Re: [liberationtech] [cpsr-activists] CPSR Curriculum?

[Paul]

Charles,
   I would like to claim partial credit for spurring your excellent
response. ;)
  Paul
-- 
Liberationtech is public & archives are searchable from any major commercial 
search engine. Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest mode, or change password by emailing 
liberationtech-ow...@lists.stanford.edu.

Re: [liberationtech] [cpsr-activists] CPSR Curriculum?

[Paul]

Is there any evidence, or even anecdotes, suggesting that ethics courses
(in any form) work to make people act more ethically?
 I can see that someone who was already ethical might find something
they had missed, but it's hard for me (admittedly a cynical person) to
imagine that an ethics course can make someone ethical, any more than one
could expect an "empathy" course to make people empathetic.
  Paul
-- 
Liberationtech is public & archives are searchable from any major commercial 
search engine. Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest mode, or change password by emailing 
liberationtech-ow...@lists.stanford.edu.

Re: [liberationtech] #YesWeCode Initiative - & Prince

[Chrrles Paul]

---
"I said, 'Well, yeah, Prince that's true but that's because of racism.' And
he said, 'No, it's because we have not produced enough black Mark
Zuckerbergs. That's on us. That's on us. To deal with what we're not doing
to get our young people prepared to be a part of this new information
economy.'"
---

If that was his attitude, then his attitude sucked.

On Sat, Apr 23, 2016 at 9:02 AM, Jayne Cravens 
wrote:

> #YesWeCode (http://www.yeswecode.org) is an initiative that seeks to
> mobilize tech and social justice leaders to connect 100,000 low-opportunity
> young adults to the skills and experiences they need to access high-paying
> careers in technology. CNN commentator Van Jones founded the #YesWeCode
> initiative with the support of Prince, who passed away yesterday.
>
> http://www.yeswecode.org/prince
>
> Jones elaborated on Prince's involvement at the 20th Anniversary Essence
> Festival:
>
> "After the Trayvon Martin verdict I was talking to Prince and he said,
> 'You know, every time people see a young black man wearing a hoodie, they
> think, he's a thug. But if they see a young white guy wearing a hoodie they
> think, oh that might be Mark Zuckerberg. That might be a dot-com
> billionaire.'"
>
> "I said, 'Well, yeah, Prince that's true but that's because of racism.'
> And he said, 'No, it's because we have not produced enough black Mark
> Zuckerbergs. That's on us. That's on us. To deal with what we're not doing
> to get our young people prepared to be a part of this new information
> economy.'"
>
> Since July 2014, YesWeCode has been focused on three activities:
>
> Communicate: In partnership with Oakland, Calfornia-based organizations,
> #YesWeCode launched an interactive website with a powerful search tool that
> enables users to find local coding education resources. This tool also
> helps users find local events and learn more about coding opportunities.
>
> Convene: #YesWeCode has convened 100+ coding practitioners and
> stakeholders in New York, San Francisco, Chicago, and New Orleans.
> #YesWeCode partnered with Qeyno Labs to host a Start-Up Weekend hackathon
> in February 2015, focused on uplifting young African-American men and boys.
>
> Catalyze: In July, #YesWeCode launched at the 20th Anniversary ESSENCE
> Festival with a youth-focused hackathon and a headline performance by
> Prince, before a festival audience of 500,000 people.
>
> Just seemed appropriate to post this.
>
> ---
> <><><><><><><><><><><><><><><><>
> Ms. Jayne Cravens MSc
> Portland, Oregon, USA
>
> The web site - http://www.coyotecommunications.com
> The email - j...@coyotecommunications.com
> Me on Twitter, other social networks, & my blog:
> http://www.coyotecommunications.com/me/jayneonline.shtml
>
> Author: The Last Virtual Volunteering Guidebook
> More about the book, and how to buy it
> (as a paperback or as an e-book):
> http://www.energizeinc.com/store/1-222-E-1
> <><><><><><><><><><><><><><><><>
>
> --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> compa...@stanford.edu.
>
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] London job for Liberty

[Paul Bernal (LAW)]

In case anyone’s interested, there’s a really interesting job coming up in 
London (UK): Policy Officer (Technology and Surveillance) for Liberty, one of 
the biggest human rights and civil liberties NGOs in the UK. You can find the 
details here:

https://www.liberty-human-rights.org.uk/who-we-are/work-us

Scroll to the bottom - the deadline for applications is the 27th October.

Paul


Dr Paul Bernal
Lecturer
UEA Law School
University of East Anglia
Norwich Research Park
Norwich NR4 7TJ

See my book “Internet Privacy Rights: Rights to Protect Autonomy”, available at 
http://www.cambridge.org/gb/academic/subjects/law/intellectual-property/internet-privacy-rights-rights-protect-autonomy

email: paul.ber...@uea.ac.uk<mailto:paul.ber...@uea.ac.uk>
Web: http://www.paulbernal.co.uk/
Blog: http://paulbernal.wordpress.com/
Twitter: @paulbernalUK

-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Introducing The GovLab Digest: covering innovations in Governance, delivered weekly

[Paul Ferguson]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Speaking as a Technical Area Co-Chair for M3AAWG [1], I would like to
comment on this.

Mailchimp is a M3AAWG member company in good standing, and if you know
anything about M3AAWG, you should understand that companies which
violate the code of conduct, and do not live up to high standards of
other member companies, get ejected from M3AAWG membership. And it
does happen.

M3AAWG provides a legitimate framework for ESPs (E-Mail Service
Providers) so that they can conduct their legitimate *business* in a
ethical and moral model, provide proper opt-in/opt-out models, and
provides a legitimate and legal service to their customers.

You may not like sales & marketing e-mail services, but that does not
make them "spammers", illegal, or sketchy.

There are *real* criminals and *real* spammers, but ESPs who conduct
themselves under the auspices of the M3AAWG code of conduct are not
spammers, regardless of anyone's personal opinions on marketing e-mail.

Back to your regularly scheduled programming,

- - ferg



[1] https://www.m3aawg.org/

On 2/17/2015 10:41 AM, Rich Kulawiec wrote:

> On Tue, Feb 17, 2015 at 07:17:18PM +0100, Christian Huldt wrote:
>> Who are mailchimps.com and why should I trust them?
> 
> Spammers for hire, and no, you shouldn't -- doubly so since (like
> many such operations) they embed unique-per-recipient tracking
> links in every message they send.  Last time I checked they were
> operating over 300 domains -- e.g., mcsv94.net, mcsv95.net,
> mcsv96.net.  This is a tactic used exclusively by spammers who are
> attempt to evade domain-based blacklisting: there is absolutely no
> legitimate purpose for it.
> 
> The best way for GovLab to avoid all of this is to set up a
> Mailman instance in-house.  As Ken over at the PopeHat blog has
> astutely observed, when you outsource your email, you outsource
> your reputation.  And I'll add to that that you also surrender the
> privacy of your readers to third parties unknown to you.
> 
> That's also the best way for everyone else.  If you're trying to
> do something with a mailing list that Mailman doesn't do, there's a
> very good chance that what you're trying to do is wrong, stupid,
> silly or abusive. (Yes, Mailman is *that* good.  And it's very well
> supported by an active community.  I could use anything I want --
> or write my own -- but I use it because I think I think it's the
> best available by a wide margin.)
> 
> ---rsk
> 


- -- 
Paul Ferguson
VP Threat Intelligence, IID
PGP Public Key ID: 0x54DC85B2
Key fingerprint: 19EC 2945 FEE8 D6C8 58A1 CE53 2896 AC75 54DC 85B2
"I am tormented with an everlasting itch for things remote. I love to
sail forbidden seas." - Herman Melville
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iF4EAREIAAYFAlTjmAgACgkQKJasdVTchbINKQEAkWif8UAljWDOjcjLQVBHS/s4
BG/zJrfarqkaQ30kSQoA/AmjbwVbIH6NRdmbamkMfN1OT1zKhRuymvaYuEVtdhSL
=o+TJ
-END PGP SIGNATURE-
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] message receive

[Chrrles Paul]

Jim Schuyler's messages on Jan 2nd show up in my GMail spam box.
Check there to see if GMail is tagging some mail as spam.

On Mon, Jan 5, 2015 at 4:19 PM, Jerry Tomsen
 wrote:
> Hey Guys,
>
> is anyone missing mails from the list too?
>
> I'm not sure if i have received all mails from the past few days.
>
> regards
> jeremy
>
> --
> Liberationtech is public & archives are searchable on Google. Violations of
> list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe,
> change to digest, or change password by emailing moderator at
> compa...@stanford.edu.
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] What open government public opinion survey questions would you ask?

[Paul Ferguson]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 7/28/2014 7:05 AM, Steven Clift wrote:

> I am helping Pew Research's Internet and American Life project
> gather your ideas on public survey questions about open
> government:
> 
> http://bit.ly/pewopengovquestions  -  Details and comment via this 
> Facebook topic
> 

Does this mean that you do not want input from people who are not on
Facebook?

- - ferg


> This is a very exciting opportunity to provide input this week.
> 
> When Pew Research releases survey results, I know of no project
> which generates as much technology and society media attention.
> Also, questions asked by Pew Research tend to trickle around the
> world. So let's help them ask some insightful questions that tell
> us more about what we really need to know about public support for
> open government efforts and related issues.
> 
> Thanks, Steven Clift
> 
> Steven Clift - http://stevenclift.com Executive Director -
> http://E-Democracy.org Twitter: http://twitter.com/democracy 
> Tel/Text: +1.612.234.7072 ᐧ
> 


- -- 
Paul Ferguson
VP Threat Intelligence, IID
PGP Public Key ID: 0x54DC85B2
Key fingerprint: 19EC 2945 FEE8 D6C8 58A1 CE53 2896 AC75 54DC 85B2
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iF4EAREIAAYFAlPWYyUACgkQKJasdVTchbKESwD+NqCiJRmUaGlLQ5WSlmOTgX9e
dB8lqkvtZ/Nqbu9TxNUA/1dn7nN3W3j8sOBMHrA6fbqev+INkLs5kngDitsnQzeM
=LS/L
-END PGP SIGNATURE-
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] BASES Presents: URX Startup Lunch

[Paul Benigeri]

Apply to have lunch with the founders of URX!View this email in your
browser<http://us3.campaign-archive1.com/?u=3c7afaa9ed50e49e2026b1709&id=349578f1cc&e=1e2c7b9088>URX
Startup 
LunchApply<http://stanford.us3.list-manage.com/track/click?u=3c7afaa9ed50e49e2026b1709&id=275161649a&e=1e2c7b9088>
to
have lunch with the founders of URX!BASES is hosting an exclusive lunch for
12-15 Stanford students to meet the founders of URX.

We'll provide lunch (Ike's) and there will be an informal, up close and
personal conversation with Andrew
Look<http://stanford.us3.list-manage.com/track/click?u=3c7afaa9ed50e49e2026b1709&id=c08883958b&e=1e2c7b9088>
(CTO
& Co-Founder), James
Turner<http://stanford.us3.list-manage1.com/track/click?u=3c7afaa9ed50e49e2026b1709&id=b43f8b5e59&e=1e2c7b9088>
(Head
of Mobile Research & Co-Founder), Greg
Bowyer<http://stanford.us3.list-manage.com/track/click?u=3c7afaa9ed50e49e2026b1709&id=00b0c5d447&e=1e2c7b9088>
(Chief
Scientist), and Jeremy
Lucas<http://stanford.us3.list-manage.com/track/click?u=3c7afaa9ed50e49e2026b1709&id=a1ef904d63&e=1e2c7b9088>
 (Lead
Engineer) from URX.
 URX
URX<http://stanford.us3.list-manage2.com/track/click?u=3c7afaa9ed50e49e2026b1709&id=f0f1d102b7&e=1e2c7b9088>
creates
products ads for mobile apps. We're a mobile app retargeting platform that
uses deeplinks to link users into the middle of mobile apps that they
already have installed. We aim to weave together the web of mobile apps and
help grow the mobile ecosystem.

URX has raised over $3 Million from the most prestigious venture firms and
angels of Silicon Valley. Their investors include: First Round Capital,
Google Ventures, SVAngel, YCombinator, Greylock Partners, Betaworks,
Maveric, Crunch Fund, Garry Tan, Alexis Ohanian, Geoff Ralston, Paul
Bucheit, Sam Altman, Charlie Cheever, Fuel Capital, CyberAgent, Paul Sethi,
Mehul Nariyawal, Dalton Caldwell, Sumon Sadhu, Joe Montana, Bruno Bowden,
Gus Fuldner, Plug & Play Ventures, Bill Peckovich, Jamie Lee Curtis &
Christopher Guest, Andre Ranadive, Nicholas Smith & Elissa Guest, Chris
Look, Virginia Turner, Linda MacKenzie and The Erickson Family.
Who from URX is coming?

   - Andrew 
Look<http://stanford.us3.list-manage1.com/track/click?u=3c7afaa9ed50e49e2026b1709&id=e9413c350a&e=1e2c7b9088>
(CTO
   & Co-Founder)
   - James 
Turner<http://stanford.us3.list-manage.com/track/click?u=3c7afaa9ed50e49e2026b1709&id=4692f9c107&e=1e2c7b9088>
(Head
   of Mobile Research & Co-Founder)
   - Greg 
Bowyer<http://stanford.us3.list-manage.com/track/click?u=3c7afaa9ed50e49e2026b1709&id=7ef0dc7408&e=1e2c7b9088>
(Chief
   Scientist)
   - Jeremy 
Lucas<http://stanford.us3.list-manage.com/track/click?u=3c7afaa9ed50e49e2026b1709&id=a88ec94bef&e=1e2c7b9088>
 (Lead
   Engineer) from URX.

 Where/when is it?

*Wednesday April 23rd, from 12pm-1pm*
Location will be announced to successful applicants

*The deadline to apply is April 21st at 11pm!*
Apply 
Now!<http://stanford.us3.list-manage.com/track/click?u=3c7afaa9ed50e49e2026b1709&id=922d2480fa&e=1e2c7b9088>Want
to be the first to hear about events like these? Subscribe to the Startup
Network<http://stanford.us3.list-manage2.com/track/click?u=3c7afaa9ed50e49e2026b1709&id=acbb819b07&e=1e2c7b9088>
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] Tealet Cryptocurrency-$tartup Lunch this Wednesday!

[Paul Benigeri]

Apply to attend the Crypto-$tartup Lunch with the founder of Tealet!View
this email in your
browser
Tealet Crypto-$tartup
LunchApply
to
have lunch with the founder of Tealet!BASES is hosting an exclusive lunch
for 15 Stanford students to meet Elyse Petersen, Founder of Tealet.

We'll provide lunch (Ike's) and there will be an informal, up close and
personal conversation with Elyse as she discusses the founding of Tealet and
the merchant side of cryptocurrencies.
 Tealet
*Tealet*
is
an online farmers market for tea. Independent tea growers are connected
directly to their retail and wholesale buyers. Tealet serves as a
transparent supply chain platform that provides optimized online marketing,
international logistics, and low cost payments via cryptocurrency. Tealet was
founded in Hawaii but has since relocated to Las Vegas after participating
in the 500 Startups accelerator in Mountain View, CA.
Elyse Petersen
*Elyse Petersen

*is
food scientist turned Peace Corps volunteer on a mission to bring
transparency to the world's food systems. After completing a Japan-focused
MBA and an internship on a tea farm in Japan Elyse founded Tealet after
noticing severe inefficiencies in the global distribution and marketing of
tea. Petersen has become an advocate for farmers, cryptocurrency merchants,
and female entrepreneurship.
Where/when is it?

*Wednesday, March 19th, from 1pm-2pm*
Location will be announced to successful applicants

*The deadline to apply is tomorrow morning, March 18th at noon!*
Apply 
Now!Want
to be the first to hear about events like these? Subscribe to the Startup
Network
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Big data ethics

[Paul Bernal (LAW)]

The academic article behind it is also online, here:

http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2384174

It’s a good piece, I think!

Paul


Dr Paul Bernal
Lecturer
UEA Law School
University of East Anglia
Norwich Research Park
Norwich NR4 7TJ

email: paul.ber...@uea.ac.uk<mailto:paul.ber...@uea.ac.uk>
Web: http://www.paulbernal.co.uk/
Blog: http://paulbernal.wordpress.com/
Twitter: @paulbernalUK

On 2 Mar 2014, at 15:39, David Johnson 
mailto:david.john...@aljazeera.net>> wrote:

Here's a nice piece by Neil Richards and Jonathan King on developing norms for 
dealing with big data ...

http://america.aljazeera.com/opinions/2014/2/gigabytes-gone-wild.html


The values we build or fail to build into our new digital structures will 
define us. If we don’t balance the human values that we care about — such as 
privacy, confidentiality, transparency, identity and free choice — with the 
compelling uses of big data, our society risks abandoning them for the sake of 
mere innovation or expediency.

Best wishes,

David

[AJAM]

David V. Johnson
Online Opinion Editor

435 Hudson Street, Suite 400
New York, NY 10014

Direct line: (917) 819-8470

http://america.aljazeera.com/
Twitter: @contrarianp<https://twitter.com/contrarianp>



Notice: This email is intended only for the use of the individual or entity 
named above and may contain information that is confidential and privileged. If 
you are not the intended recipient, you are hereby notified that any 
dissemination, distribution or copying of this email is strictly prohibited. 
Opinions, conclusions and other information in this message that do not relate 
to the official business of our firm shall be understood as neither given nor 
endorsed by it.
--
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu<mailto:compa...@stanford.edu>.

-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] blatant groveling: my book "It's Complicated"

[Paul Bernal (LAW)]

Looks great - will order it, and tweet about it.

Paul


Dr Paul Bernal
Lecturer
UEA Law School
University of East Anglia
Norwich Research Park
Norwich NR4 7TJ

email: paul.ber...@uea.ac.uk<mailto:paul.ber...@uea.ac.uk>
Web: http://www.paulbernal.co.uk/
Blog: http://paulbernal.wordpress.com/
Twitter: @paulbernalUK

On 28 Jan 2014, at 19:12, danah boyd 
mailto:danah-t...@danah.org>> wrote:

Friends & Colleagues -

In less than a month, my new book - "It's Complicated: The Social Lives of 
Networked Teens" (see: http://www.danah.org/itscomplicated/ ) - will be 
published.  This is the product of ten years worth of research into how social 
media has inflected American teen life.  I'm writing today in the hopes that 
you might consider pre-ordering a copy (or two ).  This book (published 
by Yale University Press) is a cross trade/academic book. Pre-sales and first 
week sales significantly affect how a trade book is marketed and distributed. 
Even though this book is based on grounded data, I've written it to be publicly 
accessible in the hopes that parents, educators, journalists, and policy makers 
will read it and reconsider their attitude towards technology and teen 
practices.  The book covers everything from addiction, bullying, and online 
safety to privacy, inequality, and the digital natives debate. I suspect that 
the chapter on privacy might be of particular interest to the folks on this 
list.

If you have the financial wherewithal to buy a copy, I'd be super grateful.  If 
you don't, I *totally* understand.  Either way, I'd be super super super 
appreciative if you could help me get the word out about the book. I'm really 
hoping that this book will alter the public dialogue about teen use of social 
media.

You can pre-order it at:
- Amazon (Hardcover, Kindle, Audiobook): 
http://www.amazon.com/exec/obidos/ASIN/0300166311/apophenia-20
- Powell's: http://www.powells.com/biblio/62-9780300166316-0
- Yale University Press: 
http://yalepress.yale.edu/yupbooks/book.asp?isbn=9780300166316

Fingers crossed that y'all will find it useful and interesting.

{{hug}}

danah

--
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu<mailto:compa...@stanford.edu>.

-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Concerns with new Stanford University security mandate

[Paul Ferguson]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Below:

On 1/26/2014 2:36 AM, Rich Kulawiec wrote:

> On Sun, Jan 26, 2014 at 01:20:20AM -0800, Tomer Altman wrote:
>> To Liberation Tech:
>> 
>> Stanford is implementing a new security policy detailed here:
>> 
>> http://ucomm.stanford.edu/computersecurity/
> 
> First, if they were serious about security, they wouldn't be using
>  Microsoft products.
> 
> Second, backdooring end-user systems en masse provides one-stop
> shopping to an attacker.
> 
> Third, "locating PII on systems" is not a solved problem in
> computing, and for anyone to pretend otherwise is, at best,
> disengenuous.  Not only that, but anyone who's been paying
> attention to the re-identification problem knows that non-PII is
> quite often just as sensitive.
> 
> Fourth, the simultaneous requirement that systems be backdoored and
> searchable while their disks are encrypted strongly suggests that
> they intend to have a central repository of encryption keys.
> 
> Fifth, the requirement for use of centralized backup also provides 
> one-stop shopping to an attacker.
> 
> Bottom line: this isn't about security, it's about control and
> monitoring.
> 
> ---rsk
> 

I've got to agree with Rich here -- this *is* about control & monitoring.

Having said that, saying that this policy is simply about "security"
is not quite correct -- it is about controlling *employee" access to,
and handling of, sensitive information in the Stanford University
computer network systems.

But let's remember that there are *different types* of security: Ones
which control & monitor, others which attempt to protect
organizational users from external threats, etc.

I don't believe this is pretty much /de rigueur/ and appropriate for
virtually any organization which wishes to protect sensitive
information, and provide some accountability.

Remember: Employee prescriptive measures are different that
non-employee measures.

- - ferg


- -- 
Paul Ferguson
PGP Public Key ID: 0x54DC85B2

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iF4EAREIAAYFAlLlMr8ACgkQKJasdVTchbJuuAD+PE+MsNYYu73+EX6TPMZgLiX3
zei8ig48GX7Xvy/duBABAMeS10yF5L7w9bc3WOQ7ASczRlnycozj0QeWyrcYyUJs
=XHRk
-END PGP SIGNATURE-
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Whiteout OpenPGP.js encrypted mail client (Chrome HML5 App)

[Paul Ferguson]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 1/21/2014 8:52 PM, Andrés Leopoldo Pacheco Sanfuentes wrote:

> What is the "value proposition" of changing email client from
> Gmail?
> 

Please don't feed the troll.

Thank you.

- - ferg



> On Jan 21, 2014 10:24 PM, "Tony Arcieri"  <mailto:basc...@gmail.com>> wrote:
> 
> On Tue, Jan 21, 2014 at 6:53 PM, Fabio Pietrosanti (naif) 
> mailto:li...@infosecurity.ch>> wrote:
> 
> I just would like to argue that the delivery (download, 
> installation, upgrade) of an Chrome App is far more secure than an
> native application with an executable installer, due to the trust
> model of application store and the reduced risks of being 
> hijacked/infected during the download.
> 
> 
> Yes and no.
> 
> It's true that Chrome extensions distributed through Google's
> walled garden are more secure than typing an address into your URL
> bar.
> 
> It's true that native applications have wide-ranging capabilities 
> that browser extensions don't.
> 
> But it's important to keep in mind that browser extensions are 
> fraught with their own problems, and that browsers are complex 
> beasts with even more complex potential interactions between 
> components, the possibilities of which are extremely hard to 
> understand, even by the browser authors themselves.
> 
> Where browser extensions can fall down is unexpected interactions 
> with web pages and JavaScript running on them. This is a problem 
> that native apps don't have because the browser is attempting to
> act as a sandbox, so escalating privilege from a JavaScript to
> access to native code execution is much more difficult than
> escalating privileges to interact with browser extensions
> unexpectedly. In this regard, native apps are superior, because the
> browser is trying to prevent that interaction from happening.
> Native apps are "airgapped" from web pages in a way browser
> extensions are not.
> 
> This is a good talk on the matter, specifically in regard to
> Chrome:
> 
> http://www.slideshare.net/kkotowicz/im-in-ur-browser-pwning-your-stuff-attacking-with-google-chrome-extensions
>
>  Don't get me wrong, things are getting better, but we're not 
> completely there yet.
> 
> -- Tony Arcieri
> 



- -- 
Paul Ferguson
PGP Public Key ID: 0x54DC85B2

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iF4EAREIAAYFAlLfUwsACgkQKJasdVTchbKpwQD5ARHMTMUwUnt3r3FeeCWvzzB1
W+jWmAk/pIvZPOltOf8BAMAiTOu8wbzawNSP8I+svj+TlrlEM13FNJ2ALRamFGqB
=5BXU
-END PGP SIGNATURE-
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Whiteout OpenPGP.js encrypted mail client (Chrome HML5 App)

[Paul Ferguson]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Top-posting to retain context here...

I am not criticizing JavaScript -- I am advocating the segmentation of
using JavaScript for encryption from JavaScript for everything. :-)

If runtime JavaScript can be "contained" just for the encryption
mechanism, then I will happily advocate for that.

In fact, I am pretty much using it today in
Thunderbird/Enigmail/OpenPGP, while using NoScript.

Having said that, NoScript is not recommended for the masses, since it
requires the user to make some very tough technical decisions which
they may not know the answer to.

- - ferg


On 1/21/2014 6:53 PM, Fabio Pietrosanti (naif) wrote:

> Il 1/22/14, 8:06 AM, Paul Ferguson ha scritto:
>> 
>> While I do not disagree with you here, per se, I would like to 
>> point out that any client  that gratuitously trusts JavaScript 
>> *or* HTML5 is also a client which allows the end user to be 
>> victimized by the most casual daily criminal campaigns.
> 
> I just would like to argue that the delivery (download, 
> installation, upgrade) of an Chrome App is far more secure than an 
> native application with an executable installer, due to the trust 
> model of application store and the reduced risks of being 
> hijacked/infected during the download.
> 
> That's not a website delivering you javascript code.
> 
> That's an *application* that is built using Javascript/HTML5 like 
> if it was built using Objectice-C/C++ for iOS.
> 
> No substancial difference.
> 
> I'm really bored about the continuous critics against use of 
> Javascript for encryption purposes.
> 
> HTML5/JS is in the the future of any application development, it's 
> the only eterogenous application development environment, the 
> browser is the home of the end-user.
> 
> That's what we just need to accept, it already happened, it's 
> always that way. We just need to deal with that.
> 
> -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and 
> Digital Human Rights http://logioshermes.org - 
> http://globaleaks.org - http://tor2web.org
> 
> 
> 


- -- 
Paul Ferguson
'Get off my lawn!'
PGP Public Key ID: 0x54DC85B2


- -- 
Paul Ferguson
PGP Public Key ID: 0x54DC85B2

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iF4EAREIAAYFAlLfNY8ACgkQKJasdVTchbJImAD+N/wSDGbF5EDLzd24ezmKzmvk
OH+vvMYW5MB9RrkgFGsBAI0yGNo0AXOptFoBPolU1UAbw07iDRxFudiNjLHeV7R7
=o02C
-END PGP SIGNATURE-
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Whiteout OpenPGP.js encrypted mail client (Chrome HML5 App)

[Paul Ferguson]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi Fabio,

On 1/21/2014 6:28 PM, Fabio Pietrosanti (naif) wrote:

> From the very active OpenPGP.js community it has been just released
> the Alpha version of WhiteOut mail, an encrypted email client
> entirely done in HTML5/Javascript delivered as a Chrome Packaged
> App with Gmail integration.
> 
> It's worth looking at the future of this project.
> 
> -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and
> Digital Human Rights http://logioshermes.org -
> http://globaleaks.org - http://tor2web.org


While I do not disagree with you here, per se, I would like to point
out that any client  that gratuitously trusts JavaScript *or* HTML5 is
also a client which allows the end user to be victimized by the most
casual daily criminal campaigns.

JavaScript and HTML5 are both powerful building blocks of Web 2.0
content, but they are equally evil as they are used by criminals to
victimize the vast majority of pedestrian Internet users.

If we keep marching down the path we have been on, then we are simply
continuing to train users to be victims or cybercrime.

We need much better controls for end users, which don;t require them
to make complicated decisions.

Cheers,

- - ferg



- -- 
Paul Ferguson
PGP Public Key ID: 0x54DC85B2

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iF4EAREIAAYFAlLfLqwACgkQKJasdVTchbLenQEA28tlZnmBaWAcDAlM9yARMq5M
mbAOHKLiq/aoC7fgpzoBAJGfZTM6iyP/pEkO96qdQnmjnulCeb/0ZecE9GX8E1eI
=ZOdD
-END PGP SIGNATURE-
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Your refrigerator probably hasn't joined a botnet

[Paul Ferguson]

On 1/19/2014 11:47 AM, Alexandros Papadopoulos wrote:

> What worries me most is that Internet-connected media devices (like
> "smart" TVs) are ripe vehicles for taking wholesale surveillance from
> its current level (location & communications surveillance) to a whole
> new level (surveillance of your most intimate physical space - your
> home, but also of course everywhere where TVs would be installed).

Yes, I have a healthy concern & trepidation over that, too. :-/

- ferg


-- 
Paul Ferguson
'Get off my lawn!'
PGP Public Key ID: 0x54DC85B2

-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Your refrigerator probably hasn't joined a botnet

[Paul Ferguson]

On 1/19/2014 11:47 AM, Alexandros Papadopoulos wrote:

> I'm not as worried about a malware-infested IoT - as most end-user
> computing devices are malware-infested already and even though these
> devices are important and information-rich, civilisation has not ended.
> 
> What worries me most is that Internet-connected media devices (like
> "smart" TVs) are ripe vehicles for taking wholesale surveillance from
> its current level (location & communications surveillance) to a whole
> new level (surveillance of your most intimate physical space - your
> home, but also of course everywhere where TVs would be installed).
> 

Yes, I have a healthy concern & trepidation over that, too. :-/

- ferg


-- 
Paul Ferguson
PGP Public Key ID: 0x54DC85B2

-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] Your refrigerator probably hasn't joined a botnet

[Paul Ferguson]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256


This nonsense about refrigerators being part of a botnet is not an
accurate depiction of the world we live in today, but more of a
warning of where things can go wrong in the future, while
technologists are rushing headlong into the Internet of Things (IoT).

While there are certainly some interesting real-world examples of
unintended consequences of consumer devices being infected by Trojan
Horse programs and other malware (e.g. digital cameras and picture
frames coming directly into the retail market "pre-infected" from the
manufacturer, hospital healthcare devices becoming infected by
computer worms through incidental contact, etc.), most cases today are
incidental.

Via BoingBoing:

"A mediagenic press-release from Proofpoint, a security firm,
announced that its researchers had discovered a 100,000-device-strong
botnet made up of hacked 'Internet of Things' appliances, such as
refrigerators. The story's very interesting, but also wildly
implausible as Ars Technica's Dan Goodin explains."

"The report is light on technical details, and the details that the
company supplied to Goodin later just don't add up. Nevertheless, the
idea of embedded systems being recruited to botnets isn't inherently
implausible, and some of the attacks that Ang Cui has demonstrated
scare the heck out of me."

http://boingboing.net/2014/01/18/your-refrigerator-probably-has.html

Don't get sucked in by the IoT marketing hype, but -- and it is a
*big* but -- there definitely is a potential for this headlong rush
into the Internet of Things can develop into the unfortunate situation
where no one spent enough time thinking about the security posture of
such actions. If no one spends time up front thinking about these
implications, we can have a real mess on our collective hands.

- - ferg


- -- 
Paul Ferguson
PGP Public Key ID: 0x54DC85B2

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iF4EAREIAAYFAlLb/voACgkQKJasdVTchbK2gAEAkVHL7DP6ZHZFvR/11XYArhMD
rK27pe++vBn/H/3xN40BAJuOJ70GJwS9W+rGPgXwvRADLJpcWPQhB2MwBuO8CY1B
=9tBD
-END PGP SIGNATURE-
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] BASES Startup Career Fair is this Thursday! Submit your resume!

[Paul Benigeri]

*BASES Startup Career Fair*

When: *Thursday, January 16th, 11am-4pm*

Where: Lawn behind Gates and Mudd

The BASES Startup Career Fair is *this Thursday!*

Remember to *upload your resume* * by Thursday *to
have BASES share it with the startups you're interested in.

Last year, several students that were not able to attend the BASES Startup
Career Fair got job offers through submitting their resumes. It's worth a
shot!

Check out our online brochure  for a
preliminary list of companies!

[image: Inline image 1]
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Mass Surveillance in America - Program on Liberation Technology

[Paul Ferguson]

Interesting, the website shows the date/time as:

December 5, 2013
4:30 PM - 6:00 PM

- ferg

On 10/16/2013 10:01 AM, Yosem Companys wrote:


http://liberationtechnology.stanford.edu/events/7888

Mass Surveillance in America
CDDRL Seminar Series

DATE AND TIME
October 17, 2013
4:30 PM - 6:00 PM

AVAILABILITY
Open to the public
No RSVP required

SPEAKER
Jennifer Granick - Director of Civil Liberties, Stanford Law School Center for 
Internet and Society at Stanford University

Abstract
The American government is at a crossroads in its relationship with the people 
it governs. Despite long-standing official denials, documents leaked to the 
press by 29-year-old government contractor Edward Snowden show that the United 
States has a vast domestic spying program in which it indiscriminately collects 
information on millions or hundreds of millions of Americans in the name of 
foreign intelligence and counterterrorism. These revelations impact our 
domestic law and policy as well as commercial and international interests.  In 
this talk, Granick will review what we now know about government surveillance, 
discuss the legality of these programs and discuss principles to help lawmakers 
and the public understand and respond to mass surveillance.

Jennifer Granick is the Director of Civil Liberties at the Stanford Center for Internet and Society. Jennifer returns to Stanford after working with the internet boutique firm of Zwillgen PLLC. Before that, she was the Civil Liberties Director at the Electronic Frontier Foundation.  Jennifer practices, speaks and writes about computer crime and security, electronic surveillance, consumer privacy, data protection, copyright, trademark and the Digital Millennium Copyright Act. From 2001 to 2007, Jennifer was Executive Director of CIS and taught Cyberlaw, Computer Crime Law, Internet intermediary liability, and Internet law and policy. Before teaching at Stanford, Jennifer spent almost a decade practicing criminal defense law in California. She was selected by Information Security magazine in 2003 as one of 20 "Women of Vision" in the computer security field. She earned her law degree from University of California, Hastings College of the Law and her undergraduate degree from 

the New
College of the University of South Florida.


LOCATION
Wallenberg Theater
Wallenberg Hall
450 Serra Mall, Building 160

Stanford, Ca 94305-2055






--
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change 
to digest, or change password by emailing moderator at compa...@stanford.edu.

[liberationtech] Mykolab.com [Was: Re: RiseUp]

[Paul Ferguson]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I can't speak to RiseUp, but I moved most of my personal GMail traffic over
to http://mykolab.com/ based in Switzerland.

It is *not* free. :-)

- - ferg


On 10/15/2013 3:07 PM, Yosem Companys wrote:

> Hi All,
>
> Lately, I've been receiving inquiries from Internet users seeking to
> replace their commercial email accounts (e.g., Gmail) with more
> private and secure alternatives.  A number of these inquiries pertain
> to Riseup (https://mail.riseup.net).
>
> While I admire the work of the Riseup team, I don't think we've ever
> had a discussion of its products' benefits and limitations as they
> pertain to security and privacy.
>
> If you have any thoughts about Riseup, whether
> security/privacy-related or otherwise, I'd love to hear them.
>
> Thanks,
>
> Yosem
>



-BEGIN PGP SIGNATURE-
Version: PGP Desktop 10.2.0 (Build 2317)
Charset: utf-8

wj8DBQFSXb+Fq1pz9mNUZTMRAjN+AJ0fZxBZX2pODoKO5PHpG8G2VSVIPQCfUN1g
KFLHzmBvDBotbDQn8AdAspA=
=ZpUF
-END PGP SIGNATURE-
--
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change 
to digest, or change password by emailing moderator at compa...@stanford.edu.

[liberationtech] RNG in Raspberry Pi

[Paul Elliott]

What is the quality of the Hardware RNG in the Raspberry Pi?

I have heard about the controversy about the intel chip
and wondered if there were any parallel questions about
the Raspberry Pi.

Near as I can figure out if an Hardware RNG does not
come automaticly with your desktop or laptop, the Raspberry Pi
seems to be about the cheapest source of random numbers you
can get.

Entropy key are only 36 pounds, but they seem to have a long
backlog.

What about using and Raspberry Pi for hard random number 
generation?


Question 2:

What effect did Quantum World Corporation v. Atmel Corporation et
al have on the availablity of Hardware RNGs in PCs?

Thank you for considering my questions.



-- 
Paul Elliott   1(512)837-1096
pelli...@blackpatchpanel.com   PMB 181, 11900 Metric Blvd Suite J
http://www.free.blackpatchpanel.com/pme/   Austin TX 78758-3117
---
"Encryption works. Properly implemented strong crypto systems are one
of the few things that you can rely on. Unfortunately, endpoint
security is so terrifically weak that NSA can frequently find ways
around it." Edward Snowden
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Question re Cisco auth and remote login best-practices

[Paul Ferguson]

On 9/22/2013 10:32 PM, Bill Woodcock wrote:



So, if we assume the worst, and figure we're just doing damage-control and 
minimizing a large problem, what are the best-practices to follow in 
configuring Cisco routers in remote locations?

Generate max-length (4096-bit?) RSA keys on them, for the SSH sessions…

Use remote auth to do command-by-command authorization, no level-15 logins?

Run TACACs over IPsec?  Over something else?



Locally trusted human. :-)

- ferg



--
Paul Ferguson
Vice President, Threat Intelligence
Internet Identity, Tacoma, Washington  USA
IID --> "Connect and Collaborate" --> www.internetidentity.com
--
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change 
to digest, or change password by emailing moderator at compa...@stanford.edu.

[liberationtech] Current state of RSA/Public Key javascript implementations

[Charles Paul]

Hello,

Hope everyone is doing great.  I was wondering if anyone on this list is 
aware of the current state of different javascript implementations of 
RSA or other asymmetric ciphers, and are willing to share a report.  Of 
primary interest are free-software & patent unencumbered implementations 
which have been audited by external parties.


Take care,
Charles Paul
--
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change 
to digest, or change password by emailing moderator at compa...@stanford.edu.

Re: [liberationtech] Recommended surveillance readings?

[Paul Bernal (LAW)]

>From a legal perspective, an interesting recent piece is Neil Richards' The 
>Dangers of Surveillance:

http://www.harvardlawreview.org/issues/126/may13/Symposium_9477.php


On 13 Sep 2013, at 16:09, "Robert Guerra" 
mailto:rgue...@privaterra.org>> wrote:

A global context would be great.

I'll ask around on several country & region specific lists that i'm on and 
share the details back on this list.

regards

Robert

--
R. Guerra
Phone/Cell: +1 202-905-2081
Twitter: twitter.com/netfreedom
Email: rgue...@privaterra.org

On 2013-09-13, at 12:16 AM, Yosem Companys wrote:

From:
Burcu Bakioglu mailto:bbaki...@gmail.com>>

Hi all,
I am looking for suggestions on a student friendly reading on surveillance,
something that gives the overall picture, and any interesting readings on
the latest NSA incident. Having said that, I should note that I have some
materials in my hands, I just can't decide what would be engaging in a
classroom setting, hence my query... Any experiences on that regard?

Many thanks!


--
Thanks,

Burcu S. Bakioglu, Ph.D.
Postdoctoral Fellow in New Media
Lawrence University

http://www.palefirer.com

-- Come to the dark side, we have cookies!
--
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

--
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Snowden masks for Holloween?

[Paul Elliott]

On Mon, Sep 02, 2013 at 05:44:41PM -0400, Shava Nerad wrote:
> Wouldn't there be a licensing issue?  It's a hard argument that he has no
> right to the commercial exploitation of his likeness on the basis of being
> a fugitive whistleblower,  and I doubt anyone is authorized as an agent to
> grant that license on his behalf.
> 
> We have these privacy laws about just using people's images without
> permission.  They are a bit like copyright, but say you can't exploit the
> subject matter without permission,  for profit,  with a few exceptions.
> (Face not recognizable,  press reports on "public figures, " release form
> signed,… ).
> 
> CSJ ethics guidelines and EFF's bloggers' guides and Berkman's guide for
> media creators have good outlines for US law on this stuff.
> 
> Also my union has a nice guide,  the National Writer's Union (AFL-CIO)
> which I only mention because it's behind a paywall -- and also to explain
> that since it's May Day… er...Labor Day here in the states, I am lazily
> quoting all this off the top of my head and making you verify and look up
> the links.  I am on holiday. ;)
> 

Is not Snowden a public figure? I am sure bush and obama did
not approve all the bush and obama masks?

-- 
Paul Elliott   1(512)837-1096
pelli...@blackpatchpanel.com   PMB 181, 11900 Metric Blvd Suite J
http://www.free.blackpatchpanel.com/pme/   Austin TX 78758-3117
-- 
Liberationtech is a public list whose archives are searchable on Google. 
Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] Snowden masks for Holloween?

[Paul Elliott]

Is it not funny, no one seems to be commercially oftering Snowden
masks for this Holloween.

I looked on Amazon and google and nothing on the first page of
a cursory search.

You would think it would be a top seller.

Is presure being applied?

Please tell me if you are aware of a source.

Thank You.

-- 
Paul Elliott   1(512)837-1096
pelli...@blackpatchpanel.com   PMB 181, 11900 Metric Blvd Suite J
http://www.free.blackpatchpanel.com/pme/   Austin TX 78758-3117
---
"Encryption works. Properly implemented strong crypto systems are one
of the few things that you can rely on. Unfortunately, endpoint
security is so terrifically weak that NSA can frequently find ways
around it." Edward Snowden
-- 
Liberationtech is a public list whose archives are searchable on Google. 
Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] History of hardware RNGs in PC?

[Paul Elliott]

On Fri, Jul 19, 2013 at 02:03:23PM +0200, KheOps wrote:

What is the history of HRNG is consumer PCs?

Is there any indication that this lawsuit had any impact
on the availablity of HRNGs in consumer PCs?
http://dockets.justia.com/docket/texas/txedce/2:2007cv00024/100867/

Which side won the lawsuit or is that known since it
was settled?

Any indication of governmental influence in the lawsuit?

Anyone knowing the true story please post it.

Thank You.

-- 
Paul Elliott   1(512)837-1096
pelli...@blackpatchpanel.com   PMB 181, 11900 Metric Blvd Suite J
http://www.free.blackpatchpanel.com/pme/   Austin TX 78758-3117
---
"Encryption works. Properly implemented strong crypto systems are one
of the few things that you can rely on. Unfortunately, endpoint
security is so terrifically weak that NSA can frequently find ways
around it." Edward Snowden
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] {Spam?} Re: Travellers' mobile phone data seized by police at border

[Paul Bernal (LAW)]

Our police do it to 'suspects' inside the UK too…

http://www.bbc.co.uk/news/technology-18102793


"The Metropolitan Police has implemented a system to extract mobile phone data 
from suspects held in custody. The data includes call history, texts and 
contacts, and the BBC has learned that it will be retained regardless of 
whether any charges are brought. The technology is being used in 16 London 
boroughs, and could potentially be used by police across the UK. Campaign group 
Privacy International described the move as a "possible breach of human rights 
law".

Until now, officers had to send mobiles off for forensic examination in order 
to gather and store data, a process which took several weeks. Under the new 
system, content will be extracted using purpose built terminals in police 
stations. It will allow officers to connect a suspect's mobile and produce a 
print out of data from the device, as well as saving digital records of the 
content…."

That's from May 2012 -  I'm told informally that it happens very regularly in 
practice.

Paul




Dr Paul Bernal
Lecturer
UEA Law School
University of East Anglia
Norwich Research Park
Norwich NR4 7TJ

email: paul.ber...@uea.ac.uk
Web: http://www.paulbernal.co.uk/
Blog: http://paulbernal.wordpress.com/
Twitter: @paulbernalUK

On 16 Jul 2013, at 14:31, LilBambi 
 wrote:

> I think this has been going on in the UK and USA for some time now.
> And I am sure other countries are also doing it, although many might
> not be considered 'free' nations as the UK and USA boast.
> 
> On Mon, Jul 15, 2013 at 9:45 AM, Eugen Leitl  wrote:
>> 
>> (leave your data at home in an encrypted cloud (you cannot
>> be asked to decrypt data not in your possession), treat
>> seized devices as sacrificable due to potential backdoors
>> installed during examination so use cheap disposables when
>> travelling and restock from a known good source)
>> 
>> http://www.telegraph.co.uk/technology/10177765/Travellers-mobile-phone-data-seized-by-police-at-border.html
>> 
>> Travellers' mobile phone data seized by police at border
>> 
>> Thousands of innocent holidaymakers and travellers are having their phones
>> seized and personal data downloaded and stored by the police, The Telegraph
>> can disclose.
>> 
>> Tourist using mobile phone at an airport
>> 
>> A police officer can stop any passenger at random, scour their phone and
>> download and retain data, even of the individual is then immediately allowed
>> to proceed Photo: ALAMY
>> 
>> By Tom Whitehead, and David Barrett9:01PM BST 13 Jul 2013Comments206 Comments
>> 
>> Officers use counter-terrorism laws to remove a mobile phone from any
>> passenger they wish coming through UK air, sea and international rail ports
>> and then scour their data.
>> 
>> The blanket power is so broad they do not even have to show reasonable
>> suspicion for seizing the device and can retain the information for “as long
>> as is necessary”.
>> 
>> Data can include call history, contact books, photos and who the person is
>> texting or emailing, although not the contents of messages.
>> 
>> David Anderson QC, the independent reviewer of terrorism laws, is expected to
>> raise concerns over the power in his annual report this week.
>> 
>> He will call for proper checks and balances to ensure it is not being abused.
>> 
>> It echoes concerns surrounding an almost identical power police can use on
>> the streets of the UK, which is being reviewed by the Information
>> Commissioner.
>> 
>> However, in those circumstances police must have grounds for suspicion and
>> the phone can only be seized if the individual is arrested.
>> 
>> Mr Anderson said: “Information downloaded from mobile phones seized at ports
>> has been very useful in disrupting terrorists and bringing them to justice.
>> 
>> “But ordinary travellers need to know that their private information will not
>> be taken without good reason, or retained by the police for any longer than
>> is necessary.”
>> 
>> Up to 60,000 people a year are “stopped and examined” as they enter or return
>> to the UK under powers contained in the Terrorism Act 2000.
>> 
>> It is not known how many of those have their phone data taken.
>> 
>> Dr Gus Hosein, of the campaign group Privacy International, said: “We are
>> extremely concerned by these intrusive tactics that have been highlighted by
>> the independent terrorism reviewer.
>> 
>> “These practices have been taking place under the radar for far too long and
>> if Mr Anderson calls for reform and new safegua

Re: [liberationtech] [serval-project-dev] Re: Unique Opportunity: Input to CEOs of Smartphone Manufacturers

[Paul Gardner-Stephen]

Hello all,

Date: Fri, 12 Jul 2013 11:24:27 +0200

> From: Eduardo Robles Elvira 
> To: liberationtech 
> Subject: Re: [liberationtech] Unique Opportunity: Input to CEOs of
> Smartphone Manufacturers
> Reply-To: liberationtech 
>
> Hello:
>
> I'd like to see a mesh mode in the mobile phones. There are currently
> lots of mesh software initiatives, but I haven't seen any smartphone
> manufacturers support this. In the past, they were dependant of
> telecommunication companies to sell their phones, but now some
> companies are now starting to sell phones by themselves (Google for
> example). A mesh network mode would allow users to communicate even if
> there's no other conection, it can be useful to conect with peers in a
> demonstration or to transmit stream video to them in case police
> breaks your phone.
>

This is basically what we have been working towards with the Serval Project
(servalproject.org, developer.servalproject.org/wiki, igg.me/at/speakfreely),
with built-in end-to-end encryption, and fully distributed operation.

Disaster zones and isolated communities are our primary use cases.
 However, our one trial so far was actually for the kind of use you discuss
above, and showed that people communicated more, and spent less in the
process. It was used to get footage from a protest that ended up online
(see links in the report).  Encryption wasn't baked in at that time, but
now is.  Limited range is being addressed by the Mesh Extender (
igg.me/at/speakfreely). You can read the deployment report here:

http://developer.servalproject.org/dokuwiki/doku.php?id=content:publications:internews2010



> On Fri, Jul 12, 2013 at 1:11 AM, Blibbet  wrote:
> >> (1) A unique key built into each device, which can't be read directly
> >> by software, but which can be used to derive other keys (e.g. for disk
> >> encryption) at a limited rate, slowing down brute-force attacks
> >> against such keys.
>

We do this a different way with Serval, by having a master key that is the
private key from which the public network identifier of each node is
derived (the Serval ID or SID).  Network addresses are public keys, which
greatly simplifies a pile of things.

These keys can be, and are used to encrypt arbitrary files that can also be
replicated across the network.  This is actually how text messaging is
implemented on the Serval Mesh.


> >> (2) An effaceable area of flash storage where the operating system can
> >> store encryption keys for the entire disk and/or individual files,
> >> making it possible to securely delete the corresponding data without
> >> having to smash the device into tiny little pieces.


That would be really nice.  Knowing that it isn't likely to happen, our
solution is to never write any sensitive data to flash unless it is
encrypted.  Our keyring format doesn't even store your SID (the public key)
en claire - you must know the unlock PIN(s) to access it.

Provision has been made to erase sensitive identities when unlocking a
specially created disposable identity with a dedicated self-destruct pin.

While it doesn't guarantee erasure of the encrypted keyring block from the
flash, it does make it much harder to recover the deleted identity,
especially if long PINs (really they can be pass phrases) are used.

All this provides the basis for plausible deniability.


>
>
>> (3) A pony.
>

We considered it, but came to the conclusion that it would make the APK
file too large.  Also most modern mobile phones lack a hay chute, and lack
batteries denominated in mOh (milli-oat-hours).

Anyway, we encourage everyone to take a look at what we are doing, pick
holes in it so that we can make it better, and consider helping us to
spread the word for our crowd-funding campaign at igg.me/at/speakfreely

Thanks,

Paul.

> Presuming the smartphone is ARM-based, and presuming if (1) is applied,
> > it'll probably have ARM TrustZone installed, then:
> >
> > (4) Install a modern firmware on your smartphone, with useful security
> > features.
> >
> > (4a) Linux-based Coreboot. or
> >
> > (4b) UEFI.
> >
> > Use UEFI's SecureBoot feature, to enhance your Linux/Android/B2G/etc OS,
> > something none of your competitors are doing, except MS/Win8. To do so,
> you
> > need TPM on x86 or TrustZone on ARM, and you need to get your OS vendor
> to
> > sign the firmware, and not let MS Win8 hardware logo requirements confuse
> > you.
> >
> > Beyond the default TianoCore source, leverage Linaro's ARM-centric fork
> of
> > TianoCore, and Intel's MinnowBoard's UEFI which targets Linux
> > (Angstrom/Yocto), but neither of these Linux-centric UEFI targets support
> > the SecureBoot feature.
> &g

Re: [liberationtech] WeChat

[Paul Holden]

On 13-07-14 23:29:03, Sarah Lai Stirland 
wrote:
> Thanks. This is the kind of discussion and back and forth I was looking for
> ... I kind of figured this was the case, although I don't know of any
> actual examples of any of this happening. I know a lot of Chinese people

From what I understand one of the reasons the Chinese government doesn't
allow twitter or Facebook in China is because they can't get physical
access to the servers. QQ, renren (人人网) and Weibo (微博) are social
networking services equivalent to FB and twitter, and the Chinese
government has no problem with them.

Partly based on that, as well as other factors, I think it's safe to
assume that the PSB has direct access to these companies' facilities and
does whatever it wants with the data, including complete social graph
analysis. I'd be surprised if the things Nathan suggested, are not
actually happening in China.

> use it, and I think it's interesting why it's so popular with the Chinese,
> and not so much in the US. When I say the American, I mean something made

This is interesting. There's a lot going on in the domestic software
industry in China that never gets noticed outside. Whether it's word
processors, browsers or social networking services, it's all being
produced domestically in China, but rarely seems to make it outside.

I think part of it is a language problem. But even when the software is
translated, as has been done with Wechat (微信)and Weibo, it doesn't
seem to get far outside China. The Weibo English version is a completely
different site and doesn't seem to have been marketed much in the west.
I don't know why they made those choices. Based on what I've sen with
WeChat, its largest markets outside China are Thailand and Malaysia.

WeChat is an easy jump from QQ, since you can use the same credentials
(if you want). But it's a completely separate set of contacts and so a
different social network. It's mobile only, there is no website.

In my experience with WeChat, most people use it for 1-1 communication,
including sharing photos. They also post photos and links on their
"moments" (ie, wall) and their friends either comment on or like these.
It has limited social networking capability compared to QQ or FB, but it
might be that this subset of features is just what people want on a
mobile phone app. I think the proximity search for friends and the
"shake" feature are probably quite attractive ones.

I've found that I use WeChat a lot more now than I ever used the QQ
mobile app, or the QQ website. I have several Chinese friends inside and
outside China whom I keep in touch with via WeChat. I've rarely met
anyone who's not from China who uses WeChat (or QQ for that matter) or
even knows what it is.

Paul
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] One time pad Management system?

[Paul Elliott]

On Fri, Jul 12, 2013 at 04:15:22PM +0200, Eugen Leitl wrote:
> On Thu, Jul 11, 2013 at 08:12:32PM -0500, Paul Elliott wrote:
> > Are there any practical one time pad management systems out there,
> > GPLed for GNU/Linux?
> 
> The biggest problem of one-time pads is their generation.
> You need a properly whitened and reviewed hardware entropy 
> source for that, which is a rare beast indeed (e.g.
> many do not trust Intel's hardware RNG).

Please give more info on this. What about the hardware
rng that amd used to build into their computers?

-- 
Paul Elliott   1(512)837-1096
pelli...@blackpatchpanel.com   PMB 181, 11900 Metric Blvd Suite J
http://www.free.blackpatchpanel.com/pme/   Austin TX 78758-3117
---
"Encryption works. Properly implemented strong crypto systems are one
of the few things that you can rely on. Unfortunately, endpoint
security is so terrifically weak that NSA can frequently find ways
around it." Edward Snowden
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] One time pad Management system?

[Paul Elliott]

On Thu, Jul 11, 2013 at 08:27:55PM -0700, h...@riseup.net wrote:
> What is a "One Time Pad" management system? A text file?
> 
> Also, why do you want to use a OTP? There are pretty good reasons not to
> use one which a book on cryptography will be able to explain to you.
> 
> Also, I don't think this list is perhaps the best place to ask these
> questions. Perhaps try the Cryptography stack exchange.
> 

There are situations where a OTP is ideal, as any good book
on cryptography will tell you.

There are situations where people can anticipate the future
need to communicate quickly, but absolutely securely. In some
cases a high bandwidth, low latency secure communications channel
exists.

Example 1: Every government in the world can anticipate the future
need to communicate quickly with every other government.  A low
latency high bandwidth secure communications channel exits.
(Couriers). Given a secure communications channel for key exchange,
OTPs are absolutely unbreakable. There is nothing the NSA's
mathematicians can do about it. Therefore we can expect that every
government (and big corporation) uses OTPs. If they don't they are
stupid.

Example 2: most family members meet, an ideal time to exchange
OTPs.

OTPs can be thought of a way to figuratively speaking, "send your
message before you write it". In other words, you can use the low
latency secure channel in advance, to enable you to later send an
absolutely secure message quickly later over an insecure, high latency
channel like the internet.

"Never underestimate the bandwidth of a station wagon full of tapes
hurtling down the highway." Tanenbaum, Andrew S.

OTPs have no public key features. OTPs are useless for impromptu
communication.  Parties using OTP must plan in advance and exchange
keys. But, given this planning and anticipation, OTPs are superior to
every other form of cryptography, because given the security of the
key exchange and the keys, they are absolutely unbreakable.

Who knows what theorems the NSA's mathematicians have proved in
secret? For all we know, RSA and DSA may be completely broken. But
the OTP is unbreakable.

-- 
Paul Elliott   1(512)837-1096
pelli...@blackpatchpanel.com   PMB 181, 11900 Metric Blvd Suite J
http://www.free.blackpatchpanel.com/pme/   Austin TX 78758-3117
---
"Encryption works. Properly implemented strong crypto systems are one
of the few things that you can rely on. Unfortunately, endpoint
security is so terrifically weak that NSA can frequently find ways
around it." Edward Snowden
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] One time pad Management system?

[Paul Elliott]

Are there any practical one time pad management systems out there,
GPLed for GNU/Linux?

Is anyone working on one?

If not, does anyone want to start?

Thank You for considering this question.
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Paper on Google Glass

[Paul Bernal (LAW)]

Yes, I agree with all that - ultimately it's about autonomy, in a way. As we 
become integrated in the system, we lose that autonomy.

Sent from my iPhone

On 10 Jul 2013, at 19:25, "Raven Jiang CX" 
mailto:j...@stanford.edu>> wrote:

I think privacy is just a small part of a larger issue when it comes to Google 
Glass and its future descendants.

The large issue is how increasing network connectivity changes what it means to 
be an individual or to even be human. As our access to the Internet becomes 
more immediate (from huge desktops to HUD) and persistent, I think we will stop 
seeing ourselves as individuals and more as a collective. Think of how 
groupthink works online and then a future where you can never be offline.

And when we grow reliant on Glass constantly prompting us with information 
about the real world, will we still bother to remember things? I feel that 
there is a natural tendency for those of us who are highly connected (myself 
included) to offload cognitive functions onto our web-enabled devices. We stop 
remembering certain information and instead remember what keywords to Google 
for to retrieve that information.

I wonder if hivemind will eventually become literal as technology progresses 
and more closely binds itself to our mental processes.

Sorry for the digression, but that's how I perceive privacy issues when it 
comes to Google Glass. Much like how karma and upvotes lead to groupthink, 
greater connectivity and sharing can subject our lives to constant peer 
approval. I think that wisdom of the crowd only works when individuals in the 
crowd are not subjected to the same bias.

Raven Jiang

Stanford University
Computer Science
soraven.com<http://www.soraven.com/>

On 10 July 2013 11:08, Paul Bernal (LAW) 
mailto:paul.ber...@uea.ac.uk>> wrote:
I wrote a blog piece on Glass a month or two back:

http://paulbernal.wordpress.com/2013/05/07/google-glass-just-because-you-can/

Here's the text:

Google Glass: just because you can…

As a bit of a geek, and a some-time game player, it’s hard not to like the look 
of Google Glass. Sure, it makes you look a little dorky in its current 
incarnation (even if you’re Sergey Brin, as in the picture below) but people 
like me are used to looking dorky, and don’t really care that much about it. 
What it does, however, is cool, and cool in a big way. We get heads-up displays 
that would have been unimaginable even a few years ago, a chance to feel like 
Arnie in the Terminator, with the information about everything we can see 
immediately available. It’s cool – in a dorky, sci-fi kind of way, and for 
those of us brought up on a diet of SF it’s close to irresistible.

And yet, there’s something in the back of my mind – well, OK, pretty close to 
the front of my mind now – that says that we should be thinking twice about 
pushing forward with developments like this. Just because we can make something 
as cool as Google Glass, doesn’t mean that we should make it. There are 
implications to developments like this, and risks attached to it, both direct 
and indirect.

Risks to the wearer’s privacy

First we need to be clear what Google Glass does – and how it’s intended to be 
used. The idea is that the little camera on the headset essentially ‘sees’ what 
you see. It then analyses what it can see, and provides the information about 
what you see – or information related to it. In one of the promotional videos 
for it, for example, as the wearer looks at a subway station, the Glass alerts 
the wearer to the fact that there’s a delay on the subway, so he’d better walk. 
Then he looks at a poster for a concert – it analyses the poster, then links 
directly to a ticket agency that lets him buy a ticket for the concert.

Cool? Sure, but think about what’s going on in the background – because there’s 
a lot. First of all, and almost without saying, the Google Glass headset is 
tracking the wearer: what we can ‘geolocation’. It knows exactly where you are, 
whenever you’re using it. There are implications to that – I’ve written about 
them before – and this is yet another step towards making geolocation the 
‘norm’. The idea is that Google (and others) want to know exactly where you are 
at all times – and of course that means that others could find out, whether for 
good purposes or bad.

Secondly, it means that Google are able to analyse what you are looking at – 
and profile you, with huge accuracy, in the real world, the way to a certain 
extent they already do in the online world. And, again, if Google can profile 
you, others can get access to that profile – either through legal means or 
illegal. You might have consented to giving others access, in one of those long 
Terms and Conditions documents you scrolled down without reading and clicked 
‘OK’ to. The government might ask Google for access to your feed, in the course 
of some investigation or other. A hacker might even hack into your system to 

Re: [liberationtech] Paper on Google Glass

[Paul Bernal (LAW)]

 that. Firstly, should we really need to check 
the glasses of everyone who can see us? Secondly, this is just the first 
generation of Google Glass. What will the next one look like? Cooler, less like 
something out of Star Trek? And the technology could be used in ways that are 
much less obvious – hack and disguise your own Google Glass and make it look 
like a pair of ordinary sunglasses? Not hard for a hacker. They’ll be available 
on the net within a pretty short time.

Normalising surveillance

All these, however, are just details. The real risk is at a much higher level – 
but it may be a danger that’s already been discounted. It’s the risk that our 
society goes down a route where surveillance is the norm. Where we expect to be 
filmed, to have our every movement, our every action, our every word followed, 
analysed, compiled, and aggregated for the service of companies that want to 
make money out of us and governments that want to control us. Sure, Google 
Glass is cool, and sure it does some really cool stuff, but is it really worth 
that?

Now there may be ways to mitigate all these risks, and there may be ways that 
we can find to help overcome some of the issues. I’d like it to be so, because 
I love the coolness of the technology. Right now, though, I’m not convinced 
that we have – or even that we necessarily will be able to. It means, for me, I 
think we need to remember that just because we can do things like this, it 
doesn’t mean that we should.



Dr Paul Bernal
Lecturer
UEA Law School
University of East Anglia
Norwich Research Park
Norwich NR4 7TJ

email: paul.ber...@uea.ac.uk<mailto:paul.ber...@uea.ac.uk>
Web: http://www.paulbernal.co.uk/
Blog: http://paulbernal.wordpress.com/
Twitter: @paulbernalUK

On 10 Jul 2013, at 17:52, Yosem Companys 
mailto:compa...@stanford.edu>>
 wrote:

From: Bruno Fortugno 
mailto:brunofortu...@sympatico.ca>>

I am a student writing a paper on the potential privacy issues caused by 
Google's upcoming product Google Glass. I was wondering if anyone could advise 
some good resources for my research.

Thanks,

Bruno Fortugno
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu<mailto:compa...@stanford.edu> or changing 
your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech

--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Secret European deals to hand over private data to America

[Paul Bernal (LAW)]

You're right of course: it was a facile reply of mine, particularly on here. 
It's how we respond that matters.

On 30 Jun 2013, at 04:10, "Jacob Appelbaum"  wrote:

> Paul Bernal (LAW):
>> None of this should be surprising, should it? It's a reasonable
>> assumption that all intelligence agencies share their data on a
>> pretty regular basis - certainly with 'friendly' nations, and almost
>> certainly with others, on a quid pro quo basis. It's always been that
>> way.
> 
> Hi,
> 
> Whenever I see this kind of response I wonder, is it a surprise that
> people are robbed? Or that wars kill innocent people? Is it a surprise
> that our governments spy on us? Is it a surprise that people are
> sexually assaulted? It is a surprise that computers get hacked? That
> bankers who pillage walk free?
> 
> I wonder though - do such people who may or may not be surprised - do
> they have any other thoughts?
> 
> Would you tell a victim of the Stasi - "I'm not surprised you were
> harassed!" or would you tell a friend who was beaten for being gay "I'm
> not surprised you were beaten up!"
> 
> Is there a thought that comes after that lack of surprise?
> 
> One wonders if some cynical feelings might smother all other thinking.
> 
> What comes after surprise? Do you - for example - think it is wrong? Do
> you - for example - want it to be this way?
> 
> All the best,
> Jacob
> --
> Too many emails? Unsubscribe, change to digest, or change password by 
> emailing moderator at compa...@stanford.edu or changing your settings at 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Secret European deals to hand over private data to America

[Paul Bernal (LAW)]

None of this should be surprising, should it? It's a reasonable assumption that 
all intelligence agencies share their data on a pretty regular basis - 
certainly with 'friendly' nations, and almost certainly with others, on a quid 
pro quo basis. It's always been that way.

On 29 Jun 2013, at 21:42, "Jurre andmore"  wrote:

> There was a hearing last week in Dutch parliament about PRISM. There
> was another interesting point being discussed a rumor that the TAT-14
> cable in Katwijk was being eavesdropped. Not only is it eavesdropped,
> but data is shared with the US!
> 
> Article below:
> 
> Revealed: secret European deals to hand over private data to America
> 
> Germany 'among countries offering intelligence' according to new
> claims by former US defence analyst
> 
> 
> At least six European Union countries in addition to Britain have been
> colluding with the US over the mass harvesting of personal
> communications data, according to a former contractor to America's
> National Security Agency, who said the public should not be "kept in
> the dark".
> 
> Wayne Madsen, a former US navy lieutenant who first worked for theNSA
> in 1985 and over the next 12 years held several sensitive positions
> within the agency, names Denmark, the Netherlands, France, Germany,
> Spain and Italy as having secret deals with the US.
> 
> Madsen said the countries had "formal second and third party status"
> under signal intelligence (Sigint) agreements that compels them to
> hand over data, including mobile phone and internet information to the
> NSA if requested.
> 
> Under international intelligence agreements, confirmed by declassified
> documents, nations are categorised by the US according to their trust
> level. The US is first party while the UK, Canada, Australia and New
> Zealand enjoy second party relationships. Germany and France have
> third party relationships.
> 
> In an interview published last night on the PrivacySurgeon.org blog,
> Madsen, who has been attacked for holding controversial views on
> espionage issues, said he had decided to speak out after becoming
> concerned about the "half story" told by EU politicians regarding the
> extent of the NSA's activities in Europe.
> 
> He said that under the agreements, which were drawn up after the
> second world war, the "NSA gets the lion's share" of the Sigint
> "take". In return, the third parties to the NSA agreements received
> "highly sanitised intelligence".
> 
> Madsen said he was alarmed at the "sanctimonious outcry" of political
> leaders who were "feigning shock" about the spying operations while
> staying silent about their own arrangements with the US, and was
> particularly concerned that senior German politicians had accused the
> UK of spying when their country had a similar third party deal with
> the NSA.
> 
> Although the level of co-operation provided by other European
> countries to the NSA is not on the same scale as that provided by the
> UK, the allegations are potentially embarrassing.
> 
> "I can't understand how Angela Merkel can keep a straight face,
> demanding assurances from Obama and the UK while Germany has entered
> into those exact relationships," Madsen said.
> 
> The Liberal Democrat MEP Baroness Ludford, a senior member of the
> European parliament's civil liberties, justice and home affairs
> committee, said Madsen's allegations confirmed that the entire system
> for monitoring data interception was a mess, because the EU was unable
> to intervene in intelligence matters that remained the exclusive
> concern of national governments.
> 
> "The intelligence agencies are exploiting these contradictions and no
> one is really holding them to account," Ludford said. "It's terribly
> undermining to liberal democracy."
> 
> Madsen's disclosures have prompted calls for European governments to
> come clean on their arrangements with the NSA. "There needs to be
> transparency as to whether or not it is legal for the US or any other
> security service to interrogate private material," said John Cooper
> QC, a leading international human rights lawyer. "The problem here is
> that none of these arrangements has been debated in any democratic
> arena. I agree with William Hague that sometimes things have to be
> done in secret, but you don't break the law in secret."
> 
> Madsen said all seven European countries and the US have access to the
> Tat 14 fibre-optic cable network running between Denmark and Germany,
> the Netherlands, France, the UK and the US, allowing them to intercept
> vast amounts of data, including phone calls, emails and records of
> users' access to websites.
> 
> He said the public needed to be made aware of the full scale of the
> communication-sharing arrangements between European countries and the
> US, which pre-date the internet and became of strategic importance
> during the cold war.
> 
> The covert relationship between the countries was first outlined in a
> 2001 report by the European parliament, but t

Re: [liberationtech] {Spam?} Re: NYT: Obama’s German Storm

[Paul Bernal (LAW)]

Hi Fukami

I hope you're right that the lobbyists are out of the game for now. Their 
current tactic seems to be a delaying one: the advertising industry reps in 
particular are lobbying against doing anything too fast, and saying that there 
won't be an agreement over the regulations until 2014 at least - something most 
of us suspected anyway. They're hoping, I think, that the PRISM story will be 
short-lived, and in a few months time they'll be able to bring the lobby 
machine back into action on a big scale. I'm hoping that's not the case, of 
course: this could be a key moment for privacy people to get their message 
across and to have some kind of real effect.


Paul


Dr Paul Bernal
Lecturer
UEA Law School
University of East Anglia
Norwich Research Park
Norwich NR4 7TJ

email: paul.ber...@uea.ac.uk<mailto:paul.ber...@uea.ac.uk>
Web: http://www.paulbernal.co.uk/
Blog: http://paulbernal.wordpress.com/
Twitter: @paulbernalUK

On 21 Jun 2013, at 08:20, fukami mailto:f...@foo.io>>
 wrote:

Hey Paul!

On 18.06.2013, at 11:48, Paul Bernal (LAW) 
mailto:paul.ber...@uea.ac.uk>> wrote:
This all needs to be viewed in the context of complex and contentious internal 
wrangling within the EU over the data protection reform package. What the PRISM 
saga does is strengthen the hand of those within the EU advocating for a 
stronger new package, and less watering down. To an extent this is an internal 
battle - and the Eurocrats don't care as much what the US thinks. To me it's 
more 'Germany vs UK' than it is 'Germany vs US', if you see what I mean.

Thanks for pointing this out, I fully agree (at least as far I'm able to 
understand what's going at EP). I was mainly referring to the influence of US 
lobbyist to weaken data protection over the last couple of months. Even if I 
don't trust many politicians, for me it looks like these lobbyists are out of 
the game for now. And there seems to be a good chance to get article 42 back.

Ultimately they know that US businesses may well ignore large swathes of the 
new regulation, but they'll use that regulation for horse-trading, in the way 
they've done with European competition regulation for decades.

Well, if Safe Harbour dies it would have an impact for US companies (but maybe 
I'm just too optimistic).


Cheers,
 fukami


--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu<mailto:compa...@stanford.edu> or changing 
your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech

--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] NYT: Obama’s German Storm

[Paul Bernal (LAW)]

This all needs to be viewed in the context of complex and contentious internal 
wrangling within the EU over the data protection reform package. What the PRISM 
saga does is strengthen the hand of those within the EU advocating for a 
stronger new package, and less watering down. To an extent this is an internal 
battle - and the Eurocrats don't care as much what the US thinks. To me it's 
more 'Germany vs UK' than it is 'Germany vs US', if you see what I mean.

Ultimately they know that US businesses may well ignore large swathes of the 
new regulation, but they'll use that regulation for horse-trading, in the way 
they've done with European competition regulation for decades. 

It does, however, have a bit of symbolic significance, I think - and if 
businesses think 'privacy' might be a selling point, they might make some 
shifts. That matters more than the details of the law.


On 18 Jun 2013, at 10:39, "Eugen Leitl"  wrote:

> On Mon, Jun 17, 2013 at 10:40:23PM +0200, fukami wrote:
>> Hi,
>> 
>> it's not the first time I hear or read this from Americans: Many people 
>> already gave up discussions about data protection a long time ago. So there 
>> seems a lot of hope that Europeans and especially the Germans with their 
>> learnings from history of surveillance and strong view on privacy can help 
>> fix "Americas lost balance". But to be true: I actually don't think that our 
>> stupid politicians are really the right people for this (and I also think 
>> that the US administration give a f*** what Europeans think or demand).
> 
> You're falling for bad PR. Particularly Germany does not have
> full souvereignity, and it specifically shows in it being #6
> on the top telecommunication surveillance lists. Rest of the EU
> is not much different. De facto they're vassals to the US,
> as long the empire is still functional they'll remain that.
> 
> Do not look that your politicians tell you (not that they
> represent you, anyway), and rather judge them by their actions.
> 
> Look back into the past couple decades, there's your answer already.
> 
> Notice this list is called liberation technology, not liberation
> politics. There's a probably reason for that.
> 
>> Still, if the pressure will last longer than the usual couple of days, there 
>> is a real change to get some interesting regulations on EU level that could 
>> badly influence US internet businesses in Europe - for good in terms of 
>> better general data protection for all of us.
>> 
>> http://www.nytimes.com/2013/06/18/opinion/global/roger-cohen-obamas-german-storm.html
> --
> Too many emails? Unsubscribe, change to digest, or change password by 
> emailing moderator at compa...@stanford.edu or changing your settings at 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Guardian reporter delayed e-mailing NSA source because crypto is a pain

[Paul Bernal (LAW)]

That may well be true, but the addition of the footnote seems to suggest 
otherwise, and indeed could be regarded as the first bit of trolling. Still, 
let's move on.


Dr Paul Bernal
Lecturer
UEA Law School
University of East Anglia
Norwich Research Park
Norwich NR4 7TJ

email: paul.ber...@uea.ac.uk<mailto:paul.ber...@uea.ac.uk>
Web: http://www.paulbernal.co.uk/
Blog: http://paulbernal.wordpress.com/
Twitter: @paulbernalUK

On 12 Jun 2013, at 20:44, Patrick Mylund Nielsen 
mailto:cryptogra...@patrickmylund.com>>
 wrote:

You could 1. ignore it, since it's a strange thing to get upset about, and 
didn't seem intentional, or 2. ask the person to use "their" nicely. Saying 
"use 'her'" and calling it misogyny is just trolling. Don't feed the trolls!


On Wed, Jun 12, 2013 at 3:37 PM, Paul Bernal (LAW) 
mailto:paul.ber...@uea.ac.uk>> wrote:
I have to say, I'm on Jillian and Anne's side on this one. It's easy to be 
non-sexist (e.g. use 'their' instead of either 'his' or 'her') and also easy to 
apologise when you slip up, rather than complain. We all make mistakes - why 
not just say 'sorry' and try not to do it again?

Paul


Dr Paul Bernal
Lecturer
UEA Law School
University of East Anglia
Norwich Research Park
Norwich NR4 7TJ

email: paul.ber...@uea.ac.uk<mailto:paul.ber...@uea.ac.uk>
Web: http://www.paulbernal.co.uk/
Blog: http://paulbernal.wordpress.com/
Twitter: @paulbernalUK

On 12 Jun 2013, at 20:28, Anne Roth 
mailto:annal...@riseup.net>>
 wrote:

Am 12.06.13 20:13, schrieb Jillian C. York:
On Wed, Jun 12, 2013 at 11:20 AM, Eugen Leitl 
mailto:eu...@leitl.org>
<mailto:eu...@leitl.org>> wrote:

   On Wed, Jun 12, 2013 at 06:15:30AM -0400, Sheila Parks wrote:
Why not use "her" instead of "his"?

Using "his" in 2013 is, indeed,  misogyny

   List moderator, please control this before it completely goes out of
   hand.


You mean like /almost every thread?  /Pray tell, why is this the one
time you speak up?

+1




   People are trying to get work done here, and this is not helping.
   --
   Too many emails? Unsubscribe, change to digest, or change password
   by emailing moderator at compa...@stanford.edu<mailto:compa...@stanford.edu>
   <mailto:compa...@stanford.edu> or changing your settings at
   https://mailman.stanford.edu/mailman/listinfo/liberationtech




--
US: +1-857-891-4244 | NL: 
+31-657086088
site:  jilliancyork.com<http://jilliancyork.com/> <http://jilliancyork.com/>*|
*twitter: @jilliancyork* *

"We must not be afraid of dreaming the seemingly impossible if we want
the seemingly impossible to become a reality" - /Vaclav Havel/


--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu<mailto:compa...@stanford.edu> or changing 
your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech



--

http://about.me/annalist
http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0x7689407F942951E2
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu<mailto:compa...@stanford.edu> or changing 
your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech


--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu<mailto:compa...@stanford.edu> or changing 
your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech

--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu<mailto:compa...@stanford.edu> or changing 
your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech

--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Guardian reporter delayed e-mailing NSA source because crypto is a pain

[Paul Bernal (LAW)]

I have to say, I'm on Jillian and Anne's side on this one. It's easy to be 
non-sexist (e.g. use 'their' instead of either 'his' or 'her') and also easy to 
apologise when you slip up, rather than complain. We all make mistakes - why 
not just say 'sorry' and try not to do it again?

Paul


Dr Paul Bernal
Lecturer
UEA Law School
University of East Anglia
Norwich Research Park
Norwich NR4 7TJ

email: paul.ber...@uea.ac.uk<mailto:paul.ber...@uea.ac.uk>
Web: http://www.paulbernal.co.uk/
Blog: http://paulbernal.wordpress.com/
Twitter: @paulbernalUK

On 12 Jun 2013, at 20:28, Anne Roth 
mailto:annal...@riseup.net>>
 wrote:

Am 12.06.13 20:13, schrieb Jillian C. York:
On Wed, Jun 12, 2013 at 11:20 AM, Eugen Leitl 
mailto:eu...@leitl.org>
<mailto:eu...@leitl.org>> wrote:

   On Wed, Jun 12, 2013 at 06:15:30AM -0400, Sheila Parks wrote:
Why not use "her" instead of "his"?

Using "his" in 2013 is, indeed,  misogyny

   List moderator, please control this before it completely goes out of
   hand.


You mean like /almost every thread?  /Pray tell, why is this the one
time you speak up?

+1




   People are trying to get work done here, and this is not helping.
   --
   Too many emails? Unsubscribe, change to digest, or change password
   by emailing moderator at compa...@stanford.edu<mailto:compa...@stanford.edu>
   <mailto:compa...@stanford.edu> or changing your settings at
   https://mailman.stanford.edu/mailman/listinfo/liberationtech




--
US: +1-857-891-4244 | NL: +31-657086088
site:  jilliancyork.com<http://jilliancyork.com> <http://jilliancyork.com/>*|
*twitter: @jilliancyork* *

"We must not be afraid of dreaming the seemingly impossible if we want
the seemingly impossible to become a reality" - /Vaclav Havel/


--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu<mailto:compa...@stanford.edu> or changing 
your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech



--

http://about.me/annalist
http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0x7689407F942951E2
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Guardian reporter delayed e-mailing NSA source because crypto is a pain

[Paul Bernal (LAW)]

This all rings very true for me: I'm a legal academic, and barely a geek, and 
in reality I barely ever use crypto. I was at the Privacy Law Scholars 
Conference in Berkeley last week when the PRISM story broke, and we had a 
special session at the end of the conference to talk about what we knew - and 
someone asked about 'user-friendly crypto' and there was a kind of laugh/cheer 
around the room. Everyone knows we want it, no-one believes it's there.

Paul

On 12 Jun 2013, at 09:27, "Andy Isaacson"  wrote:

> On Tue, Jun 11, 2013 at 07:11:49PM -0700, Gregory Maxwell wrote:
>> On Tue, Jun 11, 2013 at 6:56 PM, Kate Krauss  wrote:
>>> It's really easy to use these tools if you already know how to do it.
>> 
>> I've been using PGP since 1994, if not earlier. In more recent times
> 
> 1998, here.
> 
>> it's become a regular part of my workflow in discussing security
>> critical bugs. I am a programmer and a computing expert.
> 
> I use gnupg daily.
> 
>> I do not consider the tools easy to use at all ...
> 
> I routinely, and frequently, still get bitten by design bugs,
> implementation bugs, and UI bugs which continue to make the PGP
> ecosystem effectively unusable.  I cannot recommend PGP for routine use
> to anyone outside of the security community, and I don't think I know
> anyone who has used it consistently for more than 2 years without
> encountering a serious data/comms loss due to PGP bugs or gotchas.
> 
> -andy
> --
> Too many emails? Unsubscribe, change to digest, or change password by 
> emailing moderator at compa...@stanford.edu or changing your settings at 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] Mexico's Geo-location law

[Paul Bernal (LAW)]

A quick question: I don't suppose anyone knows where I can find a good English 
translation of the Mexican Geo-location/Geo-localization law, do they?

Many thanks

Paul


Dr Paul Bernal
Lecturer
UEA Law School
University of East Anglia
Norwich Research Park
Norwich NR4 7TJ

email: paul.ber...@uea.ac.uk<mailto:paul.ber...@uea.ac.uk>
Web: http://www.paulbernal.co.uk/
Blog: http://paulbernal.wordpress.com/
Twitter: @paulbernalUK

--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Microsoft Releases 2012 Law Enforcement Requests Report

[Paul Bernal (LAW)]

Well done!!

Sent from my iPhone

On 21 Mar 2013, at 14:10, "Nadim Kobeissi" 
mailto:na...@nadim.cc>> wrote:

We did it! Our Skype Open Letter worked!!!

*Pats self on back*


NK


On Thu, Mar 21, 2013 at 10:04 AM, James Losey 
mailto:lo...@newamerica.net>> wrote:
>From the blog post:
"As noted in the data table (available in the PDF below) in 2012, Microsoft and 
Skype received a total of 75,378 law enforcement requests. Those requests 
potentially impacted 137,424 accounts. While it is not possible to directly 
compare the number of requests to the number of users affected, it is likely 
that less than 0.02% of active users were affected. The data shows that, after 
a careful review of each request by our compliance teams, 18% of law 
enforcement requests to Microsoft resulted in the disclosure of no customer 
data. Approximately 79.8% of requests to Microsoft resulted in the disclosure 
of only non-content information, and only a small number of law enforcement 
requests (2.2%) resulted in the disclosure of customer content. To further 
explain the data, we have included Frequently Asked Questions and Answers 
below."

Report page: 
http://www.microsoft.com/about/corporatecitizenship/en-us/reporting/transparency/
Blog post: 
http://blogs.technet.com/b/microsoft_on_the_issues/archive/2013/03/21/microsoft-releases-2012-law-enforcement-requests-report.aspx
PDF: 
http://download.microsoft.com/download/F/3/8/F38AF681-EB3A-4645-A9C4-D4F31B8BA8F2/MSFT_Reporting_Data.pdf
NY Times: 
http://www.nytimes.com/2013/03/22/technology/microsoft-releases-report-on-law-enforcement-requests.html?pagewanted=all&_r=1&;



--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing 
your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech

--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing 
your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Please Vote on "Reply to" Question

[Paul Bernal (LAW)]

Reply to list, if possible.

Kind regards

Paul

Dr Paul Bernal
Lecturer
UEA Law School
University of East Anglia
Norwich Research Park
Norwich NR4 7TJ

email: paul.ber...@uea.ac.uk<mailto:paul.ber...@uea.ac.uk>
Web: http://www.paulbernal.co.uk/
Blog: http://paulbernal.wordpress.com/
Twitter: @paulbernalUK

On 21 Mar 2013, at 12:36, Walid AL-SAQAF 
mailto:ad...@alkasir.com>>
 wrote:

reply-to-all

Sincerely,

Walid

-

Walid Al-Saqaf
Founder & Administrator
alkasir for mapping and circumventing cyber censorship
https://alkasir.com<https://alkasir.com/><mailto:walid.al-sa...@oru.se>

PGP: https://alkasir.com/doc/admin_alkasir_pub_key.txt


On Thu, Mar 21, 2013 at 8:26 AM, Tom Ritter 
mailto:t...@ritter.vg>> wrote:

Reply to all

--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu<mailto:compa...@stanford.edu> or changing 
your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech

--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu<mailto:compa...@stanford.edu> or changing 
your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech

--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] CNN writer on leaving Facebook

[Paul Bernal (LAW)]

I wanted to say a little more on the issues of profiling, facial recognition 
and so forth - and why I'm quite bothered by Facebook in both regards

>From my perspective, I think it's sometimes easy to (at least in our minds) 
>divide people into two categories: those in 'dangerous' situations, and those 
>in 'safe' situations. For those in dangerous situations, in these terms, it's 
>obvious that Facebook would present risks - whether it's those operating under 
>oppressive regimes or people vulnerable in various ways (e.g. anti-drugs 
>cartel bloggers in Mexico and so on). For those in 'safe' situations, the 
>suggestion is often that Facebook etc is 'safe'.

There are two problems with this view. Firstly, that even those who are 'safe' 
might lose out through profiling etc - if insurance companies make false 
inferences about health or risk-taking activities, for example, or if 
credit-rating agencies take a view and refuse credit. Those risks come both 
through errors in profiling and through 'too-accurate' profiling.

The second, perhaps more important problem, is that vast numbers of people 
aren't really in either category. For example, in the UK right now, we have a 
lot of unrest about government activities - e.g. the current policies of the 
government to effectively privatise our National Health Service. This kind of 
unrest is turning 'ordinary' and 'safe' people into a kind of activist: 
activist enough to go on protest marches, for example. Now I don't know about 
the rest of the world so much, but here in the UK the authorities quite often 
clamp down quite hard on protests - even 'mild' protests. In the 70s and 80s, 
when I was involved in the anti-nuclear and anti-Apartheid movements, for 
example, the police spied on us, infiltrated our groups and so on. We weren't 
wild radicals, we weren't 'dangerous' in any real way - the most we would do 
would be sit-in protests and so on. Now, in the current climate, that kind of 
thing is monitored and controlled via things like Facebook.

Indeed, after the London riots in 2010, Facebook - and in particular Facebook 
photos - were used to identify, catch, and prosecute rioters. Now one person's 
'protestor' is another's 'rioter'… it's a very slippery slope.

The authorities in most places are beginning to grasp the possibilities here - 
which is why Raytheon RIOT and similar systems are very attractive to many of 
them. The stuff on Facebook will become a goldmine for those wishing to snuff 
out protest, to impose order and so forth.

Anyway, that's my tuppence on the subject for now. It's a big subject, and what 
I wanted to do with my post most of all was to help raise some awareness. If 
people understand the issues better and make more informed decisions, all the 
better!

Paul




Dr Paul Bernal
Lecturer
UEA Law School
University of East Anglia
Norwich Research Park
Norwich NR4 7TJ

email: paul.ber...@uea.ac.uk<mailto:paul.ber...@uea.ac.uk>
Web: http://www.paulbernal.co.uk/
Blog: http://paulbernal.wordpress.com/
Twitter: @paulbernalUK

On 26 Feb 2013, at 21:36, Jon Lebkowsky 
mailto:jon.lebkow...@gmail.com>>
 wrote:

On Tue, Feb 26, 2013 at 2:13 PM, Paul Bernal (LAW) 
mailto:paul.ber...@uea.ac.uk>> wrote:
2. On real names, it's as much about fighting the bigger battle for the need to 
allow anonymity. If real names becomes the norm, we're in real trouble when the 
going gets tough...

I think there's room for platforms that do both, and maybe a great opportunity 
for someone to develop something like the Tor Project of social networks.

3. The monetization issue isn't just about what's happening now, but that 
there's an increasing drive to squeeze revenue from our data. Sponsored 
stories, the Instagram saga etc just give a clue where it's headed.

I get the point of voting with your feet, but I don't think a few people 
leaving FB will fix the age-old problem of greed. It's a wicked problem.

4. Profiling is an issue for more people than you might think - the Raytheon 
RIOT stuff hints at that. More on that tomorrow!

Looking forward to hearing more.

5. Again, think of the extended use of this - Facebook will be mined more and 
more by those with less benign uses.

Would love to hear more about that, but I think this comes back to digital 
literacy, thinking about what you share.

6. Yes, there ARE alternatives, but who's using them? Ask a class of my 
students, and they're ALL on Facebook...

Right, but a popular service is not necessarily a monopoly. I could get an 
argument that we have an oligopoly (the stacks).

best,
Jon


--
Jon Lebkowsky (@jonl)
Jon at Google+<https://plus.google.com/107989370857115020482/posts> | 
Twitter<http://twitter.

Re: [liberationtech] CNN writer on leaving Facebook

[Paul Bernal (LAW)]

Hi Jon

Thanks for the detailed response - and I can see your points. Indeed, to an 
extent I agree with them!

I'll try to do a more detailed response tomorrow, but just a few points now.

1. On privacy, I agree, it's more about helping get a more 'savvy' community 
than anything else.

2. On real names, it's as much about fighting the bigger battle for the need to 
allow anonymity. If real names becomes the norm, we're in real trouble when the 
going gets tough...

3. The monetization issue isn't just about what's happening now, but that 
there's an increasing drive to squeeze revenue from our data. Sponsored 
stories, the Instagram saga etc just give a clue where it's headed.

4. Profiling is an issue for more people than you might think - the Raytheon 
RIOT stuff hints at that. More on that tomorrow!

5. Again, think of the extended use of this - Facebook will be mined more and 
more by those with less benign uses.

6. Yes, there ARE alternatives, but who's using them? Ask a class of my 
students, and they're ALL on Facebook...

Much more tomorrow I hope!

Thanks

Paul

On 26 Feb 2013, at 19:37, "Jon Lebkowsky" 
mailto:jon.lebkow...@gmail.com>> wrote:

I want to respond to Paul Bernal's post about why to leave Facebook, point by 
point.

Privacy: I think the problem is not a lack of privacy, but an expectation of 
privacy on the part of the user, who should definitely leave if she considers 
privacy important. If you don't want to "be seen," by all means "stay indoors." 
 I've never assumed that the information I've dumped online is private, in fact 
I think that would be a crazy assumption. What we really need is digital 
literacy education to help users understand the the nature of the beast.

Real Names: Sure, that's an issue for some, and for them, Facebook is probably 
not the platform of choice. But it doesn't bother me - I can see arguments for 
an against anonymity, valid on either side. I think it's important to have the 
possibility of anonymity in some contexts. Facebook doesn't have to be one of 
them.

Monetization: How is Facebook making money with my data, other than by serving 
me targeted ads? I'm not posting anything there that's especially valuable. And 
I wouldn't. I don't think my "personal information" is such a big deal, and 
while I've always argued that we should be able to control our data and how 
it's used, I wouldn't leave Facebook over this issue. I might nag 'em about it, 
though.

Profiling: I've never been able to see the issue here. Somebody gathers my data 
to serve me ads for items I might want vs ads for items I don't care about: 
where's the harm? I guess the worst case is that they might inform the 
"authorities" that I'm a subversive whacko bohemian (who's also got a boring 
suburban middle class alternate aspect)... I can't see how that will ever bite 
me on the ass, though.

Facial recognition: To me, it's a trivial concern when it's happening on 
Facebook. The bigger concern is broader and more sinister uses.

Monopoly: Facebook is big, for sure, but I'm not seeing it as a monopoly. There 
are many ways to aggregate and share online. Facebook happens to be pretty 
good, and it's attracted so many users that it has a powerful network effect, 
but that actually makes it more useful. It doesn't feel like the phone company 
(I'm old enough to remember THAT monopoly).

I probably shouldn't have taken time to write this response, but I think 
Facebook-slamming is similar sport to "I don't watch television, except for 
PBS..." I wouldn't want to make anyone feel guilty about either of those 
choices.  The Internet is in deep trouble, there are real risks that we'll lose 
this amazing free space over issues related to the value it's created by being 
so free. I'd rather focus there, than on Facebook, which is the least of my 
worries.

~ Jon


On Tue, Feb 26, 2013 at 9:47 AM, Michael Rogers 
mailto:mich...@briarproject.org>> wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 25/02/13 19:03, Raven Jiang CX wrote:
> I think a subtle difference is what exactly the bargain entails. In
> the case of television advertising, it's a relatively
> straightforward exchange of your attention for entertainment.
> Facebook is asking for more than that. The marketing is less
> oppressive because they receive the addition payment of your
> personal information. No one really knows what that information in
> aggregate is worth or can be capable of achieving in the long term,
> so I suppose implicitly the users (at least those aware of this
> bargain) are betting on it being worth less than the services
> Facebook provides.

I don't think fra

Re: [liberationtech] CNN writer on leaving Facebook

[Paul Bernal (LAW)]

In case anyone's interested, I've written about this before too: my 10 reasons 
to leave Facebook.

http://paulbernal.wordpress.com/2012/12/27/10-reasons-to-leave-facebook/

There's quite a lot of stuff written on this in the academic world.

Paul


Dr Paul Bernal
Lecturer
UEA Law School
University of East Anglia
Norwich Research Park
Norwich NR4 7TJ

email: paul.ber...@uea.ac.uk<mailto:paul.ber...@uea.ac.uk>
Web: http://www.paulbernal.co.uk/
Blog: http://paulbernal.wordpress.com/
Twitter: @paulbernalUK

On 25 Feb 2013, at 19:03, Raven Jiang CX 
mailto:j...@stanford.edu>>
 wrote:

I think a subtle difference is what exactly the bargain entails. In the case of 
television advertising, it's a relatively straightforward exchange of your 
attention for entertainment. Facebook is asking for more than that. The 
marketing is less oppressive because they receive the addition payment of your 
personal information. No one really knows what that information in aggregate is 
worth or can be capable of achieving in the long term, so I suppose implicitly 
the users (at least those aware of this bargain) are betting on it being worth 
less than the services Facebook provides.

I think Sterling is suggesting that most people are not cognizant of this 
trade-off and that as Facebook does more with your personal information, that 
trade-off becomes increasingly disfavourable compared to the relatively 
stagnant value of the service.

On 25 February 2013 10:55, Jon Lebkowsky 
mailto:jon.lebkow...@gmail.com>> wrote:
Left out a word... that should've read: "I actually reject the notion..." I was 
arguing with my own first paragraph.


On Mon, Feb 25, 2013 at 12:54 PM, Jon Lebkowsky 
mailto:jon.lebkow...@gmail.com>> wrote:
As Bruce Sterling was saying, from the perspective of Facebook the company, 
users of the system are cattle - they're product sold to advertisers. That 
kinda sucks, but here's the thing: Facebook is useful to its users, or they 
wouldn't be there. Doug is making an ideological argument, but ideologues often 
revel in ascetic rejection of the world and the agora. I love Doug, but I won't 
follow his lead here.  But then (guilty admission), I also watch television.

I reject the notion that Facebook users are cattle, and I'm not sure they're 
mere consumers. They accept a bargain, but it has benefits for them. And as 
with television, you learn to ignore the ads, or if not completely ignore, at 
least avoid being somehow enslaved by them, and as part of the bargain you're 
entertained. Facebook is more useful than television - I get more from the 
bargain and the marketing is even less oppressive.




On Mon, Feb 25, 2013 at 11:54 AM, Allucquere Rosanne Stone 
mailto:sa...@sandystone.com>> wrote:

We've been on this bus before, in (perhaps) a less sophisticated incarnation.  
See Richard Serra and Carlota Fay Schoolman's 1973 film Television Delivers 
People <http://www.ubu.com/film/serra_television.html>.

-sandy


On Mon, 25 Feb 2013 15:52:14 +0100, Petter Ericson
wrote:
> Greetings,
>
> Though I imagine that the facebook use is significantly lower (and more
> judicious) among the libtech users than among a more generic tech-savvy
> population, this essay makes a rather good case on why quitting facebook
> entirely is the proper thing to do at some point - sooner rather than
> later.
>
> Best
>
> /P
>
> http://edition.cnn.com/2013/02/25/opinion/rushkoff-why-im-quitting-facebook/index.html


>
> Why I'm quitting Facebook
> By Douglas Rushkoff, CNN
>
> (CNN) -- I used to be able to justify using Facebook as a cost of doing
> business. As a writer and sometime activist who needs to promote my
> books and articles and occasionally rally people to one cause or
> another, I found Facebook fast and convenient. Though I never really
> used it to socialize, I figured it was OK to let other people do that,
> and I benefited from their behavior.
>
> I can no longer justify this arrangement.
>
> Today, I am surrendering my Facebook account, because my participation
> on the site is simply too inconsistent with the values I espouse in my
> work. In my upcoming book "Present Shock," I chronicle some of what
> happens when we can no longer manage our many online presences. I have
> always argued for engaging with technology as conscious human beings and
> dispensing with technologies that take that agency away.
>
> Facebook does things on our behalf when we're not even there.
>
> It actively misrepresents us to our friends, and worse misrepresents
> those who have befriended us to still others. To enable this
> dysfunctional situation -- I call it "digiphrenia" -- would be at the
> very least hypocritical. But to participate on Facebook as an author, in
> a wa

Re: [liberationtech] Skype Open Letter: Launch Date!

[Paul Bernal (LAW)]

Dear All

Just to let you know, I've just been interviewed by a man from the NYT/IHT 
(European office) about the Skype Open Letter - he'll be writing a piece in a 
week to ten days. I hope I said the right kind of thing…

Paul


Dr Paul Bernal
Lecturer
UEA Law School
University of East Anglia
Norwich Research Park
Norwich NR4 7TJ

email: paul.ber...@uea.ac.uk<mailto:paul.ber...@uea.ac.uk>
Web: http://www.paulbernal.co.uk/
Blog: http://paulbernal.wordpress.com/
Twitter: @paulbernalUK

On 26 Jan 2013, at 09:16, francesca bosco 
mailto:bosco_france...@hotmail.com>> wrote:

Well done Fabio and we, as Tech and Law Center, are very happy to help in 
supporting these initiatives.
Francesca

Il giorno 26/gen/2013, alle ore 09:41, "Fabio Pietrosanti (naif)" 
mailto:li...@infosecurity.ch>> ha scritto:

Cool, this kind of media action cooperation worked very well.

In Italy (and in Italian) we made a press-release of Hermes Center ( 
http://logioshermes.org<http://logioshermes.org/> ) and broadcasted it to +50 
journalists working on internet-stuff and to all the major organization active 
on internet privacy, digital rights and consumer protection.

Now we got coverage on the following media sites, and it started a debate on 
the topic in several groups and areas:
* 
http://www.corriere.it/tecnologia/social/13_gennaio_25/skype-privacy-lettera_705a794e-6704-11e2-95de-416ea2b54ab7.shtml
* http://affaritaliani.libero.it/mediatech/skype-microsoft250113.html
* 
http://www.corrierecomunicazioni.it/it-world/19251_skype-attivisti-in-campo-chi-accede-ai-nostri-dati.htm
* 
http://www.federicoguerrini.com/privacy/lettera-aperta-a-skype-quanto-sono-private-le-conversazioni/
* 
http://www.bitmat.it/articolo/095720/48/20/Skype_spia_le_nostre_conversazioni.html
* 
http://www.ilsoftware.it/articoli.asp?tag=Privacy-e-Skype-la-lettera-aperta-indirizzata-a-Microsoft_9567
* 
http://sportelloconsumatori.org/blog/2013/01/25/lettera-aperta-a-skype-quanto-sono-sicure-le-nostre-conversazioni/
* 
http://geeklino.com/2013/01/25/lettera-aperta-a-skype-spieghi-se-sono-sicure-le-conversazioni-degli-utenti/

Let's do it again :-)

Fabio

On 1/25/13 4:42 PM, Nadim Kobeissi wrote:
What a great success, everyone! Congratulations! :-)

More media coverage ( 31 news sources so far, discounting Reddit and Hacker 
News!)
http://www.cbsnews.com/8301-205_162-57565690/activists-to-microsoft-who-is-requesting-our-skype-data/

http://www.telegraph.co.uk/technology/microsoft/9827215/Microsoft-urged-to-open-up-over-privacy-of-Skype-data.html


NK


On Fri, Jan 25, 2013 at 10:21 AM, Paul Bernal (LAW) 
mailto:paul.ber...@uea.ac.uk>> wrote:
It's on the BBC website too:

http://www.bbc.co.uk/news/technology-21194801



Dr Paul Bernal
Lecturer
UEA Law School
University of East Anglia
Norwich Research Park
Norwich NR4 7TJ

email: paul.ber...@uea.ac.uk<mailto:paul.ber...@uea.ac.uk>
Web: http://www.paulbernal.co.uk/
Blog: http://paulbernal.wordpress.com/
Twitter: @paulbernalUK

On 25 Jan 2013, at 14:38, Russell Brandom 
mailto:russell.bran...@gmail.com>>
 wrote:

Also on NPR's Marketplace Tech Report: 
http://www.marketplace.org/topics/tech/tweeting-videos-through-vine-should-skype-be-more-google
 (Starting at 1:40)


On Fri, Jan 25, 2013 at 12:14 AM, Kelvin Quee (魏有豪) 
mailto:kel...@quee.org>> wrote:
Congratulations on making it to Slashdot! :)

http://yro.slashdot.org/story/13/01/24/231217/privacy-advocates-demand-transparency-from-skype


Kelvin Quee (魏有豪)
+65 9177 3635

gpg: AB3DB8AC


On Fri, Jan 25, 2013 at 12:42 PM, Fran Parker 
mailto:lilba...@gmail.com>> wrote:
I couldn't get there with the link provided so searched for Skype on The Verge 
and got this link:

http://www.theverge.com/2013/1/24/3895002/an-open-letter-asks-whos-listening-in-on-skype-calls

Martin Johnson wrote:
Actually
http://www.theverge.com/2013/1/24/3895002/an-open-letter-asks-whos-listening-in-on-skype-callswas

faster.

Martin Johnson
Founder
https://GreatFire.org<https://greatfire.org/> - Monitoring Online Censorship In 
China.
https://FreeWeibo.com<https://freeweibo.com/> - Uncensored, Anonymous Sina 
Weibo Search.
https://Unblock.cn.com<https://unblock.cn.com/> - We Can Unblock Your Website 
In China.


On Fri, Jan 25, 2013 at 10:32 AM, Kate 
Kraussmailto:ka...@critpath.org>>  wrote:

First press hit:
http://www.theregister.co.uk/2013/01/25/activists_demand_skype_transparency/


--
Kate Krauss
Executive Director
AIDS Policy Project
www.AIDSPolicyProject.org<http://www.aidspolicyproject.org/>


On Thu, Jan 24, 2013 at 8:31 PM, Martin 
Johnsonmailto:greatf...@greatfire.org>>wrote:

Thanks a lot Nadim! Great work! Now let's spread this widely and force
Microsoft to respond.

Martin Johnson
Founder
https://GreatFire.org<https://greatfire.org/> - Monitoring Online Censorship In 
China.
https://FreeWeibo.com<https://freeweibo.com/> - Uncens

Re: [liberationtech] Skype Open Letter: Launch Date!

[Paul Bernal (LAW)]

It's on the BBC website too:

http://www.bbc.co.uk/news/technology-21194801



Dr Paul Bernal
Lecturer
UEA Law School
University of East Anglia
Norwich Research Park
Norwich NR4 7TJ

email: paul.ber...@uea.ac.uk<mailto:paul.ber...@uea.ac.uk>
Web: http://www.paulbernal.co.uk/
Blog: http://paulbernal.wordpress.com/
Twitter: @paulbernalUK

On 25 Jan 2013, at 14:38, Russell Brandom 
mailto:russell.bran...@gmail.com>>
 wrote:

Also on NPR's Marketplace Tech Report: 
http://www.marketplace.org/topics/tech/tweeting-videos-through-vine-should-skype-be-more-google
 (Starting at 1:40)


On Fri, Jan 25, 2013 at 12:14 AM, Kelvin Quee (魏有豪) 
mailto:kel...@quee.org>> wrote:
Congratulations on making it to Slashdot! :)

http://yro.slashdot.org/story/13/01/24/231217/privacy-advocates-demand-transparency-from-skype


Kelvin Quee (魏有豪)
+65 9177 3635

gpg: AB3DB8AC


On Fri, Jan 25, 2013 at 12:42 PM, Fran Parker 
mailto:lilba...@gmail.com>> wrote:
I couldn't get there with the link provided so searched for Skype on The Verge 
and got this link:

http://www.theverge.com/2013/1/24/3895002/an-open-letter-asks-whos-listening-in-on-skype-calls

Martin Johnson wrote:
Actually
http://www.theverge.com/2013/1/24/3895002/an-open-letter-asks-whos-listening-in-on-skype-callswas

faster.

Martin Johnson
Founder
https://GreatFire.org<https://greatfire.org/> - Monitoring Online Censorship In 
China.
https://FreeWeibo.com<https://freeweibo.com/> - Uncensored, Anonymous Sina 
Weibo Search.
https://Unblock.cn.com<https://unblock.cn.com/> - We Can Unblock Your Website 
In China.


On Fri, Jan 25, 2013 at 10:32 AM, Kate 
Kraussmailto:ka...@critpath.org>>  wrote:

First press hit:
http://www.theregister.co.uk/2013/01/25/activists_demand_skype_transparency/


--
Kate Krauss
Executive Director
AIDS Policy Project
www.AIDSPolicyProject.org<http://www.aidspolicyproject.org/>


On Thu, Jan 24, 2013 at 8:31 PM, Martin 
Johnsonmailto:greatf...@greatfire.org>>wrote:

Thanks a lot Nadim! Great work! Now let's spread this widely and force
Microsoft to respond.

Martin Johnson
Founder
https://GreatFire.org<https://greatfire.org/> - Monitoring Online Censorship In 
China.
https://FreeWeibo.com<https://freeweibo.com/> - Uncensored, Anonymous Sina 
Weibo Search.
https://Unblock.cn.com<https://unblock.cn.com/> - We Can Unblock Your Website 
In China.


On Fri, Jan 25, 2013 at 9:22 AM, Fran 
Parkermailto:lilba...@gmail.com>>  wrote:

No worries, Nadim!

What a great job as noted earlier! Thanks!

Nadim Kobeissi wrote:

My mistake! We do not have an HTTPS version.


NK


On Thu, Jan 24, 2013 at 8:39 AM, Fran 
Parkermailto:lilba...@gmail.com>>
  wrote:

  8:36 AM EST and https://skypeopenletter.com<https://skypeopenletter.com/> 
will not load. Times out.
However, 
http://www.skypeopenletter.<http://www.skypeopenletter./>com/<http://www.<http://www./>**
skypeopenletter.com/<http://skypeopenletter.com/><http://www.skypeopenletter.com/>>loads
 fine.



https not working I guess.



Nadim Kobeissi wrote:

  It's out, everyone!

NK


On Wed, Jan 23, 2013 at 10:00 PM, Nadim 
Kobeissimailto:na...@nadim.cc>>
wrote:

   The Open Letter to Skype is launching *Thursday, January 23rd 2013
at

9:00AM Eastern Time.*


Thanks to everyone who helped, with special thanks to Eva Galperin
from
EFF. The petition will be available at:

*https://skypeopenletter.com<https://skypeopenletter.com/>*


Share widely! (Facebook and Twitter "Share" buttons will be embedded
onto
the site at launch.)

For the Internet!

NK


  --
Unsubscribe, change to digest, or change password at:
https://mailman.stanford.edu/mailman/listinfo/liberationtech<https://mailman.stanford.edu/**mailman/listinfo/**liberationtech>
<https://**mailman.stanford.edu/mailman/**listinfo/liberationtech<http://mailman.stanford.edu/mailman/**listinfo/liberationtech><https://mailman.stanford.edu/mailman/listinfo/liberationtech>
  --
Unsubscribe, change to digest, or change password at:
https://mailman.stanford.edu/mailman/listinfo/liberationtech<https://mailman.stanford.edu/**mailman/listinfo/**liberationtech>
<https://**mailman.stanford.edu/mailman/**listinfo/liberationtech<http://mailman.stanford.edu/mailman/**listinfo/liberationtech><https://mailman.stanford.edu/mailman/listinfo/liberationtech>

--
Unsubscribe, change to digest, or change password at:
https://mailman.stanford.edu/**mailman/listinfo/**liberationtech<https://mailman.stanford.edu/mailman/listinfo/liberationtech>

--
Unsubscribe, change to digest, or change password at:
https://mailman.stanford.edu/**mailman/listinfo/**liberationtech<https://mailman.stanford.edu/mailman/listinfo/liberationtech>


--
Unsubscribe, change to digest, or change password at:
https://mailman.stanford.edu/mailman/listinfo/liberationtec

Re: [liberationtech] {Spam?} Re: on the whole issue to include the topic "vpn illlegal in China"

[Paul Bernal (LAW)]

Sorry to butt in, but from my perspective, if privacy is dead (and it may be), 
then we should do our very best to bring about a miraculous ressurection.

Paul


Dr Paul Bernal
Lecturer
UEA Law School
University of East Anglia
Norwich Research Park
Norwich NR4 7TJ

email: paul.ber...@uea.ac.uk<mailto:paul.ber...@uea.ac.uk>
Web: http://www.paulbernal.co.uk/
Blog: http://paulbernal.wordpress.com/
Twitter: @paulbernalUK

On 25 Jan 2013, at 12:02, Julian Oliver 
mailto:jul...@julianoliver.com>>
 wrote:

..on Fri, Jan 25, 2013 at 03:09:21AM -0600, Lisa Brownlee wrote:
Yes, they do. And I do but reality is, privacy is DEAD and has been for
some time in my humble opinion!

It is not dead but it is indeed challenged.

Your privacy is yours. It belongs to you as much as the personal space in your
home does. Your right to privacy in your home is no less defensable than your
right to privacy on the Internet. Your right to speak to a friend in a park on a
private matter is to be as respected and upheld as your right to send an email
to that person and have it read by no other in transit. Your right to Privacy is
a basic human right. Without it Society itself cannot persist.

To cite the Cypherpunk Manifesto, 1993:

"Privacy is the power to selectively reveal oneself to the world".

Cheers,

Julian

On Thu, Jan 24, 2013 at 9:33 PM, pacificboy 
mailto:pacific...@gmail.com>> wrote:

Tricia,

As I notice by the email traffic on this topic few are interested in
figuring out how to deal with the big boy. How I see it, other countries do
not have the man power or money when it comes to countries that stop people
from having freedom on the Net. So, a country like China few are interested
for the excpection of governments and companies that are threaten cyber
wise to their way of life. beside that issue, China is not the "in tjing"
Middile east is, i guess. Yes countries like Iran is imporant but who
support Iran on issue that libtech is fighting against for freedom on the
Net --- China. Perhaps I live in a different area of the States, where 90%
of Asian and Asian American lives so the culture is mor Asian Pacific, and
I am
not Asian. Well I will try to communicate with those who want to know and
help. Since Chinese in the Mainland who are netizens are aware of this
problem. This is an issue and other countries like Australia has their
great firewall. If we foucs on not the country political but how to crack
the problem of this cyber arm race, before no one have Internet freedom and
this forum with be gone.  Last point as my generation and my father
generation protest and fought to stop the nuclear arm race during the cold
war and how both generation since my father and I were cold warrors,
brought down the Berlin Wall. Would you think, this generation has the same
duty?  Foood for thought.


Sent from my iPhone

On Jan 24, 2013, at 11:59 PM, Tricia Wang 
mailto:mailingli...@triciawang.com>>
wrote:

Bert thanks for bringing this article to libtech's attention!
I totally missed this so thakkk you!

I understand that the Chinese internet is censored and its never ending
policies to surveill the web are alarming.
Although I don't find articles like this productive to the overall cause
of developing circumvention solutions for Chinese people.

Phillip Shishkin grossly misrepresents how Chinese people experience the
Chinese internet. I mean really? "Two things struck me when I first flew
into Beijing: lack of sunlight and lack of Internet."
This article is centered on his narrative and does not qualify as a
representative sample of how 22% of the world's internet users experience
the Chinese internet.

Several members of the LibTech list have not fallen in this same pit -
they've asked great questions that fall on the side of facts and the actual
experience of Chinese people.

I also want to point out the work of writers like An Xiao Mina who have
shown how the internet is incredibly lively in China DESPITE persistent
censorship.
On 88 Bar we document memes as a form of social protest -
http://www.88-bar.com/category/china-meme-report/
She also has several pieces about social media use in China  -
http://www.anxiaostudio.com/researchwriting.html

Just because they are not be using it in ways that we expect or comprehend
doesn't mean that they are lacking internet access.

I get so tired of hearing the media perpetuate this idea that Chinese
people live in the dark because of censorship.
It's just not true when you actually live with everyday Chinese people or
conduct even light ethnographic fieldwork.

Does anyone notice this or feel feel the same way?

tricia

___


*triciawang.com / 王圣捷 *


China: +86 18627809913


US: +1 9189379264



On Thu, Jan 24, 2013 at 1:56 AM, Bert Arroyo  wrote:

This are just some articles in the news last months in this issue of
VPN in China. Now how these reports get the facts is one issue, one sh

Re: [liberationtech] Skype Open Letter: CALL FOR SIGNATORIES

[Paul Bernal (LAW)]

I like it - keep me on the letter.

Many thanks for all your work.

Paul


Dr Paul Bernal
Lecturer
UEA Law School
University of East Anglia
Norwich Research Park
Norwich NR4 7TJ

email: paul.ber...@uea.ac.uk<mailto:paul.ber...@uea.ac.uk>
Web: http://www.paulbernal.co.uk/
Blog: http://paulbernal.wordpress.com/
Twitter: @paulbernalUK

On 18 Jan 2013, at 16:26, Nadim Kobeissi mailto:na...@nadim.cc>>
 wrote:

Okay everyone,
the final draft has been posted online, with the gracious collaboration of the 
EFF. Please take a look at it, make sure you want to keep your signature there 
(or add it!)

http://www.skypeopenletter.com/draft/

We'll be publishing next week.


NK


On Thu, Jan 17, 2013 at 4:29 AM, Grégoire Pouget 
mailto:grego...@rsf.org>> wrote:
We'd like to see the final / rewritten version of the letter first but 
Reporters Without Borders<http://rsf.org/> would be happy to sign it.

Best,


Le 17/01/2013 08:01, Nadim Kobeissi a écrit :
Thanks for your expert advice, Chris. We're currently in the process of 
reworking the letter with assistance from the EFF and we'll take what you said 
into consideration.


NK


On Thu, Jan 17, 2013 at 1:58 AM, Christopher Soghoian 
mailto:ch...@soghoian.net>> wrote:
You may want to consider rewriting your law enforcement/government surveillance 
section:

As a result of the service being acquired by Microsoft in 2011, it may now be 
required to comply with CALEA due to the company being headquartered in 
Redmond, Washington. Furthermore, as a US-based communication provider, Skype 
would therefore be required to comply with the secretive practice of National 
Security Letters.

You don't articulate why being subject to CALEA is bad. Are the people signing 
the letter arguing that law enforcement should never have access to real-time 
intercepts of skype voice/video communications? If so, say that, and why. If 
not, CALEA merely mandates access capabilities, it doesn't specify under what 
situations the government can perform an interception,

Also, if you want to raise the issue of secretive surveillance practices, NSLs 
wouldn't be at the top of my list (yes, they don't require a judge, but they 
can at best be used to obtain communications metadata). I would instead focus 
your criticism of the fact that US surveillance law does not sufficiently 
protect communications between two non-US persons, and in particular, the 
government can intercept such communications without even having to demonstrate 
probable cause to a judge. Specifically, non-US persons have a real reason to 
fear FISA Amendments Act of 2008 section 702

Section 702 of the FISA Amendments Act of 2008 ("FAA"), codified as 50 U.S.C. 
1181a, which allows the Attorney General and the Director of National 
Intelligence ("DNI") to authorize jointly the targeting of non-United States 
persons for the purposes of gathering intelligence for a period of up to one 
year. 50 U.S.C. 1881a(1). Section 702 contains restrictions, including the 
requirement that the surveillance "may not intentionally target any person 
known at the time of acquisition to be located in the United States." 50 U.S.C. 
§ 1881a(b)(1). The Attorney General and DNI must submit to the FISC an 
application for an order ("mass acquisition order") for the surveillance either 
before their joint authorization or within seven days thereof. The FAA sets out 
a procedure by which the Attorney General and DNI must obtain certification 
from FISC for their program, which includes an assurance that the surveillance 
is designed to limit surveillance to persons located outside of the United 
States. However, the FAA does not require the government to identify targets of 
surveillance, and the FISC does not consider individualized probable cause 
determinations or supervise the program.
(from: http://epic.org/amicus/fisa/clapper/)

While I am happy to provide feedback, I'm in no way authorized to sign on to 
this letter on behalf of the ACLU.



On Wed, Jan 16, 2013 at 11:58 AM, Nadim Kobeissi 
mailto:na...@nadim.cc>> wrote:
Dear Privacy Advocates and Internet Freedom Activists,

I call on you to review the following draft for our Open Letter to Skype and 
present your name or the name of your organization as signatories:

http://www.skypeopenletter.com/draft/

The letter will be released soon. Feedback is also welcome.

Thank you,
NK

--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech


--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech




--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech


--
Grégoire Pouget,
New Media Desk // Bureau Nouveaux Médias
Reporters Without Borders // Reporters sans frontières
@fightcensors_en @

Re: [liberationtech] Skype Open Letter: CALL FOR SIGNATORIES

[Paul Bernal (LAW)]

I'd like to sign too, if you'd like it!

Paul


Dr Paul Bernal
Lecturer
UEA Law School
University of East Anglia
Norwich Research Park
Norwich NR4 7TJ

email: paul.ber...@uea.ac.uk<mailto:paul.ber...@uea.ac.uk>
Web: http://www.paulbernal.co.uk/
Blog: http://paulbernal.wordpress.com/
Twitter: @paulbernalUK

On 16 Jan 2013, at 16:58, Nadim Kobeissi mailto:na...@nadim.cc>>
 wrote:

Dear Privacy Advocates and Internet Freedom Activists,

I call on you to review the following draft for our Open Letter to Skype and 
present your name or the name of your organization as signatories:

http://www.skypeopenletter.com/draft/

The letter will be released soon. Feedback is also welcome.

Thank you,
NK
--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Sharing children's lives online?

[Paul Bernal (LAW)]

Sorry to butt in, but in Europe - or at least in the UK - this would all be 
subject to data protection law, and this kind of thing would be very, very 
unlikely. In my daughter's school at least, they're very strong about asking 
permission before any photos are used, and always do their best to make sure 
people know exactly how photos etc. are going to be used.

Mind you, there's another factor that I'd want to take into account for kids 
(though not pre-schoolers) which is the rights of the kids themselves to 
privacy. Under the UN CRC, they're supposed to have rights in accordance with 
their maturity and understanding, not just their age - and those include 
privacy rights. Those rights compete with the parents' rights - but the kids at 
the very least have the right to be consulted on the subject. I don't know many 
places in the world where this actually happens: the Convention on the Rights 
of the Child is paid little more than lip service.

Paul

Dr Paul Bernal
Lecturer
UEA Law School
University of East Anglia
Norwich Research Park
Norwich NR4 7TJ

email: paul.ber...@uea.ac.uk<mailto:paul.ber...@uea.ac.uk>
Web: http://www.paulbernal.co.uk/
Blog: http://paulbernal.wordpress.com/
Twitter: @paulbernalUK

On 9 Jan 2013, at 00:55, Brian Conley 
mailto:bri...@smallworldnews.tv>>
 wrote:


Hi all,

Perhaps this is not the right forum, but I happen to believe it is. If we care 
to discuss liberation tech, we ought to discuss the liberation of those who 
have little or no capacity to choose for themselves, yes?

What's concerning me today is a decision by my daughter's preschool. They blog 
daily with photos and narrative stories about the kids day st school. 
Previously, though technically "public" the blog was not indexed and very 
difficult(impossible?) to find without the direct link.

At the beginning of this year they overhauled the site and are publishing the 
blog in its entirety attached directly to the preschool. That this change was 
done without discussion or consent of parents strikes me as greatly concerning.

As many of you know, I'm generally one of the people saying that too often 
libtech activists are a bit excessive in their response to the forward progress 
of technology and social media. Am I out of bounds here? Is this kind of daily 
blogging of a preschoolers life not a bit frightening?

Any advice from other colleagues, parents or otherwise, would be greatly 
appreciated. Though I might have answers for activists and civilians threatened 
with death or worse, this situation leaves me at a loss as to how I should 
respond.

Regards

Brian

--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] Facebook wants you to snitch?

[Paul Bernal (LAW)]

I've been following a story on twitter and wondered if anyone knew the 
background - and in particular, whether it's true!

The story suggests that Facebook is experimenting with asking people to confirm 
whether their friends are who they say they are: here's a tweet about it.

https://mobile.twitter.com/chapeaudefee/status/248599349481836544?photo=1

The implications are obvious - but quite important. Facebook has had a 'real 
names' policy for a while, but they haven't to my knowledge been using this 
kind of way of verifying/enforcing it before.

A German online magazine has suggested it's being trialled - I wondered if 
anyone had any information or confirmation that it's been happening, or that my 
reading of t is correct?

Help would be much appreciated

Paul Bernal

Sent from my iPhone
--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Opinion on a paper?

[Paul Bernal (LAW)]

Thanks! I've read it before, but not for a while. I'll go through it again.

Many thanks

Paul


Dr Paul Bernal
Lecturer
UEA Law School
University of East Anglia
Norwich Research Park
Norwich NR4 7TJ

email: paul.ber...@uea.ac.uk<mailto:paul.ber...@uea.ac.uk>
Web: http://www.paulbernal.co.uk/
Blog: http://paulbernal.wordpress.com/
Twitter: @paulbernalUK

On 10 Sep 2012, at 10:00, Joss Wright 
mailto:joss-liberationt...@pseudonymity.net>>
 wrote:

On Sun, Sep 09, 2012 at 10:14:34PM -0500, Nick M. Daly wrote:

If you haven't read Paul Ohm's paper yet, you should.  It's long, but
that's mostly because it's incredibly well explained.

Seconded. :)

--
Joss Wright | @JossWright
http://www.pseudonymity.net/~joss
--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Opinion on a paper?

[Paul Bernal (LAW)]

Thanks Jodi, Alec, Joss, Robert and Nick

That's really helpful - and very quick! A lot to digest - but it looks pretty 
devastating for the piece, confirming my suspicions.

Many thanks again

Paul


Dr Paul Bernal
Lecturer
UEA Law School
University of East Anglia
Norwich Research Park
Norwich NR4 7TJ

email: paul.ber...@uea.ac.uk<mailto:paul.ber...@uea.ac.uk>
Web: http://www.paulbernal.co.uk/
Blog: http://paulbernal.wordpress.com/
Twitter: @paulbernalUK

On 10 Sep 2012, at 03:20, Robert Munro 
mailto:robert.mu...@gmail.com>>
 wrote:

I second the criticism about the assumptions of a 'perfect population
register'. This is a much broader problem, as shown by the Netflix
case. For a good synopsis, see Pete Warden's take on the problem, some
examples of how external data can be used to help reverse anonymized
data, and some suggestions for ways to operate with imperfect
anonymization:
 http://strata.oreilly.com/2011/05/anonymize-data-limits.html

You certainly don't need to be high-profile, either, like the article
suggests. Last year I was working on disease outbreak tracking. There
was an actual case where a girl in East Africa had been reported as
testing positive to Ebola. Her village was named in reports and this
was a region where victims of diseases are often vilified and
sometimes killed. She would have likely been the only person from her
village who was rushed to a hospital at that time (and more likely the
only girl of her age-bracket). It would have been simple for everyone
from her village to immediately make the connection. We decided we
would not want to publish this information, even though many other
health organizations did. Her diagnosis was ultimately incorrect,
which doesn't really affect the anonymization issue, but it makes any
identification/vilification even more disturbing.

We were information managers and health professionals, not lawyers,
and the international aspect no doubt complicates things. I assume
that the health organizations who did publicize this acted within the
law. For us, this wasn't enough. If it was reported in a health
journal 5 years later? That might be ok. But as real-time report it
was clearly unethical. I doubt the other organizations published this
in malice - it was one piece of information among many - but it
highlights the problem.

Rob








On 9 September 2012 15:30, Joss Wright
mailto:joss-liberationt...@pseudonymity.net>>
 wrote:
On Sun, Sep 09, 2012 at 07:19:22PM +, Paul Bernal (LAW) wrote:

I wondered if anyone had an opinion on it - I don't have the technical
knowledge to be able to evaluate it properly. The basic conclusion
seems to be that re-identification of 'anonymised' data is not nearly
as easy as we had previously thought (from the work of Latanya
Sweeney, Paul Ohm etc). Are these conclusions valid?

My concern is that I can see this paper being used to justify all
kinds of potentially risky information being released - particularly
health data, which could get into the hands of insurance companies and
others who could use it to the detriment of individuals. On the other
hand, if the conclusions are really valid, then perhaps people like me
shouldn't be as concerned as we are.

Hi Paul,

I've gone over this paper quite quickly, partially because it's late
here and I should be asleep; apologies for any bizarre turns of phrase,
repetition (hesitation or deviation...), or bad-tempered
comments. :)

I'll also certainly defer to the hardcore reidentification experts if
they turn up.

(This email has become slightly longer than I intended. To sum up:
"Lots of problems. False assumptions. Cherry-picked examples. Ignores or
wholly misunderstands subsequent decade of research. Somewhat
misrepresents statistics.  Wishful-thinking recommendations. Correct in
stating that we don't need to delete all data everywhere in order to
avoid reidentification, but that's about it.")

My initial response is that the paper is partially correct, in that the
Sweeney example was a dramatic, anecdotal demonstration of
reidentification and shouldn't be taken as representative of data in
general. On the other hand, the paper goes wildly off in the other
direction, and claims that the specifics of the Sweeney example somehow
demonstrate that reidentification in general is barely feasible and can
easily be handled with a few simple rules of thumb.

Overall, I would say that there are a number of serious flaws in the
arguments of the author.

Firstly, the paper is predicated almost entirely on what the author
refers to as `the myth of the perfect population register' -- that
almost no realistic database covers an entire population, and so any
apparently unique record could in fact also match someone outside of the
database. This is certainly true, but is used by the author to justify
an assumption that does not hold, in my opinion.

This assumption

Re: [liberationtech] Opinion on a paper?

[Paul Bernal (LAW)]

Thanks!

Sent from my iPhone

On 9 Sep 2012, at 20:18, "Jodi Schneider" 
mailto:jschnei...@pobox.com>> wrote:

Paul,

You might ask Arvind Narayanan -- reidentification is his expertise:
http://33bits.org/about/

-Jodi

On Sun, Sep 9, 2012 at 5:44 PM, Paul Bernal (LAW) 
mailto:paul.ber...@uea.ac.uk>> wrote:
I've just come across this paper: "The 'Re-Identification' of Governor William 
Weld's Medical Information: A Critical Re-Examination of Health Data 
Identification Risks and Privacy Protections, Then and Now"

It can be downloaded here:

http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2076397

I wondered if anyone had an opinion on it - I don't have the technical 
knowledge to be able to evaluate it properly. The basic conclusion seems to be 
that re-identification of 'anonymised' data is not nearly as easy as we had 
previously thought (from the work of Latanya Sweeney, Paul Ohm etc). Are these 
conclusions valid?

My concern is that I can see this paper being used to justify all kinds of 
potentially risky information being released - particularly health data, which 
could get into the hands of insurance companies and others who could use it to 
the detriment of individuals. On the other hand, if the conclusions are really 
valid, then perhaps people like me shouldn't be as concerned as we are.

Any help would be appreciated.

Regards

Paul



Dr Paul Bernal
Lecturer
UEA Law School
University of East Anglia
Norwich Research Park
Norwich NR4 7TJ

email: paul.ber...@uea.ac.uk<mailto:paul.ber...@uea.ac.uk>
Web: http://www.paulbernal.co.uk/
Blog: http://paulbernal.wordpress.com/
Twitter: @paulbernalUK


--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech
--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] Opinion on a paper?

[Paul Bernal (LAW)]

I've just come across this paper: "The 'Re-Identification' of Governor William 
Weld's Medical Information: A Critical Re-Examination of Health Data 
Identification Risks and Privacy Protections, Then and Now"

It can be downloaded here:

http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2076397

I wondered if anyone had an opinion on it - I don't have the technical 
knowledge to be able to evaluate it properly. The basic conclusion seems to be 
that re-identification of 'anonymised' data is not nearly as easy as we had 
previously thought (from the work of Latanya Sweeney, Paul Ohm etc). Are these 
conclusions valid?

My concern is that I can see this paper being used to justify all kinds of 
potentially risky information being released - particularly health data, which 
could get into the hands of insurance companies and others who could use it to 
the detriment of individuals. On the other hand, if the conclusions are really 
valid, then perhaps people like me shouldn't be as concerned as we are.

Any help would be appreciated.

Regards

Paul



Dr Paul Bernal
Lecturer
UEA Law School
University of East Anglia
Norwich Research Park
Norwich NR4 7TJ

email: paul.ber...@uea.ac.uk<mailto:paul.ber...@uea.ac.uk>
Web: http://www.paulbernal.co.uk/
Blog: http://paulbernal.wordpress.com/
Twitter: @paulbernalUK

--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Liberationtech Mailing List Survey

[Paul Bernal (LAW)]

I'm entirely neutral on all three questions: I post rarely, but when I do I 
write on the assumption that my posts are effectively public.

Paul

Sent from my iPhone

On 18 Aug 2012, at 17:00, "Yosem Companys" 
mailto:compa...@stanford.edu>> wrote:

Just a reminder about the survey.  To ensure getting as many responses as 
possible, the survey will continue until Monday, August 20, 2012.

Thanks,
Yosem

On Fri, Aug 10, 2012 at 12:50 PM, Yosem Companys 
mailto:compa...@stanford.edu>> wrote:
Hi All,

Based on your feedback, a short 3-question survey of the Liberationtech 
community will be conducted to determine what changes to implement.  The survey 
will be conducted through Thursday, August 16, 2012, and aggregated survey 
results will be released on Friday, August 17, 2012.  Changes to mailing list 
guidelines will occur shortly thereafter.

To provide background info on the survey questions, the feedback you have sent 
either privately or to the whole list over the past few days has been 
summarized below under "policy implications."

Should you have any questions, please let me know.

Thanks,

Yosem
List Moderator



SURVEY:

  *   Would you like to make the Liberationtech archives public or private?
 *   Public
 *   Private
  *   Should reply-to's be sent to the entire list or the individual sender?
 *   Entire List
 *   Individual Sender
  *   Should we reduce or eliminate the list-email signature text?
 *   Keep text signature as is
 *   Add  "-- " prior to text signature to enable auto-hiding in most 
mailers
 *   Eliminate text signature completely

POLICY IMPLICATIONS:

  *   Public or private:
 *   Public implies making the archives public both within mailman, and we 
would also allow automatic, real-time mirroring of the list.  Easiest to do for 
simplicity and transparency's sake.  Mailing list guidelines would also be 
amended to reflect the change.
 *   Private means that we would make the archives private and, if 
possible, add Internet standard email headers or robot exclusions to restrict 
or prohibit archiving.  Mailing list guidelines would also be amended to 
reflect the change.
  *   Reply to entire list or individual sender:
 *   Advantage of replying to individual sender includes preventing 
personal replies from being inadvertently sent to the entire list.
 *   Advantages of replying to entire list include:
*   Preventing people who forward emails from the list from 
unnecessarily exposing subscribers' email addresses
*   Preventing list server from having to filter email to subscribers 
who are in To: or Cc: (if anything goes wrong, they get an email twice)
*   Reducing both the strain on the server and the risk of triggering 
spam filters
  *   Signature
 *   Signature currently includes instructions on how to change 
subscription options (an issue that constantly recurs on the list) and our 
Twitter address.  See below:

___
liberationtech mailing list
liberationtech@lists.stanford.edu<mailto:liberationtech@lists.stanford.edu>

Should you need to change your subscription options, please go to:

https://mailman.stanford.edu/mailman/listinfo/liberationtech

If you would like to receive a daily digest, click "yes" (once you click above) 
next to "would you like to receive list mail batched in a daily digest?"

You will need the user name and password you receive from the list moderator in 
monthly reminders. You may ask for a reminder here: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Should you need immediate assistance, please contact the list moderator.

Please don't forget to follow us on http://twitter.com/#!/Liberationtech
___
liberationtech mailing list
liberationtech@lists.stanford.edu

Should you need to change your subscription options, please go to:

https://mailman.stanford.edu/mailman/listinfo/liberationtech

If you would like to receive a daily digest, click "yes" (once you click above) 
next to "would you like to receive list mail batched in a daily digest?"

You will need the user name and password you receive from the list moderator in 
monthly reminders. You may ask for a reminder here: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Should you need immediate assistance, please contact the list moderator.

Please don't forget to follow us on http://twitter.com/#!/Liberationtech

[liberationtech] Change.org blocked in Belarus. Advice welcome :-)

[Paul Hilder]

Dear all,

This week, Change.org - the open platform for anyone, anywhere to
start, join and win campaigns -- has been blocked in Belarus. The
blocking is taking place at the level of Beltelecom, the state
monopoly service provider.

The mechanism, rather unusually I think, is simple DNS address
blocking, which is also affecting other sites. We are in close touch
with our DNS service provider on this issue and seeking to resolve it.

We believe the issue may relate to the content of one or more
campaigns started by Change.org users. We have seen several
significant campaigns on the site in recent months, some on
challenging issues.

We are engaging in dialogue initially to seek to remove the block, but
are also assessing other options in response.

We have consulted a number of the usual go-to people already, but I'd
really welcome any advice or perspectives from LiberationTech list
members, on or off list!

Sorry to be asking rather than sharing on my first posting here... but
I hope you understand the circumstances, and look forward to further
discussion.

Warmest wishes,

Paul
--
Paul Hilder
Vice-President of Global Campaigns
Change.org

Now: London, UK
___
liberationtech mailing list
liberationtech@lists.stanford.edu

Should you need to change your subscription options, please go to:

https://mailman.stanford.edu/mailman/listinfo/liberationtech

If you would like to receive a daily digest, click "yes" (once you click above) 
next to "would you like to receive list mail batched in a daily digest?"

You will need the user name and password you receive from the list moderator in 
monthly reminders. You may ask for a reminder here: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Should you need immediate assistance, please contact the list moderator.

Please don't forget to follow us on http://twitter.com/#!/Liberationtech

Re: [liberationtech] Images of Blocking in Different Countries?

[Paul Hyland]

Yeah but that's just one paper - she's written, been quoted, testified before 
congress, spoken at conferences, etc about internet freedom and censorship, 
inside china and crossing the border and by private companies, along with many 
other countries around the world - including the US. And in the nation of 
Facebookistan. 

I saw a great talk she gave at the Freedom to Connect conference in the Spring, 
followed by an interview by Ian Schuler from Alex Ross's team at the State 
Department - the video archive should be available at the freedom2connect.net 
web site. Well over 100 articles and quotes from just the past two years are 
available at http://newamerica.net/people/archives/303 - and there's her book, 
Consent of the Networked, as well. Her contact info is on the New America page 
I shared previously.

Paul 

On Aug 15, 2012, at 2:18 PM, "Eric S Johnson"  wrote:

> Rebecca’s brilliant study (cited by Ivan) was about how companies which host 
> content domestically (in China) monitor that content and delete anything they 
> think doesn’t belong. It has nothing to do with ISPs, and nothing to do with 
> the blocking of foreign content (the “Great Firewall”).
>  
> Best,
> Eric
> PGP
>  
> From: Ivan Sigal [mailto:ivan.si...@gmail.com] 
> Sent: Wednesday, 15 August 2012 21:39
> To: Paul Hyland
> Cc: Eric S Johnson; Stanford tech list
> Subject: Re: [liberationtech] Images of Blocking in Different Countries?
>  
> Rebecca's study is here:
>  
> http://firstmonday.org/article/view/2378/2089
>  
> She found significant variation in ISP practices at the time.
>  
> Cheers 
>  
> Ivan
>  
>  
> Ivan Sigal
> Executive Director, Global Voices
> i...@globalvoicesonline.org l +1 202 361 2712
> www.globalvoicesonline.org
>  
> On Aug 15, 2012, at 9:35 AM, Paul Hyland wrote:
> 
> 
> Rebecca MacKinnon would be one to ask about Internet censorship in China - 
> she studied it at the University of Hong Kong a few years ago, and is on the 
> board of Global Voices Online. She's now a fellow at the New America 
> Foundation. 
>  
> Bio/contact info: http://newamerica.net/user/303
> 
> On Aug 15, 2012, at 2:46 AM, "Eric S Johnson"  wrote:
> 
> As far as I can tell, China doesn't "keyword-filter" in the sense most people 
> think of that phrase. That is, the Great Firewall isn't inspecting all the 
> text which flows through it, failing to deliver any web pages which have 
> offending words. The filtering is of two main types:
> 1)  any of thousands of domains or specific URLs are on a static 
> blacklist, and
> 2)  there is a small list of words which, if present in a URL, will 
> dynamically result in blocking.
> The blocking is generally manifested as a “connection reset” page which looks 
> to most users like “page not found.” China also poisons the DNS for some of 
> the domains it blocks, but this is (as far as I can tell) redundant because 
> of “1” above. (I guess it trips up some users whose VPN fails to tunnel DNS 
> requests.)
>Sometimes (inconsistently), an attempt to see blocked content 
> results not only in the content not being delivered, but also a “punishment” 
> meted out to the offending user: all attempts to access servers outside China 
> fail for a period of between 5 and 10 minutes.
>It’s “2” above which can be used to censor searches, since 
> unencrypted access to Google from inside China (or to Baidu from outside 
> China) puts the search terms into the URL. This censorship can easily be 
> neutralised by accessing Google via HTTPS.
>There are persistent reports that China’s cybercensorship can 
> sometimes vary (a little) by ISP, but I’ve never seen this (I’ve only been to 
> ~13 of the 34 PRC-defined provinces), and Alkasir hasn’t ever detected any 
> such variations. (The internet in 3 of those provinces isn’t filtered: Hong 
> Kong, Macao, and Taiwan. Of course, even if the PRC thinks Taiwan’s a 
> province, Taiwan doesn’t think that.)
>  
> Best,
> Eric
>  
> > -Original Message-
> > From: liberationtech-boun...@lists.stanford.edu [mailto:liberationtech-
> > boun...@lists.stanford.edu] On Behalf Of Philipp Winter
> > Sent: Monday, 13 August 2012 16:15
> > To: Stanford tech list
> > Subject: Re: [liberationtech] Images of Blocking in Different Countries?
> >
> > On Sun, Aug 12, 2012 at 09:14:48PM -0700, Adam Fisk wrote:
> > > My understanding is that China just shows a blank page. Is that correct?
> >
> > That depends on the type of filtering. The keyword filtering infrastructure
> > forcefully terminates connections and depending on the browser you will get 

Re: [liberationtech] Images of Blocking in Different Countries?

[Paul Hyland]

Rebecca MacKinnon would be one to ask about Internet censorship in China - she 
studied it at the University of Hong Kong a few years ago, and is on the board 
of Global Voices Online. She's now a fellow at the New America Foundation. 

Bio/contact info: http://newamerica.net/user/303

On Aug 15, 2012, at 2:46 AM, "Eric S Johnson"  wrote:

> As far as I can tell, China doesn't "keyword-filter" in the sense most people 
> think of that phrase. That is, the Great Firewall isn't inspecting all the 
> text which flows through it, failing to deliver any web pages which have 
> offending words. The filtering is of two main types:
> 1)  any of thousands of domains or specific URLs are on a static 
> blacklist, and
> 2)  there is a small list of words which, if present in a URL, will 
> dynamically result in blocking.
> The blocking is generally manifested as a “connection reset” page which looks 
> to most users like “page not found.” China also poisons the DNS for some of 
> the domains it blocks, but this is (as far as I can tell) redundant because 
> of “1” above. (I guess it trips up some users whose VPN fails to tunnel DNS 
> requests.)
>Sometimes (inconsistently), an attempt to see blocked content 
> results not only in the content not being delivered, but also a “punishment” 
> meted out to the offending user: all attempts to access servers outside China 
> fail for a period of between 5 and 10 minutes.
>It’s “2” above which can be used to censor searches, since 
> unencrypted access to Google from inside China (or to Baidu from outside 
> China) puts the search terms into the URL. This censorship can easily be 
> neutralised by accessing Google via HTTPS.
>There are persistent reports that China’s cybercensorship can 
> sometimes vary (a little) by ISP, but I’ve never seen this (I’ve only been to 
> ~13 of the 34 PRC-defined provinces), and Alkasir hasn’t ever detected any 
> such variations. (The internet in 3 of those provinces isn’t filtered: Hong 
> Kong, Macao, and Taiwan. Of course, even if the PRC thinks Taiwan’s a 
> province, Taiwan doesn’t think that.)
>  
> Best,
> Eric
>  
> > -Original Message-
> > From: liberationtech-boun...@lists.stanford.edu [mailto:liberationtech-
> > boun...@lists.stanford.edu] On Behalf Of Philipp Winter
> > Sent: Monday, 13 August 2012 16:15
> > To: Stanford tech list
> > Subject: Re: [liberationtech] Images of Blocking in Different Countries?
> >
> > On Sun, Aug 12, 2012 at 09:14:48PM -0700, Adam Fisk wrote:
> > > My understanding is that China just shows a blank page. Is that correct?
> >
> > That depends on the type of filtering. The keyword filtering infrastructure
> > forcefully terminates connections and depending on the browser you will get 
> > an
> > error message saying something like "The connection was reset".
> >
> > You can actually test it yourself by going to baidu.com and searching for
> > "falun".
> >
> > Philipp
> > ___
> > liberationtech mailing list
> > liberationtech@lists.stanford.edu
> >
> > Should you need to change your subscription options, please go to:
> >
> > https://mailman.stanford.edu/mailman/listinfo/liberationtech
> >
> > If you would like to receive a daily digest, click "yes" (once you click 
> > above) next
> > to "would you like to receive list mail batched in a daily digest?"
> >
> > You will need the user name and password you receive from the list moderator
> > in monthly reminders. You may ask for a reminder here:
> > https://mailman.stanford.edu/mailman/listinfo/liberationtech
> >
> > Should you need immediate assistance, please contact the list moderator.
> >
> > Please don't forget to follow us on http://twitter.com/#!/Liberationtech
> ___
> liberationtech mailing list
> liberationtech@lists.stanford.edu
> 
> Should you need to change your subscription options, please go to:
> 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 
> If you would like to receive a daily digest, click "yes" (once you click 
> above) next to "would you like to receive list mail batched in a daily 
> digest?"
> 
> You will need the user name and password you receive from the list moderator 
> in monthly reminders. You may ask for a reminder here: 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 
> Should you need immediate assistance, please contact the list moderator.
> 
> Please don't forget to follow us on http://twitter.com/#!/Liberationtech
___
liberationtech mailing list
liberationtech@lists.stanford.edu

Should you need to change your subscription options, please go to:

https://mailman.stanford.edu/mailman/listinfo/liberationtech

If you would like to receive a daily digest, click "yes" (once you click above) 
next to "would you like to receive list mail batched in a daily digest?"

You will need the user name and 

Re: [liberationtech] Good articles on the Pirate Party and Pirate Bay

[Paul A. Aitken]

Hi all,

Just another to contribute:

Jonas Andersson, "The Pirate Bay as Strategic Sovereign" appears in 
Culture Machine v. 10.


This is part of an interesting issue on "pirate philosophy" 
http://culturemachine.net/index.php/cm/issue/view/21


I've not published anything yet with regards to the Pirate Bay. However, 
I spent a god chunk of my PhD offering a critique of public bittorrent 
indexes practice of commodifying audiences through the use of the 
advertising. While it's unlikely that the sites turn much of a profit, 
the logic of commodifying users' activity--especially activity related 
to the pursuit of pleasure and enjoyment--has become a primary strategy 
for online revenue. Pleasure seeking subjects become data objects for 
sale to advertisers. Here, the radicality of public search indexes 
approach to copyright "grey" areas does not seem to extend to include a 
resistance to the idea of informationalising of media fans.


Anyhow, I could always circulate some of the chapters if anyone's 
interested.


Best,

Paul

On 12-08-11 01:40 PM, Fenwick Mckelvey wrote:

Hi all,
A few sources to add to the list. I also CC’ed Patrick Bukart and Paul
Aitken who work on piracy and politics since they might offer some
good additions.

I always found the now-defunct Piratbyrån helpful in explaining the
politics of piracy. They often wrote about the ‘grey commons’ as
opposed to the creative commons. The grey commons embraces the legal
ambiguity of its content (hence grey instead of black or white). The
Pirate Bay website itself could be argued to epitomize a grey commons
since it promotes unfettered sharing. These articles offer an
explanation of the Grey Commons.

Rasmus Fleischer's of the Piratbyrån explains the concept here:
http://torrentfreak.com/piratbyran-speech/

The article ‘A Letter to the Commons’ starting on p. 19 is also good.
http://waag.org/sites/waag/files/public/Publicaties/InTheShade.pdf

In more recent years, Rasmus Fleischer’s writing on the
accelerationism and escalationism explain the The Pirate Bay’s
expansion of tactics from starting BitTorrent trackers to getting
involved in its iPredator VPN. This article is a good history of sorts
of piracy as it shifts tactics:
http://www.copyriot.se/2010/01/13/pirate-politics-from-accelerationism-to-escalationism/
I have also written on these two strategies as part of my dissertation
that I am happy to share if you’re interested.

The German Pirate Party also appears to be some really interesting
stuff with their liquid democracy project that attempts to bridge P2P
(last I checked).

http://translate.google.ca/translate?hl=en&sl=de&u=http://wiki.piratenpartei.de/BE:Liquid_Democracy_in_der_Piratenpartei&prev=/search%3Fq%3Dliquid%2Bdemocracy%2Bpiraten%2Bberlin%26hl%3Den%26client%3Dfirefox-a%26hs%3Djnu%26rls%3Dorg.mozilla:en-US:official%26biw%3D1256%26bih%3D606%26prmd%3Dimvns&sa=X&ei=WoMmULG6K4bL0QGr24GIDA&sqi=2&ved=0CGEQ7gEwAA


A few other suggestions:

This book collects a lot of the Swedish writings on the Pirate Bay,
but sadly the book has not been translated into English:
http://www.kb.se/aktuellt/Butik-och-Publikationer/Mediehistoriskt-arkiv2/Efter-the-Pirate-Bay/

The Pirate Bay also published a funny enigmatic book of slogans. It
captures some of the humour and inconsistencies of the group.
thepiratebay.org/torrent/4741944/powr.broccoli-kopimi

Here are a few academic articles on the matter that contextualize the
movement a bit more.
Lindgren, S., & Linde, J. (2012). The Subpolitics of Online Piracy: A
Swedish case study. Convergence: The International Journal of Research
into New Media Technologies, 18(2), 143–164.
doi:10.1177/1354856511433681

Miegel, F., & Olsson, T. (2008). From Pirates to Politician: The Story
of the Swedish File Sharers who became a Political Party. In N.
Carpentier, P. Pruulmann-Vengerfeldt, K. Nordenstreng, M. Hartmann, P.
Vihalemm, B. Cammaerts, H. Nieminen, et al. (Eds.), Democracy,
Journalism and Technology: New Developments in an Enlarged Europe (pp.
203–217). Tartu: Tartu Publisher Press.

Dahlberg, L. (2011). Pirates, Partisans, and Politico-Juridical Space.
Law and Literature, 23(2), 262–281. (He seems to be a member of the
Swedish circles writing on piracy).

I also saw Patrick Bukart present at ICA on the Pirate Party so he
might have a paper to share too.

Let me know if you have any more questions or comments. As I said, I
have written on the Pirate Bay as well, but not published yet, so I’m
happy to circulate my own work if you want.

Best,
Fenwick

On Sat, Aug 11, 2012 at 5:27 AM, Marcin de Kaminski
 wrote:

I think the tips provided on the list are all good, but would like to emphasize 
Steal this Film which in my opinion is the best and most clear overview of the 
background of Piratbyran and The Pirate Bay. In particular I see it as 
important to study the pre-pirateparty movements - we started Piratbyra

Re: [liberationtech] Peter Theil On Arab spring

[Paul Bernal (LAW)]

I don't suppose there's an online version of the Howard and Hussain article for 
Journal of Democracy available, is there? I'm struggling to get access to it 
from here.

Kind regards

Dr Paul Bernal
Lecturer
UEA Law School
University of East Anglia
Norwich Research Park
Norwich NR4 7TJ

email: paul.ber...@uea.ac.uk<mailto:paul.ber...@uea.ac.uk>
Web: http://www.paulbernal.co.uk/
Blog: http://paulbernal.wordpress.com/
Twitter: @paulbernalUK

On 23 Jul 2012, at 06:50, Larry Diamond wrote:

that

___
liberationtech mailing list
liberationtech@lists.stanford.edu

Should you need to change your subscription options, please go to:

https://mailman.stanford.edu/mailman/listinfo/liberationtech

If you would like to receive a daily digest, click "yes" (once you click above) 
next to "would you like to receive list mail batched in a daily digest?"

You will need the user name and password you receive from the list moderator in 
monthly reminders. You may ask for a reminder here: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Should you need immediate assistance, please contact the list moderator.

Please don't forget to follow us on http://twitter.com/#!/Liberationtech

[liberationtech] UK snoopers' charter

[Paul Bernal (LAW)]

In case anyone's interested, I wrote a short(ish) piece about the human rights 
implications of our proposed 'snoopers charter' - the draft Communications Data 
Bill. It's here:

http://ukconstitutionallaw.org/2012/07/11/paul-bernal-the-draft-communications-bill-and-the-echr/

Regards

Paul


Dr Paul Bernal
Lecturer
UEA Law School
University of East Anglia
Norwich Research Park
Norwich NR4 7TJ

email: paul.ber...@uea.ac.uk
Web: http://www.paulbernal.co.uk/
Blog: http://paulbernal.wordpress.com/
Twitter: @paulbernalUK

___
liberationtech mailing list
liberationtech@lists.stanford.edu

Should you need to change your subscription options, please go to:

https://mailman.stanford.edu/mailman/listinfo/liberationtech

If you would like to receive a daily digest, click "yes" (once you click above) 
next to "would you like to receive list mail batched in a daily digest?"

You will need the user name and password you receive from the list moderator in 
monthly reminders. You may ask for a reminder here: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Should you need immediate assistance, please contact the list moderator.

Please don't forget to follow us on http://twitter.com/#!/Liberationtech

[liberationtech] Location and privacy...

[Paul Bernal (LAW)]

In case anyone's interested, I blogged this morning on location and privacy - 
very basic blog!

http://paulbernal.wordpress.com/2012/05/29/who-goes-where/

Paul


Dr Paul Bernal
Lecturer
UEA Law School
University of East Anglia
Norwich Research Park
Norwich NR4 7TJ

email: paul.ber...@uea.ac.uk
Web: http://www.paulbernal.co.uk/
Blog: http://paulbernal.wordpress.com/
Twitter: @paulbernalUK

___
liberationtech mailing list
liberationtech@lists.stanford.edu

Should you need to change your subscription options, please go to:

https://mailman.stanford.edu/mailman/listinfo/liberationtech

If you would like to receive a daily digest, click "yes" (once you click above) 
next to "would you like to receive list mail batched in a daily digest?"

You will need the user name and password you receive from the list moderator in 
monthly reminders. You may ask for a reminder here: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Should you need immediate assistance, please contact the list moderator.

Please don't forget to follow us on http://twitter.com/#!/Liberationtech

[liberationtech] The right to be forgotten

[Paul Bernal (LAW)]

In case anyone's interested, I've written a short piece (about 1,000 words) for 
the Open Rights Group zine about the right to be forgotten - a kind of 'right 
to be forgotten for dummies'. The idea's to give a sense of what the right 
actually is - rather than how it's presented in the media - and what the key 
issues are around it, including those that make it such a bone of contention 
between Europe and the US…

You can find it here:

http://zine.openrightsgroup.org/features/2012/the-right-to-be-forgotten

…but if anyone needs, I can post the whole thing here.

Regards

Paul


Dr Paul Bernal
Lecturer
UEA Law School
University of East Anglia
Norwich Research Park
Norwich NR4 7TJ

email: paul.ber...@uea.ac.uk
Web: http://www.paulbernal.co.uk/
Blog: http://paulbernal.wordpress.com/
Twitter: @paulbernalUK

___
liberationtech mailing list
liberationtech@lists.stanford.edu

Should you need to change your subscription options, please go to:

https://mailman.stanford.edu/mailman/listinfo/liberationtech

If you would like to receive a daily digest, click "yes" (once you click above) 
next to "would you like to receive list mail batched in a daily digest?"

You will need the user name and password you receive from the list moderator in 
monthly reminders. You may ask for a reminder here: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Should you need immediate assistance, please contact the list moderator.

Please don't forget to follow us on http://twitter.com/#!/Liberationtech