You had been warned

All those warnings about the dangers of mass surveillance coming out for the last few years just got a little more real for a lot of people. Apparently, when your side loses an election, they don’t switch off the massive, legal-grey-area global spy network when they pack up and move out.

Trying to collect everyone’s data for analysis at any future time may sound like a brilliant idea to you. Think of the good that can be done! No. You can’t think of such a thing in terms of it being run by rational, decent people. You can’t think of it being run by people on your side. You have to consider it as if it were possible that such powers could be put in the hands of a maniac.

Many people supporting Hillary Clinton for president, and the re-election of President Obama before that, were eager to dismiss this issue. Both (along with many other Democrat and Republican leaders both past and present) were part of the construction of this machine, though. Soon it will be handed over to a President Trump, providing he can beat the upcoming rape trial and several other allegations winding through the courts and avoid being impeached.

This isn’t just an American issue, or about some constitutional rights that only apply to people on the right side of the upcoming Mexico-funded wall. This has to do with all the U.S.’ intelligence trading agreements.

Just let that sink in.

When Obama — with Clinton’s support — extended and expanded the reach of America’s mass surveillance project, most of his advocates were defensive, apologists, or dismissive about it. What does it matter? How does it effect you? many folks looked the other way while millions of people around the world were targeted based on “selectors” generated from some text they may have put online somewhere, a video they may have watched, photos they posted, or maybe just how their surname, language or national origin happened to feature on the computer screen of some NSA contractor. Lots of people thought it wasn’t a big deal. Many people may have even believed that, well, if they don’t have anything to hide…

This isn’t a warning, it’s a reminder. The warnings have been coming out for years, people just didn’t do anything about them. While the apparatus stay’s the same, its uses can and will change. The selectors can be altered. Other people may find all sort of things that they suddenly wish they could hide even if they can’t: Political affiliation, who their friends or family members might be, social interests, reading lists, gender identity, religion, race. What selectors will the new regime prioritize?

The Investigatory Powers Bill gets really real

UPDATE (20/11/2016): Too late. The most invasive and dangerous bill in the history of modern British politics, and the most invasive mass surveillance framework in the history of democratic states  has been approved to become law. As with all policies crafted out of blunt fear, it will make people far less safe.

“We do have to worry about a UK Donald Trump. If we do end up with one, and that is not impossible, we have created the tools for repression.” — Liberal Democrat peer, Lord Strasburger

Of course, this concern predates the eventuality of a total kakistocracy situation, such as what’s happening in the United States right now. The UK has had various examples of abuse of already existing surveillance powers in its own recent history.

Many people argue that there are no technical solutions to bad policy when it comes to privacy and mass surveillance. I would agree with that. Technical solutions are often clumsy, buggy, time-consuming and are difficult to scale. But when political avenues have been closed — as they have with the passing of this Investigatory Powers Bill, then technological solutions are what we’ve got left to work with. You can’t wait for the law to have your human rights. Sometimes you just have to exercise your rights until the law recognizes them.


Previously:

The British government is at war with its citizens, and using the Tory government’s new Snoopers’ Charter as its weapon. There is virtually no opposition to it. In spite of Liberty’s campaign work on the IPBill, its former director, embattled Labour Peer Shami Chakrabarti, has been utterly quiet on the topic, as has the vast majority of her party and its leader, Jeremy Corbyn. The SNP and Liberal Democrats form what is essentially the opposition on this issue. You need to stop what you’re doing and pay attention to the…

#IPBill!

Where it’s at…

Passed by the House of Lords (with amendments to protect the wealthy classes)

Reading


Technical patches for bad policy

An interesting project, but I don’t think we’ll crowdfund our way out of this one.


Also…

Criminalising knowledge of how to apply maths in technology…

✓ researching encryption
✓ publishing encryption guides
✓ teaching use of encryption
✓ possessing encrypted OS on USB
✓ encrypting websites

You are being watched

See something

Via Privacy International

Research something

By Transparency Toolkit, and the org mentioned above

Do something

From EFF

America needs its exiles

Well timed with the release of Oliver Stone’s Snowden biopic, is the Pardon Snowden campaign, which is essentially an ACLU sponsored online petition aimed at convincing President Obama to use some of his final-days karma points on a pardon for the NSA whistle blower. I signed it. I think you should isgn it, too. I don’t think it will actually result in a pardon; I’m too cynical to believe in the magic fairy dust of clicktivism. The power of petitions is to show popular support, and they’re often at their most powerful when they reveal how those in government refuse to listen to those they govern. So, do please sign it. I hope millions of Americans do.

I think I’ll forever prefer Laura Poitras’ documentary, CitizenFour, which soberly and chillingly details the NSA’s mass surveillance program as revealed by it’s one-time contract employee. But I will be getting around to Stone’s dramatization of Snowden’s story, and I’m fairly sure I’ll find it entertaining. I think it’s a tad too soon, and there’s a real problem that the fictionalized bits of the film may filter into the popular conscious as being historical fact, but if a fact-based thriller revives the necessary discussion on the United States’ descent into being a dangerous, mass surveillance super-state, then so be it.

The America of today still needs its exiles like Snowden. While I’m sure he’d really like to go home, see family and friends, get back to something approaching normality and all that, a pardon would be be a public relations exercise. It would not fix anything. Snowden’s inability to return home — as excruciating as that must be — continues to to poke America in a soft spot that needs prodding with a sharp stick. So I hope he gets to go home; and  I know that as an exile, he will continue to have more impact. The latter will probably continue to be the case.

The country (both its establishment and a fairly substantial percentage of its citizenry) has not come to grips with the fact that is has a problem. As of 2015, about 42% of Americans expressed approval of the NSA mass surveillance program. That it’s a “minority” isn’t that comforting when it’s just under half. That means there’s just 9% to the majority. Inside the political establishment, there is something approaching to a consensus on the subject.

The FBI is still lobbying for any legal encryption technology to include a backdoor for intelligence gathering, in spite of this being proven to be both dangerous and ultimately unworkable. And the Justice Department is now preparing to make legal the FBI’s use of malware against millions of computers, regardless of whether their users are suspected of anything.

The Feds Will Soon Be Able to Legally Hack Almost Anyone

“Without Snowden, the American people could not balance for themselves the risks, costs and benefits of omniscient domestic surveillance. Because of him, we can,” wrote former CIA officer Barry Eisler in Time. I think it’s important to emphasize the word “former” there. For each one of him, there are dozens in Washington, D.C, who don’t want the status quo adjusted or even questioned.

“Without question, history will vindicate Edward Snowden as it has Daniel Ellsberg,” says Eisler, and I agree with him entirely. But I’m doubtful that Obama will take the opportunity to be on history’s right side. The president has been wildly supportive of the surveillance state, and he’s now busy campaigning for Hillary Clinton, who has been outspoken on wanting to put Snowden on trial as a traitor, and doesn’t seem to possess working knowledge on what a whistle blower is.

Beyond that, there is no political will inside the American political establishment for a change to the present state of things. The Washington Post, which used Snowden as a source for it’s Pulitzer winning articles on NSA spy programs, has turned around and called for him to be prosecuted for releasing the documents that it, in turn, made public.

In no uncertain terms, The House Permanent Select Committee on Intelligence made clear that “Edward Snowden is no hero – he’s a traitor who willfully betrayed his colleagues and his country,” in spite of there being no evidence to anything released doing anything but reputational harm (significant as that may be) and causing more people to re-evaluate the existence of certain activities. The Committee press release reminds that We the People can’t actually see the report, but rest assured, it’s 36 pages long and has 230 footnotes. What that’s supposed to tell us, I have not one clue. It’s like saying ‘okay, we can’t tell you why we think this, but you can trust it because the report is printed on some high quality paper and uses a very readable sans-serif font.’

The entire committee executive summary of the mystery report is misleading, and that’s already been explored by investigative journalist Barton Gellman, here. But it’s fueling the technocratic red herring arguments, like that from Harvard Law School professor Jack Goldsmith, whose entire argument hinges on the claim that “it is naïve or disingenuous to think that the damage to U.S. intelligence operations was anything but enormous,” without citing any evidence to support the claim in what amounts to a rant that mostly focuses on perceptions of what it means to swear national allegiance and pithy remarks one why he doesn’t like presidential pardons. And he teaches law.

In some sort of magical reality alternate universe where President Obama decides to give Edward Snowden a pardon, it will not be a signal that anything has changed. Not in terms of the U.S.’s relationship with its invasive mass surveillance techniques, and not with its increasing lazzais faire attitude about various agencies using off-the-shelf, whack-a-mole malware in what seems to pass for targeted surveillance. In that context, a pardon would be a propaganda move. This policy trajectory would not change under a President Clinton, and would likely take a turn for the bizarre (if not worse) under a President Trump.

So, support a pardon for Edward Snowden because of what it will mean when it doesn’t happen. America needs its exiles. They may one day be the only ones who can speak freely about what’s wrong with it.

Regarding the House of Commons passage of the Investigatory Powers Bill

—–BEGIN PGP MESSAGE—–
Comment: GPGTools – https://gpgtools.org

hQEMA7+CIEEOUD8fAQf9E6JJ3QV0xuTST5LRjYA4I0TO3gSUpZV6pGhOdLzQPOq3
inKdoLMlQsTtw+KkB5LkPwC6lWhtccdAr9lnmLFvvNdE1dHHlhpTRU33oRvNCfK+
Q8J41YTRVIw9iiU6FIgYymvSamn0aDLrDDxXNCtrhPHfQPumvV25P5ROhyzkH5di
18J80lxw+o+f8UmbizBUB6E+l9D8jsnMOX6Y3ukPNSdfZ9+tezrQW+bsNuwnFur4
/d7VykqRGueAq2SW+OcI/D/GN0jrjjOEojd5WiI0NUaYcYdTNeU4V1il8+g4wcHi
KBgOUKk9r4hNkbY8wyCx9dKYwgLqYyJK3uxFnRLEwoUCDAMdj25keVA7TQEP+gIT
EcI6QwgWLD8zd/1W3SnyULUMAuT6Hk+GtjYSKfiVqlmPpkqmFxhQzEgYNhb4kQO2
XMN4Z16vkHlbl0EmamH54O5lRfI3M3YA7Fs1ORPTh7a8mIlHZZBGbo4FsCSyT5Yx
MbrDTkoQWA7+WTAYX7sAaTf003W6rs3/ZW9lvcGTCfmBouLuubC8bbsIE5j68wPY
NA7zBvfkyDa9CB0cQuUnaM5gkaI8nEkmvQAWxtU6JCpCELr9lE0UqFatF3o+Ktku
5DwQPJON1HLBOLX1y0IMi+fm0+OyDZRuDrWPHAEzn1cwrdxXiFQwDn9oOQEYBTIL
NuEiKfatOTwCdKdnYiTKu5aTqEMYqcbVYSMI7kJwqoncLM78QvYVz6X8rNuNoLQV
CzWeqaqFfBtzssC8WvtEL6a1PrWQjC4Zgov3BDXinGlXTUYu7MUiCvxJKQiECqbi
JwTvwBYXl3UplTKaI/X0MupU0PvWMEsinf8Ft4IItfrxOLmuQvpRdh9Oczl8fViX
9ybag+WlY/B9up1UJf4S5MRVJmWA15OXPftN4TQW+32JJUkV8NQIy8PobygTPDZO
XeSV04Y8AMsClvygWMhkO7zfpe+hFfaJbF8z6gXb3Yj5m/mlrLTuBTppfWqxgap6
1T9O1UMM+4itgYz0uDKCCwOi8CCVjuJkcKkhw68H0sBoAUgndlvXijl2M+x8Qjz9
JZDjPy+zQ7kEEwPAvP7fj6JwgqiNZE3fFqmkXhM2Ne+QCrkUygCCFK7cGp97F+Am
jQrb7wMAcIMFQYdGIEfNEws4K3ZwQApIa2Cf99X55iXDlFUWeq8HwZSNqC1uWw4C
Gj8v7kFNSZpgu9PaB60PT2y3TbfjhA1EuWMz98sYDbL4zvKNFZb/dRICfro+m7wF
/EYbYIkrHJ4Llj24PrVHu9tmbbkDPuG++P9t236NoY9+mUdbe/YI3jQMRw8AJKYN
IW6DBj9GV+amAmOK6JdKfk4HAhaXdsxSNhS3Hsp3dL8OsmieB2JpYK1I99oY4B3u
mvMIx8SmunVJSGtWPvH2dGbKBauf94lJIykZt7FvQvw9mIbHDktGzCg=
=d95Z
—–END PGP MESSAGE—–

Too many leaks to count

A recent Sunday Times front page attention-grabber (that link’s paywalled, but here’s a liberated copy) seemed to suggest that Chinese and Russian governments obtained and/or stole and cracked the encryption of the NSA documents released by Edward Snowden. The evidence cited is that an anonymous 10 Downing Street aide said “It is the case that Russians and Chinese have information.” The rest is a mish-mash. Parts of the article seem to hint that Snowden handed it over to the Russians, and other sections suggest it was hacked into. There appear to be multiple parallel realities that the same article is trying to keep in alignment in spite of their obvious contradictions.

This post isn’t going to take apart each of the article’s points. That’s been done more than well enough by the following:

  1. Journalist Ryan J. Gallagher points out 10 fundemental flaws in the Sunday Times story (some of which the Times have addressed by deleting paragraphs in the online version without notice or explanation).
  2. Glenn Greenwald dismantles every line in the article in his own inimitable style.
  3. The Independent offers some ideas on the possible reason why 10 Downing Street would “leak” such a flawed statement.
  4. Ewen MacAskill asks five questions about the Sunday Times report that the UK government “has an obligation” to answer.
  5. For balance: Here’s one of the reporters sticking up for his work on CNN.

One thing is fairly likely: Chinese, Russian (and likely other intelligence agencies) have some amount of information on British and American — and perhaps other allies — methods and assets. For the sake of argument, let’s take that bit for granted. Does that mean this information came from Snowden’s encrypted disc of PDFs? No.

The burden of proof is on whomever is making the assertion. To discredit a claim, we don’t have to prove something didn’t happen (which can’t really be done), but scrutinise whether the claim is itself the most likely or definitive version of events. Is there evidence? Are there other equally plausible or more likely scenarios? In science, you could call it falsifiability. In journalism, this can be achieved using corroborating sources, verified documents, video, images, source data, etc. Could someone else look at the same information and come up with a different conclusion?

The Sunday Times takes an anonymous Downing Street Official’s Cui bono (who benefits?) approach. The information they cite from a single source goes like this: Our enemies have our secrets and Snowden has been in both those countries, so he must have given the secrets to them.

“The confirmation is the first evidence that Snowden’s disclosures have exacted a human toll. ‘Why do you think Snowden ended up in Russia?’ said a senior Home Office source. ‘Putin didn’t give him asylum for nothing. His documents were encrypted but they weren’t completely secure and we have now seen our agents and assets being targeted.'”
From the article

Cui bono is useful to pursue a line of inquiry, but it’s not evidence itself. Just because you stand it inherit a lot of money doesn’t actually mean you killed your parents, but police may check out where you were on the night and if your fingerprints are on the gun. Two events aren’t necessarily related just because someone has said them together in the same sentence. So, if we’re concerned about massive amounts of this kind of data ending up in the wrong hands, what are some parallel leads to pursue?

Other possible lines of inquiry

Why use a rogue contractor when you can go to the source for better targeted data?

It’s been recently discovered that U.S. Office of Personnel Management data has been hijacked on at least two occasions, allegedly by Chinese hackers. It’s been described by a former counter-intelligence official, Joel Brenner, as as “crown jewels material.” The information could be useful to find leads into any number of agents working for other Western governments. Isn’t that a far more likely source for operative data?

What’s the probability that it could have come from someone else?

Tim Shorrock’s recent article in the Nation is a good reminder of the role played by private contractors, many of them members of the Intelligence and National Security Alliance. This “cyberintelligence-industrial complex,” Shorrock writes, “moves between government and private practice, taking state secrets with them.” These companies work for different, competing corporate employers and various governments, and they’ve got access and clearance for vast amounts of confidential data, which surely has a high value. Privatised spying creates a competitive market for information. How much hacking do you have to do if you’re working for a former client’s rival?

23 years ago, the Daily Dot pointed out, when Edward Snowden was just 7-years old, an internal NSA report predicted  a “rogue systems administrator.” The report warned: “It is their tremendous access to classified information and control of classified computer systems that makes system administrators prime targets for foreign intelligence recruitment. … From an individual’s standpoint … access to electronic versions of classified documents is out of control.”

That was then. What’s the situation, now? Fortune reports, “nearly 2,000 companies work on programs related to counterterrorism, homeland security, and intelligence in about 10,000 locations across the United States, and the industry employs an estimated 854,000 people with top-secret security clearances.” Now add to that figure the firms in other countries working with a variety of different clearance levels. Now add companies such as Finfisher and Hacking Team, who work for anyone from UK spy agencies to brutal dictators. You’re ending up with a constellation of private, unaccountable data harvesting and selling entities that’s beyond any jurisdictional control.

As ZDNet explored here, Booz Allen Hamilton  and other private contractors with Snowden’s clearance level number in the thousands, and poor techniques at controlling and monitoring access to all that data seems to be making it difficult to track down who’s opened or copied it. We know about Snowden because, well, he told everyone. However, if your objective is to trade or sell actionable data to foreign governments, then the key tactic would require you to BE FUCKING QUIET ABOUT IT! How much other data has walked out the door by people who didn’t hand it over to journalists?

And that’s the private contractors. Government employees aren’t magically immune to the same impulses, Consider the Washington Post’s investigation into how background checks are carried out for high security positions. Like everything else, it seems, this too is outsourced. Quotas for the number of interviews carried out and penalties for missing them has meant that “the faster they turned them in, the faster their company got paid — even if the investigations were rushed and incomplete.”

What is known

Any information stored anywhere over a long enough time span will eventually be shared. That’s not an opinion, it’s physics. It could be down to something as simple as leaving files that never should have left the building on a commuter train. It could be an MP with ego issues hiring the wrong aide. Maybe it’s a spy chief with ego issues showing off classified documents to his girlfriend. Occasionally, it’s someone acting on their moral principles. Or maybe someone else is doing it for a bit of cash.

Either way, there are too many leaks in that ship to single out one of them with any certainty in the case of the Sunday Time’s article. And if the world’s leading spy agencies can’t keep this highly sensitive information secure, what hope do the rest of us have that the yottabyte of data about the rest of us will be safe? That’s why we should all be concerned about how much data retention the Home Office (and it’s foreign information swapping partners) wants to enforce. Because you never know where it’s going to end up.


Things added after hitting the “publish” button

This is the only thing the Sunday Times seems to be upset about criticism of its reporting.

“It ended up being perhaps the clearest vindication of Snowden’s work to date.” — Adam Weinster, Gawker

Edits: Spelling, grammar, formatting, making the title fill the space, making the top image funnier.

The NSA still has access to your phone calls… and more

First off, it’s a brilliant step that Congress’ own dysfunctional mechanisms allowed the Patriot Act expire to expire, along with Section 215, which had been used by the National Security Agency to argue it had the right to listen to any phone call it wanted to. Bravo. It’s a briliant milestone in one of the many effects of Edward Snowden’s leaks two years ago.

So, what does this mean? Well, just this:

That’s what’s happened. So, now the clock is running until we hear what the next legal argument will be for something that’s been ruled as never having been legal but still happens. The reason this will happen is because the technical capacity exists, a reality which policy now bends around. There’s no off switch for this machine.

The NSA has used the Patriot Act to much effect, but it’s officially cited legal argument to collect phone data doesn’t come from terrorist threats, but from a robbery case in 1976. The document is here.

What should be more troubling to people is that the raison d’être for mass surveillance of this type — along with that of all your skype calls, instant messages, emails, and snapchats — is both observably and demonstratively false. It doesn’t fight terrorists, or even crime. One might even argue the case that those objectives aren’t what it’s about.

The mass data collection project does provide heaping scoops of information on an entire population that can be crunched and scrutinized in all sorts of ways. If you want to stop this machine, you’ve got to look at the functional spec, and figure out what it’s useful for. Until that happens, you’re still making calls on the party line.

These are not the NSA policy reforms you’re looking for

“Right now, there is a debate about a small section of the Patriot Act in the U.S., and which option best removes the authorization from the U.S. NSA to wiretap the world. Both answers in the debate are wrong. No change in law will stop the NSA’s behavior: they have been wiretapping like this since at least 1976, and will not care about changes to a law from 2001. It just happens to be the most convenient justification of the day. If that justification is removed, there will be countless others.” Rick Falkvinge

In January of last year I posted a kind of rambling thesis aimed at describing the intent and purpose of the NSA mass-take of global data and how something that demonstratively unpopular can weather negative public reaction and even threats of political reform. The tl;dr version is: it’s because it’s doing exactly what it was built to do. The longer version is the whole post itself. It still stands, recent events aside.

The 2nd U.S. Circuit Court of Appeals in Manhattan ruled last week that the Patriot Act doesn’t authorise the NSA’s bulk collection of (domestic) calling records. Instead of trying to describe the way it’s all going to pan out in America, you can get a teaser of what’s going to happen when the Senate gets involved by looking at recent events in the United Kingdom right now. Just as GCHQ heads to court over charges of illegal hacking, the government has altered the applicable laws. Case closed, except for Robert Hannigan sending Theresa May a dozen Krispy Kremes (cuz they’re shaped like his building, innit) as a thank you.

America and the British government have a kind of unique Creative Commons agreement with one another for these kinds of solutions. Enter the House of Representatives; It’s sent on the U.S.A. Freedom Act to the Senate, which includes a bit championed by some corners of Congress as aimed at “ending” the NSA’s mass data collection of American citizen phone records. It doesn’t. It’s actually providing a handy escape hatch. Most House Republicans (Rand Paul aside, it seems) love it, but they would. The Act doesn’t limit the agency’s bulk data collection project, it expands it. They really get off on legislation like that. It’s their thing. They make whole graphics about it using a mix of fonts.

War is peace! Freedom is slavery! Ignorance is strength! And some pigs are more equal than others! ... and the like.
War is peace! Freedom is slavery! Ignorance is strength! And some pigs are more equal than others! … and the like.

It’s worth noting that a lot of Democrats (not Ron Wyden, though) like it as well, because they’ve got a White House. Ron and Rand threaten to filibuster it away. At least they’ve got alliteration working for them.

Some people think law is about precedence. fairness, The Constitution, Rights of Man, yadda, yadda. In fact, law is about language and the definitions of words. As Bill Clinton once said, “It depends on what the meaning of the word ‘is’ is.”

As definitions morph, law and even interpretations of historical rulings can become quite fluid. Especially when you fill one or more branches of your government with people who still haven’t come to terms with various notions like evolution, equal rights, or an end to segregation in the South. Strange ideas ferment. When the Founding Fathers came up with the Fourth Amendment, “they couldn’t have envisioned the internet,” or so goes the argument. If they knew people would be trading lewd selfies on Viber instead of etchings of immodest women’s ankles on parchment, then they surely wouldn’t have included that!

Admiral Ackbar keeps his shit together. So should you.
Admiral Ackbar keeps his shit together. So should you.

The legislation’s full name is the “Uniting and Strengthening America by Fulfilling Rights and Ensuring Effective Discipline Over Monitoring Act of 2015.” Sexy. More Huxley than Orwell, I think. It includes a lot of text aimed at basically normalising what the NSA’s already been doing for years. It doesn’t end bulk surveillance of phone records so much as ask for the authority to make a search engine to handle all that data. Sounds useful, given that the agency sorted out converting spoken words into text and made a search engine for it something like a decade ago.

The Republicans focus on the telephone angle, but that’s because they don’t understand, like or trust technology as much as they do the vast agency that monitors it without any oversight. Landlines have been part of the NSA’s work since the start, but they’re now basically used by your gran to organise Tuesday cribbage night, and little else. Besides, the agency is a deft early adopter as we’ve learned from Edward Snowden. The bill addresses that by authorising data collection on VoIP calls, video chats and all those nonsense dating apps on your smartphone that you think are going to help you pull. They didn’t name check Google Glass or Apple’s watch, but I’m not sure if that’s something to concern investors.

So, what’s to be done? Here are a couple of takes:

OPTION A. As is their custom, the Fight for the Future people have launched a campaign around it. While I usually support their good works, I’m going to go on record as saying I don’t think posting an avalanche of nude selfies hashtagged #IFEELNAKED is a particularly winning strategy. When you click on this page it instantly feels less likea civil liberties and privacy rights campaign, and more like you’ve just stumbled across a nudist colony’s Instagram account.

Does this make you feel inspired or mildly disturbed and wishing you hadn't opened this in a new browser tab at work?
Does this make you feel inspired or mildly disturbed and wishing you hadn’t opened this in a new browser tab at work?

OPTION B. Instead of a troll-baiting tweet capturing how your skin looks from a life of spending too much time behind a screen, why not actually protest mass data collection by making more of your own data unreadable or  un-identifiable as being from you? You should be using these things, anyway, and the best message to send the NSA is one they can’t look inside.  Reset The Net gets the win, here.

That's actually helpful, empowering and your loved ones won't cringe when they log into Facebook. And when you do send them that naked pic, it's going to be encrypted with one of these Apps. Take that you pervy NSA types.
That’s actually helpful, empowering and your loved ones won’t cringe when they log into Facebook. And when you do eventually send them that naked pic, it’s going to be encrypted with one of these Apps. Take that you pervy NSA types!

The U.S.A. Freedom Act (I can’t wait to stop typing that) is a distraction, though. If it doesn’t pass, we remain in this limbo where the NSA continues to do what it does without any regulation. If it does pass, the NSA continues to do what it does, which is kind of described in this bill except for the parts it doesn’t describe because the authors don’t know the NSA is doing them.

Protest is most effective when you start exercising the rights you should have as opposed to asking for them to be granted first. That’s a much better message than slapping mobile shots of your nipples on Twitter to protest the fact that the government is archiving copies of your Skype chats. Not only will you be protesting, but at least some of your communications will be private. You’ll be spending more of your time in the utopia you’re campaigning for. Encrypt, use anonymous chat and don’t be afraid to travel around without our mobile broadcasting your location at all times. Let your unreadable data be your petition signature. Let your unknown geographic location be your demonstration march.

ingsoc
This blog post’s sponsor.

How to be a suspected terrorist in a few clicks

I stopped by an”After Snowden” panel talk last week at the London School of Economics.  There are quite a few of these popping up these days. There’s this notion that we’re now in something that can be classified as a post-Snowden world, and such notions are ripe for academia plunder. This one stood out somewhat in that both the panel and audience contained a decent representation of folks at least mildly sympathetic to the data-snarfing projects, at least those run by The Good Guys™.

On the whole, it was a decent conversation, but what was interesting was this emerging faux consensus by all sides that states need spies and spies need regulation and oversight. It’s fake because only one side probably believed that oversight is presently in sorry shape. It’s the watchdogs who seem more eager to push surveillance technology well beyond the realm of rounding up a few Bad Guys®.

When a technology or ability is introduced, it’s use only expands.. It doesn’t retract or stay within limits. It finds new gaps or markets to fill.

Expansion of powers happens (retraction, not so much)…

This is why I find certain attitudes around the subject troubling. At the LSE talk Sir David Omand, a former Director of GCHQ, assured the audience that “if they knew the culture” inside his old SigInt agency, they wouldn’t lose any sleep over mass data collection. Such assurances were echoed in the Telegraphy by once-MI6 chief, Sir John Sawers. Omand also stated what Sawers said: “We cannot have no go areas in our communities where the police cannot go, because that just allows space room for the evil-doers to ply their trades.”

Two assertions are false…

  1. We have demonstrative evidence that blind trust can’t be given to automated, mass-intelligence gathering. It will be abused.
  2. There are as many “no go areas” on the internet as Fox News claimed their were in Britain; there aren’t any. It wasn’t mass-surveillance that brought down the online drug market Silk Road, but actual solid undercover and investigative practices.

A fascinating aside: Omand subscribes to the idea that if individuals are allowed to encrypt their communications, spies will be forced to be less ethical in how they monitor people.  “Intelligence agencies are not going to give up trying to get the bad guys. They will have to get closer to the bad guys. I predict we will see more close access work.” All of this translates to: “You’re a bad guy if you’re encrypting.” It’s a bit like the excuse that starts with “she was asking for it because…”

There does exist a well-thought framework around all this that seems to never make it into any of these debates. Visit Necessary and Proportionate Dot Org and scroll down to “The Principles.” It was finalised May, 2014 and since then most advocates of the status quo like to pretend it doesn’t exist so they can continue saying their critics present no viable alternatives. It would be great if this was brought up more often to counter that assertion.

It’s the encryption, stupid…

Putting myths aside, there’s a government PR attack on encryption that’s emerging in the UK, the U.S. and elsewhere abroad. This isn’t about the technology’s criminal segment of users. It is about being able to evaluate larger swaths of the general population who are growing more sceptical about their own government’s activities.

The plan remains to capture “the whole haystack” of communications data, ostensibly to find those few terrorist needles. From a technical perspective, this is a horrible way of discovering needles. But it’s an excellent way of producing statistical data about populations, creating segments, and maybe later pulling out records on people who you want to intimidate. Strong encryption gets in the way of efficiently copying all that data in a cost effective manner. The government sees this as a procurement issue. Basic human rights is kind of an afterthought.

Omand described concern over mass surveillance as a “moral panic” of the citizenry that wasn’t really warranted. In fact, the panic attacks seem to be coming from halls of government. As a result, some very odd and unworkable potential laws are emerging.

What a panic looks like…

These are examples of people in power having a freak out. When a government sets out on a project to copy all of everyone’s communication, the correct adjective is paranoid.

Oldies don’t get tech…

It’s a generalisation I don’t quite agree with (more so as I get older) but the idea that old folks don’t understand how technology works does find its case studies in Congress and Parliament. Remember that no one in UK’s own supposed intelligence oversight process really understood how GCHQ worked or what it’s Tempora monitoring system did until the Guardian decided to tell everyone. The lack of understanding extends to those judging whether such programs should be legal (after they’re under way, of course).

There’s this idea that Western spies are somehow able to break the internet in ways their adversaries can’t That you can put a back door in encryption that only British or Americans (and the odd Canadian or Kiwi) will be able to access. Even if that were true (it’s not), it still doesn’t protect people from their own governments.

Unchecked domestic spying always leads to creepy things… always…

Technology is wonderfully easy to break. A 7-year-old girl hacked a public Wi-Fi network in 10 minutes using information found online. Anyone can DIY their own data snooping device if they want. And even supposed “experts” get caught by the most basic hacks out there.

Technology is advancing at a dreamy speed and new ways of connecting it to more people are popping out of everywhere. Broadband is growing, more mobiles can do niftier things online, we’ve got satellites, re-purposed weather balloons, drones, mesh-nets, and peer-to-peer connectivity putting internet access in more remote regions. Fabulous.

All these things need strong encryption or their users will be at unparalleled risk. Give a small, persecuted ethnic minority in Country X access to the internet that comes with serious security holes attached and you’re giving the group interested in wiping them out an access point to get on with it.

Yet when we see panic about technology illustrated in popular culture, it’s usually something like The Terminator or the latest version of it, Ex Machina. These films kind of echo the old “Watch the Skies” films of the 1940s and 50s, when aliens from other worlds always seemed to arrive with intentions fairly in line with the Red Scare propaganda of the day. I’ll leave the threats posed by strong AI to Stephen Hawking and his friends. More urgently, humans with a bit of power are a greater threat to humans.

We’re entering a world where governments want to consider it criminal for you to speak privately with someone else, and the technology to do just that is also getting easier to use. You can be on the Tor Network or within a VPN connection within three clicks, give or take. That’s about how much activity it could take to put you on a watch list should the trend continue.