[liberationtech] ODNI/NRC report on "Bulk Collection of Signals Intelligence"
The National Academies Press (2015) - "Bulk Collection of Signals Intelligence: Technical Options" http://www.nap.edu/catalog/19414/bulk-collection-of-signals-intelligence-technical-options > The Bulk Collection of Signals Intelligence: Technical Options study is a > result of an activity called for in Presidential Policy Directive 28 > (PPD-28), issued by President Obama in January 2014, to evaluate U.S. signals > intelligence practices. The directive instructed the Office of the Director > of National Intelligence (ODNI) to produce a report within one year > "assessing the feasibility of creating software that would allow the > intelligence community more easily to conduct targeted information > acquisition rather than bulk collection." ODNI asked the National Research > Council (NRC) -- the operating arm of the National Academy of Sciences and > National Academy of Engineering -- to conduct a study, which began in June > 2014, to assist in preparing a response to the President. Over the ensuing > months, a committee of experts appointed by the Research Council produced the > report. gf -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] confused by the Sony hack
On 12/21/14 11:58 PM, Julio Cesar Fort wrote: > I'm no expert in cyber war but since when a nation-state intrusion > involves dropping docs, exposing corporate secrets, leaking upcoming > movies in Bittorrent and changing the wallpapers of employees's > workstations? If this was really a government-sponsored attack, it > sets a very strange precedent that puts nation-state attacks in > parallel with hacktivists trying to prove a point. Hacktivists are part of the threat model advanced by the US Executive. Asserting shared techniques between "[c]ommonly recognized cyber-aggressors" serves to validate that threat model. CRS (Dec 15) - "The 2013 Cybersecurity Executive Order: Overview and Considerations for Congress": http://www.fas.org/sgp/crs/misc/R42984.pdf > Cyberhacktivists > Cyberhacktivists are individuals who perform cyberattacks for pleasure, or > for philosophical or other nonmonetary reasons. Examples include someone who > attacks a technology system as a personal challenge (who might be termed a > “classic” hacker), and a "hacktivist" such as a member of the cyber-group > Anonymous who undertakes an attack for political reasons. The activities of > these groups can range from simple nuisance-related denial of service attacks > to disrupting government and private corporation business processes. gf -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] DARPA Restoring Active Memory (RAM) program
On 7/14/14, 12:33 PM, Gregory Foster wrote: > DARPA (Jul 9) - "Restoring Active Memory Program Poised to Launch": > http://www.darpa.mil/NewsEvents/Releases/2014/07/09.aspx > >> Specifically, RAM performers aim to develop and test wireless, fully >> implantable neural-interface medical devices that can serve as >> “neuroprosthetics”—technology that can effectively bridge the gaps that >> interfere with an individual’s ability to encode new memories or retrieve >> old ones. IEEE Spectrum (Aug 27) - "DARPA Project Starts Building Human Memory Prosthetics": http://spectrum.ieee.org/biomedical/bionics/darpa-project-starts-building-human-memory-prosthetics > “They’re trying to do 20 years of research in 4 years,” says Michael Kahana > in a tone that’s a mixture of excitement and disbelief. Kahana, director of > the Computational Memory Lab at the University of Pennsylvania, is mulling > over the tall order from the U.S. Defense Advanced Research Projects Agency > (DARPA). In the next four years, he and other researchers are charged with > understanding the neuroscience of memory and then building a prosthetic > memory device that’s ready for implantation in a human brain. gf -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Columbia XRay web transparency project
On 8/23/14, 2:01 PM, Gregory Foster wrote: > https://github.com/matlecu/xray > >> XRay is a research project from Columbia University that aims to >> improve transparency of data usage on the web. You can learn more >> on our website. > > http://xray.cs.columbia.edu/ > >> ...we developed XRay, a new tool that reveals which data in a web >> account, such as emails, searches, or viewed products, are being >> used to target which outputs, such as ads, recommended products, >> or prices. It can increase end-user awareness about what the >> services they use do with their data, and it can enable auditors >> and watchdogs with the necessary tools to keep the Web in check. >> >> Currently, XRay can reveal some forms of targeting for Gmail ads, >> Amazon product recommendations, and YouTube video >> recommendations. However, XRay's core mechanisms are largely >> service-agnostic, providing the necessary building blocks that we >> hope will enable a new generation of auditing tools that will >> help lift the curtain on how users' personal data is being used. >> >> Using our XRay Gmail prototype, we found some pretty interesting >> examples of data uses, such as a number of ads targeting >> depression, cancer, and other illnesses. We also saw quite a few >> subprime loan ads for used cars that targeted debt, loan, or >> borrow keywords in users' inboxes. > > YouTube (Aug 20) - "XRay: web transparency tool": > https://www.youtube.com/watch?v=VxH20ey2d7k > > HT @kdnuggets: > https://twitter.com/kdnuggets/status/503198576798089216 "XRay: Enhancing the Web’s Transparency with Differential Correlation" Presented at the 23rd Usenix Security Symposium (Aug 20-22) by @matlecu, et. al. https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/lecuyer paper: https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-lecuyer.pdf slides: https://www.usenix.org/sites/default/files/conference/protected-files/sec14_slides_lecuyer.pdf NYT Bits Blog (Aug 18) - "XRay: A New Tool for Tracking the Use of Personal Data on the Web" by @SteveLohr: http://bits.blogs.nytimes.com/2014/08/18/xray-a-new-tool-for-tracking-the-use-of-personal-data-on-the-web/ gf -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] Columbia XRay web transparency project
https://github.com/matlecu/xray > XRay is a research project from Columbia University that aims to improve > transparency of data usage on the web. You can learn more on our website. http://xray.cs.columbia.edu/ > ...we developed XRay, a new tool that reveals which data in a web account, > such as emails, searches, or viewed products, are being used to target which > outputs, such as ads, recommended products, or prices. It can increase > end-user awareness about what the services they use do with their data, and > it can enable auditors and watchdogs with the necessary tools to keep the Web > in check. > > Currently, XRay can reveal some forms of targeting for Gmail ads, Amazon > product recommendations, and YouTube video recommendations. However, XRay's > core mechanisms are largely service-agnostic, providing the necessary > building blocks that we hope will enable a new generation of auditing tools > that will help lift the curtain on how users' personal data is being used. > > Using our XRay Gmail prototype, we found some pretty interesting examples of > data uses, such as a number of ads targeting depression, cancer, and other > illnesses. We also saw quite a few subprime loan ads for used cars that > targeted debt, loan, or borrow keywords in users' inboxes. YouTube (Aug 20) - "XRay: web transparency tool": https://www.youtube.com/watch?v=VxH20ey2d7k HT @kdnuggets: https://twitter.com/kdnuggets/status/503198576798089216 gf -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] DARPA Restoring Active Memory (RAM) program
DARPA (Jul 9) - "Restoring Active Memory Program Poised to Launch": http://www.darpa.mil/NewsEvents/Releases/2014/07/09.aspx > Specifically, RAM performers aim to develop and test wireless, fully > implantable neural-interface medical devices that can serve as > “neuroprosthetics”—technology that can effectively bridge the gaps that > interfere with an individual’s ability to encode new memories or retrieve old > ones. gf -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] PBS Frontline: United States of Secrets ( 2 part series )
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Wednesday, May 14, 2014 7:07 PM, Nicholas Merrill wrote: > United States of Secrets (Part One) > > "How did the government come to spy on millions of Americans? In > United States of Secrets, FRONTLINE goes behind the headlines to > reveal the dramatic inside story of the U.S. government's massive > and controversial secret surveillance program -- and the lengths it > went to try to keep it hidden from the public." > > http://www.pbs.org/wgbh/pages/frontline/united-states-of-secrets/ > http://video.pbs.org/video/2365245528/ > > Part 2 airs May 20th > > -Nick > > Nicholas Merrill Executive Director The Calyx Institute 287 Spring > Street New York, NY 10013 On Wednesday, May 14, 2014 7:15 PM PDT, James S. Tyre wrote: > Requires Flash, but pretty good even for those of us who've been > involved directly for A Very Long Time, likely much better for > those not intimately familiar. > > James S. Tyre Law Offices of James S. Tyre 10736 Jefferson Blvd., > #512 Culver City, CA 90230-4969 310-839-4114/310-839-4602(fax) > jstyre at jstyre.com Special Counsel, Electronic Frontier > Foundation https://www.eff.org Part 2 was broadcast on May 20th and is available at the FRONTLINE website linked above. Also available at ThoughtMaybe: http://thoughtmaybe.com/the-united-states-of-secrets/ Well weaves together The Story of The Program, and its unraveling. Of great importance, please take a look. gf - -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.19 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBCgAGBQJTgBpVAAoJEMaAACmjGtgjY6MQALqjt9KyMy6fZqi8eoPOjKha Y0FxPk+EBLrpy55ZqszwEE7Z3m9p9Xf6BnN4cedHsehbhbk+s3GPCmZ7PdxkLE3K xq5N0mOZ605lv1uY68X4Qq3DjdKSSXYeig/hN+YpIRJ/Onme5XJCWkhRNPnuYwMn /Fc0uIRLgqZ+qSuCZWOH5nPCUZrHx7J1/waERqigX0ab9SA2cyEZtD5XATTkCGd3 9ap9QNTygllgOXUKO0xu8zjmwwcAeqFx0Csa5ZF2TZxTDb1Pw1f1fLo4LmPdkLse vUXDzfZuXXP01SxPcYeW0B4W2dw7P8S6732SkNJ3yhBaCwItcB0kpY4O2ILgUa5j L8itCxgHE7XBlxmiheRKDH4rd+V8AMgOD9ZPfDx3X9IxOO0g/EOzFMLUpvKynSMb g0NTX7hHMkzBBMUFKqxJjbgUAVan16Rlz7HcTLfy0qc2wb6smYLArGjzRAGdg/k+ 0FEarnWLTxd51ZfToPr8Y226d5stkHr68GuB9okE0Rz7TP1F/pbDUSqRF78IyfME +est7k+656GexWVvEknDcVRQyBn3ACtJunJsqLQOVM/AkfF8ydpTAnEwP7flYmiu M5xfaxW64vevIxGZLsgUP6l5SWP08e9aifp8LR4r8RT8+aCAxibmAzTFuCeMYj+N PEE6A3DBVffj3mTwxPCq =MGRX -END PGP SIGNATURE- -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] The National Security Agency at the Crossroads (Austin: Apr 3-4)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 The National Security Agency at the Crossroads (Austin: Apr 3-4) https://strausscenter.org/details/279-privacy-surveillance-and-the-nsa.html If you review the agenda and speaker list, you'll see this event is a pretty big deal. > The Intelligence Studies Project is a joint venture of the Strauss > Center and Clements Center at the University of Texas at Austin, > aiming to encourage policy-relevant academic inquiry into the past, > present, and future of intelligence agencies and the legal, policy, > and technological environments in which they operate. Nothing > better illustrates the need for such inquiry than the events of the > past year surrounding the National Security Agency. As part of a > larger effort to improve public understanding of those events, the > Robert S. Strauss Center for International Security and Law and the > William P. Clements Jr. Center for History, Strategy & Statecraft > are hosting a major interdisciplinary conference focused on the NSA > from April 3rd through 4th. It will cover topics including the > history of the NSA, the role of the media in revealing classified > information about its activities, the legal architecture in which > it operates, the compliance and oversight mechanisms associated > with the NSA, the diplomatic fallout from the recent revelations, > and the prospects for reform. Although open to the public, the event is already waitlisted. I'm aware of at least a few concerned citizens who signed up to attend and plan to document the event through various channels. http://www.eventbrite.com/e/privacy-surveillance-and-the-nsa-tickets-8953832153 If you have an interest in this event you'd like to discuss, please contact me off list. gf - -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.19 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBCgAGBQJTM62eAAoJEMaAACmjGtgj8NsP/AxHR2VOTHivwqv7MmnkZ9kS l+kFi9RC9ZB0e80jAljc32FnIRWhhmry1/BOU9dgtWEzmcpfInAQdTHV01droXT1 XlxiEvVfv5Sh7Ln3gE4nv2UgUFTy8GXZAmRoVilr/SCietQd5nOFoWhzLPEsnfGw PYAUE5FHu4Sh2tEcCJDSGPZOe/Rd7QvlU4qd3drTOwnC840X5x0CtylGXVWHxMcl K/nAzuMkhB+Zd3tErka2yR7vw42Ch5PeT6qN3c5TtLywhAVSamqQjzWfeJdx6NMk /F89Q8oJcJ1zLfpePhuj+m4FRCTq3/ONmk+d4NpwRAP5v+BeXk4EyHadibf5GJX2 7IUlR77p1cTi//QvwvkQq0iBnESBDRu+JaUI8fX2bluuIK9PZnS/AJG4A8KE9ujo wciHmFk0uAuxw5GqHNF0VLo8JQjc2DDNcmsHheVXuzE9txMShdgonWPoxVfouXys JetLGAZwFhbxfku5bXpqVYnNLQi5FfMaIEZ6saT8cEWdbuCpbuXKSAsEMSY/LIjK DaITHHO+YiRD7qlM/TakpI934F925k4pQ3rA3Y32ObihacjQHysN2LkOhUPuITY7 RLbUCbww1Dcb0QGUgib7INSRTWnN+vt+fsN07jgTtXr60VfXdGF3pUHAxqZ9d/nX esziR2DQx3s7u+15clcf =Wdx1 -END PGP SIGNATURE- -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] Cyberpunk 2014 @ SXSW
I'd like to invite the SXSW attendees to the EFF/EFF-Austin party on Saturday night. It's shaping up to be fairly epic: http://www.cyberpunk2014.com/ gf -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Public surveillance
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2/28/14 12:49 AM, Marcin de Kaminski wrote: > Do any of you know of _any_ country that has some kind of > transparency regarding its domestic surveillance? Are there for > instance, somewhere, public records if security police or other law > enforcement agency wiretaps, etc? We've begun to have some success in Austin, Texas getting the local fusion center to open up. The Austin Regional Intelligence Center was chartered with an oversight body responsible for monitoring and suggesting changes to the center's privacy policy which, to some degree, governs the information-generation and -sharing hub's operations. The meeting minutes are Texas Open Records, so they're available for the asking. The advisory committee suggested ARIC save time, money, and gain a transparency win by voluntarily posting the minutes on their website: https://arictexas.org/default.aspx?menuitemid=662&menugroup=ARIC+Home I've re-posted the minutes to SoundCloud where they can be downloaded. Austin Regional Intelligence Center - Privacy Policy Advisory Committee (Dec 13, 2013) https://soundcloud.com/gregoryfoster/aric-ppac-2013_12_13 Local journalist Julie Wilson is the first to write about this. Liberty Beat (Feb 25) - "Texas Fusion Center Secrets Revealed": http://thelibertybeat.com/exclusive-texas-fusion-center-secrets-revealed/ https://twitter.com/JulieJay2904/status/438277601375703040 If you're interested in this stuff, please contact me off list as it may be possible to replicate this model across the country. There's a state-level working group looking at that possibility for Texas fusion centers. http://www.weblaws.org/texas/laws/tex._gov't_code_section_421.083_texas_fusion_center_policy_council gf - -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.19 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBCgAGBQJTEEJ6AAoJEMaAACmjGtgjYrcP/0uVYy4fX82otT+vN/ebjHJF 4tbWGikAZO61nj6ekbcsqIhoO4hvAy1AjbB/mDZYWT7pt/3bWlNYbcAgY7JktTIf G0Fz1NV5bapZ1lnqCxvqPWTVP9qmWozks3VLdQw8Yy2xSGvjR0ywd7Od+8Eee8T0 1IY6HhvgFwJYr1T+DHXfuVru3B1juw0Kye1jFkyL7WwU6QPospZvZ1dcf3pddxul sonVtUj033JVC+dgX6ZUTya6lC3SynQZNzvoCbWdwUx9ktZ43FNZMNjk1d1N5PNf Fu6grZRFU0rTRweajJFYWwIzskswEf0VoBhOi7bJJTgbPoAVfLSzjk3f+R94KYQy R9jT9+o+E34sQ8AK+yPBlnk9CBv2ZJA1G36GfLpraoqMaS05HChX+TNuhzJ9iiqB lq4zJ+rsNNB2G8v+BZ894KthxlmJay8xEObvyESpBjx9c/xpfw25VENSpgXdVjtq Xcx02tgaw3DkT84msJKa4Qa9yUpJ8C8QM/THHgA9moqW+Vwpq+60u1smlXU/ERWN Sfv4aYcw9S5DMFKde3B84fNyY0gCqtyukQKK2a6VhQJC4wRZsY9ng8q43zvnjd3E OP6VBLQZJmx6pBEWcXKotOYLBVXBIz1RFggCHBVhoAykS6Efe2hj7vXHhs3xsBIT ruxc4boDRNNaShiAowTx =dvgG -END PGP SIGNATURE- -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] Day of action against mass surveillance (Feb 11)
The Day We Fight Back (Feb 11): https://thedaywefightback.org/ gf -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] "Google and the World Brain" (2013)
thoughtmaybe (Jan 5) - "Google and the World Brain": http://thoughtmaybe.com/google-and-the-world-brain/?lang=en > In 2002, quietly and behind closed doors, the Internet giant Google began to > scan millions of books in an effort to create a privatised giant global > library, containing every book in existence. Not only this, but they claimed > they had an even greater purpose–to create a higher form of intelligence, > something that HG Wells had predicted in his 1937 essay “World Brain”. > Working with the world’s most prestigious libraries, Google was said to be > reinventing the limits of copyright in the name of free access to anyone, > anywhere. But what can possibly be wrong with this picture? As Google and the > World Brain reveals, a whole lot. Some argue that Google’s actions represent > aggressive theft on an enormous scale, others see it as an attempt to > monopolise our shared cultural heritage, and still others view the project as > an attempt to flatten our minds by consolidating complex ideas into > searchable “extra-long tweets” for the screen. > At first slowly, and then with intensifying conviction, a diverse coalition > of authors and others mobilise to stop the ambitious project. Google and the > World Brain explores this high-stakes story with an important alternative > voice to the technological utopianism of our age. http://www.worldbrainthefilm.com/ http://www.imdb.com/title/tt2551516/ https://twitter.com/worldbrainfilm Trailer: http://www.youtube.com/watch?v=RZkdkobK99A Thanks to Michael Allan for the pointer to thoughtmaybe.com via libtech, https://mailman.stanford.edu/pipermail/liberationtech/2013-August/010908.html HT their email announcement list: http://thoughtmaybe.com/subscribe/ gf P.S. - H.G. Wells' collection of essays and addresses, _World Brain_: http://en.wikipedia.org/wiki/World_Brain Including "The Idea of a Permanent World Encyclopaedia", his "[c]ontribution to the new Encyclopédie Française, August, 1937": https://sherlock.ischool.berkeley.edu/wells/world_brain.html > Quietly and sanely this new encyclopaedia will, not so much overcome > these archaic discords, as deprive them, steadily but imperceptibly, > of their present reality. -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Philadelphia Fusion Center Privacy Policy
On 11/5/13 7:07 AM, Kenneth Lipp wrote: > After about ten months of stone-walling and obfuscation, the > Philadelphia Declaration has managed to obtain a copy of the Delaware > Valley Intelligence Center's privacy policy. We've been chronicling the > inquiry, and the policy adds to huge concerns about the > center > http://phillydeclaration.org/2013/11/04/a-fusion-center-finds-its-privacy-policy/ Hi Kenneth, I've followed your Twitter account for some time and appreciate your work. I'm writing because I have just secured a "Community Advocate" oversight role on the Privacy Policy Advisory Council of the Austin Regional Intelligence Center. For your reference, their privacy policy is posted here: http://www.austintexas.gov/department/austin-regional-intelligence-center I believe there is an opportunity (and a need) to perform comparative analysis of the privacy policies of the fusion centers. My goal would be to identify the best policies and encourage normalization towards them (where "best" is defined as respectful of civil liberties). I'm also eager to learn about the relationships between fusion centers, the "right to know" and "need to know" agreements that determine the exchange of information between them, and the criteria by which fusion centers evaluate one another's privacy policies when establishing relationships. Your message was timely so I wanted to be sure to reach out to say hello and open up the opportunity for dialogue. Please do keep me posted on your work in Philadelphia. http://gregoryfoster.name/gregoryfoster.pgpkey gf -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] @NatSecWonk
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Politico (Oct 22) - "NSC aide admits Twitter attack on White House": http://www.politico.com/politico44/2013/10/nsc-aide-admits-twitter-attack-on-white-house-175722.html > For months, White House and State department officials searched for > @NatSecWonk, a hunt that intensified after he repeatedly expressed > doubts about the official administration accounts about the > Sept.11, 2012 attack in Benghazi. > > After a probe that included an investigation into Joseph’s travel > and shopping patterns –parsed from over 2,000 Tweets -lawyers from > the White House counsel’s office confronted Joseph and ordered him > to leave the executive complex, according to two sources familiar > with the situation. Seems problematic for the Executive to spend "months" of taxpayer money on a "hunt" to abridge the First Amendment rights of a Twitter account holder who was saying things some people didn't like. I guess @NatSecWonk was an inside threat to national security? > “Was Huma Abedin wearing beer goggles the night she met Anthony > Wiener? Almost as bad a pairing as Samantha Powers and Cass > Sunstein ,” he tweeted about the top Clinton aide and her > husband, the failed New York City mayoral candidate. gf - -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.19 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBCgAGBQJSZ0B0AAoJEMaAACmjGtgjPSgQAJEHfqXadSNmn7ZH1DnwQ8KQ BuYv/TP5CfsQJTERbWiX6rWHW2HTFnb1iTQLk7M7YeYQHuyekTSK6ed1LmeLIw+C MofPQCBS9lfz+8wwu5qSkD0ffU4bp5S/G7MjcR0UzrTDeJATi/XniZrO6yaTvfk5 paiepWG6WSECI0YupwQ0G/fi4J4qEvi7wKG90hEcI7rk6MlWF1LQN2+Z5eLoHKoB MpP8zXvWwEEDMTSkp7q3BdC/TKvIcwR26mmp7oOaQxGJRxDgG9D068shvk97+nNH haIRbESvoTauRTGT2ALRZiMJVxQ78Bnw3ifIaNlxyggEnEX0VJi8RzO3z1nQ0umZ i+NgyMIevV/P1NwMeLt2SlX2onWRvE72vOdMRjBDFfrxa9T1QEYJpipaFx+XwAPU co1nSHE88EJG4fOeK0NOv+x+0JdqUh7flWdhP7SttkYvPkOWuyL5EEeN1hMKEPY6 SIXenNGI+j/AKkixj3+8KiHd4rdfGV6310v37Jdhv0r4oKyJTZF8SOGRRtlwdwTn nyKJYroXOrxx46kIPkAGwn6O+juXc7antLkWTWVQHDOseZGEMygOi1W9/zEzgvG2 V+6s2/2uAfWDSsUsd0dFZoffOGRS6uIKfZQoewtH2fmExdDm97wFPH5ERTX/JcVD sh1MFmZEujHkrPX1X82l =DBVj -END PGP SIGNATURE- -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] WaPo releases details on US offensive cyber-ops
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Washington Post (Aug 30) - "U.S. spy agencies mounted 231 offensive cyber-operations in 2011, documents show" by @BartonGellman & @nakashimae: http://www.washingtonpost.com/world/national-security/us-spy-agencies-mounted-231-offensive-cyber-operations-in-2011-documents-show/2013/08/30/d090a6ae-119e-11e3-b4cb-fd7ce041d814_story.html > under an extensive effort code-named GENIE, U.S. computer > specialists break into foreign networks so that they can be put > under surreptitious U.S. control. Budget documents say the $652 > million project has placed “covert implants,” sophisticated > malware transmitted from far away, in computers, routers and > firewalls on tens of thousands of machines every year, with plans > to expand those numbers into the millions. ... > The NSA designs most of its own implants, but it devoted $25.1 > million this year to “additional covert purchases of software > vulnerabilities” from private malware vendors, a growing > gray-market industry based largely in Europe. gf - -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.19 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBCgAGBQJSJM5iAAoJEMaAACmjGtgjdbIP/12OFrDd3Hjp8vnmT8gj39Ke BuNqryCsN1yrJtDmDfUjjXoQ5L/Hkd5wxavmEOLd+ujJHle3hYhzaOcbYhCJxXmO Yh/8T1VRxjthxCloZhF4o+y3cd9/Hroq98wN+i6lNQMSfWgJcOnOmTxukkjE+W5+ dz/BuFuwyKH+A7nCdFLyvsBThq9vciIstEAY4aBgFODD7is373qWaJ/rbCTg4Q0R ySkaW1jSiyds8fbro4y8MLJDktRuDoG6Y8iimwiiab0nBl/2Emhrjl59Bgr1kZEw C6zn1yD8ZCdR4asAGyObLOByu2wcSycTAeVRwVMI0Jd9jAE3jh2XZpk7KJ8hV3+7 iNblmunYi3JbmYqzuByRqGNEr/Dr1lNqKJYEPh1wk7xtb5Tidta+m4yfc2zToHX6 evlHkhxDNuDzS9SulZ0/a7X7cFFDhnsg649H1HLCzSq85SvwsRDs50OFD4IO8sw3 UaIz4Mxa+HHBuTaOUtYgPl8OEtB+TiVRgsSWvp5H0IOAFS3hfWF8Qa+fim3X0aXu Iboh8NxX0tbx95mvVo98IZfor++cXY3PvIDRZFHHvFphoYWjp7o2LZTEWzb+zVub 6Ph4iSZ3xQCqxDsKCxU51DwQZXf5UpCGGq3BbmmSCj3XSAP0KPLmrs/qrt/3W9qe C7PeIi/toTCeJPMRdCN0 =ihTp -END PGP SIGNATURE- -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] Adam Curtis on the nature of espionage
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 BBC Blogs (Aug 8) - "BUGGER: Maybe The Real State Secret Is That Spies Aren't Very Good At Their Jobs and Don't Know Very Much About The World" by Adam Curtis: http://www.bbc.co.uk/blogs/adamcurtis/posts/BUGGER It's really nice to see Adam Curtis weigh in on recent events from his high-bandwidth cybershell plugged directly into the BBC archives mainframe. As usual, the documentary filmmaker and media maestro presents an unconventional take on events in long form that will leave you confused or better informed and often both. In this installment, his long arc points out the manner in which secrecy breeds confusion, suspicion, and treachery; and contrasts that with the open force of love most of us are more familiar with. Or as he puts it, > In fact in many cases [the history of spies] is the story of > weirdos who have created a completely mad version of the world that > they then impose on the rest of us. He also has some trenchant warnings for journalists who tend to enjoy hearing and relaying fantastic stories: they may be serving to reinforce and perpetuate illusions of hidden power and secret knowledge, keeping intelligence budgets high even though the recipients are unable to demonstrate results (that's a state secret). More succinctly, Curtis cites one historian's description of a particularly credulous journalist's relationship with anonymous government sources: > "[He was a] kind of official urinal in which ministers and > intelligence and defence chiefs could stand patiently leaking." I'm reminded of AP reporter Adam Goldman's statement during the confusion sown by the Daily Beast's reporting on a top sekrit AQAP "Legion of Doom" conference call that turned out not to be a call at all: https://twitter.com/adamgoldmanap/status/365115189709910016 > As one former senior CIA official once told me: "Who says we can't > lie to reporters? It's not a crime." Yet despite the punking, Curtis leaves a piece of cheese for journalists at the end of his maze. HT Eugen Leitl via Cypherpunks (thanks!) gf - -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.19 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBCgAGBQJSCbRrAAoJEMaAACmjGtgjVvkQAJoofjCKrrvvLjPMDpL+KP/s oxE8CxO6pcS2QNjwvSIW7oTmd3xpPaOrU7SkMerWwxJMay4LoxO9gsZggm60fiho nl1tCYZp+T/rIoTF/fBXUJSQOFpW7eH0NwADv7ofbSfTKLcXNT3qXT50zkFwf09s sldqtzzFPERtJJkcz3YbqjilZA2WFbb4gaCTemEQz2ZnJ+18EnocDl/SyKipje7p xUEKwVgoLeIf0ynOWPNYop0hSsc6Dmsy2iNi02G4e1KdR5T39Qgg99Ucs4K4EseD wbIInqEA05GomOpV1PP5cChZ3sUykIfNxTN0J6ZQcN6iP9k/GxL/pXgfkuMR0j7p Gd333uDL85e+vmH/a7fvXggzXVYo9fJ0WCIgQy3pXbm3BJkm0JAY2Lp3BUbE/9Z6 PzlYkNZmTAUu6MPOBiC0vesxuVlYgMkkbLENBpCLw/NHVh++S/eP3kx2p3jgF8D+ fcyjJQ/3x13Aa/TfrmyoIZlgBGYdC5Ld0lan16de+apSPCPwC6dp+TGvYhsjRio7 lzfEN5eNTEU3nFk4VURB/wPT0ViB0W+0KpSMinL89DqtejVP5aeQP9m3+iue3sKV /ReSq1cyn7vOiOH+aP4gTV7wklQrTlft4TESd/ceMQMQraZOPidRN7R2HW/5Vhf0 y8npV0XyDdwT3vfqg+iF =w36q -END PGP SIGNATURE- -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] Bruce Sterling on the moment
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Medium (Aug 3) - "The Ecuadorian Library: or, The Blast Shack After Three Years" by @bruces: https://medium.com/geek-empire-1/a1ebd2b4a0e5 HT @maupuia, https://twitter.com/maupuia/status/363499310043774976 gf - -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.19 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBCgAGBQJR/K1UAAoJEMaAACmjGtgj3agQAIv8XI/+8fnvHopFDbllx5zS 8OxYuTVOGoNnSNxDC77kIH3ZLlYmXWVtG5QzxVwK76pFngxUALmNj1kBEXf0ki7n 9PZ8s88XM9MHBmH15Oh4LA9Rd48Gt9kxw8CmH4NnCUc3Lf42IhhTYUamsdpDyfSp 6z6gyRBhXrUaoHmTfPLWKc65C7endLRqS8r1jVe8uUCsYSWZuK62Ie8zFUhAgZ4C xVaa8ckc9YWMHlUe9M9nzN28GtRHs9G53P9YRwfVqA7zIX3MxDdY1WpBa+aVLcSD C0d1hKC+dOkOgWHWHCOgqn6FBdKDa2FPPTjmQWYmsier5iHcheCXDMccyQKrVRMu Np+4ja7Q1Q65kvNVvzqb82HdfL73d5xxSI1MfNzPx/wDD7ezUYZfVadp40H9QDxb RQF8xrj16Y9Tc0kci4XNhIaOyyxpDjd63pSgVNk022oNk5NAQ0i157CB705izWxn FwgEfQzRK8HEHcvNa5bqTa0pb4CTw3/MqmQvpR0U9tQrHC56MkKRxYR+1awq2Oxx JG5V/cLf/5h7qLMTE2u6eugWEEakx578yW5+do6APXDGs9WEcUOx3DTV0lR0k2YP J4MVgsfNnkaybK1RaNAHXkzREgBq2tyzuRWvUKBJlK3H0xQX6CChlRek9ySz3Rc7 Po+54S4szz6n8F2/zvJd =dpfA -END PGP SIGNATURE- -- Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] EFF presentation at SIGINT
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 EFF (Jul 5) - "The Politics of Surveillance: Understanding the National Security Agency" by @RaineyReitman: http://www.youtube.com/watch?v=OESf9y-638k Kudos to EFF for fighting the good fight, and kudos to Rainey for synthesizing and presenting a lot of useful information. Mentioned in the talk, Freedom of the Press Foundation (Jul 2) - "Encryption Works: How to Protect Your Privacy in the Age of NSA Surveillance" by @micahflee: https://pressfreedomfoundation.org/encryption-works gf - -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.19 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBCgAGBQJR80dJAAoJEMaAACmjGtgj9PwP/2O6erOD9Zciwh1wEWe/RpAm av4b9ZDQhcIwkMbCBKL7ptlKYe5lHIlTXqsrfdOJFRCekJYBoenKbyex2qHGi/S+ 1w0C3Qc2CNtjsIOmynDGS2dNa6YeuaRvZkQZ/BkxG5VTV703+JafaCmS2+bGL3uD oWdlbEgLIn/pGM8Hc0Epa7hsrkKt8CuQWSmqu74uuOtzUfCBYQ77/ojDlcOD/CG4 FQVNyB/PyrXXJKg/gPbhRxoWyEQ3DtfFE5/NwVKnpxCJmYeFQy3XV2ZRvGg63xat m4e49c5irQy4MOsJ6eXCvCy+uWIp7/+ce1BFHVS2SxsdAjpsyT2ZnSi9XwGJ0nGd mp9It1cbZ44N+NbrBOOC6nN3tzdFS/jbnaq2GKjnssRAamEdNG/2cYQUtK8EGtMd nWy6rKuJwNxrk8IIqJFNaACPxyeEkhckkajKoUUJRqGOth7LDv0zZI8Y0mEU07OW cZIIBr5KOn1PhPGbqNbPMJjba3cdBVAOauHmlFlWB/0vqv0x3fv8tUhji5hoZOgC Vb2YyfcdkKcvu4m7iKkLOXtLdbwITmzC8iavYFcrurUh3jdvDNcr4aw2+gJFeFBR p/+yMSfb29hW2/5G3QZUNK24+eFAsiGaUG7XFgS480PvTJV0fFxFDzkW0KTFx9qF vbug+icoNC2cBwG1Ju3o =gnIq -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] CRS on NSA Surveillance Leaks
Congressional Research Service (Jul 2) - "NSA Surveillance Leaks: Background and Issues for Congress": http://www.fas.org/sgp/crs/intel/R43134.pdf From the Introduction: Recent media stories about National Security Agency (NSA) surveillance address unauthorized disclosures of two different intelligence collection programs. These programs arise from provisions of the Foreign Intelligence Surveillance Act (FISA). However, they rely on separate authorities, collect different types of information, and raise different policy questions. As such, where possible, the information contained in this report distinguishes between the two. For both programs, there is a tension between the speed and convenience with which the government can access data of possible intelligence value and the mechanisms intended to safeguard civil liberties. The first program collects and stores in bulk domestic phone records that some argue could be gathered to equal effect through more focused records requests. The second program targets the electronic communications of non-U.S. citizens but may incidentally collect information about Americans. The following sections address (1) what information is being collected; (2) the legal basis for the collection; (3) existing oversight mechanisms; and (4) arguments for and against the two programs. The last section of this report discusses legislation that has been proposed in response to information disclosed about NSA surveillance. Because documents leaked to the news media may be classified, CRS is precluded from providing a detailed analysis of the content of those documents. The information in this report is based largely on public comments from intelligence officials and Members of Congress. via @saftergood http://blogs.fas.org/secrecy/2013/07/nsa-surv/ gf -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Salt Lake Tribune on NSA's Utah Data Center
The Salt Lake Tribune (Jun 29) - "NSA in Utah: Mining a mountain of data" by @Tony_Semerad: http://www.sltrib.com/sltrib/news/56515678-78/data-nsa-http-www.html.csp?page=1 Nice compilation of information, including new interviews, by reporters at The Salt Lake Tribune. Salt Lake is just 20 miles from Bluffdale where the NSA's $1.5 billion, 1 million square foot data center is scheduled to open this fall. gf -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] NATO on "Hackers for Hire"
YouTube (Jun 29) - "Hackers for hire (NATO Review)": http://www.youtube.com/watch?v=MkOYfWdBLeg Hackers are the 21st century warriors who worry many. As everything we use becomes increasingly connected, so their opportunities to hack, divert or destroy increase. NATO Review talked to some hackers to see what motivates them - and finds out that they can actually be a force for good too. Features @k8em0, @manicode, and @evanbooth. gf -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Fwd: Schrodinger’s Catnip: Questions & Answers on NSA Data Collection
Thank you for forwarding this, Yosem. For reference, here's the article online: http://www.raschcyber.com/1/post/2013/06/schrodingers-cat-nip.html The blog byline credits Mark Rasch and Sophia N. Hannah - and suggests that the authors are working on an analysis of PRISM, which I hope will also be forwarded to LibTech upon release. FYI, I've taken the liberty of replacing the original text forwarded to the list with a copy of the online text because the original character encoding introduced artifacts which made subsequent forwards hard to read. It also looks like there may have been subsequent edits. Thanks to the authors for this helpful analysis - gf Original Message Subject: [liberationtech] Schrodinger’s Catnip: Questions & Answers on NSA Data Collection Date: Thu, 13 Jun 2013 20:09:23 -0700 (PDT) From: Yosem Companys Reply-To: liberationtech To: Liberation Technologies CC: Mark Rasch From: Mark Rasch Schrodinger's Catnip DISCLAIMER: I know nothing about the NSA surveillance programs other than what I read in the papers. Thus, my legal analysis of the program may be completely wrong, since they are highly fact dependent. The NSA programs to retrieve and analyze telephone metadata and internet communications and files (the former I will call the telephony program, the latter codenamed PRISM) are at one and the same time narrow and potentially reasonably designed programs aimed at obtaining potentially useful information within the scope of the authority granted by Congress. They are, at one and the same time perfectly legal and grossly unconstitutional. It’s not that I am of two opinions about these programs. It is that the character of these programs are such that they have both characteristics at the same time. Like Schrodinger’s cat, they are both alive and dead at the same time – and a further examination destroys the experiment. Let’s look at the telephony program first. Telephone companies, in addition to providing services, collect a host of information about the customer including their name, address, billing and payment information (including payment method, payment history, etc.). When the telephone service is used, the phone company collects records of when, where and how it was used – calls made (or attempted), received, telephone numbers, duration of calls, time of day of calls, location of the phones from which the calls were made, and other information you might find on your telephone bill. In addition, the phone company may collect certain technical information – for example, if you use a cell phone, the location of the cell from which the call was made, and the signal strength to that cell tower or others. From this signal strength, the phone company can tell reasonably precisely where the caller is physically located (whether they are using the phone or not) even if the phone does not have GPS. In fact, that is one of the ways that the Enhanced 911 service can locate callers. The phone company creates these records for its own business purposes. It used to collect this primarily for billing, but with unlimited landline calling, that need has diminished. However, the phone companies still collect this data to do network engineering, load balancing and other purposes. They have data retention and destruction policies which may keep the data for as short as a few days, or as long as several years, depending on the data. Similar “metadata” or non-content information is collected about other uses of the telephone networks, including SMS message headers and routing information. Continuing with the Schrödinger analogy, the law says that this is private personalinformation, which the consumer does not own and for which the consumer has no expectation of privacy. Is that clear? Federal law http://www.law.cornell.edu/uscode/text/47/222calls this telephone metadata “Consumer Proprietary Network Information” or CPNI. 47 U.S.C. 222 (c)(1) provides that: Except as required by law or with the approval of the customer, a telecommunications carrier that receives or obtains customer proprietary network information by virtue of its provision of a telecommunications service shall only use, disclose, or permit access to individually identifiable customer proprietary network information in its provision of (A) the telecommunications service from which such information is derived, or (B) services necessary to, or used in, the provision of such telecommunications service, including the publishing of directories. Surprisingly, the exceptions to this prohibition do not include a specific “law enforcement”or “authorized intelligence activity” exception. Thus, if the disclosure of consumer CPNI to the NSA under the telephony program is “required by law” then the phone company can do it. If not, it can’t. But wait, there’s more. At the same time that the law says that consumer’s telephone metadata is private, it als
[liberationtech] NSA Director Alexander @ Senate Appropriations Committee (Jun 12)
U.S. Senate Committee on Appropriations (Jun 12) - "Hearing on Cybersecurity": http://www.appropriations.senate.gov/ht-full.cfm?method=hearings.view&id=33dda6f9-5d83-409d-a8c5-7ada84b0c598 Complete video of the hearing and prepared testimony of each of the witnesses is linked here. This previously scheduled hearing received some press today as it was General Keith B. Alexander's first public appearance since the inception of the Snowden event. The General's prepared testimony provides a useful primer on the NSA/CSS and its relationship with Cyber Command - the US military branch active in the networked domain (PDF download): http://www.appropriations.senate.gov/ht-full.cfm?method=hearings.download&id=6ae112a2-f7e1-4c6e-92a9-bd7b16f2824e gf -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] DNI Clapper's NBC interview
Office of the Director of National Intelligence (Jun 10) - "Director James R. Clapper Interview with Andrea Mitchell, NBC News Chief Foreign Affairs Correspondent (Liberty Crossing, Tyson's Corner, VA: Jun 8, 1pm)": http://www.dni.gov/index.php/newsroom/speeches-and-interviews/195-speeches-interviews-2013/874-director-james-r-clapper-interview-with-andrea-mitchell NBC (Jun 8) - "Clapper: Surveillance leaks fallout is 'gut-wrenching'": http://www.nbcnews.com/id/21134540/vp/52144169#52144169 Ms. Mitchell: Senator Wyden made quite a lot out of your exchange with him last March during the hearings. Can you explain what you meant when you said there was not data collection on millions of Americans? Director Clapper: First, as I said, I have great respect for Senator Wyden. I thought though in retrospect I was asked when are you going to start--stop beating your wife kind of question which is, meaning not answerable necessarily, by a simple yes or no. So I responded in what I thought was the most truthful or least most untruthful manner, by saying, “No.” And again, going back to my metaphor, what I was thinking of is looking at the Dewey Decimal numbers of those books in the metaphorical library. To me collection of U.S. Persons data would mean taking the books off the shelf, opening it up and reading it. Amongst unrelated psychological hypotheses, I have encountered no better proof that the NSA's operating legal definition of the verb "to collect" stipulates a human being requesting specific information. This is the legal cover NSA whistleblower Bill Binney has emphasized as enabling the NSA's automated *collection* of digital content. And yes, Director Clapper compared the NSA's datastore to "an electronic library" - wherein you, and I, and all human beings are therefore: the books. Does Director Clapper know you cannot judge a book by its cover? ... gf -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] NSA whistleblower revealed
On 6/10/13 4:40 PM, Tom Ritter wrote: On 9 June 2013 17:43, Matt Johnson wrote: I have to say going to Hong Kong for free speech and safety seems like a very odd choice to me. What was he thinking? I actually think Hong Kong seems pretty smart. Parroting the news organizations, Hong Kong has some extradition protection against political crimes. Christian Science Monitor (Jun 10) - "Edward Snowden: Why the NSA whistleblower fled to Hong Kong" by Peter Ford (Beijing): http://www.csmonitor.com/World/Asia-Pacific/2013/0610/Edward-Snowden-Why-the-NSA-whistleblower-fled-to-Hong-Kong Has details on recent changes in Hong Kong's asylum law relevant to this case. HT @douglasmcnabb, https://twitter.com/douglasmcnabb/status/344216800227119104 gf -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] NATO examining role on cyber threats
NATO defense ministers are meeting in Brussels at the organization's first high-level meeting dedicated to cyber defense. Reuters (Jun 4) - "NATO boosts cyber defenses but members differ on its role": http://www.reuters.com/article/2013/06/04/us-nato-cybersecurity-idUSBRE95318Q20130604 The meeting website has documentation of publicly available statements and Q&A. NATO (Jun4-5) - "Meetings of NATO Ministers of Defence": http://www.nato.int/cps/en/natolive/events_100946.htm This 5-minute NATO-produced video juxtaposes the meeting in Brussels with the Hack in the Box computer security event which occurred in Amsterdam at the end of May. YouTube (Jun 4) - "Collaborating against cyber threats" by NATOCOMMUNITY: http://www.youtube.com/watch?v=jLrL_4k-Dhw For reference, here's the Hack in the Box event website. #HITB2013AMS http://conference.hitb.org/hitbsecconf2013ams/ gf -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Flaming Google
Please note the subject change, as the previous subject featured "Microsoft" - a notable reflection of the tides of history. In short, what price will you pay for your privacy? Google (like Facebook), makes the majority of its money by selling advertisements (I've heard on the order of 95% of Google's revenue is generated by AdWords). Like everything else the Internet touches, advertising has been disrupted by the innovations introduced by companies like Google and Facebook. In this case, the innovation is highly accurate micro-targeting of groups. For example, on Facebook you can place an advertisement that targets only current employees of a particular organization - because individuals document their employment history on Facebook. Disruption of the advertising industry has been enabled by the acquisition and compilation of information on individuals. We, as individuals, voluntarily provide our personal information to these organizations in the process of using the tools and amusements they provide to us - crucially, at no direct financial cost to us. The quantity and accuracy of aggregated personal data largely determines the amount of advertising revenue that can be generated. Therefore these organizations are incentivized to collect more and more personal data. In some circumstances (but not all), these same organizations provide paid versions of their tools which provide privacy guarantees, such as Google Apps for Business which includes GMail. It's worth noting there is no privacy protecting version of Facebook. So this calculus is pretty simple. If your privacy is worth something to you, what will you pay to keep it? Trouble finding privacy protective substitute technologies? Well, that's part of our answer. Technology has a cost for the convenience it provides, and that cost is not just economic. As McLuhan said, every technology is simultaneously an amplification *and an amputation*. And lately, there's a lot of severed personal data being scooped up. gf -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] A Digital Safe Haven for Syria
An observation, ymmv. The NYT op-ed is by Chris Finan. He was recently the Director for Cybersecurity Legislation in Obama's White House: http://www.linkedin.com/pub/chris-finan/5/a35/19 http://www.netcaucus.org/biography/christopher-finan.shtml For context, here, Finan analyzes problems with usage of the "cyber Pearl Harbor" signifier...before going ahead and deploying it in support of the Cybersecurity Act of 2012: http://thehill.com/blogs/congress-blog/homeland-security/267945-five-reasons-why-congress-should-pass-cybersecurity-act-of-2012 In the op-ed, Finan suggests NSA Director General Keith B. Alexander's Cyber Command could set up and operate the crisis zone wireless infrastructure: For example, through the military’s new Cyber Command, we could create a digital “safe haven,” akin to physical safe havens for refugees, by deploying long-distance Wi-Fi technologies along Syria’s borders and in rebel-held areas in coordination with vetted opposition groups. Platforms that enable [point-to-point] transmission of Wi-Fi signals over distances of up to 60 miles are already in use in parts of South Asia and other rural markets. I would suggest, from a Signals Intelligence point of view, it would be very helpful to own the infrastructure. Finan continues, Subsequent actions could include measures to counter the Assad regime’s capacity to monitor opposition communications within the existing telecommunications infrastructure. Question: is one of the potential unintended consequences of connecting to a Cyber Command network from within Syria the effect of making one's router a part of the battlefield? Again, ymmv - gf On 5/27/13 8:37 PM, Andrew Lewis wrote: I guess the better question is there anyone else out there that would like to look further into this? I know that there are a bunch of tech folks have looked into it and have a ton of ideas, and would be chomping at the bit to actually work on this. The issues that have arisen are mainly of political, policy, or resources not technical feasibility. I know that if I'd be willing to work on it right away, along with many others, if these issues could be solved or handled by people with that sort of expertise dealing with the non-technical aspects. Maybe some existing support org would be interested in stepping forward to coordinate, and work towards such a solution? With that being said, I expect that there are some ongoing efforts toward such efforts, who maybe acting under the radar for various reasons, and wouldn't want to step on any toes. -Andrew On May 28, 2013, at 8:09 AM, Eleanor Saitta wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 2013.05.27 10.57, Yosem Companys wrote: From: *David Farber* mailto:d...@farber.net>> Anyone believe this would actually work? LETTER A Digital ?Safe Haven? for Syria http://www.nytimes.com/2013/05/24/opinion/a-cyberattack-campaign-for-syria.html Technically? Yes. I and other folks have done the logistical evals, looking at a variety of sites, etc. Politically? That's a fascinating and open question. E. - -- Ideas are my favorite toys. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.17 (MingW32) iF4EAREIAAYFAlGjvYAACgkQQwkE2RkM0wrDkQD/XaurdhRKOpd+3Ulr2No9ryIZ AryoBmdrEPPfu8K9waIA/0W2onOzsOJwmYZdWVgdCpNFlZUdOFO//5vky071Bq/y =5vUr -END PGP SIGNATURE- -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Cell phone tracking
On 5/24/13 3:04 PM, Eugen Leitl wrote: On Fri, May 24, 2013 at 12:56:32PM -0700, Yosem Companys wrote: From: Dan Gillmor Given the vanishingly small likelihood that companies or governments will do anything about cell phone tracking, I'm interested in what countermeasures we can take individually. The obvious one is to turn off GPS except on rare occasions. I'll be discussing all this in an upcoming book, and in my Guardian column soon. So I'd welcome ideas. Pull out the battery. That's the only thing that's guaranteed to work. Even with GPS switched off you can be triangulated by base stations by receiving a silent text. RF-shielding Faraday containers you can drop your mobile devices into: e.g., http://www.faradaybag.com/ gf -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Magistrate Judge pwns FBI hacking request
The WSJ's Jennifer Valentino-DeVries broke this story yesterday, unfortunately behind the WSJ's paywall: https://twitter.com/jenvalentino/status/327172745332916225 For a solid summary, see @rj_gallagher's coverage at Slate: Slate (Apr 25) - "Judge Rejects FBI Attempt to Use Spyware to Infiltrate Unknown Suspect's Computer" by Ryan Gallagher: http://www.slate.com/blogs/future_tense/2013/04/25/texas_judge_denies_fbi_request_to_use_trojan_to_infiltrate_unknown_suspect.html Or go straight to the Memorandum and Order, which is quite the read: http://www.scribd.com/doc/137842124/Texas-Order-Denying-Warrant Magistrate Judge Stephen Smith of the Southern District of Texas was presented with an FBI affidavit requesting a Rule 41 search and seizure warrant targeting an unknown computer at an unknown location used by an unknown suspect(s). The lack of specificity was sufficient grounds for declining to issue the warrant, and Judge Smith goes through each of Rule 41's five territorial limits which the government's application failed to satisfy. Although it's interesting to see that the FBI hoped to satisfy the territorial limit by performing the search on the computer's data once it was brought into the Judge's territory, the interesting part concerns just how the FBI hoped to acquire and transport that data: by cracking or phishing into the unknown target computer, installing a sophisticated piece of malware, searching for and gathering information for 30 days, while exfiltrating significant quantities of data out of the system. What kind of data? Although the original affidavit and the revised affidavit were sealed (the FBI having been given at least one opportunity to clarify their intent), Magistrate Judge Smith was kind enough to cite the section of the affidavit which details exactly what information the FBI intended to acquire from the unknown computer: (1) records existing on the Target Computer at the time the software is installed, including: records of Internet Protocol addresses used; records of Internet activity, including firewall logs, caches, browser history and cookies, "bookmarked" or "favorite" Web pages, search terms that the user entered into any Internet search engine, and records of user-typed Web addresses; records evidencing the use of the Internet Protocol addresses to communicate with the [victim’s bank’s] e-mail servers; evidence of who used, owned, or controlled the TARGET COMPUTER at the time the things described in this warrant were created, edited, or deleted, such as logs registry entries, configuration file, saved user names and passwords, documents, browsing history, user profiles, e-mail contents, e-mail contacts, "chat," messaging logs, photographs, and correspondence; evidence of software that would allow others to control the TARGET COMPUTER; evidence of times the TARGET COMPUTER was used; and records of applications run. (2) prospective data obtained during a 30-day monitoring period, including: accounting entries reflecting the identification of new fraud victims; photographs (with no audio) taken using the TARGET COMPUTER's built-in camera after the installation of the NEW SOFTWARE, sufficient to identify the location of the TARGET COMPUTER and identify persons using the TARGET COMPUTER; information about the TARGET COMPUTER's physical location, including latitude and longitude calculations the NEW SOFTWARE causes the TARGET COMPUTER to make; records of applications run. Later in the Memorandum, Judge Smith takes the FBI to task for having the gall to state: Steps will be taken to assure that data gathered through the technique will be minimized to effectuate only the purposes for which the warrant is issued. The software is not designed to search for, capture, relay, or distribute personal information or a broad scope of data. The software is designed to capture limited amounts of data, the minimal necessary information to identify the location of the TARGET COMPUTER and the user of TARGET COMPUTER. I applaud Magistrate Judge Stephen Smith for his principled action in this circumstance, which is one amongst many significant actions he has taken to resist court secrecy, the abuse of secret "gag" orders, and the application of the Constitution to electronic surveillance requests: http://www.fclr.org/fclr/articles/html/2009/jmffedctslrev5.pdf https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2071399 http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2143339 Please consider sharing this information with others. gf -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Mobile Phone Use Patterns: The New Fingerprint
Thank you very much for sending this study. One of the common assertions we are hearing about so-called "historical" geolocation data as compared to "realtime" geolocation data is that the greater geospatial accuracy of the realtime ping creates an increased privacy interest for the targeted individual. One can make the argument that the ever-increasing density of cellphone towers and femtocells makes historical cell site/radio locations as accurate as realtime pings/multilaterations. But one also has to admit that cell towers out in some alleged rural area must cover "hundreds of square miles." This study provides much needed validation of the intuitive understanding we all have that the historical record of our movements accumulated over time reveals much more about us than an isolated realtime ping. And that we have a privacy interest in both forms of data. Again, thanks for sending this. gf On 3/27/13 8:24 AM, Enrique Piraces wrote: This may be of interest to the list, an interesting study. Mobile Phone Use Patterns: The New Fingerprint Mobile phone use may be a more accurate identifier of individuals than even their own fingerprints, according to research published on the web site of the scientific journal Nature. Scientists at MIT and the Université catholique de Louvain in Belgium analyzed 15 months of mobility data for 1.5 million individuals who the same mobile carrier. Their analysis, “Unique in the Crowd: the privacy bounds of human mobility” showed that data from just four, randomly chosen “spatio-temporal points” (for example, mobile device pings to carrier antennas) was enough to uniquely identify 95% of the individuals, based on their pattern of movement. Even with just two randomly chosen points, the researchers say they could uniquely characterize around half of the 1.5 million mobile phone users. The research has profound implications for privacy, suggesting that the use of mobile devices makes it impossible to remain anonymous – even without the use of tracking software. More: http://securityledger.com/mobile-phone-use-patterns-the-new-fingerprint Best, Enrique Piracés Human Rights Watch https://www.hrw.org https://www.twitter.com/epiraces -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] @KandaharMedia
YouTube (Mar 25) - "War of the words - Afghanistan's information battle" by NATO: http://www.youtube.com/watch?v=3ZSKk6HwvgE re: the Kandahar Media and Information Center (KMIC) https://twitter.com/KandaharMedia http://www.kandahar-gov.com/english/ ymmv, gf -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] list reply-all
If we're going to require people to use their brains, perhaps its not too much to ask that individuals take responsibility for paying attention to who they are speaking to. This is not a personally configurable setting on the mailing list software, and we're relegated to a dualistic choice that cannot satisfy all participants, yet we still must choose and have previously chosen. If this will be a recurring issue, perhaps we should structure a yearly survey/vote. gf On 3/20/13 12:37 PM, Matt Mackall wrote: On Wed, 2013-03-20 at 18:02 +0200, Maxim Kammerer wrote: Isn't that a valid point? No, it's a useless imaginary construct. A valid point would be an example (preferably, more than one) of such an email on this list, where it would be possible to debate whether the person actually deserved losing his job / life for hastily sending said email. Am I reading this correctly? You need to personally witness someone make a potentially fatal mistake before you'll take a risk seriously? If you're unwilling to employ foresight as a decision-making aide, you may not be taking full advantage of your prefrontal cortex. -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Satellite phones for Rohingya in Burma
tracking, etc) and short of the Cryptophone Satellite phone ( http://www.cryptophone.de/en/products/satellite/ ) used in a very specific way, I wouldn't even touch one of those devices if I thought that the Burmese military was possibly targeting me. All the best, Jacob -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] TxEPC's Cellphone Tracking Legislation in Texas
--and the many more yet to come---please join our new mailing list. At the same time, you can opt-in to volunteer with us (we're all volunteers here) and indicate what you'd like to help out on. We can definitely use your help wrangling open records requests, planning events, fundraising, educating elected officials, building websites, and fighting the good fight! http://effaustin.nationbuilder.com/ Want to meet us in person? We're hosting a non-badge SXSWi event in coordination with national EFF and iSEC Partners next Saturday March 9th from 4-6pm at Capital Factory. TxEPC will take the stage to talk about our legislative push, drum up support, and ask for your financial help. We'll have cool "Geek Activist" t-shirts, coffee mugs, stickers, and buttons which we give away as gifts at certain donation levels. Registration is required and space is limited, so sign up and come meet as many privacy activists, civic hackers, and concerned citizens as we can fit in the place. https://www.eff.org/sxsw13party We’re also attending the Yale Information Society Project’s Location Tracking and Biometrics Conference this Sunday in New Haven, Connecticut. If you’ll be attending, keep your eyes open for Scott Henson of the Grits for Breakfast blog. http://yaleisp.org/event/location-tracking-and-biometrics-conference You can also follow us on Twitter, The Facebook (another battle!), and join our discussion list to share information and learn what's happening with and to online civil liberties around the country and world: http://twitter.com/effaustin http://facebook.com/eff.austin http://lists.effaustin.org/mailman/listinfo/effaustin-discuss_lists.effaustin.org If you'd like to follow the Texas Electronic Privacy Coalition, we're just getting our online presence off the ground (did I mention we could use some coders and designers?). For your reference, here's where we're at: http://txepc.org/ http://twitter.com/txepc And in case you were wondering, that's pronounced "Tex-EPIC" y'all! See you in the halls of the state legislature! -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] POTUS Executive Order on Cybersecurity
re: the privacy and civil liberties oversight provided for in the EO. [Section 5](b) The Chief Privacy Officer and the Officer for Civil Rights and Civil Liberties of the Department of Homeland Security (DHS) shall assess the privacy and civil liberties risks of the functions and programs undertaken by DHS as called for in this order and shall recommend to the Secretary ways to minimize or mitigate such risks, in a publicly available report, to be released within 1 year of the date of this order. As Shava pointed out, the DHS Officer for Civil Rights and Civil Liberties is currently Tamara Kessler. You may recall that the DHS Office for Civil Rights and Civil Liberties was in the news just last week. Wired (Feb 8) - "DHS Watchdog OKs 'Suspicionless' Seizure of Electronic Devices Along Border": http://www.wired.com/threatlevel/2013/02/electronics-border-seizures/ The Department of Homeland Security’s civil rights watchdog has concluded that travelers along the nation’s borders may have their electronics seized and the contents of those devices examined for any reason whatsoever — all in the name of national security. The DHS, which secures the nation’s border, in 2009 announced that it would conduct a “Civil Liberties Impact Assessment” of its suspicionless search-and-seizure policy pertaining to electronic devices “within 120 days.” More than three years later, the DHS office of Civil Rights and Civil Liberties published a two-page executive summary of its findings. “We also conclude that imposing a requirement that officers have reasonable suspicion in order to conduct a border search of an electronic device would be operationally harmful without concomitant civil rights/civil liberties benefits,” the executive summary said. Here's that executive summary, with the reviewing official listed as Tamara Kessler. http://www.dhs.gov/sites/default/files/publications/crcl-border-search-impact-assessment_01-29-13_1.pdf As Joseph said, we'll see if this oversight means much. gf On 2/13/13 10:12 AM, Nadim Kobeissi wrote: Andy Greenberg of Forbes wrote a story on this: http://www.forbes.com/sites/andygreenberg/2013/02/12/president-obamas-cybersecurity-executive-order-scores-much-better-than-cispa-on-privacy/ NK On Wed, Feb 13, 2013 at 11:10 AM, Shava Nerad <mailto:shav...@gmail.com>> wrote: On Wed, Feb 13, 2013 at 10:08 AM, Joseph Lorenzo Hall mailto:j...@cdt.org>> wrote: On Wed Feb 13 09:55:22 2013, Gregory Foster wrote: > Here's the President's Executive Order, embargoed last night until > delivery of the SOTU: > http://www.whitehouse.gov/the-press-office/2013/02/12/executive-order-improving-critical-infrastructure-cybersecurity > > > Section 5 addresses "Privacy and Civil Liberties Protections" for the > information that will be exchanged between critical infrastructure > providers and the DHS/USG. One quibble: the EO is mostly about flows from govt. to private sector and since there is no immunity provided like under other legislative proposals, it seems reasonable that sharing in the other direction will be circumspect. Would love to hear other thoughts on this. Glad to see a section on privacy although we'll have to wait to see if that ends up meaning much. best, Joe Well, it has a provision for full disclosure in a report with a classified sidecar. *ahem* I mean, come on. *heh* -- Shava Nerad shav...@gmail.com <mailto:shav...@gmail.com> -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] POTUS Executive Order on Cybersecurity
Here's the President's Executive Order, embargoed last night until delivery of the SOTU: http://www.whitehouse.gov/the-press-office/2013/02/12/executive-order-improving-critical-infrastructure-cybersecurity Section 5 addresses "Privacy and Civil Liberties Protections" for the information that will be exchanged between critical infrastructure providers and the DHS/USG. gf -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Chromebooks for Risky Situations?
Incidentally, NICTA are the same researchers hired by DARPA to make the U.S. drone fleet safe from hackers. Looks like there might be some open source tools emerging from the effort. http://www.theregister.co.uk/2012/11/19/nicta_develops_drone_protection/ gf On 2/13/13 6:54 AM, Eugen Leitl wrote: On Tue, Feb 12, 2013 at 09:01:37AM +0100, Andreas Bader wrote: So why not create a own OS that is really small because of its security? Chrome OS is small because it's cheap. If you were right then Android was the most secure system. Aren't there any Android viruses? RedHat seems to have less security holes than Chrome OS. http://ertos.nicta.com.au/research/l4.verified/ The L4.verified project A Formally Correct Operating System Kernel In current software practice it is widely accepted that software will always have problems and that we will just have to live with the fact that it may crash at the worst possible moment: You might be on a deadline. Or, much scarier, you might be on a plane and there's a problem with the board computer. Now think what we constantly want from software: more features, better performance, cheaper prices. And we want it everywhere: in mobile phones, cars, planes, critical infrastructure, defense systems. What do we get? Mobile phones that can be hacked by SMS. Cars that have more software problems than mechanical ones. Planes where computer problems have lead to serious incidents. Computer viruses spreading through critical infrastructure control systems and defense systems. And we think "See, it happens to everybody." It does not have to be that way. Imagine your company is commissioning a new vending software. Imagine you write down in a contract precisely what the software is supposed to do. And then — it does. Always. And the developers can prove it to you — with an actual mathematical machine-checked proof. Of course, the issue of software security and reliability is bigger than just the software itself and involves more than developers making implementation mistakes. In the contract, you might have said something you didn't mean (if you are in a relationship, you might have come across that problem). Or you might have meant something you didn't say and the proof is therefore based on assumptions that don't apply to your situation. Or you haven't thought of everything you need (ever went shopping?). In these cases, there will still be problems, but at least you know where the problem is not: with the developers. Eliminating the whole issue of implementation mistakes would be a huge step towards more reliable and more secure systems. Sounds like science fiction? The L4.verified project demonstrates that such contracts and proofs can be done for real-world software. Software of limited size, but real and critical. We chose an operating system kernel to demonstrate this: seL4. It is a small, 3rd generation high-performance microkernel with about 8,700 lines of C code. Such microkernels are the critical core component of modern embedded systems architectures. They are the piece of software that has the most privileged access to hardware and regulates access to that hardware for the rest of the system. If you have a modern smart-phone, your phone might be running a microkernel quite similar to seL4: OKL4 from Open Kernel Labs. We prove that seL4 implements its contract: an abstract, mathematical specification of what it is supposed to do. Current status: completed successfully. Availablility Binaries of seL4 on ARM and x86 architectures are available for academic research and education use. The release additionally contains the seL4 formal specification, user-level libraries and sample code, and a para-virtualised Linux (x86) Click here to download seL4 More information: What we prove and what we assume (high level, some technical background assumed) Statistics (sizes, numbers, lines of code) Questions and answers (high-level, some technical background assumed) Verification approach (for technical audience) Scientific publications (for experts) Acknowledgements and team What does a formal proof look like? [pdf] Contact For further information, please contact Gerwin Klein (project leader): gerwin.klein(at)nicta.com.au -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Is the Cyberwar beginning?
NYT (Feb 4) - "Broad Powers Seen for Obama in Cyberstrikes": http://www.nytimes.com/2013/02/04/us/broad-powers-seen-for-obama-in-cyberstrikes.html?pagewanted=all&_r=0 A secret legal review on the use of America’s growing arsenal of cyberweapons has concluded that President Obama has the broad power to order a pre-emptive strike if the United States detects credible evidence of a major digital attack looming from abroad, according to officials involved in the review. That decision is among several reached in recent months as the administration moves, in the next few weeks, to approve the nation’s first rules for how the military can defend, or retaliate, against a major cyberattack. New policies will also govern how the intelligence agencies can carry out searches of faraway computer networks for signs of potential attacks on the United States and, if the president approves, attack adversaries by injecting them with destructive code — even if there is no declared war. I'm somewhat amazed at the authorization for intelligence agencies to routinely "search" "faraway computer networks". That begs the question: well, how does one "search" a computer system? I'm guessing I can't use Google for that. And how far away is "faraway" - and will it always stay far away? Geographic borders are about to become more relevant to the Internet, a development which many would argue is counter to the spirit and purpose of the Internet. Given the network climate that the US government seems to be encouraging, sealed national networks such as China's Great Firewall may be considered forward-looking to future Net generations. And as regards this Administration's definition of "credible evidence" to justify pre-emptive strikes, look no further than the recently released DOJ memo on targeted killing of Americans by the American government, which states: “The condition that an operational leader present an ‘imminent’ threat of violent attack against the United States does not require the United States to have clear evidence that a specific attack on U.S. persons and interests will take place in the immediate future,” http://openchannel.nbcnews.com/_news/2013/02/04/16843014-exclusive-justice-department-memo-reveals-legal-case-for-drone-strikes-on-americans?lite gf On 2/5/13 2:56 PM, Yuval Adam wrote: Distinction should be made between 'classic' military cyber-force buildup (be it any type of resource), and privatized force. We can be assured, to a certain degree, that only agents of state (i.e. armies) have access to 'classic' strategic weapons. The same cannot be said about cyber weapons of similar (potential) magnitude. Probably the most disturbing aspect of "cyberwar" is the newspeak rhetoric. War has always been a violent state of affairs between countries/nations/alliances, while "cyberwar" never needs to be explained or otherwise justified - it just *is*. "Cyberwar" exists by its own right, with no need to claim who's Side A and Side B. It is effectively the perfect vague, always-existing, Orwellian state of war of the new era. -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Is the Cyberwar beginning?
Am 01.02.2013 08:52, schrieb Alex Comninos: I believe what we would consider these days a trojan, was embedded by the US in a SCADA system that the Russians then used. http://en.wikipedia.org/wiki/Siberian_pipeline_sabotage On 2/1/13 4:07 AM, André Rebentisch wrote: Nice that you come up with the missing term: Sabotage. Is (cyber) sabotage considered an act of war? Depends... WSJ (May 30, 2011) - "Cyber Combat: Act of War" by Siobhan Gorman and Julian E. Barnes: http://online.wsj.com/article/SB10001424052702304563104576355623135782718.html The Pentagon has concluded that computer sabotage coming from another country can constitute an act of war, a finding that for the first time opens the door for the U.S. to respond using traditional military force. gf -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Is the Cyberwar beginning?
Thanks for bringing up this subject, Andreas. I'll just add that aggression (cyber-aggression perhaps?) requires actors. And as Andreas points out, on January 27th the Pentagon announced approval of US Cyber Command's expansion from 900 personnel to 4,900 troops and civilians. WaPo (Jan 27) - "Pentagon to boost cybersecurity force" by Ellen Nakashima: http://www.washingtonpost.com/world/national-security/pentagon-to-boost-cybersecurity-force/2013/01/19/d87d9dc2-5fec-11e2-b05a-605528f6b712_story.html This five-fold expansion of personnel comes in the midst of threatened Defense budget cuts (the "sequester") and a draw-down of overseas engagements, which signifies something about its perceived necessity. More importantly, DOD Cyber Command (which is right next door to the NSA and led by the Director of the NSA) is staffing "combat mission forces" now that DOD has the green light to perform offensive operations across the Internet. There is a difference between covert operations concealed in black budgets (e.g., Stuxnet) and overtly embraced state-sanctioned aggression. Remember that Stuxnet has proven it is quite possible for actions initiated from the information environment to have kinetic effects in physical space (destroying Iran's centrifuges IMO constitutes an act of war). I wonder how the Internet may change as a result of this slow, methodical unfolding. And I do think we're embroiled in something quite different than the hyperbolic language acts that have been occurring since the early 90's. The language acts are precipitating the desired result. gf On 1/31/13 2:26 AM, Andreas Bader wrote: On 01-29-2013 the website http://www.syrian-martyrs.com/ got hacked. On 01-30-2013 there was a man in the middle attack on GitHub (?). On 01-27-2013 the Pentagon was boosting the "Cybersecurity Force". On 01-14-2013 "Red October" was exposed. And that were only the big incidents in this year. Things like that are accumulating. Are we slipping in the cyberwar experts are warning of since years? I just want to initiate a discussion. Your opinions? Sincerely, Andreas -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Finishing what Aaron Swartz started with PACER
nt accrues more than $10.00 of usage in a given quarter. In September 2011, this amount was increased to $15.00. If you accrue less than $15.00, your fees are waived for that quarter and your billing statement will have a zero balance. This policy change will be effective for the July 2012 statement. http://www.pacer.gov/psc/faq.html So that means that any individual using PACER can download 150 pages every quarter for free. If you use the RECAP plugin while you are doing it, those pages are automatically uploaded to the Internet Archive where they become true public records without having to do anything except click on a link. Here's the PACER registration page, where you will need a credit card to set up an account but don't necessarily have to be charged fees: https://www.pacer.gov/psco/cgi-bin/regform.pl Don't know what to download? That's where Aaron Greenspan's Project Asymptote and his public access law website PlainSite can help. As he explains in his post announcing the project, Aaron Greenspan wanted to find out all about Assistant United States Attorney Stephen P. Heymann, who played a role in prosecuting Aaron Swartz's case. And he did. Here's all of Heymann's cases: http://www.plainsite.org/flashlight/attorney.html?id=73864&table=attorneycases Now he wants to make "every U.S. Attorney and AUSA's full career as a prosecutor available to the public to examine in its entirety." So those are the links queued up in Project Asymptote. Register with PACER, start Firefox w/ RECAP installed, navigate to the Operation Asymptote site, and begin clicking links till you reach $15 in charges, which you won't be charged for. http://www.plainsite.org/asymptote/index.html That's what you might call poetic justice. gf On 1/19/13 7:13 PM, Aaron Greenspan wrote: Hi there, In case anyone is interested, I've built a tool to crowdsource the downloading of PACER materials. You can find details here: http://www.aarongreenspan.com/writing/essay.html?id=85 http://www.plainsite.org/asymptote/index.html Please help spread the word! Aaron Aaron Greenspan CodeX Fellow | Stanford Center for Legal Informatics | http://codex.stanford.edu Founder | PlainSite | http://www.plainsite.org -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Linguistics identifies anonymous users
29c3 - "Stylometry and Online Underground Markets" w/ Aylin Caliskan Islam, Rachel Greenstadt, and Sadia Afroz: http://www.youtube.com/watch?v=QRY2mfLpPCs http://events.ccc.de/congress/2012/Fahrplan/events/5230.en.html gf On 1/9/13 7:34 AM, Shava Nerad wrote: Such a framework can be social engineered as easily as SEO. I make a small living as a ghost writer and speech writer - the informal version of that very process. Several of my clients say my writing sounds more like them in print than they do, because they are less facile writers - but that is a fault that could be avoided in competent forgeries. ;) SN On Jan 9, 2013 8:25 AM, "Eugen Leitl" wrote: http://www.scmagazine.com.au/News/328135,linguistics-identifies-anonymous-users.aspx Linguistics identifies anonymous users By Darren Pauli on Jan 9, 2013 9:49 AM Researchers reveal carders, hackers on underground forums. Up to 80 percent of certain anonymous underground forum users can be identified using linguistics, researchers say. The techniques compare user posts to track them across forums and could even unveil authors of thesis papers or blogs who had taken to underground networks. "If our dataset contains 100 users we can at least identify 80 of them," researcher Sadia Afroz told an audience at the 29C3 Chaos Communication Congress in Germany. "Function words are very specific to the writer. Even if you are writing a thesis, you'll probably use the same function words in chat messages. "Even if your text is not clean, your writing style can give you away." The analysis techniques could also reveal botnet owners, malware tool authors and provide insight into the size and scope of underground markets, making the research appealing to law enforcement. To achieve their results the researchers used techniques including stylometric analysis, the authorship attribution framework Jstylo, and Latent Dirichlet allocation which can distinguish a conversation on stolen credit cards from one on exploit-writing, and similarly help identify interesting people. The analysis was applied across millions of posts from tens of thousands of users of a series of multilingual underground websites including thebadhackerz.com, blackhatpalace.com, www.carders.cc, free-hack.com, hackel1te.info, hack-sector.forumh.net, rootwarez.org, L33tcrew.org and antichat.ru. It found up to 300 distinct discussion topics in the forums, with some of the most popular being carding, encryption services, password cracking and blackhat search engine optimisation tools. While successful, the work faces a series of challenges. Analysis could only be performed using a minimum of 5000 words (this research used the "gold standard" of 6500 words) which culled the list of potential targets from tens of thousands to mere hundreds. It also needs to separate discussion on product information like credit cards, exploits and drugs from conversational text in order to facilitate machine learning to automate the process, according to researcher Aylin Caliskan Islam. And posts must be translated to English, a process which boosted author identification from 66 to around 80 per cent but was imperfect using freely available tools like Google and Bing. However both of these tasks were performed successfully, and further development including the use of "exclusive" language translation tools would only serve to boost the identification accuracy. Leetspeak, an alternative alphabet popular in some forum circles, cannot be translated. The project is ongoing and future work promises to increase the capacity to unmask users. This Islam said would include temporal information which would exploit users who logged into forums from the same IP addresses and wrote posts at around the same time. Antichat user analysis "They might finish work, come home and log in," Islam said. It could also tie user identities to the topics they write about and produce a map of their interactions, identify multiple accounts held by a single author, and combine forum messages with internet relay chat (IRC) data sets. "We want to automate the whole process." Afroz said while the work appeals to law enforcements and government agencies, it is not designed to catch users out. "We aren't trying to identify users, we are trying to show them that this is possible," she said. To this end, the researchers released tools last year, updated last December, which help users to anonymise their writing. One tool, Anonymouth, takes a 500 word sample of a user's writing to identify unique features such as function words which could make them identifiable. The other, JStylo, is the machine learning engine which powers Anonymouth. The Drexel and George Mason universities research team is composed of Sadia Afroz, Aylin Caliskan Islam, Ariel Stolerman
[liberationtech] Update on the Twitter Archive at the Library of Congress
Library of Congress Blog (Jan 4) - "Update on the Twitter Archive at the Library of Congress": http://blogs.loc.gov/loc/2013/01/update-on-the-twitter-archive-at-the-library-of-congress/ Five-page whitepaper mentioned at end of pretty remarkable blog. Library of Congress (Jan 2013) - "Update on the Twitter Archive At the Library of Congress": http://www.loc.gov/today/pr/2013/files/twitter_report_2013jan.pdf In April, 2010, the Library of Congress and Twitter signed an agreement providing the Library the public tweets from the company’s inception through the date of the agreement, an archive of tweets from 2006 through April, 2010. Additionally, the Library and Twitter agreed that Twitter would provide all public tweets on an ongoing basis under the same terms. The Library’s first objectives were to acquire and preserve the 2006-10 archive; to establish a secure, sustainable process for receiving and preserving a daily, ongoing stream of tweets through the present day; and to create a structure for organizing the entire archive by date. This month, all those objectives will be completed. To date, the Library has an archive of approximately 170 billion tweets. The Library’s focus now is on confronting and working around the technology challenges to making the archive accessible to researchers and policymakers in a comprehensive, useful way. It is clear that technology to allow for scholarship access to large data sets is lagging behind technology for creating and distributing such data. Even the private sector has not yet implemented cost-effective commercial solutions because of the complexity and resource requirements of such a task. The Library is now pursuing partnerships with the private sector to allow some limited access capability in our reading rooms. These efforts are ongoing and a priority for the Library. This document summarizes the Library’s work to date and outlines present-day progress and challenges. gf -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] CRS on Internet Governance and DNS
Steven Aftergood at the Federation of American Scientists (FAS) Secrecy News blog has posted a pair of Congressional Research Service (CRS) reports of relevance for the list: CRS (Jan 3) - "Internet Domain Names: Background and Policy Issues" http://www.fas.org/sgp/crs/misc/97-868.pdf CRS (Jan 2) - "Internet Governance and the Domain Name System: Issues for Congress": http://www.fas.org/sgp/crs/misc/R42351.pdf gf -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Browser-based Tor proxies
Here's a perspective on the project and its current challenges from Jacob Appelbaum and Roger Dingledine's Tor ecosystem talk at 29C3: http://www.youtube.com/watch?v=Rnbc_9JnVtc&feature=youtu.be&t=1h8s gf On 1/3/13 7:25 PM, Steve Weis wrote: I noticed a Stanford project for setting up browser-based, ephemeral Tor proxies. In their words, "the purpose of this project is to create many, generally ephemeral bridge IP addresses, with the goal of outpacing a censor's ability to block them." The core idea is that volunteers outside a filtered region can embed an "Internet Freedom" badge on their web pages. Visitors browsing from outside a filtered region can become short-lived proxies that relay traffic to and from the filtered region. When visitors navigate away from a volunteer page, the proxy disappears. https://crypto.stanford.edu/flashproxy/ https://crypto.stanford.edu/flashproxy/flashproxy.pdf Note that "flash" is not a reference to Adobe Flash. It's based on Websockets and Javascript. Also, I am not endorsing this technology for real-world use yet nor can attest to its security. I haven't looked at it in enough detail yet. -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] 29C3 whistleblower panel: Radack, Drake, Binney
In Jacob's keynote (~29:50), he encourages participants to attend the whistleblower panel later in the day. 29th Chaos Communication Congress (Berlin: Dec 27-30, 2012) - "Enemies of the State: What happens when telling the truth about secret US government power becomes a crime" by Jesselyn Radack, Thomas Drake, and William Binney: http://youtu.be/nc5i8aROQkk?t=34m36s http://events.ccc.de/congress/2012/Fahrplan/events/5338.en.html Radack, Drake, and Binney take thirty minutes each to present their respective stories - powerful stuff. Kevin Gosztola's write up gives a sense: http://dissenter.firedoglake.com/2012/12/29/us-whistleblowers-on-being-targeted-by-the-secret-security-state/ http://twitter.com/kgosztola Within the first minute of his talk (~1:28:36), William Binney describes the legal and intellectual property guidance he received when retiring from the NSA to set the scene for an announcement that he has created a "commercial product" which describes a software architecture akin to ThinThread: so I have that technology, it's on file, basically, with the Library of Congress, we have a copyright on it, so it's open to anybody for $45 you can get a copy, or you can go to the people here at the conference, they have, I gave them copies, you can get copies from them. So it lays out an architectural framework the entire process for how to automate an analysis business process across the entire process, whatever you're looking at, whatever kind of data you're doing because this applies to everything: stock market exchange, money exchange, you know, travel, phone calls, emails, Twitter, cloud, Facebook, whatever! So the point is, that this is the kind of, this whole process will give you an idea of what's really going on and the scale of what's happening. The Library of Congress defied my search queries. I didn't find mention on the CCC website, wiki, Twitter feeds, etc. Is this document(?) in digital form yet? Seems like it might be rather interesting. gf -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Jacob Appelbaum's 29C3 keynote
On 12/28/2012 05:10 AM, Gregory Foster wrote: YouTube (Dec 27) - "Jacob Appelbaum 29C3 Keynote: Not My Department": https://www.youtube.com/watch?v=QNsePZj_Yks Livestream recordings from the 29th Chaos Communication Congress (Hamburg, Germany: Dec 27-30) are being published quickly. There's something intriguing here for everyone: https://www.youtube.com/user/cccen https://events.ccc.de/congress/2012/wiki/Main_Page HT the always well-informed @nigroeneveld http://twitter.com/nigroeneveld/status/284507391628828672 ~6:30 - Jacob asks for a show of hands of those who had seen Frank Rieger and Rop Gonggrijp's talks. I couldn't count myself among those who had, so here's that information. 22nd Chaos Communication Congress (Berlin: Dec 27-30, 2005) - "Frank Rieger and Rop Gonggrijp - We Lost The War": http://www.youtube.com/watch?v=8bulE9vErfg https://events.ccc.de/congress/2005/fahrplan/events/920.en.html http://events.ccc.de/congress/2005/static/t/r/a/Transcribe_We_Lost_The_War_1de1.html Rop Gonggrijp http://en.wikipedia.org/wiki/Rop_Gonggrijp Here's Rop's blog posts on the themes of their talk: http://rop.gonggri.jp/?cat=3 Try this for a view into the Dutch hacking culture which Rop helped create: http://thesprawl.org/simstim/hippies-hell/ + lots of other very informative films to be found while navigating The Sprawl... Frank Rieger "We lost the war. Welcome to the world of tomorrow." http://frank.geekheim.de/?page_id=128 First published in "die datenschleuder," which Rieger describes as "the scientific journal for data travelers, published quarterly by the Chaos Computer Club, Germany since 1984," volume 89 (2005); downloads weren't working when I tried, but a copy was available elsewhere: http://ds.ccc.de/download.html http://dl.dropbox.com/u/72732917/die_datenschleuder-089-2005.pdf https://www.virustotal.com/file/0d6f75300c3cf6049e6ea8cd3c138100a0c9150a45661f1aca8e8840ff9d4087/analysis/1356901000/ ~ Following up, Rop Gonggrijp's 27C3 keynote (Berlin: Dec 27-30, 2010), "We come in Peace": http://www.youtube.com/watch?v=ALNovMk3fC8 http://events.ccc.de/congress/2010/Fahrplan/events/4302.en.html http://rop.gonggri.jp/?p=438 On 12/30/12 9:33 AM, Andreas Bader wrote: By the way: You have to say that Jakes Speech was more about "It IS our Department".. Agreed. gf -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Jacob Appelbaum's 29C3 keynote
YouTube (Dec 27) - "Jacob Appelbaum 29C3 Keynote: Not My Department": https://www.youtube.com/watch?v=QNsePZj_Yks Livestream recordings from the 29th Chaos Communication Congress (Hamburg, Germany: Dec 27-30) are being published quickly. There's something intriguing here for everyone: https://www.youtube.com/user/cccen https://events.ccc.de/congress/2012/wiki/Main_Page HT the always well-informed @nigroeneveld http://twitter.com/nigroeneveld/status/284507391628828672 gf -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] "Inside the Cave" of Obama's digital strategy
If you are curious about the state of contemporary technology use in politics, this is a pretty interesting compilation of information put together by a DC-based GOP consultancy in the wake of the latest U.S. Presidential election. I've uploaded the PDF slidedeck to DropBox to avoid the consultancy's requirement that one share personal information to gain access. "Inside the Cave: An In-Depth Look at the Digital, Technology, and Analytics Operations of Obama for America": http://dl.dropbox.com/u/72732917/engage-inside_the_cave-2012_12_22-a.pdf https://www.virustotal.com/file/42543e38f8d50477487c40c5c69114ca6d4d9cfe5a14dbf1c420d61ac57bdb6c/analysis/1356210049/ This was posted to the Progressive Exchange mailing list, which is a well-established community of technical and marketing staffers of progressive U.S. nonprofits, advocacy/political orgs, and consultancies. More often "reluctant techies" than not, this community's members are more interested in achieving their organization's mission than tracking the latest tech trends or engaging in questions about the design of technologies - though they are asked to do that as well. Lots of big hearts and green fields for competent technical guidance in the non-profit sector. http://www.progressiveexchange.org/welcome.htm gf Message: 4 Date: Fri, 21 Dec 2012 17:57:05 From: Colin Delany Subject: check out this great overview of Obama's 2012 digital campaign Hi, Patrick Ruffini and the folks at EngageDC have put together a terrific 90-plus-page overview slideshow of the Obama digital operation, with numbers, org charts and excellent quotes from people involved. Patrick's trying to get his fellow Republicans to realize what happened to them, but he's done us all a great service by pulling this together. I plan to steal from it with wild abandon. Download here: http://www.engagedc.com/inside-the-cave/ --cpd Colin Delany Epolitics.com -- dissecting the craft of digital political advocacy http://www.epolitics.com c...@epolitics.com 202-422-4682 @epolitics -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Social Media Combatants
YouTube (Dec 20) - "Israel: Unlawful Attacks on Palestinian Media" by Human Rights Watch: http://www.youtube.com/watch?v=dz4gcp78Ix4 Documents HRW's on-the-ground research into Israeli targeting of journalists during the November 2012 war. The 3.5 minute video excerpts an Al Jazeera interview in which Israeli government spokesman Mark Regev advocates interpreting the broadcast of "command and control" information as criteria for distinguishing "legitimate" journalists protected by international law from non-legitimate journalists who can be regarded as combatants and targeted as such. gf Australian Strategic Policy Institute blog "The Strategist" (Dec 13) - "Are social media users now legitimate targets?" by Chloe Diggins: http://www.aspistrategist.org.au/are-social-media-users-now-legitimate-targets/ Diggins is a Research and Analysis Officer in the Australian Army's Directorate of Army Research and Analysis (DARA) Land Warfare Studies Centre (LWSC): http://www.army.gov.au/our-future/DARA/LWSC In the blog post, which is qualified as Diggins' personal opinion rather than the established policy of her institution, Diggins reflects on what is characterized as "Israel and Hamas' recent social media war": Whether social media is making an effective contribution or not remains to be seen. However, by creating and perpetuating a narrative that influences public opinion, social media is contributing to a defined military operation and has become integral to the information and communication space. As a legitimate part of the conflict, social media (and its users) becomes a valid military objective. HT @MartinHume via @cencio4: http://twitter.com/cencio4/status/280420701599571970 gf -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Quantum computation & communication
ps, both in funding research with universities over the years and doing some of the research ourselves. We’ve played a substantial role in advancing this field,” Barker says. It's worth noting that Shor's Algorithm was first published in 1994. http://arxiv.org/abs/quant-ph/9508027 Jacob stated: If you have a specific passage where you feel that we state that classical encryption is a panacea to the problem of mass surveillance, I'd hope it is considered in the context of all the social discussion that has almost nothing to do with cryptography per se. (In any case, thanks for reading the book, I hope you enjoyed it!) I very much enjoyed reading the book. It's a timely document, a snapshot of the zeitgeist, a wide-ranging conversation amongst four admirable, courageous souls from our time. I learned quite a bit and have plenty of placemarks for further research, especially to expand my understanding of the international dimensions of the challenges we face. I wished I was there drinking whiskey with you, and who knows maybe we'll get a chance to someday. Nowhere in the text did any of the participants use the terms "panacea" or the dreaded "classical encryption" - those are my literary indiscretions. But the book title wouldn't be admirably resurrecting the signifier "Cypherpunks" (again, with the literary indiscretions!) if encryption weren't a primary theme. So, here's an important quotation, one which I present while emphasizing that the book is not in the least summarized by it: ...the universe, our physical universe, has that property that makes it possible for an individual or a group of individuals to reliably, automatically, even without knowing, encipher something, so that all the resources and all the political will of the strongest superpower on earth may not decipher it. And the paths of encipherment between people can mesh together to create regions free from the coercive force of the outer state. Free from mass interception. Free from state control. In this way, people can oppose their will to that of a fully mobilized superpower and win. Encryption is an embodiment of the laws of physics, and it does not listen to the bluster of states, even transnational surveillance dystopias. It isn't obvious that the world had to work this way. But somehow the universe smiles on encryption. Cryptography is the ultimate form of non-violent direct action. While nuclear weapons states can exert unlimited violence over even millions of individuals, strong cryptography means that a state, even by exercising unlimited violence, cannot violate the intent of individuals to keep secrets from them. Strong cryptography can resist an unlimited application of violence. No amount of coercive force will ever solve a math problem. But could we take this strange fact about the world and build it up to be a basic emancipatory building block for the independence of mankind in the platonic realm of the internet? And as societies merged with the internet could that liberty then be reflected back into physical reality to redefine the state? -- Julian Assange, from the introduction to _Cypherpunks: Freedom and the Future of the Internet_, p. 5-6. I think that's some great stuff, some crucial insights from hard-earned experience - experience which we all must admit is rather unique in this world. It's important. It's so important, that I'm going to insist that we get it right. So, to return to my concern - which I'll narrow even further: if we know RSA is "the most widely used public-key cryptosystem in the world," and we know RSA can be broken by a sufficiently large quantum computer using Shor's Algorithm, and we know there is significant research and development into building a sufficiently large quantum computer - shouldn't we help shift dependence upon RSA through our advocacy for popular encryption? And if not now, when? Especially when one considers that every stored RSA-encrypted ciphertext---and we have plenty of reasons to believe that everything is being stored somewhere---becomes effectively transparent when that last qubit hovers into place. Well, as soon as the quantum priests translate the ciphertext onto quantum punch cards... Let's advocate encryption---for all the reasons well stated by Assange and company---but let's recommend the "right" encryption. Now, WTF is "right"? Linguistic indiscretions are even worse :) gf -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Quantum computation & communication
After reading Assange, et. al.'s "Cypherpunks: Freedom and the Future of the Internet", wherein classical encryption is presented as a panacea for ensuring privacy in an age of mass surveillance, I found the following article succinct in questioning the long-term viability of that narrative (or at least insisting on some qualifications). Quantum computation and communication is still a long distance away, but this article provides the outlines of how that technology will be used (and abused) by the institutions that will be able to afford it. Aerospace & Defense News (Dec 19) - "Army Researchers Seek Secure Quantum Communications": http://www.asdnews.com/news-46753/Army_Researchers_Seek_Secure_Quantum_Communications.htm For the U.S. Army, a secure quantum communications network is a technology investment worth making. Meyers said physicists around the world are pursuing quantum teleportation research. "One day we will have communication over worldwide distances with quantum repeaters as mediators at nodes in between," Meyers said. "We'll be able to teleport information globally. What we'll have is tamper-resistant security." Cyber-security is a major concern for military and civilian sectors. "This is important," he said. "The greatest potential that a quantum communications network holds for the Army is secure communications." As quantum computing takes hold in the coming decades, the potential for hacking exponentially increases. "Quantum computers will be able to easily decrypt communications that are currently secure," Meyers said. "We're talking decryption in seconds instead of years. That's one reason why it's vital for us to explore quantum encryption." To understand the assertion that a sufficiently large quantum computer can (hypothetically) decrypt classically encrypted communications---from any time---see: http://en.wikipedia.org/wiki/Shor's_algorithm Will the economic effects of Moore's Law apply to quantum computers, facilitating the mass distribution and use of this technology for popular quantum cryptography? Probably not for some period of time, a time which may recapitulate the big iron power dynamics of the mainframe priesthood. It is that interim time period when there is likely to be a disparity in access to quantum computation that gives me pause. However, in researching this post I was happy to learn that this threat is understood and research is underway into post-Quantum cryptography, which looks like it can be implemented on classical computers. So predictable future problems may be mitigated by avoiding reliance on particular cryptographic techniques that are known to be breakable by quantum computers, such as the RSA algorithm used by many contemporary public-key cryptography systems: http://en.wikipedia.org/wiki/Post-quantum_cryptography I'll readily admit that I am about out of my depth here and welcome corrections and clarifications. If we see this probability emerging, then it seems like liberationtechnicians should be advocating review and redesign of the algorithms used in popular public-key cryptosystems. HT @ASDNewsCom via @MrKoot: http://twitter.com/ASDNewscom/status/281018815276539904 gf -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Social Media Combatants
Australian Strategic Policy Institute blog "The Strategist" (Dec 13) - "Are social media users now legitimate targets?" by Chloe Diggins: http://www.aspistrategist.org.au/are-social-media-users-now-legitimate-targets/ Diggins is a Research and Analysis Officer in the Australian Army's Directorate of Army Research and Analysis (DARA) Land Warfare Studies Centre (LWSC): http://www.army.gov.au/our-future/DARA/LWSC In the blog post, which is qualified as Diggins' personal opinion rather than the established policy of her institution, Diggins reflects on what is characterized as "Israel and Hamas' recent social media war": Whether social media is making an effective contribution or not remains to be seen. However, by creating and perpetuating a narrative that influences public opinion, social media is contributing to a defined military operation and has become integral to the information and communication space. As a legitimate part of the conflict, social media (and its users) becomes a valid military objective. HT @MartinHume via @cencio4: http://twitter.com/cencio4/status/280420701599571970 gf -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] US National Counterterrorism Center database
WSJ (Dec 12) - "U.S. Terrorism Agency to Tap a Vast Database of Citizens" by @JuliaAngwin: http://online.wsj.com/article_email/SB10001424127887324478304578171623040640006-lMyQjAxMTAyMDEwMzExNDMyWj.html?mod=wsj_valettop_email https://twitter.com/JuliaAngwin Apparently NCTC now has the authority to aggregate databases of information on US citizens and keep it for five years. In the event of reasonable suspicion NCTC can keep the data forever. Even better, they can share aggregated information with foreign governments. HT @csoghoian https://twitter.com/csoghoian/status/279264546487672832 ...who also mentioned the ex-NCTC Director now works at Palantir. https://twitter.com/csoghoian/status/279089350719967232 gf -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] @BaltoSpectator
Baltimore City Paper (Dec 2) - "Citizen Journalist Broadcasts Own Police Standoff": http://blogs.citypaper.com/index.php/2012/12/citizen-journalist-broadcasts-own-police-standoff/ Baltimore Sun (Dec 2) - "Local blogger surrenders to police after live broadcasting standoff" by @justin_fenton: http://www.baltimoresun.com/news/maryland/baltimore-city/bs-md-ci-waverly-barricade-20121201,0,3406641.story The legal facts of this event seem likely to hash out clearly. However, I encourage engagement as the event seems to embody a few themes of relevance for this list: - Some element within the Baltimore Police Department monitored @BaltoSpectator's Twitter account for some period of time prior to serving the warrant. The acts of speech were considered serious enough to justify an escalation of force. The exact details of that escalation are still emerging, but it's clear BPD "surrounded his home" and it also appears that SWAT was deployed. - @BaltoSpectator used social media to effect virtual witnesses to his arrest. Apparently a regular at Baltimore-area crime scenes through volunteer work for Investigative Voice and as an independent gadfly, he was concerned for his safety and it seems not a little bit paranoid. In the event, he was successful - gaining over 2,500 Twitter followers on Saturday with 20K listeners tuning in to the 5-hour live broadcast. - During the broadcast, @BaltoSpectator requested a 911 operator connect him to the BPD forces serving the warrant, eventually connecting with a negotiator (Lt. Jason Yerg). @BaltoSpectator broadcast that conversation with Lt. Yerg, providing transparency into and an accessible record of the negotiations. Given the legal precedents currently being established as regards filming law enforcement officers in the line of duty, livestreaming adds another layer of complexity. In this case, it appears to have ensured minimal use of force by the BPD. ymmv, gf On 12/1/12 11:49 PM, Douglas Lucas wrote: In the most recent post on his site, dated Dec 1 - http://baltimorespectator.blogspot.com/2012/12/freedom-under-fire-i-will-die-free.html - @BaltoSpectator claims he was detained for 40 days without charge, bail, or warrant, and that a lawyer and state Senator were told he wasn't there. Seeing my tweet about the above, @justin_fenton, crime reporter for the Baltimore Sun, said: "It was an involuntary commitment, as I recall. That's a whole convoluted tale that I dont have facts on" https://twitter.com/justin_fenton/status/275100147229278208 On 12/01/2012 11:20 PM, Gregory Foster wrote: As @MTarro stated: http://twitter.com/MTarro/status/275097615727726593 Just bizarre to read the @BaltoSpectator swat situation play out on Twitter. Almost like seeing IDF and Hamas tweet attacks. Lots to sort out here, but certainly a few things to talk about. Here's some loosely vetted resources to help track this event. Website: http://www.baltimorespectator.com/ Spreaker audio broadcast from the event: http://www.spreaker.com/user/baltimorespectator/live_stand_off_surrounded_by_cops Tweets from earlier, implicated in Baltimore PD's decision to recalibrate force when serving a Failure To Appear warrant? http://storify.com/drspaulding/earlier-tweets-baltospectator https://twitter.com/kennethlipp/status/275089232027078657 A Maryland State Delegate mentioned by @BaltoSpectator as potential counsel? http://www.msa.md.gov/msa/mdmanual/06hse/html/msa13966.html http://twitter.com/jillpcarter A fellow with a close view: http://twitter.com/justin_fenton An alleged screencap of an arrest record: http://twitter.com/cattyidiot/status/275097802898538496/photo/1 Video of @BaltoSpectator being taken into custody: http://telly.com/5GFKL Ended his audio broadcast with a recording of a Ron Paul speech. As @MissBeaE stated: http://twitter.com/MissBeaE/status/275090723156660225 Say what you will, @BaltoSpectator #BaltimoreSpectator has reminded people of the role and importance of independent radio. gf -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] @BaltoSpectator
As @MTarro stated: http://twitter.com/MTarro/status/275097615727726593 Just bizarre to read the @BaltoSpectator swat situation play out on Twitter. Almost like seeing IDF and Hamas tweet attacks. Lots to sort out here, but certainly a few things to talk about. Here's some loosely vetted resources to help track this event. Website: http://www.baltimorespectator.com/ Spreaker audio broadcast from the event: http://www.spreaker.com/user/baltimorespectator/live_stand_off_surrounded_by_cops Tweets from earlier, implicated in Baltimore PD's decision to recalibrate force when serving a Failure To Appear warrant? http://storify.com/drspaulding/earlier-tweets-baltospectator https://twitter.com/kennethlipp/status/275089232027078657 A Maryland State Delegate mentioned by @BaltoSpectator as potential counsel? http://www.msa.md.gov/msa/mdmanual/06hse/html/msa13966.html http://twitter.com/jillpcarter A fellow with a close view: http://twitter.com/justin_fenton An alleged screencap of an arrest record: http://twitter.com/cattyidiot/status/275097802898538496/photo/1 Video of @BaltoSpectator being taken into custody: http://telly.com/5GFKL Ended his audio broadcast with a recording of a Ron Paul speech. As @MissBeaE stated: http://twitter.com/MissBeaE/status/275090723156660225 Say what you will, @BaltoSpectator #BaltimoreSpectator has reminded people of the role and importance of independent radio. gf -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] #OpIsrael
It is with some trepidation reaffirmed with verification that I pass along the following. ymmv, yhbw, ianal, wtf, etc. Hold onto your lolcats, because the US Senate voted down the (outgoing) Lieberman/Collins/Rockefeller CISPA cybersecurity legislation on Wednesday... http://www.hsgac.senate.gov/media/majority-media/senate-rejects-second-chance-to-safeguard-most-critical-cyber-networks- ...around the same time many found out US President (and Commander-in-Chief of the United States Armed Forces) Obama had already signed a classified cybersecurity (and cyberwar) Presidential Directive - in mid-October: http://www.washingtonpost.com/world/national-security/obama-signs-secret-cybersecurity-directive-allowing-more-aggressive-military-role/2012/11/14/7bf51512-2cde-11e2-9ac2-1c61452669c3_story.html More recently, there's a situation going on with Israel and Palestine. I don't mean to be glib - I cannot as I have noticed the unusual volume of information produced by the unusual organization Stratfor the last few days: http://www.stratfor.com/analysis/considering-israeli-ground-assault-gaza And the unusual phenomenon of a combatant live tweeting while actively engaged in warfare: https://twitter.com/IDFSpokesperson/status/269112373208551425 Allegedly, Israel has threatened an Internet and/or telecommunications shutdown. I did not find a primary source documenting that statement, but did notice a report of an increasing number of reports on The Voice of Russia: http://english.ruvr.ru/2012_11_14/Israel-launches-Gaza-op/ The possibility of a (partial) telecommunications shutdown is real as networks in the Palestinian Territories are dependent upon physical infrastructure in Israel (at least in 2011 according to page 9 of this Renesys presentation): http://www.renesys.com/tech/presentations/pdf/GeopoliticsOfInternetInfrastructure.pdf That possibility has gotten the attention of a certain portion of the Internet---unnamely---Anonymous. http://www.forbes.com/sites/andygreenberg/2012/11/15/anonymous-hackers-deface-israeli-sites-in-retaliation-for-gaza-attacks/ Tonight I received notifications of two newly uploaded videos to YouTube on accounts that have published Anonymous media over a span of years, though that is no guarantee of consistent pwnership. YouTube (Nov 15 ~8:01pm) - "Anonymous: Operation Israel" by @TheAnonMessage http://www.youtube.com/watch?v=MkC357RQt0c http://twitter.com/TheAnonMessage YouTube (Nov 15 ~9:32pm) - "Anonymous Operation Israel" by @anonyops_ http://www.youtube.com/watch?v=Kl7svqBVq0U http://twitter.com/anonyops_ In the videos (whose production and messaging IMO demonstrate focus), mention is made of a care package for download. I took the liberty of quarantining that zip file [ MD5 1acf8950d398220c0f243b59ea9c2653 ], running a local scan and more importantly 44 documented remote scans at VirusTotal on the zip and the two contained PDFs. Here are those results confirming no known malware (which should not be taken to exclude zero days): https://www.virustotal.com/file/2ed49cdcbe45c12d48addf1e5ab1a039884fa1cf303a0e31a00489bd0d80060e/analysis/1353047954/ https://www.virustotal.com/file/481411a0fed2b934f791a703b7e4a9661d0c3f6314e880b45260bf59a4d1fd40/analysis/ https://www.virustotal.com/file/2ed49cdcbe45c12d48addf1e5ab1a039884fa1cf303a0e31a00489bd0d80060e/analysis/1353047954/ One of the video descriptions links to this Arabic translation... http://www.anonpaste.me/anonpaste2/index.php?89452a7861b4af1d#hFCbUSaOGM+ZBIgJPGEOBwxEjxV0lNNnbdPQnx0uQRw= ...of this blog re-posting of information resistance information aggregated by Telecomix: http://katatus.blogspot.com/ In closing, an observation of serendipity: earlier tonight and however momentarily insulated though unimmune to the influence of events, I watched Christopher Poole's 2010 TED talk on "The case for anonymity online." He's the creator of 4chan, whence provided Anonymous (I almost said "custodian" but can anyone have that job?). I've always noticed Mr. Poole has interesting things to say: http://www.ted.com/talks/christopher_m00t_poole_the_case_for_anonymity_online.html ...especially about people's' right(s) to speak. Much love to all. gf -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] #GEOINT2012 - Keynote by Director of DIA
The GEOINT 2012 forum was held this past week (Oct 8-11) in Orlando. It's characterized as "the nation's largest intelligence event of the year...for the defense, intelligence and homeland security communities." http://geoint2012.com/ #GEOINT2012 <https://twitter.com/search/%23GEOINT2012> The event is hosted by the United States Geospatial Intelligence Foundation. http://usgif.org/ Videos of the keynotes (and other sessions) are available, so here are some notes of relevance for the liberationtech community: http://geointv.com/category/geoint-2012-symposium/geoint-2012-keynotes/ Keynote (Oct 10 10:45am) - "LTG Michael Flynn, Director, Defense Intelligence Agency [DIA]": http://geointv.com/archive/geoint-2012-keynote-ltg-michael-flynn-director-defense-intelligence-agency/ Worth noting that Flynn was just promoted to the leadership of DIA with a mandate to fundamentally re-organize DoD intelligence: http://www.dia.mil/about/leadership/director.html http://www.federalnewsradio.com/?nid=502&sid=2960173 ~7:15 - On presentation slide, "Cyber Operations" are characterized as one of the three most important transitions identified in the worldview reshaping DIA. ~13:30 - "This discussion about bandwidth that was had earlier... You know, the network is the new weapon system. Bandwidth is the new class of supply. So, so, commanders on the battlefield, and I will tell you this isn't like division or 2- or 3-star level. This is battalion and brigade commanders, regimental commanders in the Marine Corps. They are fighting the network more than they are having to fight the enemy or deal with their environment. So our need, you know the question that came in to Stu here this morning, well, what happens when you have a bullet through your computer? That's a question that's ok, but it's coming from somebody who doesn't understand what's going on on the battlefield today. Or how we are enabling human beings, our soldiers, our men and women, to be able to fight. So it's different. Data is our new ammunition, it is definitely our ammunition in the intelligence community. It is about access to data. I love the questions about, or the answer from the one gentleman, I think from USAID, I believe, that said we're going to violate your rules anyways, on information sharing. That's very true, it's happening everyday. In fact we have policies and things that we have back here [in the United States] that don't apply to the real world when we place men and women in harm's way. Next slide." ~15:15 - "What is it that we do - national security - we do it from a defense posture. What do we learn from the last decade of conflict and also while we remain in conflict. The era of persistent conflict. It's a phrase you don't hear much, people don't really like to say it but that's the way it is. And I believe that for the rest of my time we will be in this era of persistent conflict where threats that we faced in the past are now merged with threats that we will face in the future in many we've seen over the last decade." ~25:40 - JWICS, "top-secret global command and control" system "run in the bowels of DIA", 230K users. Presentation slide features now-famous image of Executive leadership using JWICS system to monitor bin Laden assassination. Indicates there has been an exponential increase of users on system. ~38:30 - Question: how will Defense HUMINT integrate with CIA HUMINT in the future? Answer ranges more widely, focusing on alignment of "capacity" globally. Breaks it down into "international problem", "perimeter [border] problem", and "domestic/internal problem". If I get to it, I'll send notes from General Keith Alexander's keynote: http://geointv.com/archive/geoint-2012-keynote-gen-keith-b-alexander-u-s-army-commander-uscybercom-director-nsa/ gf -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] CA bill on cellphone shutdown by public agencies
After California Senator Padilla's bill was unanimously passed by the California Senate and House---and endorsed by the bill's target Bay Area Rapid Transit (BART)---Governor Jerry Brown vetoed the bill on Saturday. http://www.govtech.com/policy-management/California-Governor-Vetoes-Cell-Service-Shutdown-Bill.html Here's Brown's official veto message: http://gov.ca.gov/docs/SB_1160_Veto_Message.pdf gf On 4/19/12 12:20 PM, Gregory Foster wrote: SFGate (Apr 19) - "Bill bars cell service shutdown by public agencies [without a court order]" http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2012/04/19/MNQM1O5B1R.DTL /The bill, SB1160 by Sen. Alex Padilla [ @Alex_Padilla_ <http://twitter.com/Alex_Padilla_> ], D-Pacoima (Los Angeles County), was approved in a unanimous bipartisan vote of a Senate committee Tuesday and faces further committee hearings./ HT @TheWyatt <http://twitter.com/TheWyatt> -> @NicoleOzer <http://twitter.com/NicoleOzer> -> @NabihaSyed <http://twitter.com/NabihaSyed>. Whew-ray! Still a ways to go before law, but very very glad to hear this bill is in motion. gf -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] CRS on US public diplomacy targeting the US population
CRS (Sep 21) - "U.S. Public Diplomacy: Legislative Proposals to Amend Prohibitions on Disseminating Materials to Domestic Audiences": http://www.fas.org/sgp/crs/secrecy/R42754.pdf From the Summary: Proposed in the 112th Congress, the Smith-Mundt Modernization Act of 2012 (H.R. 5736), and identical provisions included at Section 1097 of the National Defense Authorization Act, Fiscal Year 2013 (NDAA; H.R. 4310), would amend and restate these two legislative provisions restricting domestic availability and dissemination of communications created by the State Department and the Broadcasting Board of Governors (BBG) to target and influence foreign publics. The proposed amendments to these provisions would remove the prohibition on domestic dissemination of public diplomacy information produced by the Department of State and the BBG intended for foreign audiences, while maintaining the prohibition on using public diplomacy funds to influence U.S. public opinion. Proponents of amending these two sections argue that the ban on domestic dissemination of public diplomacy information is impractical given the global reach of modern communications, especially the Internet, and that it unnecessarily prevents valid U.S. government communications with foreign publics due to U.S. officials’ fear of violating the ban. They assert as well that lifting the ban will promote the transparency in the United States of U.S. public diplomacy and international broadcasting activities conducted abroad. Critics of lifting the ban state that it may open the door to more aggressive U.S. government activities to persuade U.S. citizens to support government policies, and might also divert the focus of State Department and the BBG communications from foreign publics, reducing their effectiveness. HT @saftergood, gf On 5/24/12 6:26 PM, Gregory Foster wrote: Today, the Senate Armed Services Committee marked up a version of the defense appropriations bill which does NOT include language supporting the Thornberry/Smith amendment. That language could be added back in when differences between the House and Senate versions of the bill are reconciled in conference committee. BuzzFeed (May 24) - "Senate Bill Drops 'Propaganda' Amendment" http://www.buzzfeed.com/rebeccaelliott/senate-bill-drops-propaganda-amendment gf On 5/21/12 12:32 AM, Gregory Foster wrote: ...has singled himself out as another Texas Congressman worthy of unseating. His district traverses the Texas panhandle including Amarillo and Wichita Falls: http://www.thornberry.house.gov/ http://www.thornberry.house.gov/District/InteractiveMap.htm The FY2013 National Defense Authorization Act (HR 4310), passed by the House on Friday, had two amendments introduced by Representative Thornberry. Here's a summary of the first (source), which was accepted: 114. Thornberry (TX), Smith, Adam (WA) #85 Would amend the United States Information and Educational Exchange Act of 1948 (known as the Smith-Mundt Act) and the Foreign Relations Authorization Act, Fiscal Years 1986 and 1987 to clarify the authorities of the Department of State and the Broadcasting Board of Governors to prepare, disseminate and use public diplomacy information abroad and to strike the current ban on domestic dissemination of such material. Would clarify that the Smith-Mundt Act's provisions related to public diplomacy information do not apply to other Federal departments or agencies (including the Department of Defense). (10 minutes) If I'm reading #114 correctly, that would authorize the deployment of American propaganda on the American population. Here's the BuzzFeed article that seems to have broken the story, which cites an anonymous Pentagon source: http://www.buzzfeed.com/mhastings/congressmen-seek-to-lift-propaganda-ban Here's a press release (May 17) from Washington Representative Adam Smith's website: http://adamsmith.house.gov/News/DocumentPrint.aspx?DocumentID=121987 Here's a related press release (May 15) from Representative Thornberry's website: http://thornberry.house.gov/News/DocumentSingle.aspx?DocumentID=296108 Representative Thornberry's press release concerns his introduction, with co-sponsor Smith, of HR 5736
[liberationtech] Face recognition software prefers unsmiling humans
A little poetry for the watchdogs. PoliceOne.com (Sep 20) - "[New Jersey] driver license face-recognition technology prohibits smiles": http://www.policeone.com/police-technology/articles/5990244-N-J-driver-license-face-recognition-technology-prohibits-smiles/ HT @PoliceOne, gf -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] Eichenwald's _500 Days_
New book by Kurt Eichenwald, _500 Days: Secrets and Lies in the Terror Wars_, chronicles the decisions made during the first 500 days after 9/11. http://www.amazon.com/500-Days-Secrets-Lies-Terror/dp/1451669380/ US News & World Report review indicates Eichenwald provides heretofore unknown perspective on the NSA's warrantless wiretapping program: http://www.usnews.com/news/blogs/washington-whispers/2012/09/19/warrantless-wiretapping-was-far-more-involved-than-previously-known-new-book-says Eichenwald names names, alleging the historic expansion of NSA power was the idea of White House counsel Tim Flanigan, who first presented the idea to Vice President Dick Cheney. The first legal analysis of the program was performed three weeks after it was implemented. HT @csoghoian, gf -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] NYT Op-Doc on NSA Whistleblower William Binney
10-minutes, well done. http://www.nytimes.com/2012/08/23/opinion/the-national-security-agencys-domestic-spying-program.html On a related note, #CryptoParty <https://twitter.com/#%21/search/%23cryptoparty>. gf -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] CRS on "China, Internet Freedom, and U.S. Policy"
Congressional Research Service (Jul 13) - "China, Internet Freedom, and U.S. Policy": http://www.fas.org/sgp/crs/row/R42601.pdf From the Summary: /Since 2006, congressional committees and commissions have held nine hearings on Internet freedom and related issues, with a large emphasis on China. In response to criticism, in 2008, Yahoo!, Microsoft, Google, and other parties founded the Global Network Initiative, a set of guidelines that promotes awareness, due diligence, and transparency regarding the activities of ICT companies and their impacts on human rights, particularly in countries where governments frequently violate the rights of Internet users to freedom of expression and privacy. In the 112th Congress, the Global Online Freedom Act (H.R. 3605) would require U.S. companies to disclose any censorship or surveillance technology that they provide to Internet-restricting countries. It also would bar U.S. companies from selling technology that could be used for the purposes of censorship or surveillance in such countries./ HT @saftergood <http://twitter.com/saftergood> at Secrecy News <http://www.fas.org/blog/secrecy/2012/07/china_internet_crs.html>, gf -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ ___ liberationtech mailing list liberationtech@lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?" You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech
[liberationtech] Rep. Markey on telco personal data requests from law enforcement
Congressman Ed Markey (D-MA, Jul 9): "Law Enforcement Collecting Information on Millions of Americans from Mobile Phone Carriers" http://markey.house.gov/press-release/markey-law-enforcement-collecting-information-millions-americans-mobile-phone-carriers HT @csoghoian and @normative, gf -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ ___ liberationtech mailing list liberationtech@lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?" You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech
Re: [liberationtech] Representative Mac Thornberry (R-TX-13)
Today, the Senate Armed Services Committee marked up a version of the defense appropriations bill which does NOT include language supporting the Thornberry/Smith amendment. That language could be added back in when differences between the House and Senate versions of the bill are reconciled in conference committee. BuzzFeed (May 24) - "Senate Bill Drops 'Propaganda' Amendment" http://www.buzzfeed.com/rebeccaelliott/senate-bill-drops-propaganda-amendment gf On 5/21/12 12:32 AM, Gregory Foster wrote: ...has singled himself out as another Texas Congressman worthy of unseating. His district traverses the Texas panhandle including Amarillo and Wichita Falls: http://www.thornberry.house.gov/ http://www.thornberry.house.gov/District/InteractiveMap.htm The FY2013 National Defense Authorization Act (HR 4310), passed by the House on Friday, had two amendments introduced by Representative Thornberry. Here's a summary of the first (source), which was accepted: 114. Thornberry (TX), Smith, Adam (WA) #85 Would amend the United States Information and Educational Exchange Act of 1948 (known as the Smith-Mundt Act) and the Foreign Relations Authorization Act, Fiscal Years 1986 and 1987 to clarify the authorities of the Department of State and the Broadcasting Board of Governors to prepare, disseminate and use public diplomacy information abroad and to strike the current ban on domestic dissemination of such material. Would clarify that the Smith-Mundt Act's provisions related to public diplomacy information do not apply to other Federal departments or agencies (including the Department of Defense). (10 minutes) If I'm reading #114 correctly, that would authorize the deployment of American propaganda on the American population. Here's the BuzzFeed article that seems to have broken the story, which cites an anonymous Pentagon source: http://www.buzzfeed.com/mhastings/congressmen-seek-to-lift-propaganda-ban Here's a press release (May 17) from Washington Representative Adam Smith's website: http://adamsmith.house.gov/News/DocumentPrint.aspx?DocumentID=121987 Here's a related press release (May 15) from Representative Thornberry's website: http://thornberry.house.gov/News/DocumentSingle.aspx?DocumentID=296108 Representative Thornberry's press release concerns his introduction, with co-sponsor Smith, of HR 5736: " To amend the United States Information and Educational Exchange Act of 1948 to authorize the domestic dissemination of information and material about the United States intended primarily for foreign audiences, and for other purposes"; it's been referred to the Committee on Foreign Affairs: http://www.opencongress.org/bill/112-h5736/show Wrapping up, I noticed the summary of the second amendment Mr. Thornberry introduced for attachment to the FY2013 NDAA: 115. Thornberry (TX) #87 Would require the President to submit to Congress a charter to establish an interagency body to coordinate and deconflict full-spectrum military cyber operations. (10 minutes) Not sure if that amendment was accepted into the bill as passed. The bill still has to navigate the Senate and win the President's signature before it's law. Worth noting that Smith's press release cites an announcement on May 17th " before a forum of 150 national security experts and practitioners" with a link to a video; that link isn't working, but points to the Center for Strategic and International Studies - now familiar to me as the home of cyberwar drummer James Andrew Lewis. Hunting for that video turns up this appearance of the Smith and Thornberry show in 2008, "Fighting Terrorism in the 21st Century: Sharpening the Tools of Strategic Communication and Public Diplomacy" (includes audio and downloadable video): http://csis.org/event/fighting-terrorism-21st-century-sharpening-tools-strategic-communication-and-public-diplomacy Just beginning that video, and it seems to convey quite a bit about what these fellows have been up to - for quite some time. gf -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ ___ liberationtech mailing list liberationtech@lists.stanford.edu Should you need to change your subscription options, please go to: https://mailma
[liberationtech] Representative Mac Thornberry (R-TX-13)
...has singled himself out as another Texas Congressman worthy of unseating. His district traverses the Texas panhandle including Amarillo and Wichita Falls: http://www.thornberry.house.gov/ http://www.thornberry.house.gov/District/InteractiveMap.htm The FY2013 National Defense Authorization Act (HR 4310 <http://www.opencongress.org/bill/112-h4310>), passed by the House on Friday, had two amendments introduced by Representative Thornberry. Here's a summary of the first (source <http://blogs.ajc.com/jamie-dupree-washington-insider/2012/05/17/defense-policy-bill/>), which was accepted: /114. Thornberry (TX), Smith, Adam (WA) #85 Would amend the United States Information and Educational Exchange Act of 1948 (known as the Smith-Mundt Act) and the Foreign Relations Authorization Act, Fiscal Years 1986 and 1987 to clarify the authorities of the Department of State and the Broadcasting Board of Governors to prepare, disseminate and use public diplomacy information abroad and to strike the current ban on domestic dissemination of such material. Would clarify that the Smith-Mundt Act's provisions related to public diplomacy information do not apply to other Federal departments or agencies (including the Department of Defense). (10 minutes)/ If I'm reading #114 correctly, that would authorize the deployment of American propaganda on the American population. Here's the BuzzFeed article that seems to have broken the story, which cites an anonymous Pentagon source: http://www.buzzfeed.com/mhastings/congressmen-seek-to-lift-propaganda-ban Here's a press release (May 17) from Washington Representative Adam Smith's website: http://adamsmith.house.gov/News/DocumentPrint.aspx?DocumentID=121987 Here's a related press release (May 15) from Representative Thornberry's website: http://thornberry.house.gov/News/DocumentSingle.aspx?DocumentID=296108 Representative Thornberry's press release concerns his introduction, with co-sponsor Smith, of HR 5736: " To amend the United States Information and Educational Exchange Act of 1948 to authorize the domestic dissemination of information and material about the United States intended primarily for foreign audiences, and for other purposes"; it's been referred to the Committee on Foreign Affairs: http://www.opencongress.org/bill/112-h5736/show Wrapping up, I noticed the summary of the second amendment Mr. Thornberry introduced for attachment to the FY2013 NDAA: /115. Thornberry (TX) #87 Would require the President to submit to Congress a charter to establish an interagency body to coordinate and deconflict full-spectrum military cyber operations. (10 minutes)/ Not sure if that amendment was accepted into the bill as passed. The bill still has to navigate the Senate and win the President's signature before it's law. Worth noting that Smith's press release cites an announcement on May 17th " before a forum of 150 national security experts and practitioners" with a link to a video; that link isn't working, but points to the Center for Strategic and International Studies - now familiar to me as the home of cyberwar drummer James Andrew Lewis <http://csis.org/category/topics/technology/cybersecurity>. Hunting for that video turns up this appearance of the Smith and Thornberry show in 2008, "Fighting Terrorism in the 21st Century: Sharpening the Tools of Strategic Communication and Public Diplomacy" (includes audio and downloadable video <http://c720968.r68.cf2.rackcdn.com/080717_congress.wmv>): http://csis.org/event/fighting-terrorism-21st-century-sharpening-tools-strategic-communication-and-public-diplomacy Just beginning that video, and it seems to convey quite a bit about what these fellows have been up to - for quite some time. gf -- Gregory Foster || gfos...@entersection.org @gregoryfoster<> http://entersection.com/ ___ liberationtech mailing list liberationtech@lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?" You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech
[liberationtech] CRS on Cybersecurity
CRS (Apr 26) - "Cybersecurity: Authoritative Reports and Resources" http://www.fas.org/sgp/crs/misc/R42507.pdf Looks to be very helpful with tables listing major House and Senate legislation, hearings, and markups on cybersecurity legislation during the 112th Congress; relevant Executive Orders & Presidential Directives; sourced data & statistics; and selected reports (helpfully linked) on specific topics (NSTIC, cloud computing, cyberwar/cybercrime) and sourced from particular agencies (GAO, OMB, DoD). An interesting frame in the first paragraph of the Introduction (p. 1): Cybersecurity is a sprawling topic that includes national, international, government, and private industry dimensions. More than 40 bills and resolutions with provisions related to cybersecurity have been introduced in the first session of the 112th Congress, including several proposing revisions to current laws. In the 111th Congress, the total was more than 60. Several of those bills received committee or floor action, but none have become law. In fact, no comprehensive cybersecurity legislation has been enacted since 2002. HT @saftergood at Secrecy News. gf -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ ___ liberationtech mailing list liberationtech@lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?" You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech
[liberationtech] CISPA passed in House
248-168. Vote was scheduled for tomorrow. Reports indicate Democratic support was flagging after the White House registered a veto threat. Latest updates from @declanm; CISPA co-author Mike Rogers fails to see irony in calling out Texas Rep Sheila Jackson Lee for proposing a "Big Brother on steroids" amendment authorizing DHS to deploy network security countermeasures; amendment was withdrawn: http://news.cnet.com/8301-31921_3-57422481-281/homeland-security-internet-monitoring-dropped-from-cispa/ @HilliconValley summary of 16 amendments considered today (some of which look pretty good): http://thehill.com/blogs/floor-action/house/224113-amendment-results-for-cybersecurity-bill Criticism of Arizona Rep Ben Quayle amendment: http://www.techdirt.com/articles/20120426/14505718671/insanity-cispa-just-got-way-worse-then-passed.shtml Previously, CISPA allowed the government to use information for "cybersecurity" or "national security" purposes. Those purposes have not been limited or removed. Instead, three more valid uses have been added: investigation and prosecution of cybersecurity crime, protection of individuals, and protection of children. FreePress guidance (HT @ioerror): http://www.savetheinternet.com/CISPA And vote perspective from @HilliconValley: http://thehill.com/blogs/floor-action/house/224115-house-approves-cybersecurity-bill-over-obama-veto-threat gf -- Gregory Foster || gfos...@entersection.org @gregoryfoster <> http://entersection.com/ ___ liberationtech mailing list liberationtech@lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?" You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech