Re: [liberationtech] Bush-Era Whistleblower Claims NSA Ordered Wiretap Of Barack Obama In 2004

[Mike Perry]

phryk:
> I have to admit, I find that rather amusing. I wonder if this is
> actually true and if it might change Obamas opinion on the surveillance
> machine. And if it does, how will he try to hide the obvious hypocrisy?

I used to think there was a possibility that surveillance would capture
our politicians through blackmail/etc. After seeing more and more of
these releases, I am becoming convinced that this *already happened*.

If they didn't capture Obama in this 2004 operation, capturing him later
wouldn't be terribly difficult. NSA: "You're the first black US
President, and you want to *dismantle* the domestic surveillance
operation that might prevent an assassination attempt on you or your
family by some moron redneck lunatic? Sure would be a shame if something
were to happen to you after that..."

I sure can understand his hesitance in the face of such a threat. I
don't envy him, that's for sure :/.
 
> Actually I have to say that I'm beginning to see the whole phenomenon
> developing around Snowdens leaks with a good dose of gallows humor.
> 
> It's kind of slapstick-y that every time someone of the US government
> tries to justify all the surveillance, there seem to be three new
> stories popping up that elaborate on all the stuff they actually do;
> some of which even directly contradicts what those apologists claim.

I have noticed this pattern too. I think Snowden and his handlers at the
Guardian have a far more sophisticated PR and release timing strategy
than anyone has given them credit for (I'm referring to various
rumblings about their release of material at the end of the week,
questioning the value of the release of intel on US hacking, etc).

If there is to be a journalistic award for this work, it should not be
for any one story. The whole arc is magnificently directed.


-- 
Mike Perry
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] article on Czech neo-Nazis' use of US-based servers

[Gwendolyn Albert]

http://www.romea.cz/en/news/czech/czech-television-social-networking-sites-buzzing-before-neo-nazi-march-in-duchcov-tomorrow

Czech Television: Social networking sites buzzing before neo-Nazi march in
Duchcov tomorrow
Prague, 21.6.2013 22:23, (ROMEA)
[image: On 29 May 2013 about 500 people demonstrated on the main square in
Duchcov (Teplice district), Czech Republic. The local gathering was
convened in response to an attack perpetrated by a group of Romani people
on a non-Romani married couple earlier that month. After the assembly was
over, some demonstrators headed for a Romani-occupied neighborhood. Police
blocked their way and the convener of the demonstration called on them to
disperse. (PHOTO: ČTK)]
On 29 May 2013 about 500 people demonstrated on the main square in Duchcov
(Teplice district), Czech Republic. The local gathering was convened in
response to an attack perpetrated by a group of Romani people on a
non-Romani married couple earlier that month. After the assembly was over,
some demonstrators headed for a Romani-occupied neighborhood. Police
blocked their way and the convener of the demonstration called on them to
disperse. (PHOTO: ČTK)
 Share on 
facebook
Share
on 
twitter
Share
on 
email
Share
on 
print
More
Sharing 
Services
1

 Czech Television reports that right-wing extremists using Facebook in the
Czech Republic have sprung to life over the past few days:  News has been
rapidly spreading about an alleged assault by Romani people at the Krásné
Březno housing estate in Ústí nad Labem on a 16-year-old youth. While the
case does exist, police are not issuing any information about it for the
time being.

Many people discussing the incident online believe they all the information
they need. They are using this case as an example of why there should be a
mass foray against Romani people.

The internet has become the main site of right-wing extremist propaganda,
and prior to tomorrow's march by neo-Nazis in Duchcov the social networking
sites are on alert. The case of the assaulted 16-year-old has also been
analyzed by news server Romea.cz (
http://www.romea.cz/en/news/czech/czech-republic-media-blow-yet-another-incident-of-interethnic-violence-out-of-proportion
).

In less than one day, photographs of the 16-year-old sitting in a
despondent posture with blood all over him and information about the
assault had been spread on Facebook and shared by more than 8 500 people.
During the following 24 hours, the number of people sharing the image rose
to 10 500.

Sharing of content in such numbers is rarely seen on the Czech internet.
For example, hockey star Jaromír Jágr, who has almost 200 000 friends on
Facebook and regularly succeeds in capturing public attention, only has
about 2 500 people maximum sharing his most-followed posts.

Most of the Czech content shares can be counted in the dozens or hundreds.
Czech Foreign Minister Karel Schwarzenberg, who as a candidate for the
Czech presidency became the "king" of social networks during the elections,
managed to get only 2 000 people sharing his most outstanding content.

The extent and speed with which such sentiments are being shared is a
problem for Mayor of Duchcov Jitka Bártová (unaffiliated). Her whole town
is preparing for the neo-Nazi march, which has been announced for tomorrow
(Saturday 22 June).

The community already experienced one such march three weeks ago. Even
though it took place relatively calmly, that was mainly thanks to the
preparations for it, including riot police on patrol and a specially
readied police team.

Information about the march in Duchcov and invitations to participate in it
spread rapidly online at first. They were supported by the already
widely-shared case of an assault on a non-Romani married couple by Romani
people and by rumors that twisted other such stories to the satisfaction of
ultra-right groups.

"While I had heard a lot about social networking sites, the force with
which the reports about the Duchcov case were spread surprised me," Mayor
Bártová told online news server ČT24. She is now spending her evenings and
nights in the discussion forums on her own profile and the forums on
unofficial websites about Duchcov, doing her best to explain the situation

[liberationtech] new quarter-billion daily-updated global geocoded event dataset now available (GDELT)

[Yosem Companys]

From: kalev leetaru 

Hi everyone, I wanted to let you all know about a new global database of
events from across the world stretching back to 1979 and updated every 24
hours, all georeferenced to the city level, that I think could be of great
interest to many of you in terms of situational awareness, tracking ongoing
humanitarian situations or disasters, and for exploring long-range trends
in areas of concern or focus.  I mentioned this dataset in an email a few
months ago, but I wanted to let you all know that the data is now up and
available for download!

We are excited to announce the official release of the Global Database of
Events, Language, and Tone (GDELT), a new database of nearly a
quarter-billion global social-political events in the CAMEO taxonomy of
over 300 categories from riots and protests to diplomatic exchanges and
peace appeals, covering all countries 1979-present.   Each morning a daily
update is posted containing 30,000 to 100,000 new events from the previous
day, making this the first daily-updated event database available for open
research.  Special emphasis has been placed on enhanced coverage of Africa
and Latin America, producing one of the first cross-national datasets for
South America and the most extensive database for Africa.  The standard
CAMEO actor taxonomy has been enriched with new Religious and Ethnic actor
attributes and all events are now georeferenced to the city level globally.


A second version of GDELT to be released late this fall makes use of
several billion pages of newly available digitized material to extend the
database back to 1800 and will feature the new CAMEO 2.0 taxonomy that
covers an array of new categories, ranging from disease to human rights to
political transitions.  In addition, an array of new emotional and thematic
indicators will be made available that measure the prevalence and views
towards a wide array of topics, from education and women’s rights to
constitutionalism and views towards government, down to the city level
globally.

The vision of GDELT is to construct a catalog of human societal-scale
behavior and beliefs across all countries of the world over the last two
centuries down to the city level globally, to make all of this data freely
available for open research, and to provide daily updates to create the
first "realtime social sciences earth observatory."  All data is therefore
made available for open research of any kind, and an assortment of
tutorials, documentation, and quick-start guides are provided on the GDELT
website:

http://gdelt.utdallas.edu/


Sincerely,
Kalev Leetaru, Phil Schrodt, and Patrick Brandt
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] to encrypt or not to encrypt?

[Nadim Kobeissi]

On 2013-06-21, at 12:57 PM, Joseph Lorenzo Hall  wrote:

> 
> 
> On Fri Jun 21 12:51:11 2013, phryk wrote:
>> On Fri, 21 Jun 2013 11:55:57 -0400
>> Nadim Kobeissi  wrote:
>> 
>>> The solution to this is to make encryption more and more widely used.
>>> By increasing the number of people with access to encryption
>>> technology for their communications, we dilute this threat.
>> 
>> My thought exactly, just encrypt ALL THE THINGS and let those people
>> deal with humungous amounts of data, most of which will be completely
>> useless even if decrypted.
> 
> What about the theory that by encrypting all the things we are feeding 
> some massively large NSA cryptanalysis project that uses different 
> flavors of ciphertext to find weaknesses? Very conspiracy theorist-y, 
> but I've heard a few people say that maybe we shouldn't "donate" 
> unnecessary ciphertext to such a project. :/

Just to me personally, this really doesn't sound credible at all. The NSA 
doesn't need people to generate ciphertext. Ciphertext generation is 
inexpensive.

NK

> 
> best, Joe
> 
> --
> Joseph Lorenzo Hall
> Senior Staff Technologist
> Center for Democracy & Technology
> 1634 I ST NW STE 1100
> Washington DC 20006-4011
> (p) 202-407-8825
> (f) 202-637-0968
> j...@cdt.org
> PGP: https://josephhall.org/gpg-key
> fingerprint: BE7E A889 7742 8773 301B 4FA1 C0E2 6D90 F257 77F8
> 
> 
> 
> --
> Too many emails? Unsubscribe, change to digest, or change password by 
> emailing moderator at compa...@stanford.edu or changing your settings at 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech

--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Euclid Analytics

[Daniel Sieradski]

check out this fun, brief conversation i just had on twitter with euclid

https://twitter.com/EuclidAnalytics/status/348220715301994499

--
Daniel Sieradski
d...@danielsieradski.com
http://danielsieradski.com
315.889.1444

Follow me at http://twitter.com/selfagency
Public key http://danielsieradski.com/share/ds_public.key

On Jun 21, 2013, at 2:44 PM, Matt Johnson  wrote:

> Mutating IMEI's is interesting. How does that work on phone networks?
> Can you phone connect with out a recognizable IMEI? Doesn't your IMSI
> identify you anyway? You can change your SIM, but I don't think you
> can spoof it, right?
> 
> --
> Matt Johnson
> 
> 
> 
> On Fri, Jun 21, 2013 at 11:40 AM, Eugen Leitl  wrote:
>> On Fri, Jun 21, 2013 at 10:25:21AM -0700, Matt Johnson wrote:
>>> So do we all need to generate random MAC addresses now? I don't think
>>> you can do that on an iPhone though.
>> 
>> MACs are easy, and they're limited-scope, anyway.
>> 
>> Much better would be a daemon that mutates your IMEI on a daily,
>> or hourly basis. This would be limited to rooted devices, and
>> alternative firmware (e.g. CM) which already give you root.
>> --
>> Too many emails? Unsubscribe, change to digest, or change password by 
>> emailing moderator at compa...@stanford.edu or changing your settings at 
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> --
> Too many emails? Unsubscribe, change to digest, or change password by 
> emailing moderator at compa...@stanford.edu or changing your settings at 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech

--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] NSA is very likely storing all encrypted communications it is intercepting

[Mike Perry]

John Adams:
> ECHDE_RSA offers an excellent degree of protection against after the fact
> analysis if and only if the private key is disclosed (or captured.)
> 
> If the the privkey is unavailable, NSA can always go after the session keys
> -- capture of communications is actually made easier in these cases when
> sites use SSL Keep-alive and Session resumption.  It makes things much
> harder for them, though.

Yep.
 
> The session key is always weaker than the RSA or DH exchange.

I am not sure this last paragraph is true. I am concerned by the
published reduced-round breaks against AES, but based on published
techniques, it is still stronger than what we tend to use for PKI and
DH.

Using published techniques, RSA 1024 is approximately as strong as an
80bit symmetric key. I believe most websites use RSA-2048 at best, which
is only as strong as 112bit symmetric key. Even RSA 3072 is only as
strong as a 128bit symmetric key. Also, without forward secrecy, you
only have to steal/break this key once to get everything.

256bit ECDH is also only as strong as a 128bit symmetric key. The same
is true for P-256 as a public key. These two estimates are also based on
existing published techniques. If there is some way to "lift" an
elliptic curve's group onto Z_p efficiently (or via a huge storage
tradeoff - perhaps one that consumes say, a yottabyte of storage), then
we should probably be using larger ECC curves, too...

Where is Dan Bernstein? Can someone talk him into crafting a 1024bit
ECC curve? ;)


 
> -j
> 
> 
> 
> On Fri, Jun 21, 2013 at 8:14 AM, Joseph Lorenzo Hall  wrote:
> 
> > Am I off in thinking that this is a good time to push more web
> > properties to use forwardly secret SSL key exchange (like Google does
> > with ECDHE_RSA)?
> >
> > best, Joe
> >
> > On Fri Jun 21 08:32:46 2013, Eugen Leitl wrote:
> > >
> > >
> > http://www.forbes.com/sites/andygreenberg/2013/06/20/leaked-nsa-doc-says-it-can-collect-and-keep-your-encrypted-data-as-long-as-it-takes-to-crack-it/
> > >
> > > Leaked NSA Doc Says It Can Collect And Keep Your Encrypted Data As Long
> > As It
> > > Takes To Crack It
> > >
> > > If you use privacy tools, according to the apparent logic of the National
> > > Security Agency, it doesn’t much matter if you’re a foreigner or an
> > American:
> > > Your communications are subject to an extra dose of surveillance.
> > >
> > > Since 29-year-old systems administrator Edward Snowden began leaking
> > secret
> > > documentation of the NSA’s broad surveillance programs, the agency has
> > > reassured Americans that it doesn’t indiscriminately collect their data
> > > without a warrant, and that what it does collect is deleted after five
> > years.
> > > But according to a document signed by U.S. Attorney General Eric Holder
> > and
> > > published Thursday by the Guardian, it seems the NSA is allowed to make
> > > ambiguous exceptions for a laundry list of data it gathers from Internet
> > and
> > > phone companies. One of those exceptions applies specifically to
> > encrypted
> > > information, allowing it to gather the data regardless of its U.S. or
> > foreign
> > > origin and to hold it for as long as it takes to crack the data’s privacy
> > > protections.
> > >
> > > The agency can collect and indefinitely keep any information gathered for
> > > “cryptanalytic, traffic analysis, or signal exploitation purposes,”
> > according
> > > to the leaked “minimization procedures” meant to restrict NSA
> > surveillance of
> > > Americans. ”Such communications can be retained for a period sufficient
> > to
> > > allow thorough exploitation and to permit access to data that are, or are
> > > reasonably believed likely to become, relevant to a future foreign
> > > intelligence requirement,” the procedures read.
> > >
> > > And one measure of that data’s relevance to foreign intelligence? The
> > simple
> > > fact that the data is encrypted and that the NSA wants to crack it may be
> > > enough to let the agency keep it indefinitely. “In the context of
> > > cryptanalytic effort, maintenance of technical data bases requires
> > retention
> > > of all communications that are enciphered or reasonably believed to
> > contain
> > > secret meaning,” the criteria for the exception reads. “Sufficient
> > duration
> > > [for retaining the data] may consist of any period of time during which
> > > encrypted material is subject to, or of use in, cryptanalysis.”
> > >
> > > That encryption exception is just one of many outlined in the document,
> > which
> > > also allows NSA to give the FBI and other law enforcement any data from
> > an
> > > American if it contains “significant foreign intelligence” information or
> > > information about a crime that has been or is about to be committed.
> > > Americans’ data can also be held if it’s “involved in the unauthorized
> > > disclosure of national security information” or necessary to “assess a
> > > communications security vulnerability.” Other “inadvertently acquired”
>

Re: [liberationtech] to encrypt or not to encrypt?

[Eleanor Saitta]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 2013.06.21 17.38, phryk wrote:
> On Fri, 21 Jun 2013 10:28:51 -0700 Martin Uecker
>  wrote:
> 
>> - email is used a lot (also for important stuff)
> 
> As far as I can tell, non-techy persons mostly use their email
> accounts for registering at various websites, online-shopping and
> that sort of thing, not active communication. I think the most
> private stuff goes through IM, a lot of that through sites like
> Facebook or programs like WhatsApp.

...and for any kind of business-related organizational work, much of
the time, wherein you do get plenty of actual high-value information.
 Because we're unlikely to move businesses off email any time soon
(and I include NGO- and much of organized activist-land here), we do
in the end need to do something for it.

E.

- -- 
Ideas are my favorite toys.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.17 (MingW32)

iF4EAREIAAYFAlHE3ysACgkQQwkE2RkM0wrRfAD6AjVrGRJsK/zBQDdj0xkiU1p9
A7arWopGc3MlQtKnUhMBAI91fYmdu/qRU7bo+feWzBKNRsoAVSn1aaNECIoXEr7s
=Eg1r
-END PGP SIGNATURE-
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] PrivateCore and secure hosting

[Steve Weis]

Hi Eleanor. tl;dr: Today we bootstrap from the TPM.

"To have a secure channel between two processes/compartments (in this case,
the CPU of the hosted machine and the remote,
non-service-provider-controlled system), they must share a secret."

This is a good question since it's not necessarily clear. Let's call the
untrusted host H and a local management system M. We can provide H a
non-secret boot image that contains M's public key. That will be the only
authorized key that can connect to H.

How does M know its talking to a valid H, since it's by definition
untrusted?

Here's were we go into trusted computing land:
The host H will have a trusted platform module (TPM). When H boots up, it
will measure all software state into platform control registers (PCRs) in
the TPM. See Intel Trusted Execution Technology (TXT) for more info how
this works.

The TPM will have a public key, which M can verify with a certificate chain
through the TPM manufacturer and a root CA. M can then engage in an
attestation protocol with H to prove that H's TPM knows the corresponding
private key. M will also obtain signed PCR contents, which it can validate.

If M trusts H's TPM, it will believe it is talking to a system which booted
with a specific, unmodified software configuration and will only accept
connections from M's public key. The promise of TXT is that if malware
modifies the boot image, boot parameters, BIOS, SINIT, etc, then different
values will be measured and attestation will fail.

What if the TPM is compromised?

Then an attacker can forge measurements and trick M into talking to a
malicious system. There are some known potential TPM risks, but the bar is
significantly higher than where it is today. Regardless, eliminating the
dependency on a TPM is an active area of research.

Is attestation the end of the story?

No, attestation is necessary but not sufficient. Even if you attest the
system, software state is still vulnerable while in memory and on the bus.
Think DMA, cold boot, NV-DIMMs, bus analyzers, etc. This is why we're fully
encrypting data in the CPU before writing it to main memory.

There's also a risk since the kernel and drivers are written trusting
physical devices in the system. You also need to lock down all the software
interfaces from the CPU to the rest of the physical host.

On Fri, Jun 21, 2013 at 1:32 PM, Eleanor Saitta  wrote:
>
> To have a secure channel between two processes/compartments (in this
> case, the CPU of the hosted machine and the remote,
> non-service-provider-controlled system), they must share a secret.
> Just encrypting local system memory with a key generated on the CPU
> doesn't permit secure communication - e.g., you have no way of getting
> data in and out of the compartment.  Doing computation on known inputs
> where trojaned hardware can read both the input data and the code
> isn't useful, because the work can just be done in parallel by your
> adversary.  So, to provide useful benefit, I assume you must have a
> method for secret-sharing between processes/compartments.  What is it?
>
>
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] NSA is very likely storing all encrypted communications it is intercepting

[John Adams]

ECHDE_RSA offers an excellent degree of protection against after the fact
analysis if and only if the private key is disclosed (or captured.)

If the the privkey is unavailable, NSA can always go after the session keys
-- capture of communications is actually made easier in these cases when
sites use SSL Keep-alive and Session resumption.  It makes things much
harder for them, though.

The session key is always weaker than the RSA or DH exchange.

-j



On Fri, Jun 21, 2013 at 8:14 AM, Joseph Lorenzo Hall  wrote:

> Am I off in thinking that this is a good time to push more web
> properties to use forwardly secret SSL key exchange (like Google does
> with ECDHE_RSA)?
>
> best, Joe
>
> On Fri Jun 21 08:32:46 2013, Eugen Leitl wrote:
> >
> >
> http://www.forbes.com/sites/andygreenberg/2013/06/20/leaked-nsa-doc-says-it-can-collect-and-keep-your-encrypted-data-as-long-as-it-takes-to-crack-it/
> >
> > Leaked NSA Doc Says It Can Collect And Keep Your Encrypted Data As Long
> As It
> > Takes To Crack It
> >
> > If you use privacy tools, according to the apparent logic of the National
> > Security Agency, it doesn’t much matter if you’re a foreigner or an
> American:
> > Your communications are subject to an extra dose of surveillance.
> >
> > Since 29-year-old systems administrator Edward Snowden began leaking
> secret
> > documentation of the NSA’s broad surveillance programs, the agency has
> > reassured Americans that it doesn’t indiscriminately collect their data
> > without a warrant, and that what it does collect is deleted after five
> years.
> > But according to a document signed by U.S. Attorney General Eric Holder
> and
> > published Thursday by the Guardian, it seems the NSA is allowed to make
> > ambiguous exceptions for a laundry list of data it gathers from Internet
> and
> > phone companies. One of those exceptions applies specifically to
> encrypted
> > information, allowing it to gather the data regardless of its U.S. or
> foreign
> > origin and to hold it for as long as it takes to crack the data’s privacy
> > protections.
> >
> > The agency can collect and indefinitely keep any information gathered for
> > “cryptanalytic, traffic analysis, or signal exploitation purposes,”
> according
> > to the leaked “minimization procedures” meant to restrict NSA
> surveillance of
> > Americans. ”Such communications can be retained for a period sufficient
> to
> > allow thorough exploitation and to permit access to data that are, or are
> > reasonably believed likely to become, relevant to a future foreign
> > intelligence requirement,” the procedures read.
> >
> > And one measure of that data’s relevance to foreign intelligence? The
> simple
> > fact that the data is encrypted and that the NSA wants to crack it may be
> > enough to let the agency keep it indefinitely. “In the context of
> > cryptanalytic effort, maintenance of technical data bases requires
> retention
> > of all communications that are enciphered or reasonably believed to
> contain
> > secret meaning,” the criteria for the exception reads. “Sufficient
> duration
> > [for retaining the data] may consist of any period of time during which
> > encrypted material is subject to, or of use in, cryptanalysis.”
> >
> > That encryption exception is just one of many outlined in the document,
> which
> > also allows NSA to give the FBI and other law enforcement any data from
> an
> > American if it contains “significant foreign intelligence” information or
> > information about a crime that has been or is about to be committed.
> > Americans’ data can also be held if it’s “involved in the unauthorized
> > disclosure of national security information” or necessary to “assess a
> > communications security vulnerability.” Other “inadvertently acquired”
> data
> > on Americans can be retained up to five years before being deleted.
> >
> > “Basically we’re in a situation where, if the NSA’s filters for
> > distinguishing between domestic and foreign information stink, it gives
> them
> > carte blanche to review those communications for evidence of crimes that
> are
> > unrelated to espionage and terrorism,” says Kevin Bankston, a director
> of the
> > Free Expression Project at the Center For Democracy and Technology. “If
> they
> > don’t know where you are, they assume you’re not a US person. The
> default is
> > that your communicatons are unprotected.”
> >
> > All of those exceptions seem to counter recent statements made by NSA
> and FBI
> > officials who have argued that any collection of Americans’ data they
> perform
> > is strictly limited by the Foreign Intelligence Surveillance Act (FISA)
> > Court, a special judiciary body assigned to oversea the National Security
> > Agency. “We get great oversight by all branches of government,” NSA
> director
> > Alexander said in an on-stage interview at the Aspen Institute last year.
> > “You know I must have been bad when I was a kid. We get supervised by the
> > Defense Departmnet, the Justice Department t

[liberationtech] A Call to Harm: New Malware Attacks Target the Syrian Opposition.

[Ronald Deibert]

Dear Lib Tech colleagues

I am pleased to announce a new Citizen Lab report, details below:

 "A Call to Harm: New Malware Attacks Target the Syrian Opposition."

https://citizenlab.org/2013/06/a-call-to-harm/

June 21, 2013

Authors: John Scott-Railton and Morgan Marquis-Boire

This report describes two attacks observed in mid-June 2013 targeting the 
Syrian opposition.

• Malware masquerading as the circumvention tool Freegate.

• A campaign masquerading as a call to arms by a pro-opposition cleric.

Introduction

Syria’s opposition has faced persistent targeting by Pro-Government Electronic 
Actors (PGEAs) throughout the Syrian civil war. A pro-government group calling 
itself the Syrian Electronic Army has gained visibility in recent months with 
high profile attacks againstnews organizations. Meanwhile, Syrian activists 
continue to be targeted with online attacks apparently for the purposes of 
accessing their private communications and stealing their secrets.

Throughout 2012, attacks against the Syrian opposition were documented in an 
extensive series of blog posts by Morgan Marquis-Boire and Eva Galperin with 
the help of the Electronic Frontier Foundation.1 Many others have also 
contributed to research on Syrian malware, from Telecomix to a range of 
security companies. Meanwhile, the Syrian opposition, and several groups 
working closely with it, such as Cyber Arabs, have been active in attempting to 
identify potential threats and warn users.

Researchers have identified a common theme among the attacks against the Syrian 
opposition: sophisticated social engineering that is grounded in an awareness 
of the needs, interests, and weaknesses of the opposition. Attacks often play 
on curiosity or ideology to encourage users to enter passwords or click on 
enticing files, or exploit fears of hacking and surveillance with fake security 
tools. Attacks are often transmitted to potential victims from the accounts of 
people with whom they are familiar.

The two attacks that are described in this blogpost follow this theme. One is a 
malicious installer of the circumvention tool Freegate. The other is an e-mail 
attachment calling for jihad against Hezbollah and the Assad regime or 
promising interesting regional news.


Ronald Deibert
Director, the Citizen Lab 
and the Canada Centre for Global Security Studies
Munk School of Global Affairs
University of Toronto
(416) 946-8916
PGP: http://deibert.citizenlab.org/pubkey.txt
http://deibert.citizenlab.org/
twitter.com/citizenlab
r.deib...@utoronto.ca



--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] What if the government asks them not to patch?

[Anthony Papillion]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Earlier this week, Bloomberg News reported that Microsoft and several
other companies were actively handing over information about
vulnerabilities in their software prior to patching those
vulnerabilities, potentially exposing millions of Internet users to
attack.

I'm curious about something slightly different and I've not seen
anyone discuss this yet (specifically about Microsoft): Have there
been any instances where the government request that they not patch a
hole in Windows an what was their response. Does anyone know if MS has
an 'official' policy around such requests?

Thanks,
Anthny

- -- 
Anthony Papillion
Phone:   1.918.533.9699
SIP: sip:cajuntec...@iptel.org
iNum:+883510008360912
XMPP:cypherpun...@jit.si

www.cajuntechie.org


-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCgAGBQJRxMlSAAoJEAKK33RTsEsVRMUQAJLhLLb2T3F4TOrSja+QNBcA
l2a1G5xotX80YGjadkwsowsa8UOTmkTysUIk3MD2+rgmc2Lestw4eg8JyFeylBo5
eW2Kw0esfEZB8AwlLb0CMtfW2ynt3AyKnIWcBozN0nhqpEknMiKBoX7yFBqh5S0K
QqigsCHIs1qDznVW94RDgRDTD+tGS8bfUknPt5EZjyR42U82w8YRXQPcBLeifTdg
soQ5GeXWLg38E46WTAadqtUvdbeMIbit8ZPRJTuKPyUtlEzM1nWRdAqX2XCUeYav
qMikBUTKhkEExsOQCii1Fal0LPX4ihowS6wHQHbEjNefAWm0FNH8aHFLrJ4MvD79
0GIR8WK1eXsS6pyxboVavjhfvJmG1A9AyqgOWlB4TC7UNRlbOytGx2N9g6B65jPJ
oiq6mWfWNkI8ADa1azc2s519gDfC8IeaX8lJKNpxkaabLfydjAwOH5N6QkAbCxIO
JqHg8MuHmulznVpMTUSgVf9zxhQ25w+3TFwx2Ck7VRKrtisOM3o1nCQPL07yO22T
gODgkjKIKAhLE2nwYdWxVegcvI0gxRek7iwU36fG3T9ffLHHg8iz/5yrNpKHCeBu
mx8DLoX6z7eFsbe00vxa+glSdwk4t5Ouu0CulqJkuFAubD1jU46xJuBLyuupReyJ
9pIQZFgk2etzPutCLmOs
=Jqk4
-END PGP SIGNATURE-
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] to encrypt or not to encrypt?

[phryk]

On Fri, 21 Jun 2013 10:28:51 -0700
Martin Uecker  wrote:

> - email is used a lot (also for important stuff)

As far as I can tell, non-techy persons mostly use their email accounts
for registering at various websites, online-shopping and that sort of
thing, not active communication. I think the most private stuff goes
through IM, a lot of that through sites like Facebook or programs like
WhatsApp.
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] PrivateCore and secure hosting

[Eleanor Saitta]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 2013.06.20 22.55, Steve Weis wrote:
> Hi Eleanor. I am a co-founder of PrivateCore and happy to answer 
> questions. I'll keep it non-commercial and focus on the technical 
> answers for this mailing list:

Thanks for responding!

> "[It isn't] clear how the initial keying is performed"
> 
> ...Please let me know if you have more questions.

To have a secure channel between two processes/compartments (in this
case, the CPU of the hosted machine and the remote,
non-service-provider-controlled system), they must share a secret.
Just encrypting local system memory with a key generated on the CPU
doesn't permit secure communication - e.g., you have no way of getting
data in and out of the compartment.  Doing computation on known inputs
where trojaned hardware can read both the input data and the code
isn't useful, because the work can just be done in parallel by your
adversary.  So, to provide useful benefit, I assume you must have a
method for secret-sharing between processes/compartments.  What is it?

E.

- -- 
Ideas are my favorite toys.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.17 (MingW32)

iF4EAREIAAYFAlHEuE0ACgkQQwkE2RkM0wpwiQD9HcScoAMTi5hpPYTSEDjdetpg
4rFKX/8wh+DlyaMF2mIA/2yvPf2EL1SK+eNrWrE9xz8vCue+as2AI/osNHB05uZX
=k5++
-END PGP SIGNATURE-
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Query on implications of dragnet eavesdropping

[Louis Suárez-Potts]

On 2013-06-21, at 14:05 , Griffin Boyce  wrote:

> Louis Suárez-Potts  wrote:
> Every day, one learns a new thing… or at least has one's guesses 
> confirmed—and then does the same old. I think all of us (undefined set of 
> persons but including those on this public list) have simply assumed that all 
> information is kept for always, and that the nature of the always bureaucracy 
> is that it eliminates boundaries of time, so that what you did long ago is 
> what you will do today and tomorrow—this is what makes you "you"--and all can 
> be used to frame you as a penal subject. But then, I'v read too much Kafka 
> and Foucault.
> 
> cheers,
> Louis
> 
>   Louis, I think that Foucault would be genuinely pissed to see how things 
> have progressed in his absence.  We started as a disciplinary society, 
> progressed into a society of control, and then regressed entirely into a 
> panoptic society.  I'm not sure what that says about us or how we deal with 
> tragedy.  


Of course, since the Patriot Act, there's been a retrogression of the 
boundaries limiting government agencies, and the theoretical consequences of 
that have probably not been as well articulated as I would like. See below.

 Our new now, however….I don't think formally there's been much of a difference 
from earlier times, prior to the widespread use of digital media or even the 
telephone.Yes, there's a lot more communication going on and the character of 
watchfulness is much more subtle: you never have to see the watchers and most 
of us are not aware of them to begin with. But this says nothing about our 
society or how we deal with tragedy or any grand moral dynamic; at least it 
says nothing new. It does, however, suggest that efforts to determine domains 
of privacy should be redoubled. I would also probably prefer that any such 
domains be predicated on grounds other than property. Limiting arcs of power 
legally and in such a way that such limitations cannot be ignored is one way.
> 

Cheers,
Louis

PS, Foucault is more regarded now by scholars and activists of sexuality and 
conformity than by others. But given the recent revelations, perhaps it would 
be of interest to have a conference on his works' relevance to the present, and 
to reexamine tactics of power, pro/contra.

> ~Griffin
> 
> -- 
> Just another hacker in the City of Spies.
> #Foucault / PGP: 0xAE792C97 / OTR: sa...@jabber.ccc.de
> 
> My posts, while frequently amusing, are not representative of the thoughts of 
> my employer. --
> Too many emails? Unsubscribe, change to digest, or change password by 
> emailing moderator at compa...@stanford.edu or changing your settings at 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech

--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] PRISM Op-ed for NewInt

[Nadim Kobeissi]

I wanted to share this small piece I wrote for the The New Internationalist on 
PRISM:
http://newint.org/blog/2013/06/21/prism-surveillance-nsa-software/

Feedback welcome! :-)


___


Thursday 6 June, the day the PRISM story broke, was a good day to be a 
cryptographer. The sudden prospect of mass, unwarranted surveillance delivered 
an electric shock to thousands who were now looking for ways to protect their 
privacy online. At Cryptocat, we saw nearly 5,000 new individuals starting to 
use our free encrypted chat software. Other privacy and encryption services saw 
a rise of as much as 3,000 per cent in new users.

People increasingly want to believe that technology has the answers, and the 
PRISM scandal only made this want more desperate. While giving a recent 
interview to Al Jazeera, I was met with a combative interviewer who insisted 
that I, as a privacy software developer, focus on how privacy software can 
fight PRISM. But the mass surveillance the world is facing at the hands of the 
NSA (US National Security Agency) is not something that can be treated with the 
help of a handful of open software projects. Like all epidemics, the solution 
lies with preventing it before the outbreak, and not relying on nimble, 
narrowly-targeted medicine after the disaster has occurred. This prevention can 
only be at the hands of political, legal, and civil discourse.

Just as it is tempting for privacy-seekers to believe that the solution against 
PRISM is as easy as downloading an app, it is also tempting for privacy 
technologists to ride on the wave of new demand for privacy. But this is not a 
technological problem — it’s a social, political issue that stems from the 
permission given to intelligence apparatuses to rise above the law. It’s a 
fallaciously upheld threat to a healthy international democratic mindset.

When I say that this surveillance is an international problem, I do so under 
the premise that we increasingly belong in a world where our workforce has been 
raised with the internet having the monopoly over the proliferation of culture 
and communication. It is in this world that we are seeing the NSA asking 
lawmakers to give immunity to private entities should they inadvertently break 
the law in order to satisfy the NSA’s surveillance requests, effectively and 
literally putting surveillance above the law. The NSA, which has also long 
argued using a so-called distinction between domestic and foreign surveillance, 
has seen this distinction completely lose its legitimacy in front of the 
revelations surrounding the PRISM program. In today’s strongly globalized 
world, this surveillance, free from discernment, affects everyone, be they 
American, Canadian or Egyptian. The centralization of Internet capital within 
the US aids this: it means that your private data is fair game when you use the 
services of any of the companies established there, such as Facebook, Google or 
Skype, no matter your location.

These secret programs enjoy strong co-operation from Silicon Valley. Skype, 
which in 2008 boasted that its strong privacy architecture prevents it from 
handing data to law enforcement, formed the secretive Project Chess program in 
2009 which was tasked with doing just that. Apple, which still holds that it 
maintains customer privacy at all costs, has been implicated in more than one 
government surveillance and law enforcement request program. It is only now, 
post-PRISM, and years after these programs have been enacted, that we see these 
revelations discussed in the Guardian, Washington Post, New York Times and 
other big press. But privacy technologists and encryption software developers 
have long known that this kind of surveillance is likely to exist.

The argument for national security does not have to come accompanied with the 
violation of the privacy rights of the entire global community. It doesn’t have 
to come with the undermining of democratic and legislative values. But this is 
exactly what is happening: surveillance interests have been allowed to operate 
above the law and the spirit of democratic discourse. The resulting problems 
are far too serious to be addressed with the use of privacy tools and software, 
which can at most act as shims. The problem is rather more human, political and 
ultimately historical.

- See more at: 
http://newint.org/blog/2013/06/21/prism-surveillance-nsa-software/#sthash.2m5dUyZA.dpuf

NK
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] to encrypt or not to encrypt?

[Joseph Lorenzo Hall]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


On Fri Jun 21 14:54:29 2013, Michael Rogers wrote:
> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1
> 
> On 21/06/13 17:57, Joseph Lorenzo Hall wrote:
>> What about the theory that by encrypting all the things we are 
>> feeding some massively large NSA cryptanalysis project that uses 
>> different flavors of ciphertext to find weaknesses? Very
>> conspiracy theorist-y, but I've heard a few people say that maybe
>> we shouldn't "donate" unnecessary ciphertext to such a project.
>> :/
> 
> Sorry to be blunt, but that theory is nonsense. The NSA can't
> possibly learn more from the ciphertext of an unknown plaintext
> than it could learn by generating its own ciphertext from a known
> plaintext - which would save the cost of a splitter cabinet, to
> boot.

No, thanks for being blunt and this makes a lot of sense! best, Joe
- -- 
Joseph Lorenzo Hall
Senior Staff Technologist
Center for Democracy & Technology
1634 I ST NW STE 1100
Washington DC 20006-4011
(p) 202-407-8825
(f) 202-637-0968
j...@cdt.org
PGP: https://josephhall.org/gpg-key
fingerprint: BE7E A889 7742 8773 301B 4FA1 C0E2 6D90 F257 77F8

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.13 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlHEqL0ACgkQwOJtkPJXd/gYIQCeMK6ceaOBIbkDPH8yfmEofiK6
1EMAn00ygAaXouQFimc5ggCJS6Md9x4E
=fBda
-END PGP SIGNATURE-

--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] Contribution for Research Project

[Yosem Companys]

From: David Nemer 

I'm currently in Vitoria, Brazil researching the use of digital
technology by the people from the favelas (slums in Brazil). The focus
of me dissertation research is Telecenters and LAN Houses in the
favela of Gurigica.

I was recently chosen by Google to purchase the Google Glass. This
gadget could contribute immensely to my research due to its easiness
of collecting sound and pictures. Carrying around a digital camera and
a voice recorder has been quite risky since favelas are zones of high
crime and theft.

Google Glass is more subtle and small, which could call less attention
than carrying cameras and recorders around.

My budget for this research is very limit, and I can’t afford the
Glass on my own, and for that I ask for your help!

Any contribution is very welcome!
http://www.indiegogo.com/projects/google-glass-for-research-in-the-favelas/x/2566404

Thanks
-- 
David Nemer
PhD Candidate in Social Informatics
School of Informatics and Computing, Indiana University
Editor of the Social Informatics Blog - http://socialinformaticsblog.com
http://www.dnemer.com dne...@indiana.edu
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] to encrypt or not to encrypt?

[Michael Rogers]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 21/06/13 17:57, Joseph Lorenzo Hall wrote:
> What about the theory that by encrypting all the things we are
> feeding some massively large NSA cryptanalysis project that uses
> different flavors of ciphertext to find weaknesses? Very conspiracy
> theorist-y, but I've heard a few people say that maybe we shouldn't
> "donate" unnecessary ciphertext to such a project. :/

Sorry to be blunt, but that theory is nonsense. The NSA can't possibly
learn more from the ciphertext of an unknown plaintext than it could
learn by generating its own ciphertext from a known plaintext - which
would save the cost of a splitter cabinet, to boot.

Cheers,
Michael

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJRxKFlAAoJEBEET9GfxSfMJDMIAKE/4EamX+E6xPExWNTWb2ct
ACpHkg2ovh6Ez8pS25h5arwicftWLo2fZUDicy6If0Vz2AWyr2iFBvknFezH+jlY
X1Af+oWwScYEV3UmPQCQInQmXzDziXYXYxE6W2Tpokq3pkVguyTaqKZsxVQhMc3T
oLZKGxKtXLaissBXDtLn/XRR5CNUsn1ZzSziJEynXO56gGut0eXGZIExdNCy8POt
Tc2KzDyPaX91t2Zz1ecNUEN6h4FgUCgTOQcAndz7i+0cUG/5V+XhwJazct+00tqS
LjasOQIU5ICCTEpJy3L2vxEB/jdDTZ21Xt+5WNdEMLOwXl56/DZkJc1chL6VRtA=
=EAd2
-END PGP SIGNATURE-
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Euclid Analytics

[Matt Johnson]

Mutating IMEI's is interesting. How does that work on phone networks?
Can you phone connect with out a recognizable IMEI? Doesn't your IMSI
identify you anyway? You can change your SIM, but I don't think you
can spoof it, right?

--
Matt Johnson



On Fri, Jun 21, 2013 at 11:40 AM, Eugen Leitl  wrote:
> On Fri, Jun 21, 2013 at 10:25:21AM -0700, Matt Johnson wrote:
>> So do we all need to generate random MAC addresses now? I don't think
>> you can do that on an iPhone though.
>
> MACs are easy, and they're limited-scope, anyway.
>
> Much better would be a daemon that mutates your IMEI on a daily,
> or hourly basis. This would be limited to rooted devices, and
> alternative firmware (e.g. CM) which already give you root.
> --
> Too many emails? Unsubscribe, change to digest, or change password by 
> emailing moderator at compa...@stanford.edu or changing your settings at 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Euclid Analytics

[Daniel Sieradski]

Or you can just turn your WiFi off when you're not using it. :)

--
Daniel Sieradski
d...@danielsieradski.com
http://danielsieradski.com
315.889.1444

Follow me at http://twitter.com/selfagency
Public key http://danielsieradski.com/share/ds_public.key

On Jun 21, 2013, at 2:40 PM, Eugen Leitl  wrote:

> On Fri, Jun 21, 2013 at 10:25:21AM -0700, Matt Johnson wrote:
>> So do we all need to generate random MAC addresses now? I don't think
>> you can do that on an iPhone though.
> 
> MACs are easy, and they're limited-scope, anyway.
> 
> Much better would be a daemon that mutates your IMEI on a daily,
> or hourly basis. This would be limited to rooted devices, and
> alternative firmware (e.g. CM) which already give you root.
> --
> Too many emails? Unsubscribe, change to digest, or change password by 
> emailing moderator at compa...@stanford.edu or changing your settings at 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech

--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Euclid Analytics

[Eugen Leitl]

On Fri, Jun 21, 2013 at 10:25:21AM -0700, Matt Johnson wrote:
> So do we all need to generate random MAC addresses now? I don't think
> you can do that on an iPhone though.

MACs are easy, and they're limited-scope, anyway.

Much better would be a daemon that mutates your IMEI on a daily,
or hourly basis. This would be limited to rooted devices, and
alternative firmware (e.g. CM) which already give you root.
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] PRISM & Open Data

[Yosem Companys]

From: Ted Strauss 

Glen,
Here is the connection I see between Obama issuing an Open Data
directive and the exposure of PRISM.

Open data is commonly used by politicians as a way to sell themselves
as promoters of transparency, accountability, and technical
sophistication in government. If their policies end up failing to live
up to their promises, then it does harm to pursuit of openness,
because it turns into one more corruptible buzz word that can be used
for political ends. Tracy's commentary to the CBC is an example of
this line of critique.

The Obama open data directive touts the US commitment to open
principles, incuding respect for individual privacy. In the
memorandum, the word privacy is used 22 times, as here (p.9):
"Strengthen measures to ensure that privacy and confidentiality are
fully protected and that data are properly secured"

The revelations about PRISM seriously undermine the administration's
credibility with respect to valuing individual privacy, since they are
intercepting private communcations of people and using them in untold
ways. This contradicts the aims set out in the open data directive,
and in turn undermines those principles.

If a tabacco company set up a hospital to treat lung cancer, would you
go to that hospital? Would you trust the research they did?

--
I have posted my original message to odx.io, in case this topic is not
right for this list.

--
Ted Strauss
Co-founder of Trudat.co

I'm organizing Open Data Exchange in Montreal, April 6, 2013



On Fri, Jun 21, 2013 at 11:52 AM, Glen Newton  wrote:
>
> >it is revealed that he believes the spirit of open data should be applied to 
> >the private communications of civilians
>
> I do not see any connection between Prism and the spirit of Open Data.
>
> -Glen Newton
>
> On Fri, Jun 21, 2013 at 11:23 AM, Ted Strauss  wrote:
> > When Obama said last week "no one is listening to your calls" he was
> > parsing his message. He has emphasized that the NSA doesn't listen
> > in on domestic US calls without a warrant from FISA. But no one has denied
> > that the NSA is being allowed to indiscriminately spy on foreign electronic
> > communictions. All the responses by US officials have treated targeting of
> > foreigners as fair game. That includes every Canadian with a facebook,
> > skype, or gmail account. (The latest leaks reported by the Guardian provide
> > new troubling details and cast doubt on Obama's defence.)
> >
> > With an open admission of mass espionage targeting hundreds of millions of
> > people worldwide, I think it's the duty of our elected officials to tell the
> > US government at the very least that Canada does not consent. Indeed, the
> > admission could violate treaties and agreements held between our
> > governments. For example, the WTO treaty TRIPS on intellectual property.
> >
> > Shouldn't this case be made to our MPs and MLAs?
> > Shouldn't we identify what are the legal implications of this admission for
> > the various agreements between Canada and the US?
> >
> > Why is this on-topic for this list?
> > One month after Obama issued an open data directive, it is revealed that he
> > believes the spirit of open data should be applied to the private
> > communications of civilians. Incidents like this give fodder to those who
> > would argue against open government. In one month, the slippery slope became
> > a precipice. That is why open data supporters should lead the way in drawing
> > the lines of right and wrong on opening information.
> >
> > Ted
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] my op/ed in the SF Bay Guardian

[LilBambi]

Excellent piece! Thanks for sharing it and I will be sharing this. Great
job!


On Fri, Jun 21, 2013 at 4:16 AM, Shava Nerad  wrote:

>
> http://www.sfbg.com/politics/2013/06/20/hackivist%E2%80%99s-call-culture-engagement
>
> Pretty much what I've been carrying on about here. ;)
>
> yrs,
> --
>
> Shava Nerad
> shav...@gmail.com
>
> --
> Too many emails? Unsubscribe, change to digest, or change password by
> emailing moderator at compa...@stanford.edu or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] to encrypt or not to encrypt?

[Jordan McCarthy]

On 06/21/2013 09:57 AM, Joseph Lorenzo Hall wrote:
> What about the theory that by encrypting all the things we are feeding 
> some massively large NSA cryptanalysis project that uses different 
> flavors of ciphertext to find weaknesses? Very conspiracy theorist-y, 
> but I've heard a few people say that maybe we shouldn't "donate" 
> unnecessary ciphertext to such a project. :/
>
> best, Joe
I wholeheartedly endorse many of the arguments /for/ consistent use of
encryption that have been voiced so far -- but I'm still curious how
people would handle the above challenge. 

It seems to me that one reasonable response would be that the proposed
problem is largely a function of inconsistent use of cryptography: if
"all the things" were encrypted, all the time, cryptanalysis would be
considerably more costly than it is when people are only encrypting
certain kinds of information (since plain-text versions of encrypted
content would be less available, and predicting the nature/type of an
encrypted stream would hence become more difficult).  As someone else
has already said, if everything were encrypted, it would be impossible
to figure out what parts of that encrypted ocean would be worth
filtering with a crypto-breaking strainer. 

Also, if the NSA is really intent on fundamentally breaking various
crypto algorithms, I'm sure they have more than enough computing power
in-house to generate and attempt to reverse engineer huge quantities of
ciphertext; they probably don't really need our help to produce more of
such data.  :)

< Jordan
--
Sent from a computer running Free and Open Source Software
My GPG Public Key (0xDE1C1B53) 
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Query on implications of dragnet eavesdropping

[Griffin Boyce]

Louis Suárez-Potts  wrote:

> Every day, one learns a new thing… or at least has one's guesses
> confirmed—and then does the same old. I think all of us (undefined set of
> persons but including those on this public list) have simply assumed that
> all information is kept for always, and that the nature of the always
> bureaucracy is that it eliminates boundaries of time, so that what you did
> long ago is what you will do today and tomorrow—this is what makes you
> "you"--and all can be used to frame you as a penal subject. But then, I'v
> read too much Kafka and Foucault.
>
> cheers,
> Louis
>

  Louis, I think that Foucault would be genuinely pissed to see how things
have progressed in his absence.  We started as a disciplinary society,
progressed into a society of control, and then regressed entirely into a
panoptic society.  I'm not sure what that says about us or how we deal with
tragedy.

~Griffin

-- 
Just another hacker in the City of Spies.
#Foucault / PGP: 0xAE792C97 / OTR: sa...@jabber.ccc.de

My posts, while frequently amusing, are not representative of the thoughts
of my employer.
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] GCHQ taps fibre-optic cables for secret access to world's communications

[Jacob Appelbaum]

>From the we-told-you-so-again-gosh-this-is-the-free-west department:

GCHQ taps fibre-optic cables for secret access to world's communications
Exclusive: British spy agency collects and stores vast quantities of
global email messages, Facebook posts, internet histories and calls, and
shares them with NSA, latest documents from Edward Snowden reveal


http://www.guardian.co.uk/uk/2013/jun/21/gchq-cables-secret-world-communications-nsa

All the best,
Jacob
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] to encrypt or not to encrypt?

[Griffin Boyce]

dan mcquillan  wrote:

> a few people who came to our university cryptoparty asked whether they're
> just going to draw attention to themselves by encrypting email.
>
> the latest leaks seems to give a firm 'yes', as the NSA specifically keeps
> encrypted comms indefinitely.
>

  It's the old https problem again.  If you're using https in an area where
almost no one does, you stick out to anyone analyzing traffic.

  But not using pgp/otr/https is *far* worse than the minimal attention you
might theoretically draw to yourself.
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Query on implications of dragnet eavesdropping

[Louis Suárez-Potts]

On 2013-06-21, at 13:38 , Griffin Boyce  wrote:

> Louis Suárez-Potts  wrote:
> > My understanding is that the TSA archives but does not examine the data 
> > except under specific FISA searches.  This is their justification that it 
> > isn't really domestic spying, because it's a fossil record of the data, 
> > like archive.org for every stream, and they just want to be able to go back 
> > into that snapshot and get what they want.
> 
> Yes, I understand that, and that also shields them (or any other agency) from 
> knowing too much (and thus having to act on that information). "Too much" 
> would include material not strictly relevant to their remit.
> 
> "We're concerned about terrorists using PGP. Give us all emails that include 
> the phrase "BEGIN PGP MESSAGE" in all caps."
> --
> Too many emails? Unsubscribe, change to digest, or change password by 
> emailing moderator at compa...@stanford.edu or changing your settings at 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech

Every day, one learns a new thing… or at least has one's guesses confirmed—and 
then does the same old. I think all of us (undefined set of persons but 
including those on this public list) have simply assumed that all information 
is kept for always, and that the nature of the always bureaucracy is that it 
eliminates boundaries of time, so that what you did long ago is what you will 
do today and tomorrow—this is what makes you "you"--and all can be used to 
frame you as a penal subject. But then, I'v read too much Kafka and Foucault.

cheers,
Louis
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Query on implications of dragnet eavesdropping

[Griffin Boyce]

Louis Suárez-Potts  wrote:

> > My understanding is that the TSA archives but does not examine the data
> except under specific FISA searches.  This is their justification that it
> isn't really domestic spying, because it's a fossil record of the data,
> like archive.org for every stream, and they just want to be able to go
> back into that snapshot and get what they want.
>
> Yes, I understand that, and that also shields them (or any other agency)
> from knowing too much (and thus having to act on that information). "Too
> much" would include material not strictly relevant to their remit.


"We're concerned about terrorists using PGP. Give us all emails that
include the phrase "BEGIN PGP MESSAGE" in all caps."
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Euclid Analytics

[Daniel Sieradski]

Ironic that Franken opposes this but is defending the NSA.

--
Daniel Sieradski
d...@danielsieradski.com
http://danielsieradski.com
315.889.1444

Follow me at http://twitter.com/selfagency
Public key http://danielsieradski.com/share/ds_public.key

On Jun 21, 2013, at 1:32 PM, Joseph Lorenzo Hall  wrote:

> Yes, Euclid has been around for a bit, and attracting the ire of US
> Senator Al Franken... Franken wrote a letter with a bunch of questions
> and Euclid responded. Franken was not impressed:
> 
> (links in original)
> 
> http://www.franken.senate.gov/?p=press_release&id=2341
> 
> Sen. Franken Calls for End to Disturbing Consumer Tracking Trend
> 
> Tech Firm’s Response to Senator’s Inquiry Confirms Need for Privacy
> Protections
> 
> Monday, April 1, 2013
> 
> Today, U.S. Sen. Al Franken (D-Minn.) once again called for an end to
> the practice of tracking consumer movements – through stores, within
> malls, and even from state to state – all without their permission. Last
> month, he pressed a leading analytics firm to stop using technology that
> allows it to track people’s smartphone locations without their
> permission. Today, he released the company’s response, highlighting the
> company’s good faith, but saying it doesn’t go far enough to protect
> consumers.
> 
> “People have a fundamental right to privacy, and tracking a consumer's
> location and movements without permission violates that right,” said
> Sen. Franken. “I believe that Euclid has a sincere desire to protect
> consumer privacy, and I'm pleased that they've pledged to do even more –
> including a promise to never sell consumer data to data brokers.
> However, Euclid's use of opt-out location tracking – regardless of
> whether a consumer actually enters a store equipped with this technology
> – simply doesn't meet the standard of privacy Americans should be able
> to count on. I’m pleased that privacy is a priority for Euclid, but
> their continued use of opt-out technology underscores the need for
> Congressional action to protect consumer location privacy.”
> 
> Euclid, Inc. keeps tabs on consumers as they walk past a store, enter a
> store, or move between a store’s floors by tracking a unique and
> permanent hardware number transmitted by consumers’ smartphones. Unless
> a consumer visits Euclid's website to opt-out of being tracked, their
> location is collected without their permission or knowledge.
> 
> Sen. Franken’s March letter was prompted by news reports suggesting that
> Euclid's technology has used cellphone location technology to track the
> shopping habits of approximately 50 million consumers without their
> permission. Euclid responded promptly to Sen. Franken’s request,
> pledging to protect the privacy of their consumers by:
> 
>Requiring all participating retailers to post signage telling
> consumers how to opt-out of tracking;
>Requiring all retailers to undergo a comprehensive education program
> about the opt-out process;
>Strengthening the company's privacy policy to prohibit the sale,
> rental, or disclosure of any of Euclid’s data to data brokers; and
>Creating a formal policy outlining the company's requirements for a
> warrant or court order to comply with any request for data.
> 
> In 2011, Sen. Franken introduced the Location Privacy Protection Act to
> protect consumer privacy by requiring companies to get permission before
> collecting or sharing consumers’ location data. The legislation was
> approved by the Senate Judiciary Committee in December of 2012, and Sen.
> Franken plans to reintroduce it in the coming months.
> 
> On 6/21/13 1:06 PM, Daniel Sieradski wrote:
>> Has anyone heard about this company Euclid Analytics?
>> 
>> Apparently they track individual behavior over WIFI by logging your
>> phone's MAC address and storing info on where you shop and for how long.  
>> 
>> http://euclidanalytics.com/product/zero/
>> 
>> --
>> Daniel Sieradski
>> d...@danielsieradski.com 
>> http://danielsieradski.com
>> 315.889.1444
>> 
>> Follow me at http://twitter.com/selfagency
>> Public key http://danielsieradski.com/share/ds_public.key
>> 
>> 
>> 
>> --
>> Too many emails? Unsubscribe, change to digest, or change password by 
>> emailing moderator at compa...@stanford.edu or changing your settings at 
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>> 
> 
> -- 
> Joseph Lorenzo Hall
> Senior Staff Technologist
> Center for Democracy & Technology
> 1634 I ST NW STE 1100
> Washington DC 20006-4011
> (p) 202-407-8825
> (f) 202-637-0968
> j...@cdt.org
> PGP: https://josephhall.org/gpg-key
> fingerprint: BE7E A889 7742 8773 301B 4FA1 C0E2 6D90 F257 77F8
> 
> 
> --
> Too many emails? Unsubscribe, change to digest, or change password by 
> emailing moderator at compa...@stanford.edu or changing your settings at 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech

--
Too many emails? Unsubscribe, change to digest, or change password by em

Re: [liberationtech] Euclid Analytics

[Joseph Lorenzo Hall]

Yes, Euclid has been around for a bit, and attracting the ire of US
Senator Al Franken... Franken wrote a letter with a bunch of questions
and Euclid responded. Franken was not impressed:

(links in original)

http://www.franken.senate.gov/?p=press_release&id=2341

Sen. Franken Calls for End to Disturbing Consumer Tracking Trend

Tech Firm’s Response to Senator’s Inquiry Confirms Need for Privacy
Protections

Monday, April 1, 2013

Today, U.S. Sen. Al Franken (D-Minn.) once again called for an end to
the practice of tracking consumer movements – through stores, within
malls, and even from state to state – all without their permission. Last
month, he pressed a leading analytics firm to stop using technology that
allows it to track people’s smartphone locations without their
permission. Today, he released the company’s response, highlighting the
company’s good faith, but saying it doesn’t go far enough to protect
consumers.

“People have a fundamental right to privacy, and tracking a consumer's
location and movements without permission violates that right,” said
Sen. Franken. “I believe that Euclid has a sincere desire to protect
consumer privacy, and I'm pleased that they've pledged to do even more –
including a promise to never sell consumer data to data brokers.
However, Euclid's use of opt-out location tracking – regardless of
whether a consumer actually enters a store equipped with this technology
– simply doesn't meet the standard of privacy Americans should be able
to count on. I’m pleased that privacy is a priority for Euclid, but
their continued use of opt-out technology underscores the need for
Congressional action to protect consumer location privacy.”

Euclid, Inc. keeps tabs on consumers as they walk past a store, enter a
store, or move between a store’s floors by tracking a unique and
permanent hardware number transmitted by consumers’ smartphones. Unless
a consumer visits Euclid's website to opt-out of being tracked, their
location is collected without their permission or knowledge.

Sen. Franken’s March letter was prompted by news reports suggesting that
Euclid's technology has used cellphone location technology to track the
shopping habits of approximately 50 million consumers without their
permission. Euclid responded promptly to Sen. Franken’s request,
pledging to protect the privacy of their consumers by:

Requiring all participating retailers to post signage telling
consumers how to opt-out of tracking;
Requiring all retailers to undergo a comprehensive education program
about the opt-out process;
Strengthening the company's privacy policy to prohibit the sale,
rental, or disclosure of any of Euclid’s data to data brokers; and
Creating a formal policy outlining the company's requirements for a
warrant or court order to comply with any request for data.

In 2011, Sen. Franken introduced the Location Privacy Protection Act to
protect consumer privacy by requiring companies to get permission before
collecting or sharing consumers’ location data. The legislation was
approved by the Senate Judiciary Committee in December of 2012, and Sen.
Franken plans to reintroduce it in the coming months.

On 6/21/13 1:06 PM, Daniel Sieradski wrote:
> Has anyone heard about this company Euclid Analytics?
> 
> Apparently they track individual behavior over WIFI by logging your
> phone's MAC address and storing info on where you shop and for how long.  
> 
> http://euclidanalytics.com/product/zero/
> 
> --
> Daniel Sieradski
> d...@danielsieradski.com 
> http://danielsieradski.com
> 315.889.1444
> 
> Follow me at http://twitter.com/selfagency
> Public key http://danielsieradski.com/share/ds_public.key
> 
> 
> 
> --
> Too many emails? Unsubscribe, change to digest, or change password by 
> emailing moderator at compa...@stanford.edu or changing your settings at 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 

-- 
Joseph Lorenzo Hall
Senior Staff Technologist
Center for Democracy & Technology
1634 I ST NW STE 1100
Washington DC 20006-4011
(p) 202-407-8825
(f) 202-637-0968
j...@cdt.org
PGP: https://josephhall.org/gpg-key
fingerprint: BE7E A889 7742 8773 301B 4FA1 C0E2 6D90 F257 77F8


--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] to encrypt or not to encrypt?

[Martin Uecker]

On 06/21/2013 10:00 AM, Eugen Leitl wrote:

On Fri, Jun 21, 2013 at 06:51:11PM +0200, phryk wrote:

On Fri, 21 Jun 2013 11:55:57 -0400
Nadim Kobeissi  wrote:


The solution to this is to make encryption more and more widely used.
By increasing the number of people with access to encryption
technology for their communications, we dilute this threat.

My thought exactly, just encrypt ALL THE THINGS and let those people
deal with humungous amounts of data, most of which will be completely
useless even if decrypted.

You want it to happen, you get opportunistic encryption to happen
on as a low level as possible, on as many devices as possible.

Target consumer routers which run Linux or Freedombox-like
devices. Sooner or later it will move to Android, other
mobiles and desktops. Put it into the application layer.


Yes, securing the lower levels would seem to be an important long term goal.
But even if this is achieved, this will not provide any security 
benefits to an

average user who uses facebook/gmail/etc ...

In my opinion, the first priority should be to secure email. For a 
variety of

reasons:

- email is used a lot (also for important stuff)
- almost everybody has an email account
- email plays an important role for authentication of other services
  (passwords / links to reset passwords are sent by email)
- technology to secure email is readily available
- the importance to encrypt email is easy to explain
- if a lot of people start to encrypt their emails this would
  send a clear message and others might follow

The problem is not technical, it is education. Still, some changes in
email clients would help a lot:

- have crypto integrated (not as a stupid plugin deactivated by default)
- offer to create a key by default, educate the user at that time
- sign by default (or at least indicate in some header that you have a key)
- automatically download keys from a keyserver when receiving a signed email
- opportunistically encrypt if a key is available

- drop that broken web-of-trust model instead use the model used in ssh:
  warn about a possible MITM attack if the key has changed for some reason

Martin




--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Euclid Analytics

[Matt Johnson]

So do we all need to generate random MAC addresses now? I don't think
you can do that on an iPhone though.

--
Matt Johnson



On Fri, Jun 21, 2013 at 10:06 AM, Daniel Sieradski
 wrote:
> Has anyone heard about this company Euclid Analytics?
>
> Apparently they track individual behavior over WIFI by logging your phone's
> MAC address and storing info on where you shop and for how long.
>
> http://euclidanalytics.com/product/zero/
>
> --
> Daniel Sieradski
> d...@danielsieradski.com
> http://danielsieradski.com
> 315.889.1444
>
> Follow me at http://twitter.com/selfagency
> Public key http://danielsieradski.com/share/ds_public.key
>
>
> --
> Too many emails? Unsubscribe, change to digest, or change password by
> emailing moderator at compa...@stanford.edu or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] to encrypt or not to encrypt?

[phryk]

On Fri, 21 Jun 2013 11:55:57 -0400
Nadim Kobeissi  wrote:

> The solution to this is to make encryption more and more widely used.
> By increasing the number of people with access to encryption
> technology for their communications, we dilute this threat.

My thought exactly, just encrypt ALL THE THINGS and let those people
deal with humungous amounts of data, most of which will be completely
useless even if decrypted.
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Bush-Era Whistleblower Claims NSA Ordered Wiretap Of Barack Obama In 2004

[phryk]

I have to admit, I find that rather amusing. I wonder if this is
actually true and if it might change Obamas opinion on the surveillance
machine. And if it does, how will he try to hide the obvious hypocrisy?

Actually I have to say that I'm beginning to see the whole phenomenon
developing around Snowdens leaks with a good dose of gallows humor.

It's kind of slapstick-y that every time someone of the US government
tries to justify all the surveillance, there seem to be three new
stories popping up that elaborate on all the stuff they actually do;
some of which even directly contradicts what those apologists claim.
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] to encrypt or not to encrypt?

[Jonathan Wilkes]

 >From: dan mcquillan 
>To: Liberation Technologies  
>Sent: Friday, June 21, 2013 11:41 AM
>Subject: [liberationtech] to encrypt or not to encrypt?
 


>a few people who came to our university cryptoparty asked whether they're just 
>going to draw attention to themselves by encrypting email. 

>the latest leaks seems to give a firm 'yes', as the NSA specifically keeps 
>encrypted comms indefinitely. 

>sample news item: 
>http://www.techdirt.com/articles/20130620/15390323549/nsa-has-convinced-fisa-court-that-if-your-data-is-encrypted-you-might-be-terrorist-so-itll-hang-onto-your-data.shtml

>how would list members answer the question 'to encrypt or not to encrypt'? 


>cheers
>dan

The technical answer is that the question makes the false assumption that 
privacy is a binary thing, either "on"-- you have privacy-- or "off"-- you 
don't.  Unfortunately there are also threats from private corporations, 
thieves, hackers, ex-spouses, etc.  If you turn privacy "off" in the perverse 
hope that you'll "blend in" with everyone else, you'd better hope that a) you 
never mention something that breaks one of the tens of thousands of laws you've 
probably never even read, because as the recent Guardian stories point out 
evidence of your criminal wrongdoing can be shared with other agencies even if 
you weren't the target of the initial query and even if it's not related to the 
initial investigation.  And oh yeah, b) you've now turned on spying for all 
those groups I mentioned above and more, groups for which there isn't even the 
modicum of court oversight that there is for the NSA.

As meaningless as that oversight seems to be, at least the NSA doesn't have the 
pressure of shareholders who want to see it monetize all the data it collects 
as soon as humanly (algorithmically?) possible.  Facebook does.  Google ad 
campaigns done by marketing idiots follow people around on webpages and creep 
them out, because it turns out suggesting that your customers "Don't be evil" 
doesn't work very well, even when it would actually help their bottom line.

I'm sorry but you have to think about these things.  The good news is that if 
you have nothing to hide, what better excuse is there to play around with 
crypto and possibly add cover for people doing important work in dangerous 
places?

Finally, I'm also sorry that there's a gaping hole in the free software 
community wrt user experience.  There's nothing implied by the four freedoms of 
the GPL that would lead a developer to take seriously the question of how to 
make those freedoms easy or even possible for the user to exercise 
meaningfully.  How many crypto projects try to get the user experience right 
first, and fill in the crypto part later?  There is plenty of crypto that has 
been well-tested and has a track record at this point, so it's not an 
impossible task.
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] Euclid Analytics

[Daniel Sieradski]

Has anyone heard about this company Euclid Analytics?

Apparently they track individual behavior over WIFI by logging your phone's MAC 
address and storing info on where you shop and for how long.  

http://euclidanalytics.com/product/zero/

--
Daniel Sieradski
d...@danielsieradski.com
http://danielsieradski.com
315.889.1444

Follow me at http://twitter.com/selfagency
Public key http://danielsieradski.com/share/ds_public.key

--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] to encrypt or not to encrypt?

[Eugen Leitl]

On Fri, Jun 21, 2013 at 06:51:11PM +0200, phryk wrote:
> On Fri, 21 Jun 2013 11:55:57 -0400
> Nadim Kobeissi  wrote:
> 
> > The solution to this is to make encryption more and more widely used.
> > By increasing the number of people with access to encryption
> > technology for their communications, we dilute this threat.
> 
> My thought exactly, just encrypt ALL THE THINGS and let those people
> deal with humungous amounts of data, most of which will be completely
> useless even if decrypted.

You want it to happen, you get opportunistic encryption to happen
on as a low level as possible, on as many devices as possible.

Target consumer routers which run Linux or Freedombox-like
devices. Sooner or later it will move to Android, other
mobiles and desktops. Put it into the application layer.

Want an actionable? Figure out how to implement BTNS straight 
from the RFC. Nobody seems to have bothered, so far.
A CS student with basic crypto background could do it.

If you have working code, even crappy working code, we have
a really good chance to take it from there.
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] to encrypt or not to encrypt?

[The Doctor]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 06/21/2013 11:41 AM, dan mcquillan wrote:

> how would list members answer the question 'to encrypt or not to
> encrypt'?

Assumption: Your traffic is being recorded.
Assumption: You can't transmit anything without leaking at least one
bit ("You're transmitting something.")

Case: Don't encrypt.
- - Your traffic is being captured.
- - This means all of your plaintext traffic has been captured and is
being data mined.
Outcome: You're branched.

Case: Encrypt.
- - Your traffic is being captured.
- - Whatever cleartext traffic you send has been captured and is being
data mined.
- - Cleartext metadata is being data mined.  This means packet headers
(IP address, TCP or UDP port, nature of connection (TCP session setup,
TCP session teardown)) and whatever message metadata or routing
information (SMTP headers) is being datamined.
- - Whatever cyphertext traffic you send has been captured.
- - The cyphertext remains cyphertext - packet payloads, e-mail
contents, what have you remain unknown.
Outcome: The attacker knows that you encypt some volume X of your
traffic, of which some subvolume Y can be characterized as traffic of
type Z and the rest may or may not be recognizable as being related to
Z or some other protocol Q  that can't be characterized yet.

Most favorable outcome: Encrypt.

In comparison...

Perfect outcome: Don't transmit anything.  Just give up.  But then,
why are you on this mailing list?

- -- 
The Doctor [412/724/301/703] [ZS]
Developer, Project Byzantium: http://project-byzantium.org/

PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F  DD89 3BD8 FF2B 807B 17C1
WWW: https://drwho.virtadpt.net/

The future belongs to the brave.

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.20 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlHEhk8ACgkQO9j/K4B7F8G/OACgkEiUWH0ZVdnrfxfGcTO7FLRZ
KJgAoNG+VkPCFGr4sbOTX13fu1SCOzc9
=8zTD
-END PGP SIGNATURE-
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] to encrypt or not to encrypt?

[Joseph Lorenzo Hall]

On Fri Jun 21 12:51:11 2013, phryk wrote:
> On Fri, 21 Jun 2013 11:55:57 -0400
> Nadim Kobeissi  wrote:
>
>> The solution to this is to make encryption more and more widely used.
>> By increasing the number of people with access to encryption
>> technology for their communications, we dilute this threat.
>
> My thought exactly, just encrypt ALL THE THINGS and let those people
> deal with humungous amounts of data, most of which will be completely
> useless even if decrypted.

What about the theory that by encrypting all the things we are feeding 
some massively large NSA cryptanalysis project that uses different 
flavors of ciphertext to find weaknesses? Very conspiracy theorist-y, 
but I've heard a few people say that maybe we shouldn't "donate" 
unnecessary ciphertext to such a project. :/

best, Joe

--
Joseph Lorenzo Hall
Senior Staff Technologist
Center for Democracy & Technology
1634 I ST NW STE 1100
Washington DC 20006-4011
(p) 202-407-8825
(f) 202-637-0968
j...@cdt.org
PGP: https://josephhall.org/gpg-key
fingerprint: BE7E A889 7742 8773 301B 4FA1 C0E2 6D90 F257 77F8



--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] to encrypt or not to encrypt?

[phryk]

On Fri, 21 Jun 2013 11:55:57 -0400
Nadim Kobeissi  wrote:

> The solution to this is to make encryption more and more widely used.
> By increasing the number of people with access to encryption
> technology for their communications, we dilute this threat.

My thought exactly, just encrypt ALL THE THINGS and let those people
deal with humungous amounts of data, most of which will be completely
useless even if decrypted.
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Skype interception - Project Chess

[Griffin Boyce]

+1 Nathan. Jitsi is great, but does need more love and attention from
developers to be a real contender.

Skype got its foot hold on various communities because it's useful, usable,
and has (had?) an under-educated user base.  The ongoing debate about their
terrible security practices will likely lead to a small minority of their
users jumping ship.

What happens when one company totally dominates its sector in this way? How
can we effectively fight against them?  We need to come up with better
strategies for convincing people to opt out of ubiquitous surveillance.  At
this point, it's still really easy for people to justify bad security
decisions by drawing a distinction between themselves and "paranoid"
security types. For people who are already convinced, the learning curve is
pretty steep, this is true, but there is a legion of people out there who
still think they aren't affected at all by this sort of revelation. We need
to change that.

¿Griffin?

--
Typing on a phone, please excuse fatfingers and grammatical errors.

On Jun 21, 2013 10:31 AM, "Nathan of Guardian" 
wrote:
>
> On 06/20/2013 10:08 AM, Jacob Appelbaum wrote:
> > To the Skype promoters, apologists and deniers - I encourage you to
> > start using, and improving Jitsi - it needs a lot of love but it at
> > least has a chance of being secure, whereas Skype is beyond repair.
>
> I also want to add to this, that in order to use Jitsi, you need a
> trustworthy, privacy-oriented SIP service provider [0], to go with it.
> This means someone that doesn't keep logs, doesn't require real name
> registration, defaults to secure, and that also offers features to help
> defend against traffic analysis and mass metadata gathering [1].
>
> This is exactly what we have been working on at Guardian Project with
> our Open Secure Telephony Network [2] project and our public
> beta/testbed service at OStel.co. The base service platform we are using
> is Kamailio [3], which is a project that should be as equally supported
> as Jitsi.
>
> Ultimately, our goal is not to replace one single service with another
> single service, but rather to enable every user, organization, NGO,
> collective, cooperative, etc to run their own service, or at least have
> a variety of hosted service operators that run at a known quality and
> standard for privacy-oriented voice and video communications.
>
> +n
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] eternity USENET (Re: Internet blackout)

[Guido Witmond]

On 21-06-13 17:56, Michael Rogers wrote:
> On 17/06/13 14:12, Rich Kulawiec wrote:
>> One more generic comment/observation: clearly, Usenet or a
>> Usenet-ish mechanism will run on a smartphone.  But I'm not sure
>> that's a good idea.  Given the existence of things like CarrierIQ,
>> the propensity of repressive governments to strongarm (or take
>> over) telcos, the geolocation capabilities of cellular providers,
>> the extant research on re-identifying putatively de-identified
>> data, the epidemic of smartphone malware (including in "app
>> marketplaces"), etc., I've kinda arrived at the point where I think
>> "no smartphones" is sound advice.
> 
> I agree - "no smartphones" is sound advice. "No phones" is even
> better. But the problem is, nobody follows that advice. So we have to
> be pragmatic. Given that billions of people own mobile phones, carry
> them everywhere, and use them for communication they'd like to keep
> confidential, what's the best incremental improvement we can make?

Just switch off the phone before driving. Saves lives (of others) and
saves your battery too.

Perhaps, start calling people that use their phone while driving
'road-terrorists' then the NSA will take care of that :-)

Cheers, Guido.
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Skype interception - Project Chess

[Richard Brooks]

Nathan,

You've probably explained this before, but what is the difference
between OSTN and RedPhone?

Thanks.

-Richard

On 06/21/2013 10:30 AM, Nathan of Guardian wrote:
> On 06/20/2013 10:08 AM, Jacob Appelbaum wrote:
>> To the Skype promoters, apologists and deniers - I encourage you to
>> start using, and improving Jitsi - it needs a lot of love but it at
>> least has a chance of being secure, whereas Skype is beyond repair.
> 
> I also want to add to this, that in order to use Jitsi, you need a
> trustworthy, privacy-oriented SIP service provider [0], to go with it.
> This means someone that doesn't keep logs, doesn't require real name
> registration, defaults to secure, and that also offers features to help
> defend against traffic analysis and mass metadata gathering [1].
> 
> This is exactly what we have been working on at Guardian Project with
> our Open Secure Telephony Network [2] project and our public
> beta/testbed service at OStel.co. The base service platform we are using
> is Kamailio [3], which is a project that should be as equally supported
> as Jitsi.
> 
> Ultimately, our goal is not to replace one single service with another
> single service, but rather to enable every user, organization, NGO,
> collective, cooperative, etc to run their own service, or at least have
> a variety of hosted service operators that run at a known quality and
> standard for privacy-oriented voice and video communications.
> 
> +n
> 
> [0] OSTel privacy policy https://ostel.co/privacy
> 
> [1] more technical discussion here about our approach compared to a
> typical voice operator:
> https://guardianproject.info/2013/06/12/carrier-grade-verizon-and-the-nsa/
> 
> [2] OSTN/OStel source https://github.com/guardianproject/OSTel
> 
> [3] Kamailio - Open Source SIP Server - http://www.kamailio.org/
> --
> Too many emails? Unsubscribe, change to digest, or change password by 
> emailing moderator at compa...@stanford.edu or changing your settings at 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 


-- 
===
R. R. Brooks

Associate Professor
Holcombe Department of Electrical and Computer Engineering
Clemson University

313-C Riggs Hall
PO Box 340915
Clemson, SC 29634-0915
USA

Tel.   864-656-0920
Fax.   864-656-5910
email: r...@acm.org
web:   http://www.clemson.edu/~rrb

--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] my op/ed in the SF Bay Guardian

[Renee Lloyd]

Shava,
   This is an inspiring and passionate call to action that I will share 
widely.   In a reply, a reader asks "how."   What does meaningful engagement 
look like?  How do you move from the folks that 'get it' to the similar folks 
that haven't yet connected the dots?   

Thanks-

Renee

Sent from my iPad

On Jun 21, 2013, at 4:16 AM, Shava Nerad  wrote:

> http://www.sfbg.com/politics/2013/06/20/hackivist%E2%80%99s-call-culture-engagement
> 
> Pretty much what I've been carrying on about here. ;)
> 
> yrs,
> -- 
> 
> Shava Nerad
> shav...@gmail.com
> --
> Too many emails? Unsubscribe, change to digest, or change password by 
> emailing moderator at compa...@stanford.edu or changing your settings at 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] eternity USENET (Re: Internet blackout)

[Michael Rogers]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 17/06/13 14:12, Rich Kulawiec wrote:
> One more generic comment/observation: clearly, Usenet or a
> Usenet-ish mechanism will run on a smartphone.  But I'm not sure
> that's a good idea.  Given the existence of things like CarrierIQ,
> the propensity of repressive governments to strongarm (or take
> over) telcos, the geolocation capabilities of cellular providers,
> the extant research on re-identifying putatively de-identified
> data, the epidemic of smartphone malware (including in "app
> marketplaces"), etc., I've kinda arrived at the point where I think
> "no smartphones" is sound advice.

I agree - "no smartphones" is sound advice. "No phones" is even
better. But the problem is, nobody follows that advice. So we have to
be pragmatic. Given that billions of people own mobile phones, carry
them everywhere, and use them for communication they'd like to keep
confidential, what's the best incremental improvement we can make?

As a sofware developer, the best incremental improvement I can make is
to develop apps that are more secure than the ones people currently
use. That's only a small piece of a huge puzzle that spans software,
hardware, law, economics and politics, but it's the piece I can reach.

Cheers,
Michael

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJRxHeoAAoJEBEET9GfxSfMlGMH/3T5svAB8g0/+EC5imfnUbWz
GvJYlhRaTyhwVfUAlje9BCs1S7fGozNQO3F9fTkP1fTesicvfSQZbM+Jt5k1zm6q
fw+K0gvCsUKeCSP30DhAZVKMsCnRZW5c4GWUeCYgUY1OG4cGqPMVgG4M/psiwZco
7xvUjdp3D43u52wierB3RTHfCHsMKck95foA4O8xEZOl+zypEXLluO8AQoQm8zYI
Kke0hG4YmuEjzJxBZ6vNyemaktCRHFwr4ILEQQB+T11gm9fOUFQXxH3R0GoGKkn/
MAIymUEavSK8dyhirwbSVPyYBVvQI6WP9wZ+j6pdEmTlSuzUb7amkgMegdFs2L8=
=6Jro
-END PGP SIGNATURE-
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] to encrypt or not to encrypt?

[Nadim Kobeissi]

The solution to this is to make encryption more and more widely used. By 
increasing the number of people with access to encryption technology for their 
communications, we dilute this threat.

NK

On 2013-06-21, at 11:52 AM, Michael Rogers  wrote:

> Signed PGP part
> It's unfortunate that Ars Technica has chosen that angle, since I
> believe it misrepresents the situation: if you use encryption, the NSA
> may indeed retain your encrypted traffic, but won't be able to read
> it. If you don't use encryption, the NSA will be able to read your
> traffic, and will retain it if it contains anything interesting, or if
> you're not an American. So encryption is still a net gain for privacy.
> 
> Blending in is a red herring in my opinion - metadata (which isn't
> subject to the restrictions discussed in the Ars Technica article)
> reveals who talks to whom and when. That's sufficient to identify
> persons of interest, regardless of whether they use encryption. Any
> activist or journalist should assume they're already a person of
> interest, thanks to their job and the people they talk to. Not to be
> subject to surveillance would be something of a professional
> embarrassment. ;-) So forget about blending in. Assume you're subject
> to surveillance, and think about what steps you're going to take in
> response.
> 
> Cheers,
> Michael
> 
> On 21/06/13 16:41, dan mcquillan wrote:
> > a few people who came to our university cryptoparty asked whether 
> > they're just going to draw attention to themselves by encrypting
> > email.
> > 
> > the latest leaks seems to give a firm 'yes', as the NSA
> > specifically keeps encrypted comms indefinitely.
> > 
> > sample news item:
> > http://www.techdirt.com/articles/20130620/15390323549/nsa-has-convinced-fisa-court-that-if-your-data-is-encrypted-you-might-be-terrorist-so-itll-hang-onto-your-data.shtml
> >
> > 
> 
> > 
> > how would list members answer the question 'to encrypt or not to
> > encrypt'?
> > 
> > cheers dan
> > 
> > 
> > 
> > -- Too many emails? Unsubscribe, change to digest, or change
> > password by emailing moderator at compa...@stanford.edu or changing
> > your settings at
> > https://mailman.stanford.edu/mailman/listinfo/liberationtech
> > 
> 
> 
> --
> Too many emails? Unsubscribe, change to digest, or change password by 
> emailing moderator at compa...@stanford.edu or changing your settings at 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech

--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] to encrypt or not to encrypt?

[Michael Rogers]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

It's unfortunate that Ars Technica has chosen that angle, since I
believe it misrepresents the situation: if you use encryption, the NSA
may indeed retain your encrypted traffic, but won't be able to read
it. If you don't use encryption, the NSA will be able to read your
traffic, and will retain it if it contains anything interesting, or if
you're not an American. So encryption is still a net gain for privacy.

Blending in is a red herring in my opinion - metadata (which isn't
subject to the restrictions discussed in the Ars Technica article)
reveals who talks to whom and when. That's sufficient to identify
persons of interest, regardless of whether they use encryption. Any
activist or journalist should assume they're already a person of
interest, thanks to their job and the people they talk to. Not to be
subject to surveillance would be something of a professional
embarrassment. ;-) So forget about blending in. Assume you're subject
to surveillance, and think about what steps you're going to take in
response.

Cheers,
Michael

On 21/06/13 16:41, dan mcquillan wrote:
> a few people who came to our university cryptoparty asked whether 
> they're just going to draw attention to themselves by encrypting
> email.
> 
> the latest leaks seems to give a firm 'yes', as the NSA
> specifically keeps encrypted comms indefinitely.
> 
> sample news item:
> http://www.techdirt.com/articles/20130620/15390323549/nsa-has-convinced-fisa-court-that-if-your-data-is-encrypted-you-might-be-terrorist-so-itll-hang-onto-your-data.shtml
>
> 

> 
> how would list members answer the question 'to encrypt or not to
> encrypt'?
> 
> cheers dan
> 
> 
> 
> -- Too many emails? Unsubscribe, change to digest, or change
> password by emailing moderator at compa...@stanford.edu or changing
> your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJRxHajAAoJEBEET9GfxSfM2HkH/Rm25AIazNgkqxadf/vzXX+6
mF7r0OCJxskiItRiGIYPLQm82Ig7lPe2cKdi+B7EGkxe9e2CekgC5gFlY8m5b7dt
F9ivv//LjZnBscwHKNT4mZ073188BlsDRB0pSKQuYlZ1R8PCHfjM+U8l5nVaX0Ox
+tmwylPA5GKV9IQYtRHUlZlOd2wM2fmaaGMRZCdxOF/rk4m8fxZn/Emsj3Yq4IeG
syVZHqRwB6VkVA6YL5TllATpOqd+NE0JpwNPOsFUBVVN7XsUVeZeYIGx7k7lZ8AU
VI+dklvAIGDrkHEabnMhRQPABVh4XyWuwstJUPiDtMCDQ8f0vXz8tVAaGfN/p/Q=
=4kJw
-END PGP SIGNATURE-
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] to encrypt or not to encrypt?

[dan mcquillan]

a few people who came to our university cryptoparty asked whether they're
just going to draw attention to themselves by encrypting email.

the latest leaks seems to give a firm 'yes', as the NSA specifically keeps
encrypted comms indefinitely.

sample news item:
http://www.techdirt.com/articles/20130620/15390323549/nsa-has-convinced-fisa-court-that-if-your-data-is-encrypted-you-might-be-terrorist-so-itll-hang-onto-your-data.shtml

how would list members answer the question 'to encrypt or not to encrypt'?

cheers
dan
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] NSA is very likely storing all encrypted communications it is intercepting

[Joseph Lorenzo Hall]

Am I off in thinking that this is a good time to push more web 
properties to use forwardly secret SSL key exchange (like Google does 
with ECDHE_RSA)?

best, Joe

On Fri Jun 21 08:32:46 2013, Eugen Leitl wrote:
>
> http://www.forbes.com/sites/andygreenberg/2013/06/20/leaked-nsa-doc-says-it-can-collect-and-keep-your-encrypted-data-as-long-as-it-takes-to-crack-it/
>
> Leaked NSA Doc Says It Can Collect And Keep Your Encrypted Data As Long As It
> Takes To Crack It
>
> If you use privacy tools, according to the apparent logic of the National
> Security Agency, it doesn’t much matter if you’re a foreigner or an American:
> Your communications are subject to an extra dose of surveillance.
>
> Since 29-year-old systems administrator Edward Snowden began leaking secret
> documentation of the NSA’s broad surveillance programs, the agency has
> reassured Americans that it doesn’t indiscriminately collect their data
> without a warrant, and that what it does collect is deleted after five years.
> But according to a document signed by U.S. Attorney General Eric Holder and
> published Thursday by the Guardian, it seems the NSA is allowed to make
> ambiguous exceptions for a laundry list of data it gathers from Internet and
> phone companies. One of those exceptions applies specifically to encrypted
> information, allowing it to gather the data regardless of its U.S. or foreign
> origin and to hold it for as long as it takes to crack the data’s privacy
> protections.
>
> The agency can collect and indefinitely keep any information gathered for
> “cryptanalytic, traffic analysis, or signal exploitation purposes,” according
> to the leaked “minimization procedures” meant to restrict NSA surveillance of
> Americans. ”Such communications can be retained for a period sufficient to
> allow thorough exploitation and to permit access to data that are, or are
> reasonably believed likely to become, relevant to a future foreign
> intelligence requirement,” the procedures read.
>
> And one measure of that data’s relevance to foreign intelligence? The simple
> fact that the data is encrypted and that the NSA wants to crack it may be
> enough to let the agency keep it indefinitely. “In the context of
> cryptanalytic effort, maintenance of technical data bases requires retention
> of all communications that are enciphered or reasonably believed to contain
> secret meaning,” the criteria for the exception reads. “Sufficient duration
> [for retaining the data] may consist of any period of time during which
> encrypted material is subject to, or of use in, cryptanalysis.”
>
> That encryption exception is just one of many outlined in the document, which
> also allows NSA to give the FBI and other law enforcement any data from an
> American if it contains “significant foreign intelligence” information or
> information about a crime that has been or is about to be committed.
> Americans’ data can also be held if it’s “involved in the unauthorized
> disclosure of national security information” or necessary to “assess a
> communications security vulnerability.” Other “inadvertently acquired” data
> on Americans can be retained up to five years before being deleted.
>
> “Basically we’re in a situation where, if the NSA’s filters for
> distinguishing between domestic and foreign information stink, it gives them
> carte blanche to review those communications for evidence of crimes that are
> unrelated to espionage and terrorism,” says Kevin Bankston, a director of the
> Free Expression Project at the Center For Democracy and Technology. “If they
> don’t know where you are, they assume you’re not a US person. The default is
> that your communicatons are unprotected.”
>
> All of those exceptions seem to counter recent statements made by NSA and FBI
> officials who have argued that any collection of Americans’ data they perform
> is strictly limited by the Foreign Intelligence Surveillance Act (FISA)
> Court, a special judiciary body assigned to oversea the National Security
> Agency. “We get great oversight by all branches of government,” NSA director
> Alexander said in an on-stage interview at the Aspen Institute last year.
> “You know I must have been bad when I was a kid. We get supervised by the
> Defense Departmnet, the Justice Department the White House, by Congress… and
> by the [FISA] Court. So all branches of government can see that what we’re
> doing is correct.”
>
> But the latest leaked document bolsters a claim made by Edward Snowden, the
> 29-year-old Booz Allen contractor who has leaked a series of top secret NSA
> documents to the media after taking refuge in Hong Kong. In a live Q&A with
> the public Monday he argued that NSA analysts often make independent
> decisions about surveillance of Americans not subject to judicial review.
> “The reality is that…Americans’ communications are collected and viewed on a
> daily basis on the certification of an analyst rather than a warrant,”
> Snowden wrote. “They excuse this as ‘inciden

[liberationtech] Internet Censorship and Control

[Yosem Companys]

https://cyber.law.harvard.edu/pubrelease/internet-control/

The Internet is and has always been a space where participants battle for
control. The two core protocols that define the Internet – TCP and IP – are
both designed to allow separate networks to connect to each other easily,
so that networks that differ not only in hardware implementation (wired vs.
satellite vs. radio networks) but also in their politics of control
(consumer vs. research vs. military networks) can interoperate easily. It
is a feature of the Internet, not a bug, that China – with its extensive,
explicit censorship infrastructure – can interact with the rest of the
Internet.

In the following collection, published as an open access collection here
and as well in a special issue of IEEE Internet Computing, we present five
peer reviewed papers on the topic of Internet censorship and control. The
topics of the papers include a broad look at information controls,
censorship of microblogs in China, new modes of online censorship, the
balance of power in Internet governance, and control in the certificate
authority model. These papers make it clear that there is no global
consensus on what mechanisms of control are best suited for managing
conflicts on the Internet, just as there is none for other fields of human
endeavour. That said, there is optimism that with vigilance and continuing
efforts to maintain transparency the Internet can stay as a force for
increasing freedom than a tool for more efficient repression.

This collection was edited by Steven J. Murdoch of the University of
Cambridge Computer Laboratory and Hal Roberts of the Berkman Center for
Internet & Society at Harvard University.

Resources

   - Introduction to Special Issue on Internet Censorship and Control by
   Steven J. Murdoch and Hal Roberts.
   - Not by Technical Means Alone: The Multidisciplinary Challenge of
   Studying Information Controls by Masashi Crete-Nishihata, Ronald J.
   Deibert, and Adam Senft.
   - Assessing Censorship on Microblogs in China: Discriminatory Keyword
   Analysis and Impact Evaluation of the 'Real Name Registration' Policy by
   King-wa Fu, Chung-hong Chan and Michael Chau.
   - Censorship V3.1 by Derek E. Bambauer.
   - Anarchy, State, or Utopia? Checks and Balances of Power in Internet
   Governance by Christopher M. Riley.
   - Trust Darknet: Control and Compromise in the Internet's Certificate
   Authority Model by Steven B. Roosa and Stephen Schultze.
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Skype interception - Project Chess

[Nathan of Guardian]

On 06/20/2013 10:08 AM, Jacob Appelbaum wrote:
> To the Skype promoters, apologists and deniers - I encourage you to
> start using, and improving Jitsi - it needs a lot of love but it at
> least has a chance of being secure, whereas Skype is beyond repair.

I also want to add to this, that in order to use Jitsi, you need a
trustworthy, privacy-oriented SIP service provider [0], to go with it.
This means someone that doesn't keep logs, doesn't require real name
registration, defaults to secure, and that also offers features to help
defend against traffic analysis and mass metadata gathering [1].

This is exactly what we have been working on at Guardian Project with
our Open Secure Telephony Network [2] project and our public
beta/testbed service at OStel.co. The base service platform we are using
is Kamailio [3], which is a project that should be as equally supported
as Jitsi.

Ultimately, our goal is not to replace one single service with another
single service, but rather to enable every user, organization, NGO,
collective, cooperative, etc to run their own service, or at least have
a variety of hosted service operators that run at a known quality and
standard for privacy-oriented voice and video communications.

+n

[0] OSTel privacy policy https://ostel.co/privacy

[1] more technical discussion here about our approach compared to a
typical voice operator:
https://guardianproject.info/2013/06/12/carrier-grade-verizon-and-the-nsa/

[2] OSTN/OStel source https://github.com/guardianproject/OSTel

[3] Kamailio - Open Source SIP Server - http://www.kamailio.org/
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] Bush-Era Whistleblower Claims NSA Ordered Wiretap Of Barack Obama In 2004

[Moritz Bartl]

http://www.huffingtonpost.com/2013/06/20/russ-tice-nsa-obama_n_3473538.html

Russ Tice, Bush-Era Whistleblower, Claims NSA Ordered Wiretap Of Barack
Obama In 2004
The Huffington Post  |  By Nick Wing
Posted: 06/20/2013 2:11 pm EDT  |  Updated: 06/20/2013 7:04 pm EDT

Russ Tice, a former intelligence analyst who in 2005 blew the whistle on
what he alleged was massive unconstitutional domestic spying across
multiple agencies, claimed Wednesday that the NSA had ordered wiretaps
on phones connected to then-Senate candidate Barack Obama in 2004.

Speaking on "The Boiling Frogs Show," Tice claimed the intelligence
community had ordered surveillance on a wide range of groups and
individuals, including high-ranking military officials, lawmakers and
diplomats.

"Here's the big one ... this was in summer of 2004, one of the papers
that I held in my hand was to wiretap a bunch of numbers associated with
a 40-something-year-old wannabe senator for Illinois," he said. "You
wouldn't happen to know where that guy lives right now would you? It's a
big white house in Washington, D.C. That's who they went after, and
that's the president of the United States now."

Host Sibel Edmonds and Tice both raised concerns that such alleged
monitoring of subjects, unbeknownst to them, could provide the
intelligence agencies with huge power to blackmail their targets.

"I was worried that the intelligence community now has sway over what is
going on," Tice said.

After going public with his allegations in 2005, Tice later admitted
that he had been a key source in a bombshell New York Times report that
blew the lid off the Bush administration's use of warrantless
wiretapping of international communications in the U.S. The article
forced Bush to admit that the practice was indeed used on a small number
of Americans, but Tice maintained that the NSA practice was likely being
used the gather records for millions of Americans. The NSA denied Tice's
allegations.

In the wake of recent reports detailing the extent of the NSA's data
surveillance programs, Tice has again come out as a skeptic of the
administration's response. While defenders of the program have insisted
that there is nothing to suggest the government has the authority -- or
desire -- to listen in on people's phone calls without a warrant, Tice
told The Guardian that he believes the NSA has developed the capability
"to collect all digital communications word for word."

-- 
Moritz Bartl
https://www.torservers.net/
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Query on implications of dragnet eavesdropping

[Louis Suárez-Potts]

Thanks, Shava,

On 2013-06-21, at 24:58 , Shava Nerad  wrote:

> IANAL.
> 
> My understanding is that the TSA archives but does not examine the data 
> except under specific FISA searches.  This is their justification that it 
> isn't really domestic spying, because it's a fossil record of the data, like 
> archive.org for every stream, and they just want to be able to go back into 
> that snapshot and get what they want.

Yes, I understand that, and that also shields them (or any other agency) from 
knowing too much (and thus having to act on that information). "Too much" would 
include material not strictly relevant to their remit.


> 
> If the privacy implications were not so horrifying, scholars would be 
> expiring with envy.

FWIW, privacy issues have always haunted the subjects of scholarly inquiry. And 
having once been in the field where such sort of data is tantalizing (by data, 
I mean the warp and woof of daily life captured in the channels of 
communications), I find myself wishing indeed that the state would fund 
legitimate programmes to take snapshots of daily life. (I suspect that 
commercial interests are the ones salivating here.)

> Because of the communications allowed among branches of the DHS, I would 
> imagine, but I have no idea not being a criminal lawyer on that level, that 
> if a FISA search brought up evidence of, say, a crime relevant to the FBI, it 
> would go through channels.   It might be funky if it would jeopardize an 
> ongoing terrorism investigation.

That's actually the gist of my query. My example would be the evidence that is 
allowable in a terrorist trial, if there is one, as well as the legitimacy of 
evidence gathered incidentally in the trial of a non-terrorist. I believe that 
Scotus has ruled that evidence incidentally obtained but relevant can still be 
used--but then we come across the problem of acting on evidence (or suggestive 
indicators—patterns, say) that have been obtained under secret legal 
narratives. It's not clear to me that the spies would care about that 
information getting to other authorities, esp. if it does jeopardize their 
investigation. Prior instances of this sort of thing can be found, I would 
guess, where one policing branch has kept harmful information to itself as 
revealing it would kill the investigation. (Certainly Hollywood has minted it.)
> 
> Jurisdictional issues in any area of LE get sticky.  DHS was intended to 
> lubricate the worst idiocies of the often passive-aggressive barriers 
> individuals or the bureaucracy would throw in the way of inter-agency 
> cooperation. 

Yes. But it's also not just a jurisdictional issue. It's also a question of 
society, or rather, what we want of it. Thus:

* If we want a national police that protects us to the extent of 
monitoring all our communications and activities, if only by examining patterns 
and metadata, THEN…..
* Can we demand that this national police protect us by efficaciously 
using the information it has gathered? 

And, if it has not, and harmed has come, is it, or its subordinates, guilty of 
misprision? 
> 
> What it did as a major side effect, throwing out the baby with the bathwater, 
> was blur "posse comitatus" or the division between military and civilian 
> policing in the US, to the point where as of May, it seems this is a nearly 
> illusory boundary.

I guess my point is that that blur has actually led to a worst-case situation, 
where information gathered for military purposes could be of real interest to 
civilian authorities but useless, or never given to them, for one 
reason—jurisdiction, say—or another. I have no doubt that this disarticulation 
of interests and actions has gone on a long time. And I'm hardly suggesting 
that an obvious solution, like the Stasi, is desirable.

(To clarify:  A military interest would lie, I suppose, in the gathering of 
information the military can act on, such as patterns that would lead an 
analyst (or supercomputer) to a (would-be) terrorist. A civilian interest would 
lie in everything else and be framed by national borders.)
> 
> However, since all this data is gathered under clearances,  the family would, 
> on a practical basis, find it nearly to completely impossible to sue the 
> government in this case.  They would, from what I have seen from the ACLU/EFF 
> beating themselves bloody to very occasional expensive wins, have scant 
> chance as individuals at storming those walls.

I was thinking of classes of the affected, too; but more then at power's 
obligations of information.

Cheers, and thanks,
Louis

> 
> Yrs,
> 
> 
> 
> Shava Nerad
> shav...@gmail.com
> 
> On Jun 21, 2013 12:37 AM, "Louis Suárez-Potts"  wrote:
> Hi,
> This may be a banal or mundane query and probably doesn't directly pertain to 
> recent reports of NSA tapping or any other agency's. But let's say that in 
> their apparent dragnet the NSA or any other similar agency finds probable 
> cause to consider one or mor

[liberationtech] Using Tor increases likelihood you will be spied on

[Richard Brooks]

http://arstechnica.com/tech-policy/2013/06/use-of-tor-and-e-mail-crypto-could-increase-chances-that-nsa-keeps-your-data/

--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] NSA is very likely storing all encrypted communications it is intercepting

[Eugen Leitl]

http://www.forbes.com/sites/andygreenberg/2013/06/20/leaked-nsa-doc-says-it-can-collect-and-keep-your-encrypted-data-as-long-as-it-takes-to-crack-it/

Leaked NSA Doc Says It Can Collect And Keep Your Encrypted Data As Long As It
Takes To Crack It
 
If you use privacy tools, according to the apparent logic of the National
Security Agency, it doesn’t much matter if you’re a foreigner or an American:
Your communications are subject to an extra dose of surveillance.

Since 29-year-old systems administrator Edward Snowden began leaking secret
documentation of the NSA’s broad surveillance programs, the agency has
reassured Americans that it doesn’t indiscriminately collect their data
without a warrant, and that what it does collect is deleted after five years.
But according to a document signed by U.S. Attorney General Eric Holder and
published Thursday by the Guardian, it seems the NSA is allowed to make
ambiguous exceptions for a laundry list of data it gathers from Internet and
phone companies. One of those exceptions applies specifically to encrypted
information, allowing it to gather the data regardless of its U.S. or foreign
origin and to hold it for as long as it takes to crack the data’s privacy
protections.

The agency can collect and indefinitely keep any information gathered for
“cryptanalytic, traffic analysis, or signal exploitation purposes,” according
to the leaked “minimization procedures” meant to restrict NSA surveillance of
Americans. ”Such communications can be retained for a period sufficient to
allow thorough exploitation and to permit access to data that are, or are
reasonably believed likely to become, relevant to a future foreign
intelligence requirement,” the procedures read.
 
And one measure of that data’s relevance to foreign intelligence? The simple
fact that the data is encrypted and that the NSA wants to crack it may be
enough to let the agency keep it indefinitely. “In the context of
cryptanalytic effort, maintenance of technical data bases requires retention
of all communications that are enciphered or reasonably believed to contain
secret meaning,” the criteria for the exception reads. “Sufficient duration
[for retaining the data] may consist of any period of time during which
encrypted material is subject to, or of use in, cryptanalysis.”

That encryption exception is just one of many outlined in the document, which
also allows NSA to give the FBI and other law enforcement any data from an
American if it contains “significant foreign intelligence” information or
information about a crime that has been or is about to be committed.
Americans’ data can also be held if it’s “involved in the unauthorized
disclosure of national security information” or necessary to “assess a
communications security vulnerability.” Other “inadvertently acquired” data
on Americans can be retained up to five years before being deleted.

“Basically we’re in a situation where, if the NSA’s filters for
distinguishing between domestic and foreign information stink, it gives them
carte blanche to review those communications for evidence of crimes that are
unrelated to espionage and terrorism,” says Kevin Bankston, a director of the
Free Expression Project at the Center For Democracy and Technology. “If they
don’t know where you are, they assume you’re not a US person. The default is
that your communicatons are unprotected.”

All of those exceptions seem to counter recent statements made by NSA and FBI
officials who have argued that any collection of Americans’ data they perform
is strictly limited by the Foreign Intelligence Surveillance Act (FISA)
Court, a special judiciary body assigned to oversea the National Security
Agency. “We get great oversight by all branches of government,” NSA director
Alexander said in an on-stage interview at the Aspen Institute last year.
“You know I must have been bad when I was a kid. We get supervised by the
Defense Departmnet, the Justice Department the White House, by Congress… and
by the [FISA] Court. So all branches of government can see that what we’re
doing is correct.”

But the latest leaked document bolsters a claim made by Edward Snowden, the
29-year-old Booz Allen contractor who has leaked a series of top secret NSA
documents to the media after taking refuge in Hong Kong. In a live Q&A with
the public Monday he argued that NSA analysts often make independent
decisions about surveillance of Americans not subject to judicial review.
“The reality is that…Americans’ communications are collected and viewed on a
daily basis on the certification of an analyst rather than a warrant,”
Snowden wrote. “They excuse this as ‘incidental’ collection, but at the end
of the day, someone at NSA still has the content of your communications.”

However, the leaked document doesn’t exactly paint Snowden’s picture of a
random NSA analyst determining who is surveilled. The guidelines do state
that exceptions have to be “specifically” approved by the “Director (or
Acting Director) of NSA

Re: [liberationtech] [ZS] ZS encryption standards

[Eugen Leitl]

- Forwarded message from Bryce Lynch  -

Date: Thu, 20 Jun 2013 14:07:50 -0400
From: Bryce Lynch 
To: doctrinez...@googlegroups.com
Subject: Re: [ZS] ZS encryption standards
Reply-To: doctrinez...@googlegroups.com

On Thu, Jun 20, 2013 at 1:58 PM, Mark Nuzzolilo II wrote:

> I thought you were talking about Pidgin, but this is BitMessage.
>

Sorry.  We thought you meant BitMessage.  Guess I need to bump the rewrite
of the grammar parser up a few priority levels (after milestone three hits
the Net).

These will be of interest to you:

http://pidgin.im/pipermail/devel/2013-February/011140.html
https://micahflee.com/2013/02/using-gajim-instead-of-pidgin-for-more-secure-otr-chat/
https://trac.torproject.org/projects/tor/ticket/1676
http://pidgin.10357.n7.nabble.com/OTR-and-general-security-stuff-td124853.html

-- 
The Doctor [412/724/301/703] [ZS]
https://drwho.virtadpt.net/
"I am everywhere."

-- 
-- 
Zero State mailing list:
http://groups.google.com/group/DoctrineZero

--- 
You received this message because you are subscribed to the Google Groups 
"Doctrine Zero" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to doctrinezero+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.



- End forwarded message -
-- 
Eugen* Leitl http://leitl.org";>leitl http://leitl.org
__
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] NSA wiretapping without a warrant

[Eugen Leitl]

http://www.guardian.co.uk/world/2013/jun/20/fisa-court-nsa-without-warrant

Revealed: the top secret rules that allow NSA to use US data without a
warrant

Fisa court submissions show broad scope of procedures governing NSA's
surveillance of Americans' communication

• Document one: procedures used by NSA to target non-US persons

• Document two: procedures used by NSA to minimise data collected from US
persons

Glenn Greenwald and James Ball

guardian.co.uk, Thursday 20 June 2013 19.34 BST

Jump to comments (1045)

The documents show that discretion as to who is actually targeted lies
directly with the NSA's analysts. Photograph: Martin Rogers/Workbook
Stock/Getty

Top secret documents submitted to the court that oversees surveillance by US
intelligence agencies show the judges have signed off on broad orders which
allow the NSA to make use of information "inadvertently" collected from
domestic US communications without a warrant.

The Guardian is publishing in full two documents submitted to the secret
Foreign Intelligence Surveillance Court (known as the Fisa court), signed by
Attorney General Eric Holder and stamped 29 July 2009. They detail the
procedures the NSA is required to follow to target "non-US persons" under its
foreign intelligence powers and what the agency does to minimize data
collected on US citizens and residents in the course of that surveillance.

The documents show that even under authorities governing the collection of
foreign intelligence from foreign targets, US communications can still be
collected, retained and used.

The procedures cover only part of the NSA's surveillance of domestic US
communications. The bulk collection of domestic call records, as first
revealed by the Guardian earlier this month, takes place under rolling court
orders issued on the basis of a legal interpretation of a different
authority, section 215 of the Patriot Act.

The Fisa court's oversight role has been referenced many times by Barack
Obama and senior intelligence officials as they have sought to reassure the
public about surveillance, but the procedures approved by the court have
never before been publicly disclosed.

The top secret documents published today detail the circumstances in which
data collected on US persons under the foreign intelligence authority must be
destroyed, extensive steps analysts must take to try to check targets are
outside the US, and reveals how US call records are used to help remove US
citizens and residents from data collection.

However, alongside those provisions, the Fisa court-approved policies allow
the NSA to:

• Keep data that could potentially contain details of US persons for up to
five years;

• Retain and make use of "inadvertently acquired" domestic communications if
they contain usable intelligence, information on criminal activity, threat of
harm to people or property, are encrypted, or are believed to contain any
information relevant to cybersecurity;

• Preserve "foreign intelligence information" contained within
attorney-client communications;

• Access the content of communications gathered from "U.S. based machine[s]"
or phone numbers in order to establish if targets are located in the US, for
the purposes of ceasing further surveillance.

The broad scope of the court orders, and the nature of the procedures set out
in the documents, appear to clash with assurances from President Obama and
senior intelligence officials that the NSA could not access Americans' call
or email information without warrants.

The documents also show that discretion as to who is actually targeted under
the NSA's foreign surveillance powers lies directly with its own analysts,
without recourse to courts or superiors – though a percentage of targeting
decisions are reviewed by internal audit teams on a regular basis.

Since the Guardian first revealed the extent of the NSA's collection of US
communications, there have been repeated calls for the legal basis of the
programs to be released. On Thursday, two US congressmen introduced a bill
compelling the Obama administration to declassify the secret legal
justifications for NSA surveillance.

The disclosure bill, sponsored by Adam Schiff, a California Democrat, and
Todd Rokita, an Indiana Republican, is a complement to one proposed in the
Senate last week. It would "increase the transparency of the Fisa Court and
the state of the law in this area," Schiff told the Guardian. "It would give
the public a better understanding of the safeguards, as well as the scope of
these programs."

Section 702 of the Fisa Amendments Act (FAA), which was renewed for five
years last December, is the authority under which the NSA is allowed to
collect large-scale data, including foreign communications and also
communications between the US and other countries, provided the target is
overseas.

FAA warrants are issued by the Fisa court for up to 12 months at a time, and
authorise the collection of bulk information – some of which can include
comm

Re: [liberationtech] my op/ed in the SF Bay Guardian

[Warigia Bowman]

Dear Shava

I really enjoyed this piece. I am going to share it and plus one it and all
that. Here is my favorite part.

So we have the State Department declaring Internet Freedom and distributing
Tor overseas, and Prism turned inward at our own people?  What sense does
this make?  Praising the Arab Spring, and chasing American citizens with
drones?

The nation is sleeping or ostriching, and I'm sorry, but the press is
sleeping or at the least, distracted by survivability issues. We need to
turn this into a great and heroic national adventure story, or it's going
to turn into a national tragedy.


On Fri, Jun 21, 2013 at 11:46 AM, Anthony Papillion  wrote:

> On Jun 21, 2013, at 3:16 AM, "Shava Nerad"  wrote:
>
>
> 
> http://www.sfbg.com/politics/2013/06/20/hackivist%E2%80%99s-call-culture-engagement
>
> Pretty much what I've been carrying on about here. ;)
>
> yrs,
> --
>
>
> Excellent work, Shava! Very passionate. I'm definitely sharing it!
>
> A.
>
> --
> Too many emails? Unsubscribe, change to digest, or change password by
> emailing moderator at compa...@stanford.edu or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>



-- 
Dr. Warigia Bowman
Assistant Professor
Clinton School of Public Service
University of Arkansas
wbow...@clintonschool.uasys.edu
-
View my research on my SSRN Author page:
http://ssrn.com/author=1479660
--
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] my op/ed in the SF Bay Guardian

[Anthony Papillion]

On Jun 21, 2013, at 3:16 AM, "Shava Nerad"  wrote:


http://www.sfbg.com/politics/2013/06/20/hackivist%E2%80%99s-call-culture-engagement

Pretty much what I've been carrying on about here. ;)

yrs,
--


Excellent work, Shava! Very passionate. I'm definitely sharing it!

A. --
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] my op/ed in the SF Bay Guardian

[Shava Nerad]

http://www.sfbg.com/politics/2013/06/20/hackivist%E2%80%99s-call-culture-engagement

Pretty much what I've been carrying on about here. ;)

yrs,
-- 

Shava Nerad
shav...@gmail.com
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] {Spam?} Re: NYT: Obama’s German Storm

[Paul Bernal (LAW)]

Hi Fukami

I hope you're right that the lobbyists are out of the game for now. Their 
current tactic seems to be a delaying one: the advertising industry reps in 
particular are lobbying against doing anything too fast, and saying that there 
won't be an agreement over the regulations until 2014 at least - something most 
of us suspected anyway. They're hoping, I think, that the PRISM story will be 
short-lived, and in a few months time they'll be able to bring the lobby 
machine back into action on a big scale. I'm hoping that's not the case, of 
course: this could be a key moment for privacy people to get their message 
across and to have some kind of real effect.


Paul


Dr Paul Bernal
Lecturer
UEA Law School
University of East Anglia
Norwich Research Park
Norwich NR4 7TJ

email: paul.ber...@uea.ac.uk
Web: http://www.paulbernal.co.uk/
Blog: http://paulbernal.wordpress.com/
Twitter: @paulbernalUK

On 21 Jun 2013, at 08:20, fukami mailto:f...@foo.io>>
 wrote:

Hey Paul!

On 18.06.2013, at 11:48, Paul Bernal (LAW) 
mailto:paul.ber...@uea.ac.uk>> wrote:
This all needs to be viewed in the context of complex and contentious internal 
wrangling within the EU over the data protection reform package. What the PRISM 
saga does is strengthen the hand of those within the EU advocating for a 
stronger new package, and less watering down. To an extent this is an internal 
battle - and the Eurocrats don't care as much what the US thinks. To me it's 
more 'Germany vs UK' than it is 'Germany vs US', if you see what I mean.

Thanks for pointing this out, I fully agree (at least as far I'm able to 
understand what's going at EP). I was mainly referring to the influence of US 
lobbyist to weaken data protection over the last couple of months. Even if I 
don't trust many politicians, for me it looks like these lobbyists are out of 
the game for now. And there seems to be a good chance to get article 42 back.

Ultimately they know that US businesses may well ignore large swathes of the 
new regulation, but they'll use that regulation for horse-trading, in the way 
they've done with European competition regulation for decades.

Well, if Safe Harbour dies it would have an impact for US companies (but maybe 
I'm just too optimistic).


Cheers,
 fukami


--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing 
your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech

--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] NYT: Obama’s German Storm

[fukami]

Hey Paul!

On 18.06.2013, at 11:48, Paul Bernal (LAW)  wrote:
> This all needs to be viewed in the context of complex and contentious 
> internal wrangling within the EU over the data protection reform package. 
> What the PRISM saga does is strengthen the hand of those within the EU 
> advocating for a stronger new package, and less watering down. To an extent 
> this is an internal battle - and the Eurocrats don't care as much what the US 
> thinks. To me it's more 'Germany vs UK' than it is 'Germany vs US', if you 
> see what I mean.

Thanks for pointing this out, I fully agree (at least as far I'm able to 
understand what's going at EP). I was mainly referring to the influence of US 
lobbyist to weaken data protection over the last couple of months. Even if I 
don't trust many politicians, for me it looks like these lobbyists are out of 
the game for now. And there seems to be a good chance to get article 42 back.

> Ultimately they know that US businesses may well ignore large swathes of the 
> new regulation, but they'll use that regulation for horse-trading, in the way 
> they've done with European competition regulation for decades. 

Well, if Safe Harbour dies it would have an impact for US companies (but maybe 
I'm just too optimistic).


Cheers,
  fukami


--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech