Re: [liberationtech] LUKS "Self-Destruct" feature introduced in Kali Linux

[Maxim Kammerer]

On Sat, Jan 18, 2014 at 5:02 AM, Pranesh Prakash  wrote:
> This above description seems to me to be an extreme case of 2FA.  Is it 
> actually useful?

As noted in Liberté Linux FAQ [1]:
NOTE: Modern flash memory devices with wear leveling (as well as
modern HDDs with automatic bad sectors remapping) cannot guarantee
that the original OTFE header and its backup have been erased.

Also, the developers implemented the functionality by finding some old
cryptsetup patch and applying it.

I can't think of a scenario where this functionality would be useful.
Reminds me of Greenwald using his boyfriend as a data mule  —
simultaneously trusting and mistrusting cryptography due to lack of
understanding of the concepts involved. If you want to move data
safely, encrypt it with an automatically-generated password of
sufficient entropy, and transmit the password separately — there is no
need to transmit the whole LUKS keyslot, which is large, and is just a
technical detail.

[1] http://dee.su/liberte-faq

-- 
Maxim Kammerer
Liberté Linux: http://dee.su/liberte
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Concerns with new Stanford University security mandate

[Guido Witmond]

On 01/29/14 23:38, Jonathan Wilkes wrote:
> On 01/29/2014 04:50 PM, Guido Witmond wrote:
>> On 01/29/14 19:57, Jonathan Wilkes wrote:
>>> On 01/26/2014 08:12 AM, Guido Witmond wrote:
 BigFix: the missing package manager for Windows. What every
 self respecting unix/linux/bsd/etc system already has. Good.
>>> How is a centralized service that requires the user to download
>>> and install a binary from the web anything like apt?
>>> 
>>> Don't get me wrong, nearly anything is better than just bare
>>> Windows.
>>> 
>>> But an honest, courageous approach would actually encourage the
>>> oddball student who runs Debian Wheezy or whatever else that is
>>> lightyears ahead of Windows in terms of security.  Does this
>>> security mandate do that, or does it merely hope that the ideal
>>> of academic freedom will just get fed up and go find some other
>>> domain to bother?

>> I fully agree, being Microsoft free since 1999, myself. However,
>> the apt-package manager doesn't upgrade anything compiled into
>> usr/local, hence, the need for a scanner.
> 
> Hi Guido, Before I write anything else: Is the BigFix client free
> software? Couldn't figure it out from a quick look at the website.

I wouldn't know. Being an IBM acquisition, my first guess would be that
it is proprietary.


If you want something to scan you linux/bsd-box, there are good tools
available. Even good-old tripwire could help you. Or Samhain, that also
checks for setuid executables.

regards, Guido.

-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] Coursera to join censor club by blocking Iran IP space

[Nima Fatemi]

Hi Liberationtechers,

I just realized Coursera has recently joined the censor club by blocking
access to Iranian users[1].

Meanwhile I quote the very first line of their About page[2]:

"We believe in connecting people to a great education so that anyone
around the world can learn without limits."

This is not exactly what "free and open education" means! and I think we
should do something about it.

Any ideas?

[1]: https://twitter.com/Nimaaa/status/428812892452818944
[2]: https://www.coursera.org/about

Bests,
--
Nima
0XC009DB191C92A77B | mrphs - https://anarchy.io

"I disapprove of what you say, but I will defend to the death your right
to say it" --Evelyn Beatrice Hall

-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Coursera to join censor club by blocking Iran IP space

[andreas . bader]

Coursera says its not them, its an US export regulation. And this is related to 
all sanctioned countries, including Syria, Sudan and Cuba, not only Iran. I 
don't think that Coursera decided to do this by itself. Stanford University 
also offers Coursera courses btw.

Andreas

Source:
http://blog.coursera.org/post/74891215298/update-on-course-accessibility-for-students-in-cuba
-Original Message-
From: Nima Fatemi 
Sender: liberationtech-boun...@lists.stanford.edu
Date: Thu, 30 Jan 2014 09:22:33 
To: 
Reply-To: liberationtech 
Subject: [liberationtech] Coursera to join censor club by blocking Iran IP
space

-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Coursera to join censor club by blocking Iran IP space

[wasa bee]

Iranian users are very aware of proxies to access internet due to internal
censorship.
They will just use them to access coursera :); I doubt it will have much
impact on users.



On Thu, Jan 30, 2014 at 10:03 AM,  wrote:

> Coursera says its not them, its an US export regulation. And this is
> related to all sanctioned countries, including Syria, Sudan and Cuba, not
> only Iran. I don't think that Coursera decided to do this by itself.
> Stanford University also offers Coursera courses btw.
>
> Andreas
>
> Source:
>
> http://blog.coursera.org/post/74891215298/update-on-course-accessibility-for-students-in-cuba
> -Original Message-
> From: Nima Fatemi 
> Sender: liberationtech-boun...@lists.stanford.edu
> Date: Thu, 30 Jan 2014 09:22:33
> To: 
> Reply-To: liberationtech 
> Subject: [liberationtech] Coursera to join censor club by blocking Iran IP
> space
>
> --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> compa...@stanford.edu.
> --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> compa...@stanford.edu.
>
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Coursera to join censor club by blocking Iran IP space

[wasa bee]

proxy != tor ;)
Maybe they can also use lantern and google uProxy...


On Thu, Jan 30, 2014 at 10:06 AM,  wrote:

> The problem is the bandwith. Coursera works with video streams, that means
> that you can't practically use e.g. TOR.
> --
> *From: * wasa bee 
> *Date: *Thu, 30 Jan 2014 10:04:40 +
> *To: *; liberationtech<
> liberationtech@lists.stanford.edu>
> *Subject: *Re: [liberationtech] Coursera to join censor club by blocking
> Iran IP space
>
> Iranian users are very aware of proxies to access internet due to internal
> censorship.
> They will just use them to access coursera :); I doubt it will have much
> impact on users.
>
>
>
> On Thu, Jan 30, 2014 at 10:03 AM,  wrote:
>
>> Coursera says its not them, its an US export regulation. And this is
>> related to all sanctioned countries, including Syria, Sudan and Cuba, not
>> only Iran. I don't think that Coursera decided to do this by itself.
>> Stanford University also offers Coursera courses btw.
>>
>> Andreas
>>
>> Source:
>>
>> http://blog.coursera.org/post/74891215298/update-on-course-accessibility-for-students-in-cuba
>> -Original Message-
>> From: Nima Fatemi 
>> Sender: liberationtech-boun...@lists.stanford.edu
>> Date: Thu, 30 Jan 2014 09:22:33
>> To: 
>> Reply-To: liberationtech 
>> Subject: [liberationtech] Coursera to join censor club by blocking Iran IP
>> space
>>
>> --
>> Liberationtech is public & archives are searchable on Google. Violations
>> of list guidelines will get you moderated:
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
>> Unsubscribe, change to digest, or change password by emailing moderator at
>> compa...@stanford.edu.
>> --
>> Liberationtech is public & archives are searchable on Google. Violations
>> of list guidelines will get you moderated:
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
>> Unsubscribe, change to digest, or change password by emailing moderator at
>> compa...@stanford.edu.
>>
>
>
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] LUKS "Self-Destruct" feature introduced in Kali Linux

[wasa bee]

assuming credential info (IV, pwd-encrypted key,etc) is stored with no
recognizable format (not ASN1, no header), it should look indistinguishable
from other encrypted data on disk. So how feasible is it to brute-force the
 location of the key + pwd? That must take time. What if cred data is
scattered over the disk rather than written as a continuous blob? How much
mitigation would that introduce?
I'm just wondering what kind of "hardening" could be used against
non-reliable erase features.
Note that if you use an SSD with block management and wear levelling done
in OS, you should be able to delete securely. The problem is mainly for MMC.


On Thu, Jan 30, 2014 at 9:00 AM, Maxim Kammerer  wrote:

> On Sat, Jan 18, 2014 at 5:02 AM, Pranesh Prakash 
> wrote:
> > This above description seems to me to be an extreme case of 2FA.  Is it
> actually useful?
>
> As noted in Liberté Linux FAQ [1]:
> NOTE: Modern flash memory devices with wear leveling (as well as
> modern HDDs with automatic bad sectors remapping) cannot guarantee
> that the original OTFE header and its backup have been erased.
>
> Also, the developers implemented the functionality by finding some old
> cryptsetup patch and applying it.
>
> I can't think of a scenario where this functionality would be useful.
> Reminds me of Greenwald using his boyfriend as a data mule  --
> simultaneously trusting and mistrusting cryptography due to lack of
> understanding of the concepts involved. If you want to move data
> safely, encrypt it with an automatically-generated password of
> sufficient entropy, and transmit the password separately -- there is no
> need to transmit the whole LUKS keyslot, which is large, and is just a
> technical detail.
>
> [1] http://dee.su/liberte-faq
>
> --
> Maxim Kammerer
> Liberté Linux: http://dee.su/liberte
> --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> compa...@stanford.edu.
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] LUKS "Self-Destruct" feature introduced in Kali Linux

[wasa bee]

well, encryption software are already hard to use "Greenwald struggled with
the software for a while, but then gave up and blew off Snowden.  Snowden
then got in touch with Laura Poitras, who was already an expert on
encryption"
http://www.dailykos.com/story/2013/08/28/1233355/-Can-anyone-help-me-set-up-PGP-encrypted-E-mail-It-s-the-mark-of-an-investigative-reporter
How much would your not-so-technically-complicated solution cripple
usability?
You might argue that if you're encrypted ur data + afraid of being coerced
to reveal the key, then ur a sufficiently high target to take the extra
hassle...


On Thu, Jan 30, 2014 at 3:25 AM, Charles Haynes  wrote:

> Yes it's useful but it's maybe more complicated than necessary. You
> encrypt the information and make sure the decryption key is sent to a safe
> destination via a different route. While in transit you cannot be compelled
> to give up encryption keys because you do not have them (unlike a TrueCrypt
> hidden volume.) When you arrive safely at your destination you retrieve the
> decryption key and restore your data (unlike a self-destruct.)
>
> -- Charles
>
> --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> compa...@stanford.edu.
>
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Coursera to join censor club by blocking Iran IP space

[Rich Kulawiec]

On Thu, Jan 30, 2014 at 12:17:00PM +, Amin Sabeti wrote:
> The main point is Coursera has done something that it's not legitimate.

They were (apparently) forced to do this.  It's not like Coursera
staff woke up one day and suddenly decided to block those countries
because they had nothing better to do.  Please read:


http://hummusforthought.com/2014/01/29/us-bans-students-from-blacklisted-countries-from-getting-a-free-education/

---rsk
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Coursera to join censor club by blocking Iran IP space

[Collin Anderson]

My hypothesis has been that Coursera, in the midst of raising venture
capital funds, had a broad compliance risk evaluation and this was raised
by outside counsel. Based on their blogpost, I suspect they
took voluntary action and then reached out to State (or vice versa), who
likely informed them of the Syrian General License and are probably working
on specific licenses for other countries (this will take months in the best
case). While no one would ever likely go after Coursera for continuing the
way things were, no one would ever advise them to ignore legal concerns
either. Myself and others read into the Iranian and Sudanese exemptions as
liberally as we can, and it was clear that this was an unfortunately
reasonable interpretation. The law simply has not anticipated the rise of
virtual, for-profit, non-accredited, non-degree-granting educational
institutions; as such, it falls outside of General Licenses 1 (Sudan) and E
(Iran). Hopefully, what will come out of this mess is a new General
License, which was the reaction to problems on sport exchanges with Iranian
officials last summer, since MITx has been pulling similar moves lately as
well.


On Thu, Jan 30, 2014 at 8:10 AM, Rich Kulawiec  wrote:

> On Thu, Jan 30, 2014 at 12:17:00PM +, Amin Sabeti wrote:
> > The main point is Coursera has done something that it's not legitimate.
>
> They were (apparently) forced to do this.  It's not like Coursera
> staff woke up one day and suddenly decided to block those countries
> because they had nothing better to do.  Please read:
>
>
> http://hummusforthought.com/2014/01/29/us-bans-students-from-blacklisted-countries-from-getting-a-free-education/
>
> ---rsk
> --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> compa...@stanford.edu.
>



-- 
*Collin David Anderson*
averysmallbird.com | @cda | Washington, D.C.
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Coursera to join censor club by blocking Iran IP space

[Collin Anderson]

For what it is worth, I have an appreciation for the manner that Coursera
proceeded with this, being that they have been open about the process that
led to the restriction, that they are apparently reaching out to bloggers,
and since they seem to be pursuing a legal remedy. That is far better than
some companies, whose new product launches are followed by a need to check
if its even available in sanctioned countries or who still won't take
action even when their product was specifically named in a Treasury
Department document (I hate you Adobe). On top of that, their announcement
essentially instructs the public to use a VPN and to not give them reason
to know about location -- that's imperfect yes, but it was respectful.


On Thu, Jan 30, 2014 at 8:26 AM, Collin Anderson
wrote:

> My hypothesis has been that Coursera, in the midst of raising venture
> capital funds, had a broad compliance risk evaluation and this was raised
> by outside counsel. Based on their blogpost, I suspect they
> took voluntary action and then reached out to State (or vice versa), who
> likely informed them of the Syrian General License and are probably working
> on specific licenses for other countries (this will take months in the best
> case). While no one would ever likely go after Coursera for continuing the
> way things were, no one would ever advise them to ignore legal concerns
> either. Myself and others read into the Iranian and Sudanese exemptions as
> liberally as we can, and it was clear that this was an unfortunately
> reasonable interpretation. The law simply has not anticipated the rise of
> virtual, for-profit, non-accredited, non-degree-granting educational
> institutions; as such, it falls outside of General Licenses 1 (Sudan) and E
> (Iran). Hopefully, what will come out of this mess is a new General
> License, which was the reaction to problems on sport exchanges with Iranian
> officials last summer, since MITx has been pulling similar moves lately as
> well.
>
>
> On Thu, Jan 30, 2014 at 8:10 AM, Rich Kulawiec  wrote:
>
>> On Thu, Jan 30, 2014 at 12:17:00PM +, Amin Sabeti wrote:
>> > The main point is Coursera has done something that it's not legitimate.
>>
>> They were (apparently) forced to do this.  It's not like Coursera
>> staff woke up one day and suddenly decided to block those countries
>> because they had nothing better to do.  Please read:
>>
>>
>> http://hummusforthought.com/2014/01/29/us-bans-students-from-blacklisted-countries-from-getting-a-free-education/
>>
>> ---rsk
>> --
>> Liberationtech is public & archives are searchable on Google. Violations
>> of list guidelines will get you moderated:
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
>> Unsubscribe, change to digest, or change password by emailing moderator at
>> compa...@stanford.edu.
>>
>
>
>
> --
> *Collin David Anderson*
> averysmallbird.com | @cda | Washington, D.C.
>



-- 
*Collin David Anderson*
averysmallbird.com | @cda | Washington, D.C.
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] #ICT4D BOOK: TV White Spaces, a pragmatic approach

[Yosem Companys]

From: Marco Zennaro 

TV White Spaces, a pragmatic approach

The growing demand for wireless data transmission imposes the search for
alternatives to the current spectrum exploitation schemes. In the long
term, dynamic spectrum access seems to be the only viable solution, once
the technical details for its implementation are solved. In the near term,
the use of currently vacant spectrum allocated to TV broadcast is poised to
alleviate the spectrum crunch while opening the path for dynamic spectrum
access.

While several trials and deployments of TV White Spaces have been conducted
in the USA, Europe and Africa, there are still many aspects that need to be
considered in order to benefit from this technology.  A team
of international experts addresses some of the most relevant issues,
ranging from the spectrum regulatory framework and the societal
implications to the technical details.

WiFi has had an unexpected success in the traffic off-loading of cellular
networks, so WS could also be deployed for this purpose. Furthermore, for
machine-to-machine applications and the "Internet of Things" paradigm WS
have significant advantages both for developed and developing economies.

Following the great success of the Wireless Networking for Developing
World book (http://www.wndw.net), we offer this new work, focused on a more
specific subject.

"This collection of articles explores both the policy and the technology
around TV White Spaces. They are great articles individually, but they are
strictly more powerful as a group. And as a group they continue the great
heritage of mutual respect and discussion between technologists and policy
makers - a heritage that includes changing the world for the better on a
regular basis. (Professor Eric Brewer, University of California at
Berkeley)".

Visit http://wireless.ictp.it/tvws/book/ to download your free copy.

Marco Zennaro, PhD
Telecommunications / ICT for Development Laboratory
the Abdus Salam International Centre for Theoretical Physics
Strada Costiera 11
34014 Trieste
Italy

Telephone: +39 040 2240 406
Web:   http://wireless.ictp.it
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Coursera to join censor club by blocking Iran IP space

[Ellery Biddle]

We ran a piece on this on Tuesday -- not sure if Global Voices' post 
had any impact here, but some hours afterword, they removed the block 
for Syria, under OFAC's exception for "support of nongovernmental 
organizations’ activities in Syria, particularly as they pertain to 
increasing access to education"

http://advocacy.globalvoicesonline.org/2014/01/29/coursera-blocked-in-syria-by-us-sanctions/

I don't know the rationale for offering this exception for Syria but 
not for the other sanctioned countries. We are keen to raise more 
awareness about this in the coming months.

Does anyone on this list have contacts at Coursera that they would be 
willing to share? Would be great to talk to them about it as well.

On Thu Jan 30 07:10:31 2014, Joanne Michele wrote:
> I'm forwarding the letter from my professor to the Constitutional
> Struggles in the Muslim World class (how lovely for those very same
> students to get kicked out in the last week of the course).
>
> He makes it clear that Coursera had no control over the decision, but
> I read it as if they knew it was coming. I am disappointed that they
> haven't publicly fought for their students, though maybe that's
> forthcoming due to all of the attention.
>
> I'm also curious as to what the list thinks of his suggestions for
> proxies, especially what Colin and others think of the future risks to
> students in Iran.
>
> Thanks,
>
> Joanne
>
> Dear All,
>
> I write this email under protest and with a considerable degree of
> anger and sadness. Few things illustrate the bone-headedness,
> short-sightedness, and sheer chauvinism of the political structure of
> the United States better than the extent to which its ideologues are
> willing to go to score cheap domestic political points with narrow
> interests in the pursuit of a sanctions regime that has clearly run
> its course.
>
> You might remember the Apple ad from a few years back, in which the
> company proudly announced that their machines were now so powerful
> that they fell under export restrictions: "For the first time in
> history a personal computer has been classified as a weapon by the US
> government ..."
>
> http://www.youtube.com/watch?v=t4dDuocAXTY
>
> Well, that was a tongue in cheek quip at their Wintel competitors, but
> a few years after that same company decided that also an iPad
> apparently could now a weapon, in a rather cowardly anticipatory
> cow-tow to an ever expanding and aggressive sanctions regime, when
> they stopped selling any of their products to anyone who happened to
> SPEAK Persian in their stores (the company has since lifted that
> idiotic policy):
>
> http://www.bbc.co.uk/news/world-us-canada-18545003
>
> But you will now be interested to hear that also my course (and
> anything elseCoursera offers) has been classified, if not a weapon
> that could be misused, then at least a "service" and as such must not
> fall into the hands of anybody happening to live in the countries that
> the United States government doesn't like. I have thus been informed
> that my students in Cuba, Syria, Sudan and my homeland will no longer
> be able to access this course. I leave it to you to ponder whether
> this course is indeed a weapon and if so against what and what
> possible benefit the average American citizen could possibly derive
> from restricting access to it.
>
> Be this as it may, I invite those students affected to use services
> such as hola.org  or VPN routers to circumvent these
> restrictions.
>
> Let me reiterate that I am appalled at this decision. Please note that
> no-one atCoursera likely had a choice in this matter!
>
> At any rate, rest assured that these are not the values of the
> University of Copenhagen, of its Faculty of Law, and most assuredly
> not mine!
>
> Let me end on a personal note: as a recipient of a McCloy Scholarship
> created to foster trans-Atlantic friendship and as someone who spent
> some of his most formative years in the United States, I have to admit
> that I am worried about the path this country is descending to.
> Blocking teaching (and medicine) from people whose government one
> doesn't like is a fallback into the darkest hours of the last century.
> As my teacher at MIT, Prof. Stephen Van Evera would have told the
> people responsible for this: your mothers would not be proud of you today.
>
> Your instructor,
>
> Prof. Dr. Ebrahim Afsah
> Faculty of Law
> University of Copenhagen
>
> PS: Below an excerpt of the communication I received from Coursera; I
> know from previous engagements that there is absolutely nothing they
> can do in the current legal climate in the United States:
>
> "As some of you already know, certain U.S. export control regulations
> prohibit U.S. businesses, such as Coursera, from offering services to
> users in sanctioned countries (Cuba, Iran, Sudan, and Syria). The
> interpretation of the export control regulations in the context of
> MOOCs has been ambiguous up until now, and we had 

Re: [liberationtech] Concerns with new Stanford University security mandate

[Patrick Schleizer]

Jonathan Wilkes:
>  Before I write anything else: Is the BigFix client free software? 
> Couldn't figure it out from a quick look at the website.

I also couldn't find confirmation it's Free Software. And the default in
our world is being copyrighted, proprietary.

In conclusion, Stanford "liberationtech" is promoting proprietary software?

What are the chances, that IBM - as an US company - isn't or won't soon
be subverted by NSA backdoor, now that we know from news how NSA
infiltrated other proprietary software?

Is this just a draconian enforcement of someone not aware or not caring
about Free Software / "liberationtech" or are stronger mechanisms (ex:
national security letter) at play here?

-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Concerns with new Stanford University security mandate

[Jonathan Wilkes]

On 01/30/2014 11:38 AM, Patrick Schleizer wrote:

Jonathan Wilkes:

  Before I write anything else: Is the BigFix client free software?
Couldn't figure it out from a quick look at the website.

I also couldn't find confirmation it's Free Software.


Someone from Stanford want to weigh in here?  It's a very simple 
question, and I apologize in advance if I missed something obvious.


If it is proprietary, is there a bold Stanford student on this list 
willing to take his/her Debian box (or whatever flavor OS) in to IT and 
report on the process of getting it up and running on the network 
without installing a proprietary binary?


-Jonathan


  And the default in
our world is being copyrighted, proprietary.

In conclusion, Stanford "liberationtech" is promoting proprietary software?

What are the chances, that IBM - as an US company - isn't or won't soon
be subverted by NSA backdoor, now that we know from news how NSA
infiltrated other proprietary software?

Is this just a draconian enforcement of someone not aware or not caring
about Free Software / "liberationtech" or are stronger mechanisms (ex:
national security letter) at play here?



--
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change 
to digest, or change password by emailing moderator at compa...@stanford.edu.

Re: [liberationtech] Concerns with new Stanford University security mandate

[Andrés Leopoldo Pacheco Sanfuentes]

This whole Stanford "security" policy featuring "full scans of everything"
reeks of NSA+PATRIOT act crap & stupidity, all in the same cocktail. It is
SHAMEFUL using PII as an excuse - did the corporatized university
bureaucrats assigned to Stanford consult with its Computer Science
department? Because even the Wikipedia entry for "PII" mentions that, in
this "late anthropocenic era" of TMI, with its Internet and social
metworks, there are a zillion other ways to get that info without access to
PII, & I'm pretty sure IBM's sw doesn't detect that ! I just cannot believe
it. Back to MIT I guess.. oh wait! MIT was the one institution whose
inaction in defense of free speech and academic freedom was a significant
contributing factor in the chain of events leading to the unfortunate
suicide of that good fellow that took back to the general public digital
truckloads of scientific papers, most probably paid for by our tax dollars
to begin with..
On Jan 30, 2014 12:12 PM, "Jonathan Wilkes"  wrote:

> On 01/30/2014 11:38 AM, Patrick Schleizer wrote:
>
>> Jonathan Wilkes:
>>
>>>   Before I write anything else: Is the BigFix client free software?
>>> Couldn't figure it out from a quick look at the website.
>>>
>> I also couldn't find confirmation it's Free Software.
>>
>
> Someone from Stanford want to weigh in here?  It's a very simple question,
> and I apologize in advance if I missed something obvious.
>
> If it is proprietary, is there a bold Stanford student on this list
> willing to take his/her Debian box (or whatever flavor OS) in to IT and
> report on the process of getting it up and running on the network without
> installing a proprietary binary?
>
> -Jonathan
>
>And the default in
>> our world is being copyrighted, proprietary.
>>
>> In conclusion, Stanford "liberationtech" is promoting proprietary
>> software?
>>
>> What are the chances, that IBM - as an US company - isn't or won't soon
>> be subverted by NSA backdoor, now that we know from news how NSA
>> infiltrated other proprietary software?
>>
>> Is this just a draconian enforcement of someone not aware or not caring
>> about Free Software / "liberationtech" or are stronger mechanisms (ex:
>> national security letter) at play here?
>>
>>
> --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated: https://mailman.stanford.edu/
> mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change
> password by emailing moderator at compa...@stanford.edu.
>
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] LUKS "Self-Destruct" feature introduced in Kali Linux

[Sean Lynch]

On Thu, Jan 30, 2014 at 1:00 AM, Maxim Kammerer  wrote:

>
> I can't think of a scenario where this functionality would be useful.
> Reminds me of Greenwald using his boyfriend as a data mule  —
> simultaneously trusting and mistrusting cryptography due to lack of
> understanding of the concepts involved. If you want to move data
> safely, encrypt it with an automatically-generated password of
> sufficient entropy, and transmit the password separately — there is no
> need to transmit the whole LUKS keyslot, which is large, and is just a
> technical detail.
>

I don't think even this is useful. It'd be as easy or easier to go get the
separately transmitted key than to get you to reveal it, and the same
tactics that would get you to reveal the key could also get you to reveal
its location or the identity of whoever has the key.

In the more likely scenario, it's unlikely the bad guys are going to make
any distinction between your refusing to reveal the key and your being
unable to reveal the key. It's not like they're going to say "Damn, we've
lost. Well, just let them go, then!"

The only real protection from being compelled to reveal a key is for the
bad guys not to know the encrypted data even exists.
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] New public XMPP / Jabber server with Forward Secrecy/DNSSEC/Tor Hidden Service/DANE support - jabber.calyxinstitute.org

[Nicholas Merrill]

Hey all

I wanted to let everyone here know that we (The Calyx Institute) opened
an experimental public and free Jabber / XMPP server to the public today
that has a number of interesting security features / policies

You can read the details here: 
https://www.calyxinstitute.org/projects/public_jabber_xmpp_server

If you have any problems connecting or using it, feel free to send me an
OTR-encrypted message to n...@calyxinstitute.org

best,

Nick

-- 
Nicholas Merrill
Executive Director
The Calyx Institute
287 Spring Street
New York, NY 10013

-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] New public XMPP / Jabber server with Forward Secrecy/DNSSEC/Tor Hidden Service/DANE support - jabber.calyxinstitute.org

Looks good, I will try it out.  Thanks Nick- much respect for you and 
Calyx.

-Shelley


 On Jan 30, 2014 2:14 PM, Nicholas Merrill  wrote: 

Hey all



I wanted to let everyone here know that we (The Calyx Institute) opened

an experimental public and free Jabber / XMPP server to the public today

that has a number of interesting security features / policies



You can read the details here: 

https://www.calyxinstitute.org/projects/public_jabber_xmpp_server



If you have any problems connecting or using it, feel free to send me an

OTR-encrypted message to n...@calyxinstitute.org



best,



Nick



-- 

Nicholas Merrill

Executive Director

The Calyx Institute

287 Spring Street

New York, NY 10013



-- 

Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.


-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] New public XMPP / Jabber server with Forward Secrecy/DNSSEC/Tor Hidden Service/DANE support - jabber.calyxinstitute.org

[Gregory Maxwell]

On Thu, Jan 30, 2014 at 2:13 PM, Nicholas Merrill  wrote:
> Hey all
>
> I wanted to let everyone here know that we (The Calyx Institute) opened
> an experimental public and free Jabber / XMPP server to the public today
> that has a number of interesting security features / policies

"We can't force you, but you are strongly encouraged to use Off The
Record Messaging to further encrypt your private conversations
end-to-end. "

Why can't you force it? The cleartext is available to the server. The
OTR traffic is trivially identifiable.

You might want to just rephrase it to say that you don't force it
rather than can't?
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] NSA Spying, Snowden, & Sparking Change w/ EFF's Cindy Cohn & ACLU's Nicole Ozer on Feb 5 @ 4:10 pm in UC Berkeley 210 South Hall

[Yosem Companys]

Don't miss the upcoming Distinguished Lecture at the UC Berkeley School of
Information:

*NSA Spying, Snowden, and Sparking
Change*
With *Cindy Cohn, Electronic Frontier Foundation, and Nicole Ozer, ACLU*

Wednesday, February 5, 2014, 4:10 pm - 5:30 pm
210 South Hall

Don't miss what promises to be a very timely and engaging conversation with
Cindy Cohn, legal director of the Electronic Frontier Foundation, and
Nicole Ozer, technology and civil liberties director at the ACLU of
Northern California. They will be exploring the latest updates related to
NSA spying -- what we now know, what we still don't know, and opportunities
in Congress, the courts, companies, and in communities to rein in
warrantless surveillance and better safeguard privacy and free speech.

*Cindy Cohn* is the legal director for the Electronic Frontier Foundation
as well as its general counsel. She is responsible for overseeing the EFF's
overall legal strategy and supervising EFF's fourteen staff attorneys. Ms.
Cohn first became involved with the EFF in 1993, when the EFF asked her to
serve as the outside lead attorney in Bernstein v. Dept. of
Justice,
the successful First Amendment challenge to the U.S. export restrictions on
cryptography. Outside the courts, Ms. Cohn has testified before Congress,
been featured in the New York Times, San Francisco Chronicle, and elsewhere
for her work on digital rights and has traveled onto the Internet with Stephen
Colbert.
The
National Law Journal named Ms. Cohn one of 100 most influential lawyers in
America in 
2013,noting:
"[I]f Big Brother is watching, he better look out for Cindy Cohn.'

*Nicole Ozer* is the director of the Technology and Civil Liberties Project
at the ACLU of Northern California and manages the organization's work on
new technology, privacy, and free speech. Nicole is a nationally recognized
expert on issues at the intersection of consumer privacy and government
surveillance and free speech and the Internet, is regularly quoted in
print, television, and radio outlets, and has written several influential
publications, including *Privacy & Free Speech: It's Good for
Business, *a
primer of dozens of case studies and tips for baking safeguards into the
business development process, and *Putting Online Privacy Above the Fold:
Building a Social Movement and Creating Corporate
Change*(NYU
Review of Law & Social Change, 2012). Nicole graduated *magna
cum laude* from Amherst College, studied comparative civil rights history
at the University of Cape Town, South Africa, and earned her J.D. with a
Certificate in Law and Technology from Boalt Hall School of Law, University
of California Berkeley.
More information:
http://www.ischool.berkeley.edu/newsandevents/events/dls/20140205nsaspying
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] New public XMPP / Jabber server with Forward Secrecy/DNSSEC/Tor Hidden Service/DANE support - jabber.calyxinstitute.org

[Jonathan Wilkes]

On 01/30/2014 05:29 PM, Gregory Maxwell wrote:

On Thu, Jan 30, 2014 at 2:13 PM, Nicholas Merrill  wrote:

Hey all

I wanted to let everyone here know that we (The Calyx Institute) opened
an experimental public and free Jabber / XMPP server to the public today
that has a number of interesting security features / policies

"We can't force you, but you are strongly encouraged to use Off The
Record Messaging to further encrypt your private conversations
end-to-end. "

Why can't you force it? The cleartext is available to the server. The
OTR traffic is trivially identifiable.

You might want to just rephrase it to say that you don't force it
rather than can't?


Since many people socialize mainly over the internet nowadays, OTR as an 
option means that most if not all of your users will leak data in the 
form of the plaintext conversations that _lead_ them to use OTR in a 
particular circumstance.  Worse, even if the reason for starting an OTR 
conversation starts out-of-band (off the internet) you're userbase is 
then divided into a small group of people who have "something to hide" 
and everyone else.


So I'd recommend forcing OTR.  Then the people discussing lolcats won't 
feel so bad about wasting their time, because even seemingly frivolous 
privacy helps to protect everyone else's.


-Jonathan
--
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change 
to digest, or change password by emailing moderator at compa...@stanford.edu.

Re: [liberationtech] New public XMPP / Jabber server with Forward Secrecy/DNSSEC/Tor Hidden Service/DANE support - jabber.calyxinstitute.org

[Nathan of Guardian]

On 01/30/2014 07:02 PM, Jonathan Wilkes wrote:
> So I'd recommend forcing OTR.  Then the people discussing lolcats won't
> feel so bad about wasting their time, because even seemingly frivolous
> privacy helps to protect everyone else's.

Is there any existing plugin or configuration for a common XMPP server
(Prosody, eJabberD) for "filter all message traffic and only allow OTR"?
If not, that might be a useful thing for someone to implement.

On the other hand, what you are asking for is to have the server run a
regex check on every messages that comes through, which may not sit well
with users even if is automated.

+n

-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] EveryVote Prototype / Advice for Knight Foundation Prototype Grant Applicant?

[Mitch Downey]

Hi liberationtech,

I'm applying for the Knight Prototype Fund, and I'm new to this stuff. Is
there anyone here with grant experience who can offer some advice? The
application is due tomorrow, January 31 before midnight. Even if you send
advice for the project after the deadline, we'd appreciate the input.

We're requesting funding to finish building the MVP of the open source
(AGPLv3) EveryVote election and townhall meeting platform. Click the link
below to check out how EveryVote could help increase voter turnout, connect
constituents to representatives and candidates, and facilitate debate
online.

EveryVote Prototype: everyvote.org/prototype

Our intended audience for the Spring 2014 MVP is university student
organization elections, such as Student Governments, Campus Activities
Boards, Fraternity Councils, Homecoming King and Queen, and any other
organization with elections. EveryVote group pages have to be easy enough
that the Election Commissioners of the student organizations can
comfortably manage the pages themselves.

Also, EveryVote is dedicated to using international open government data
standards, and building its software with federation to maximize the
freedom and convenience of users, and also so EveryVote itself cannot form
a monopoly over access to public data or public data tools. We'd also like
to help educate university students about the value and challenges of open
data standards and network federation.

Please let us know if you have any questions, and thank you for your
consideration.

Mitch Downey
contactus {at} everyvote [dot] org
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] New public XMPP / Jabber server with Forward Secrecy/DNSSEC/Tor Hidden Service/DANE support - jabber.calyxinstitute.org

[Jonathan Wilkes]

On 01/30/2014 07:23 PM, Nathan of Guardian wrote:

On 01/30/2014 07:02 PM, Jonathan Wilkes wrote:

So I'd recommend forcing OTR.  Then the people discussing lolcats won't
feel so bad about wasting their time, because even seemingly frivolous
privacy helps to protect everyone else's.

Is there any existing plugin or configuration for a common XMPP server
(Prosody, eJabberD) for "filter all message traffic and only allow OTR"?
If not, that might be a useful thing for someone to implement.


I'm not sure on that one.



On the other hand, what you are asking for is to have the server run a
regex check on every messages that comes through, which may not sit well
with users even if is automated.


If that scares users then they need to take their fear back to the 
drawing board.


-Jonathan



+n



--
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change 
to digest, or change password by emailing moderator at compa...@stanford.edu.

Re: [liberationtech] EveryVote Prototype / Advice for Knight Foundation Prototype Grant Applicant?

[Peter Lindener]

Hi
Mitch-

I went to your sight's URL and git hub repository

   I did not dive into your web sight's code  But I'm wondering if
there is any consideration by way of the algebraic dependencys of Von
Neumann and Morgenstern expected utility
theorem,
it can be proven that a well formed Cardinal Ranked Choice voting
system
is nessisary for all voter's to be consistently represented over the full
space of potential Social Decsion outcomes.

   Does your web sight utilize this kind of Ranked Choice voter prioritized
preference ballot?   If not, how might your system in any real sense
take into account every voters secondary preferences if they happen not to
win there first?

   There is more to the Social Decision Systems problem, but lets start
with the basics   without a Social Choice Function's having access to
the entire Cardianl ranked choice preference priorities of each and every
voter, it would be impossible for a voting function to consistently
represent each voter by attempting to maximize the expected personal
utility of each and every voter over the probability space of all possible
outcomes...

   What does it mean when you use the phrase "EveryVote" ?

-Peter


On Thu, Jan 30, 2014 at 5:39 PM, Mitch Downey  wrote:

> Hi liberationtech,
>
> I'm applying for the Knight Prototype Fund, and I'm new to this stuff. Is
> there anyone here with grant experience who can offer some advice? The
> application is due tomorrow, January 31 before midnight. Even if you send
> advice for the project after the deadline, we'd appreciate the input.
>
> We're requesting funding to finish building the MVP of the open source
> (AGPLv3) EveryVote election and townhall meeting platform. Click the link
> below to check out how EveryVote could help increase voter turnout, connect
> constituents to representatives and candidates, and facilitate debate
> online.
>
> EveryVote Prototype: everyvote.org/prototype
>
> Our intended audience for the Spring 2014 MVP is university student
> organization elections, such as Student Governments, Campus Activities
> Boards, Fraternity Councils, Homecoming King and Queen, and any other
> organization with elections. EveryVote group pages have to be easy enough
> that the Election Commissioners of the student organizations can
> comfortably manage the pages themselves.
>
> Also, EveryVote is dedicated to using international open government data
> standards, and building its software with federation to maximize the
> freedom and convenience of users, and also so EveryVote itself cannot form
> a monopoly over access to public data or public data tools. We'd also like
> to help educate university students about the value and challenges of open
> data standards and network federation.
>
> Please let us know if you have any questions, and thank you for your
> consideration.
>
> Mitch Downey
> contactus {at} everyvote [dot] org
>
> --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> compa...@stanford.edu.
>
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] CSEC Snowden revelations

[Ronald Deibert]

Libtech

There are more details to it than what's described here - more damning.
I believe most, if not all, of the documents I saw should be released tomorrow.

I am planning on writing a detailed oped, which I hope will appear tomorrow.

Regards
RD

EXCLUSIVE
CSEC used airport Wi-Fi to track Canadian travellers: Edward Snowden documents
Electronic snooping was part of a trial run for U.S. NSA and other foreign 
services
By Greg Weston, Glenn Greenwald, Ryan Gallager, CBC News Posted: Jan 30, 2014 
8:59 PM ET Last Updated: Jan 30, 2014 10:00 PM ET

http://www.cbc.ca/news/politics/csec-used-airport-wi-fi-to-track-canadian-travellers-edward-snowden-documents-1.2517881


A top secret document retrieved by U.S. whistleblower Edward Snowdenand 
obtained by CBC News shows that Canada's electronic spy agency used information 
from the free internet service at a major Canadian airport to track the 
wireless devices of thousands of ordinary airline passengers for days after 
they left the terminal.

After reviewing the document, one of Canada's foremost authorities on 
cyber-security says the clandestine operation by the Communications Security 
Establishment Canada ( CSEC) was almost certainly illegal.


Ronald Deibert told CBC News: "I can't see any circumstance in which this would 
not be unlawful, under current Canadian law, under our Charter, under CSEC's 
mandates."


The spy agency is supposed to be collecting primarily foreign intelligence by 
intercepting overseas phone and internet traffic, and is prohibited by law from 
targeting Canadians or anyone in Canada without a judicial warrant.

As CSEC chief John Forster recently stated: "I can tell you that we do not 
target Canadians at home or abroad in our foreign intelligence activities, nor 
do we target anyone in Canada.

"In fact, it's prohibited by law. Protecting the privacy of Canadians is our 
most important principle."


But security experts who have been apprised of the document point out the 
airline passengers in a Canadian airport were clearly in Canada.


CSEC said in a written statement to CBC News that it is "mandated to collect 
foreign signals intelligence to protect Canada and Canadians. And in order to 
fulfill that key foreign intelligence role for the country, CSEC is legally 
authorized to collect and analyze metadata."


Metadata reveals a trove of information including, for example, the location 
and telephone numbers of all calls a person makes and receives — but not the 
content of the call, which would legally be considered a private communication 
and cannot be intercepted without a warrant.


"No Canadian communications were (or are) targeted, collected or used," the 
agency says.

In the case of the airport tracking operation, the metadata apparently 
identified travelers' wireless devices, but not the content of calls made or 
emails sent from them.

Black Code


Diebert is author of the book Black Code: Inside the Battle for Cyberspace, 
which is about internet surveillance, and he heads the world-renowned Citizen 
Lab cyber research program at the University of Toronto's Munk School of Global 
Affairs.


He says that whatever CSEC calls it, the tracking of those passengers was 
nothing less than an "indiscriminate collection and analysis of Canadians' 
communications data," and he could not imagine any circumstances that would 
have convinced a judge to authorize it.


A passenger checks his cellphone while boarding a flight in Boston in October. 
The U.S. Federal Aviation Administration issued new guidelines under which 
passengers will be able to use electronic devices from the time they board to 
the time they leave the plane, which will also help electronic spies to keep 
tabs on them. (Associated Press)
The latest Snowden document indicates the spy service was provided with 
information captured from unsuspecting travellers' wireless devices by the 
airport's free Wi-Fi system over a two-week period.

Experts say that probably included many Canadians whose smartphone and laptop 
signals were intercepted without their knowledge as they passed through the 
terminal.

The document shows the federal intelligence agency was then able to track the 
travellers for a week or more as they — and their wireless devices — showed up 
in other Wi-Fi "hot spots" in cities across Canada and even at U.S. airports.

That included people visiting other airports, hotels, coffee shops and 
restaurants, libraries, ground transportation hubs, and any number of places 
among the literally thousands with public wireless internet access.

The document shows CSEC had so much data it could even track the travellers 
back in time through the days leading up to their arrival at the airport, these 
experts say.

While the documents make no mention of specific individuals, Deibert and other 
cyber experts say it would be simple for the spy agency to have put names to 
all the Canadians swept up in the operation. 

All Canadians with a smartphone, ta

Re: [liberationtech] EveryVote Prototype / Advice for Knight Foundation Prototype Grant Applicant?

[Chris Csikszentmihalyi]

Mitch,

Echoing Peter, there's a lot of ink spilled about various preferential
voting systems, including rank, multi-stage, etc.  Benjamin Mako Hill, who
may well be on this list and many of you probably know, did a project in my
research group at MIT to develop both a preferential voting library and an
example app called selectricity (currently unmaintained).
http://rubyvote.rubyforge.org/
https://gitorious.org/selectricity

What was great about Selectricity was that one could choose from about half
a dozen election methods, including plurality, Condorcet, Schultze, etc.,
but also see what the election would have resulted in if another method had
been used.  Selectricity was used by a variety of unions, student groups,
etc. to do board votes, etc.  One election for the board of Students for
Free Culture was a great example, in that the Schultze method (also used by
Debian) was chosen, and resulted in a completely different set of board
members being elected than plurality had been used.

The shorthand we used to describe its difference from plurality:  10 people
want to go to lunch.  Half really prefer Szechuan food, and hate Northern
Italian cuisine.  Half crave Italian the most but hate Szechuan.  But all
of them would choose Thai food for their second choice, and really like it
a lot.  In plurality voting, _no one would ever eat Thai_.

Anyway, feel free to look at the code bases -- I think riseup used rubyvote
in one of their projects? -- and note: it was developed in part with Knight
Foundation funding!

Chris.


On Thu, Jan 30, 2014 at 7:14 PM, Peter Lindener wrote:

> Hi
> Mitch-
>
> I went to your sight's URL and git hub repository
>
>I did not dive into your web sight's code  But I'm wondering if
> there is any consideration by way of the algebraic dependencys of Von
> Neumann and Morgenstern expected utility 
> theorem,
>  it can be proven that a well formed Cardinal Ranked Choice voting system
> is nessisary for all voter's to be consistently represented over the full
> space of potential Social Decsion outcomes.
>
>Does your web sight utilize this kind of Ranked Choice voter
> prioritized preference ballot?   If not, how might your system in any
> real sense take into account every voters secondary preferences if they
> happen not to win there first?
>
>There is more to the Social Decision Systems problem, but lets start
> with the basics   without a Social Choice Function's having access to
> the entire Cardianl ranked choice preference priorities of each and every
> voter, it would be impossible for a voting function to consistently
> represent each voter by attempting to maximize the expected personal
> utility of each and every voter over the probability space of all possible
> outcomes...
>
>What does it mean when you use the phrase "EveryVote" ?
>
> -Peter
>
>
> On Thu, Jan 30, 2014 at 5:39 PM, Mitch Downey  wrote:
>
>> Hi liberationtech,
>>
>> I'm applying for the Knight Prototype Fund, and I'm new to this stuff. Is
>> there anyone here with grant experience who can offer some advice? The
>> application is due tomorrow, January 31 before midnight. Even if you send
>> advice for the project after the deadline, we'd appreciate the input.
>>
>> We're requesting funding to finish building the MVP of the open source
>> (AGPLv3) EveryVote election and townhall meeting platform. Click the link
>> below to check out how EveryVote could help increase voter turnout, connect
>> constituents to representatives and candidates, and facilitate debate
>> online.
>>
>> EveryVote Prototype: everyvote.org/prototype
>>
>> Our intended audience for the Spring 2014 MVP is university student
>> organization elections, such as Student Governments, Campus Activities
>> Boards, Fraternity Councils, Homecoming King and Queen, and any other
>> organization with elections. EveryVote group pages have to be easy enough
>> that the Election Commissioners of the student organizations can
>> comfortably manage the pages themselves.
>>
>> Also, EveryVote is dedicated to using international open government data
>> standards, and building its software with federation to maximize the
>> freedom and convenience of users, and also so EveryVote itself cannot form
>> a monopoly over access to public data or public data tools. We'd also like
>> to help educate university students about the value and challenges of open
>> data standards and network federation.
>>
>> Please let us know if you have any questions, and thank you for your
>> consideration.
>>
>> Mitch Downey
>> contactus {at} everyvote [dot] org
>>
>> --
>> Liberationtech is public & archives are searchable on Google. Violations
>> of list guidelines will get you moderated:
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
>> Unsubscribe, change to digest, or change password by emailing moderator at
>> compa...@stanford.edu.
>>
>
>
>

Re: [liberationtech] EveryVote Prototype / Advice for Knight Foundation Prototype Grant Applicant?

[Peter Lindener]

Hi
Thanks Chris,
for chiming in here.

Social Choice theory has its challenges   especially in the past,
as some more leading, (yet obstinate) social welfare theorists apperently
were more interested in maintaining the status quo of "true democracy is
impossible" ...
I.e. by avoiding the topic of game theory...its possible to sustain your
prestige high up in ivory tower..   Thankfully the students down bellow
seem to be on more solid footing...and much progress is currently underway
in how we might better understand the nature of the Social Choice Function
design problem...

Thanks Chris for your clarifying example..!
For those interested..  you might want to check out our introductory Social
Choice paper , in
particular, in Section 7 where Joey and I point out that there is an
idealized Cardinal Ranked Choice function that satisfies *ALL of Arrow's
desirable properties*   If one thinks about it a little bit futher...
the key insight here, it that it is the introduction as a limitation on a
voter's influence authority that utlimatly brings with it the mutual
exclusion associated with Dr. Arrows result   So while we are
appreciative for the encouraging style found at the end of Prof. Arrows
Nobel 
lecture.
  It is our view, that the foundations of Game theory developed by Von
Numan and 
Morgenstern
will
need to be more properly acknowledged.

   Thanks to all, including Dr. Arrow who have helped to make this progess
possible...

   All the best
  -Peter




On Thu, Jan 30, 2014 at 7:44 PM, Chris Csikszentmihalyi
wrote:

> Mitch,
>
> Echoing Peter, there's a lot of ink spilled about various preferential
> voting systems, including rank, multi-stage, etc.  Benjamin Mako Hill, who
> may well be on this list and many of you probably know, did a project in my
> research group at MIT to develop both a preferential voting library and an
> example app called selectricity (currently unmaintained).
> http://rubyvote.rubyforge.org/
> https://gitorious.org/selectricity
>
> What was great about Selectricity was that one could choose from about
> half a dozen election methods, including plurality, Condorcet, Schultze,
> etc., but also see what the election would have resulted in if another
> method had been used.  Selectricity was used by a variety of unions,
> student groups, etc. to do board votes, etc.  One election for the board of
> Students for Free Culture was a great example, in that the Schultze method
> (also used by Debian) was chosen, and resulted in a completely different
> set of board members being elected than plurality had been used.
>
> The shorthand we used to describe its difference from plurality:  10
> people want to go to lunch.  Half really prefer Szechuan food, and hate
> Northern Italian cuisine.  Half crave Italian the most but hate Szechuan.
>  But all of them would choose Thai food for their second choice, and really
> like it a lot.  In plurality voting, _no one would ever eat Thai_.
>
> Anyway, feel free to look at the code bases -- I think riseup used
> rubyvote in one of their projects? -- and note: it was developed in part
> with Knight Foundation funding!
>
> Chris.
>
>
> On Thu, Jan 30, 2014 at 7:14 PM, Peter Lindener 
> wrote:
>
>> Hi
>> Mitch-
>>
>> I went to your sight's URL and git hub repository
>>
>>I did not dive into your web sight's code  But I'm wondering if
>> there is any consideration by way of the algebraic dependencys of Von
>> Neumann and Morgenstern expected utility 
>> theorem,
>>  it can be proven that a well formed Cardinal Ranked Choice voting system
>> is nessisary for all voter's to be consistently represented over the full
>> space of potential Social Decsion outcomes.
>>
>>Does your web sight utilize this kind of Ranked Choice voter
>> prioritized preference ballot?   If not, how might your system in any
>> real sense take into account every voters secondary preferences if they
>> happen not to win there first?
>>
>>There is more to the Social Decision Systems problem, but lets start
>> with the basics   without a Social Choice Function's having access to
>> the entire Cardianl ranked choice preference priorities of each and every
>> voter, it would be impossible for a voting function to consistently
>> represent each voter by attempting to maximize the expected personal
>> utility of each and every voter over the probability space of all possible
>> outcomes...
>>
>>What does it mean when you use the phrase "EveryVote" ?
>>
>> -Peter
>>
>>
>> On Thu, Jan 30, 2014 at 5:39 PM, Mitch Downey wrote:
>>
>>> Hi liberationtech,
>>>
>>> I'm applying for the Knight Prototype Fund, and I'm new to this stuff.