limitations I've pointed to here... You messages via hidden services without pgp at all.. or you can create per-recipient symmetric keys which you clearsign then encrypt with hidden-recipent to each person you want to talk to, then symmetrically encrypt your actual messages, and discard once a conversation is done. But no one does, because it's hard, and some of PGP's downsides are subtle. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] EFF Resigns from Global Network Initiative
yeah, but we have to go further, and get the United Nations HQ The Heck out of the USA http://gadebate.un.org/68/venezuela-bolivarian-republic por eso y por mucho más! http://www.youtube.com/watch?v=G--xIaMTSuc Best Regards | Cordiales Saludos | Grato, Andrés L. Pacheco Sanfuentes a...@acm.org +1 (817) 271-9619 On Thu, Oct 10, 2013 at 3:33 PM, Yosem Companys compa...@stanford.edu wrote: From: pressl...@eff.org Electronic Frontier Foundation Media Release For Immediate Release: Thursday, October 10, 2013 Contact: Jillian C. York Director for International Freedom of Expression Electronic Frontier Foundation jill...@eff.org +1 415 436-9333 x118 EFF Resigns from Global Network Initiative Citing Concerns Over NSA’s Impact on Corporate Members, EFF Leaves Industry Group San Francisco - The Electronic Frontier Foundation (EFF) today withdrew from the Global Network Initiative (GNI), citing a fundamental breakdown in confidence that the group's corporate members are able to speak freely about their own internal privacy and security systems in the wake of the National Security Agency (NSA) surveillance revelations. EFF has been a civil society member of the multi-stakeholder human rights group since GNI was founded in 2008 to advance freedom of expression and privacy in the global information and communication technologies sector. While much has been accomplished in these five years, EFF can no longer sign its name on joint statements knowing now that GNI's corporate members have been blocked from sharing crucial information about how the US government has meddled with these companies' security practices through programs such as PRISM and BULLRUN. We know that many within the industry do not like or approve of such government interference, and GNI has, in statements, made it clear that member companies want permission from the US government to engage in greater transparency, EFF's International Director Danny O'Brien and Director for International Freedom of Expression Jillian C. York write in a letter to GNI leadership. However, until serious reforms of the US surveillance programs are in place, we no longer feel comfortable participating in the GNI process when we are not privy to the serious compromises GNI corporate members may be forced to make. Nor do we currently believe that audits of corporate practice, no matter how independent, will uncover the insecurities produced by the US government's--and potentially other governments'--behavior when operating clandestinely in the name of national security. EFF's involvement with GNI included helping to define its founding principles over two years of negotiations; coordinating opposition to the United Kingdom's Communications Data Bill in 2011; releasing a paper addressing free-speech issues surrounding account deactivation and content removal; and collaborating with fellow members in internal international technical and policy analysis. However, EFF can no longer stand behind the credibility of what had been one of GNI's most significant achievements--third-party privacy and freedom of expression assessments of service providers, including Google, Microsoft and Yahoo. Moving forward, EFF plans to continue to provide guidance to the GNI and engage companies directly, but as an external organization. EFF supports the other organizations and individuals that continue to work within the GNI for the free speech and privacy rights of users worldwide. Although EFF is taking a step back, GNI can still serve an important role as a collaborative project between human rights groups, companies, investors and academics, York said. If the United States government truly supports international 'Internet freedom,' it would recognize the damage its policies are doing to weaken such efforts and the world's confidence in American companies. For the text of the letter: https://www.eff.org/document/gni-resignation-letter-0 For this release: https://www.eff.org/press/releases/eff-resigns-global-network-initiative About EFF The Electronic Frontier Foundation is the leading organization protecting civil liberties in the digital world. Founded in 1990, we defend free speech online, fight illegal surveillance, promote the rights of digital innovators, and work to ensure that the rights and freedoms we enjoy are enhanced, rather than eroded, as our use of technology grows. EFF is a member-supported organization. Find out more at https://www.eff.org. -end- -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated:
Re: [liberationtech] EFF Resigns from Global Network Initiative
On Sat, Oct 12, 2013 at 12:11 AM, Andrés Leopoldo Pacheco Sanfuentes alps6...@gmail.com wrote: yeah, but we have to go further, and get the United Nations HQ The Heck out of the USA If you want an impotent organization to be even moreso - then that's a good move. The problem is while all this isolate the US creates a lot of feel-good it entirely ignored the complicity of most World Leaders in the same ~exact~ abuses, duplicity, etc. So it's a great distraction from actually getting things done. If you really want to punish US arrogance - make it untenable for peers to play along and really isolate the US at a policy level and not just repeated symbolic ones. (Separate of my own political beliefs - I'm speaking tactical efficacy here.) -Ali -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] EFF Resigns from Global Network Initiative
Yes, of course. BUT! Look at HISTORY Why did the US become the seat of the UN? And now, for THOSE SAME REASONS The US should NOT be the SEAT of the UN Best Regards | Cordiales Saludos | Grato, Andrés L. Pacheco Sanfuentes a...@acm.org +1 (817) 271-9619 On Fri, Oct 11, 2013 at 11:16 PM, Ali-Reza Anghaie a...@packetknife.com wrote: On Sat, Oct 12, 2013 at 12:11 AM, Andrés Leopoldo Pacheco Sanfuentes alps6...@gmail.com wrote: yeah, but we have to go further, and get the United Nations HQ The Heck out of the USA If you want an impotent organization to be even moreso - then that's a good move. The problem is while all this isolate the US creates a lot of feel-good it entirely ignored the complicity of most World Leaders in the same ~exact~ abuses, duplicity, etc. So it's a great distraction from actually getting things done. If you really want to punish US arrogance - make it untenable for peers to play along and really isolate the US at a policy level and not just repeated symbolic ones. (Separate of my own political beliefs - I'm speaking tactical efficacy here.) -Ali -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] EFF Resigns from Global Network Initiative
On Sat, Oct 12, 2013 at 12:23 AM, Andrés Leopoldo Pacheco Sanfuentes alps6...@gmail.com wrote: Yes, of course. BUT! *snip* Then the rest is moot - that's my point. Unless you can substantially change the behavior of the permanents seats of the UN Security Council - ~where~ the figureheads meet changes nothing about the behavior of the States, espionage, etc. Symbolic gestures are what get us ~right back where we started~ every few years. In any case - I hope we see substantive changes in the behavior of the members of the Security Council as a whole. Which isn't to say I believe the UN itself has any meaningful bearing to that. -Ali -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
