[liberationtech] Registration open: Privacy Enhancing Technology Symposium - July 16-18 2014 Amsterdam
* Privacy Enhancing Technology Symposium -July 16-18, 2014 Royal Tropical Institute, Amsterdam, The Netherlands * The 14th Privacy Enhancing Technologies Symposium addresses the design and realization of privacy services for the Internet and other data systems and communication networks by bringing together anonymity and privacy experts from around the world to discuss recent advances and new perspectives. Additional information about the conference can be found at http://petsymposium.org/2014. *Registration is open* at https://www.petsymposium.org/2014/registration.php, travel information can be found here: https://www.petsymposium.org/2014/travel.php, including information for Visa application. *Important dates*: Early bird registration:until June 24th Hotel special rates: until May 30th The conference will be a 3-day event featuring technical presentations of papers, judged based on their quality and relevance through double-blind reviewing. The Symposium will include an invited talk by Martin Ortlieb (Google Zurich) and the rest of the program can be found here: https://www.petsymposium.org/2014/program.php The third day of the symposium will be devoted to HotPETs — the hottest, most exciting research ideas still in a formative state. The program for HotPETs includes an invited tal byWilliam Binney, former intelligence official with the United States National Security Agency, and specialized talks on hot topics related to privacy. The program will be announced here: https://www.petsymposium.org/2014/hotpets.php PETS will be collocated with the GenoPri Workshop (https://genomeprivacy.org/workshop) that will take place on July 15th. The event will explore the privacy issues raised by genomics and the main envisioned solutionsIt will include a keynote and a tutorial on genomics for computer scientists by a geneticist. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] One third IT managers think can Cloud compute with encrypted data
On 06/05/14 13:37, Fabian Keil wrote: Caspar Bowden (lists) li...@casparbowden.net wrote: I downloaded Ponemon/Thales new survey of n=4275 IT managers (United States, the United Kingdom, Germany, France, Australia, Japan, Brazil, and Russia) a couple of days ago by registering here https://t.co/8rI2Z8vy1j, but they appear to have now pulled the report. It is remarkable that one third IT managers not only think that it is possible to compute with encrypted data, but that they are doing so already. Here's the relevant text (red is my emphasis) and screenshot with graphs [If they don't understand this, what else don't they understand about their organization's security?] CB *Who controls the encryption keys* I don't doubt that (at least) one third of the questioned IT managers don't understand their organisation's security, but without a definition of control I'd assume that Ponemon/Thales were merely asking who legally controls the encryption keys. that is the root of the trouble, the pre-crypto legal concept of processing (e.g. in EU and CoE108) subsumes storage+computing, and legal control doesn't pass to a mere data processor even if has capability to read and disclose data to a foreign jurisdiction Otherwise one would also have to mention the people who wrote the OS, the firmware, the application, people who provide software and hardware updates, cleaning personal, successful attackers etc., even when not looking at cloud environments. The power of compulsion in e.g. FISA 702 is over a service provider to (effectively) backdoor their running stack. Authors of the OS or lower in the stack are not in that service provider firing line (and an unremarked amendment in FISA 702 in 2008 extended the scope beyond telcos/ISPs to Cloud providers) @CasparBowden -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] One third IT managers think can Cloud compute with encrypted data
I downloaded Ponemon/Thales new survey of n=4275 IT managers (United States, the United Kingdom, Germany, France, Australia, Japan, Brazil, and Russia) a couple of days ago by registering here https://t.co/8rI2Z8vy1j, but they appear to have now pulled the report. It is remarkable that one third IT managers not only think that it is possible to compute with encrypted data, but that they are doing so already. Here's the relevant text (red is my emphasis) and screenshot with graphs [If they don't understand this, what else don't they understand about their organization's security?] CB *Who controls the encryption keys* Figure 24 examines the issue of control over encryption keys in the cloud environment for both encryption of data at rest and encryption of data at the application level. Thirty-four percent of respondents believe their organization is in control of encryption keys for *both* data encrypted at the *application level* and at rest in the cloud environment. Another 28 percent and 29 percent believe control of encryption keys is a *shared activity between** **the organization and the cloud provider*. Only 19 percent and 17 percent of respondents, respectively, view the cloud provider as having control over encryption keys for either encryption at the application level or for data at rest [Figure 24] Figure 25 shows German organizations are the most likely to say their organizations have control of encryption keys *at the application level *and for data at rest in the cloud. Brazilian respondents are the least likely to say their organizations have control over encryption keys at the application level and for data at rest in the cloud. *Figure 25. Percentage of respondents who say their organization is in control of encryption keys* Consolidated analysis for encryption at *both the application level* and for data at rest in the cloud by country sample [Figure 25] screenshot of Fig.24/25 of pdf -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] One third IT managers think can Cloud compute with encrypted data
On 04/05/14 17:19, Caspar Bowden (lists) wrote: I downloaded Ponemon/Thales new survey of n=4275 IT managers (United States, the United Kingdom, Germany, France, Australia, Japan, Brazil, and Russia) a couple of days ago by registering here https://t.co/8rI2Z8vy1j, but they appear to have now pulled the report. It is remarkable that one third IT managers not only think that it is possible to compute with encrypted data, but that they are doing so already. Here's the relevant text (red is my emphasis) and screenshot with graphs [If they don't understand this, what else don't they understand about their organization's security?] CB *Who controls the encryption keys* Figure 24 examines the issue of control over encryption keys in the cloud environment for both encryption of data at rest and encryption of data at the application level. Thirty-four percent of respondents believe their organization is in control of encryption keys for *both* data encrypted at the *application level* and at rest in the cloud environment. Another 28 percent and 29 percent believe control of encryption keys is a *shared activity between** **the organization and the cloud provider*. Only 19 percent and 17 percent of respondents, respectively, view the cloud provider as having control over encryption keys for either encryption at the application level or for data at rest [Figure 24] Figure 25 shows German organizations are the most likely to say their organizations have control of encryption keys *at the application level *and for data at rest in the cloud. Brazilian respondents are the least likely to say their organizations have control over encryption keys at the application level and for data at rest in the cloud. *Figure 25. Percentage of respondents who say their organization is in control of encryption keys* Consolidated analysis for encryption at *both the application level* and for data at rest in the cloud by country sample [Figure 25] Hmm, that didn't work embedded - trying as attachment CB -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] One third IT managers think can Cloud compute with encrypted data
Nope, not attachment either, should have used *link https://twitter.com/CasparBowden/status/462967989495558144/photo/1/large* in the first place CB -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Secure Cloud Computing: Virtualizing the FreedomBox
On 24/04/14 19:21, Zooko Wilcox-OHearn wrote: On Tue, Apr 22, 2014 at 11:47 AM, Caspar Bowden (lists) li...@casparbowden.net wrote: TAHOE is also cool, but doesn't claim to provide confidentiality. A TAHOE service provider would have no choice but to round-up/backdoor the necessary keys under existing US (FISA/PATRIOT) or UK (RIPA Pt.3) legislation [or Indian IT Acts etc. etc.] Oh, by the way, this part was incorrect. An example of a Tahoe-LAFS service provider is my company, https://LeastAuthority.com. LeastAuthority.com does not have any ability to acquire our customers's keys, nor to backdoor our customers. This is semantics. If you provide the service to a customer, you can be forced to backdoor http://www.wired.com/2007/11/hushmail-to-war/ (let's define terms Customer, Provider, user, individual data subject if want to continue, else will get ourselves hopelessly confused - or if you point me at the part of the spec you think invulnerable will show you how FISA or RIP can round-up keys) It's in FISA 702 expressly, and as we now know, key disclosure can even be forced under S.215. Not saying this to knock TAHOE, but often in Cloud discussions, people are looking at a conventional threat model - protecting against external attack and insider *un*authorized access. But the new part of the threat model, relevant post-Snowden, is authorized insider access lawfully required by the jurisdiction to which that Cloud is exposed. The UK law RIPA Pt.3 (2000) was even written with extreme (and correct) detail to give powers to round up arbitrary number of key fragments (whether this might be defeated by lots and lots of fragments is debatable) -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Secure Cloud Computing: Virtualizing the FreedomBox
On 24/04/14 21:09, Zooko Wilcox-OHearn wrote: On 24/04/14 19:21, Zooko Wilcox-OHearn wrote: Oh, by the way, this part was incorrect. An example of a Tahoe-LAFS service provider is my company, https://LeastAuthority.com. LeastAuthority.com does not have any ability to acquire our customers's keys, nor to backdoor our customers. On Thu, Apr 24, 2014 at 6:13 PM, Caspar Bowden (lists) li...@casparbowden.net wrote: This is semantics. If you provide the service to a customer, you can be forced to backdoor No, this is wrong. I can understand why you say this, because you've looked at dozens — perhaps hundreds — of services which made claims like those above, and in every case it turned out that the service actually had the technical capability to backdoor its customers. Am I right? The Hushmail case that you cite was an early and famous example, and the recent Lavabit case is an example. But LeastAuthority.com is different from that, for a very specific technical reason. That reason is that not *only* is our operation free from customer plaintext and customer encryption keys, but *also* we don't deliver software to our customers. When new customers sign up at https://LeastAuthority.com, we send them a nice email explaining that now they need to go acquire the Free and Open Source software named Tahoe-LAFS. We recommend that they get it from their operating system provider, e.g. Debian, Ubuntu, or the pkgsrc system (http://www.pkgsrc.org/). So I had not realized that and, that is a very good idea generally, for these types of legal attack, and would be even better idea if we had deterministic compilers Therefore if a government, or a murderous mafia, compelled us to cooperate with them, we would then say Well… okay, but… have you figured out how your target users acquires the software? Because, you know, if they're getting it from Debian, or from Tails, or something, then there's not a whole lot we can do to help you backdoor your target users…. Here's an open letter on this topic that I wrote to the Silent Circle folks when they shut down their mail service after the Lavabit story broke: https://leastauthority.com/blog/open_letter_silent_circle.html I agree. Inadvertently, I muddied the waters by referring to Hushmail, since the storage providers in your system don't (and don't purport to) provide confidentiality Caspar -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Secure Cloud Computing: Virtualizing the FreedomBox
On 17/04/14 20:29, David Solomonoff wrote: This blog post was inspired by a recent breakthrough in homomorphic encryption at MIT: In 2010 I asked Professor Eben Moglen https://en.wikipedia.org/wiki/Eben_Moglen to speak to the Internet Society of New York http://isoc-ny.org about software freedom, privacy and security in the context of cloud computing and social media. In his Freedom in the Cloud http://isoc-ny.org/?p=1338%20 talk, he proposed the FreedomBox https://freedomboxfoundation.org as a solution [Now] data can be encrypted at every point until it is accessed by its legitimate owner, combining privacy and security with the flexibility and scalability of cloud computing. No longer confined behind a locked down private data center or hidden under the end user's bed, a virtual FreedomBox can finally escape to the clouds. Full article: http://www.davrola.com/2014/04/17/secure-cloud-computing-virtualizing-the-freedombox/ (I am not a cryptographer, but disillusioned former FHE-enthusiast, until I realized was irrelevant to real Cloud policy) Fully homomorphic encryption uses techniques utterly different to conventional encryption and is a ~trillion times slower. Even the integer version ~million times slower Apropos the blog, Mylar is cool, but doesn't use FHE. It sends the Cloud conventionally encrypted blobs to and fro - and the Client does all the work (thus neutralizing main vaunted benefit of Cloud, elastic and parallel CPU power). It also uses an encrypted search technique for indexing (which is also cool) TAHOE is also cool, but doesn't claim to provide confidentiality. A TAHOE service provider would have no choice but to round-up/backdoor the necessary keys under existing US (FISA/PATRIOT) or UK (RIPA Pt.3) legislation [or Indian IT Acts etc. etc.] There are partial homomorphic solutions coming along useful to specific scenarios, but using them will be state-of-the-art crypto engineering research.microsoft.com/pubs/148825/ccs2011_submission_412.pdf for foreseeable future FHE cannot rescue confidentiality in the Cloud. Caspar Bowden -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Secure Cloud Computing: Virtualizing the FreedomBox
On 22/04/14 14:05, Tom Ritter wrote: On 22 April 2014 07:47, Caspar Bowden (lists) li...@casparbowden.net wrote: TAHOE is also cool, but doesn't claim to provide confidentiality. A TAHOE service provider would have no choice but to round-up/backdoor the necessary keys under existing US (FISA/PATRIOT) or UK (RIPA Pt.3) legislation [or Indian IT Acts etc. etc.] I'm pretty sure that TAHOE does provide confidentiality - the keys don't leave your device (more correctly, the gateway running on your device) unless you distribute them. Which you can, you can send the decryption key granting read-capability to anyone, but you don't have to. Yes, the fragments of data are brought together on your device (or a gateway someplace), in that sense it is no different from a pure storage Cloud (do it yourself crypto) but with better availability * Users do not rely on storage servers to provide */confidentiality/* nor */integrity/* for their data -- instead all of the data is encrypted and integrity-checked by the gateway, so that the servers can neither read nor modify the contents of the files. (https://tahoe-lafs.org/trac/tahoe-lafs/browser/trunk/docs/about.rst) It's a storage solution, and therefore not what actually Cloud is about in a business/industry sense, who want Cloud compute power to crunch usefully on encrypted data. CB -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] European privacy regulators' excellent paper on Anonymisation Techniques
It's been a remarkable few days for the Committee of European privacy regulators (the Art.29 Working Party) In their first opinion on Data Protection law and national security http://t.co/itKVGpDI1L, they grudgingly sort of admit it is their job to stop NSA spying, but then the next day they approve contracts for PRISM's first corporate partner https://twitter.com/CasparBowden/status/456366945512599552 for Cloud processing (although they aren't really a mere processor at all https://twitter.com/CasparBowden/status/456413628392939520) ..and today they issued the highest quality paper I have ever read from them - No.216, on Anonymisation Techniques Storified version *here wden/art-29-wp-opinion-216-on-anonymisation-techniques* for gist, full text (37 pages) in first tweet If anyone knows of a regulatory text that comes close on this topic, would like to know... The relevance to LiberationTech is that if they enforce this, then a whole bunch of worries about commercial and state spying through BigData will go away, in Europe at least Caspar -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] CORRECTION: European privacy regulators' excellent paper on Anonymisation Techniques
Please disregard previous, main highlighted link got mangled = It's been a remarkable few days for the Committee of European privacy regulators (the Art.29 Working Party) In their first opinion on Data Protection law and national security http://t.co/itKVGpDI1L, they grudgingly sort of admit it is their job to stop NSA spying, but then the next day they approve contracts for PRISM's first corporate partner https://twitter.com/CasparBowden/status/456366945512599552 for Cloud processing (although they aren't really a mere processor at all https://twitter.com/CasparBowden/status/456413628392939520) ..and today they issued the highest quality paper I have ever read from them - No.216, on Anonymisation Techniques Storified version *here https://storify.com/CasparBowden/art-29-wp-opinion-216-on-anonymisation-techniques* for gist, full text (37 pages) in first tweet If anyone knows of a regulatory text that comes close on this topic, would like to know... The relevance to LiberationTech is that if they enforce this, then a whole bunch of worries about commercial and state spying through BigData will go away, in Europe at least Caspar -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] CFP: IFIP Summer School 2014
I recommend this conference (am on PC) - Caspar --- CALL FOR PAPERS Ninth International Summer School organised jointly by the IFIP Working Groups 9.2, 9.5, 9.6/11.7, 11.4, 11.6, Special Interest Group 9.2.2 IFIP Summer School on Privacy and Identity Management for the Future Internet in the Age of Globalisation Computer Technology Institute and Press Diophantus, Patras , Greece, 7-12 September 2014 In cooperation with the FP7 EU projects ABC4Trust, A4Cloud, FutureID, PRISMS. INTRODUCTION Much research in privacy and identity in recent years has focused on the privacy issues associated with new technologies such as social media, cloud computing, big data, ubiquitous and ambient technologies. Due to the fact that many of these technologies operate on a global scale their use not only touches the countries where they originate (in many cases, the US), but individuals and groups around the globe. The recent revelations regarding the surveillance practices of the National Security Agency (NSA), USA, and Government Communications Headquarters (GCHQ), UK, (and undoubtedly others that we will hear about since writing this Call for Papers) have put state surveillance firmly back on the table. Here, too, the operations by agencies in one country affect individuals and groups around the globe. Indeed, the NSA is primarily tasked with intercepting and processing the communication of non-US citizens, within the US and abroad. Privacy and identity management issues have hence become global issues requiring the attention of multiple disciplines, both technical (computer science, cryptography) and non-technical (law, ethics, social sciences, philosophy) and the need to look beyond national borders. Regulators are trying to readjust the legal frameworks in which the information society operates, both in Europe (think of the data protection reform that should in 2014 culminate in the General Data Protection Regulation), the US (the Federal Trade Commission initiatives with respect to big data, Consumer Privacy Bill of Rights), and elsewhere. Leading Internet engineers have also agreed to upgrade standards to improve Internet privacy and security. Questions facing the research community include: How can individuals’ privacy rights be achieved effectively in a globalising information society in which both states and private enterprises exhibit great data hunger? What technologies, frameworks and tools do we need to gain, regain and maintain informational self-determination and lifelong privacy? Do we have to advance the concepts of privacy and identity management in this evolving world? These questions and many others will be addressed by the IFIP Summer School 2014 on Privacy and Identity Management for the Future Internet in the Age of Globalisation. The Summer School organisation will be a joint effort of IFIP (International Federation for Information Processing, Working Groups 9.2, 9.5, 9.6/11.7, 11.4, 11.6, Special Interest Group 9.2.2) and several European and national projects. The IFIP Summer School 2014 will bring together junior and senior researchers and practitioners from multiple disciplines to discuss important questions concerning privacy and identity management and related issues in a global environment. We are especially inviting contributions from students who are at the stage of preparing either a master’s or a PhD thesis. The school is interactive in character, and is composed of keynote lectures and workshops with master/PhD student presentations. The principle is to encourage young academic and industry entrants to the privacy and identity management world to share their own ideas, build up a collegial relationship with others, gain experience in making presentations, and potentially publish a paper through the resulting book proceedings. Students that actively participate, in particular those who present a paper, can receive a course certificate which awards 3 ECTS at the PhD level. The certificate can certify the topic of the contributed paper so as to demonstrate its relation (or non-relation) to the student’s master’s or PhD thesis. BASIC ELEMENTS OF THE SUMMER SCHOOL The Summer School takes a holistic approach to society and technology and supports interdisciplinary exchange through keynote lectures, tutorials, workshops, and research paper presentations. In particular, participants’ contributions that combine technical, legal, regulatory, socio-economic, social or societal, ethical, anthropological, philosophical, or psychological perspectives are welcome. The interdisciplinary character of the work is fundamental to the school. The research paper presentations and the workshops have a particular focus on involving students, and on encouraging the publication of high-quality, thorough research papers by students/young researchers. To this end, the school has a two-phase review process for submitted papers. In the first
Re: [liberationtech] Call for Tenders SMART 2013/N004 “European Capability for Situational Awareness” (ECSA) - European Federation for cyber-censorship and human rights monitoring
Dear Camino On 09/04/13 08:39, camino.man...@ec.europa.eu wrote: It is not out department in charge of blocking Tor users from accessing content hosted under Europa,eu. Conversations with the DG In charge (DG DIGIT) as most of you know, have been long and unfruitful so far. I am on leave now but at my return I will retake conversations with the officials in charge of the internal EC security to see the chances to lift the ban. (If you are in a position to answer), this seems like something EU civil society should get more focussed on: *) Is there an official channel (web page? email?) for individuals to complain about this policy ? (there's only a general email here http://ec.europa.eu/dgs/informatics/contact/index_en.htm and @stephen_quest https://twitter.com/stephen_quest did not answer me) *) does this fall under DIGIT A/B/C (not obvious)? *) has DG DIGIT made any official public statement so far about Tor blocking (apart from this https://p10.secure.hostingprod.com/@spyblog.org.uk/ssl/spyblog/2013/02/08/the-great-firewall-of-europe---european-commission-website-blocks-tor-users-just.html)? many thanks Caspar (Tor Board member but not speaking that capacity or representing Tor) -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Sociological studies of covert mass-surveillance organisations
On 09/01/13 21:49, Michael Rogers wrote: On 01/09/13 10:00, Caspar Bowden (lists) wrote: AFAIK Deleuze, Foucault et al. did not say anything specifically about covert (mass-)surveillance, or analyse how the inherently secret nature of such organizations might be a causal element in theories of social control. Secret surveillance organizations are NOT Panoptic in a technical sense - they normally don't want you to know or fear they are watching (with tactical exceptions). Is there anyone who's aware of overt surveillance and who doesn't at least suspect that some form of covert surveillance also exists? And isn't that suspicion enough to create a panoptic effect? to some *unconscious* extent yes, but I have never seen any psychological studies into this. There ought to be an effect where even solid citizens become inhibited from communicating (or thinking! much harder experiment) certain ideas, depending on the level of ambient NSA-phobia, and this indeed might function as a form of social control. Never seen any studies on that idea. [Of course the STASI and others would make the surveillance obvious for the purpose of intimidation as a standard tactic in particular cases, but in general the watchers don't want the watched to know true capabilities] However on the face of it, that isn't the classical Panopticon, where discipline is maintained by fear of detection by the unseen warden The prisoners don't know whether they're being watched at any moment, or whether the watchtower is even occupied; the secret surveillance organisation, the existence of which cannot be confirmed, corresponds to the warden who may or may not be in the watchtower. In Jeremy Bentham's original proposal, his idea was that prisoners who break discipline wilfully or transgress otherwise are singled out (at random possibly) and then publicly punished in the sight of all the rest as an example, but only a few days after the transgression, to magnify the prisoner's demoralisation after thinking they have got away with it. Incidentally, Bentham envisaged this system becoming a dynastic livelihood for him and his family, and petitioned the government to build a prison, and make him the warder! Nice work if you can get it, plenty of time for scholalry pursuits between semi-random episodes of exemplary punishment. However, a possible Waiting-for-Godot variant of this idea would be that nasty things happen to prisoners in a more ambiguous way, so that prisoners never know if the watching warden even exists at all - it might all be random misfortune (of course well-behaved prisoners would also have to be punished sometimes randomly to maintain the uncertainty). It isn't clear why this is a better strategy for the wardens, except perhaps the uncertainty makes it harder for enough resentment to crystallize for a rebellion to occur. Wasn't the NSA closer to the panoptic ideal when it was No Such Agency than now, when we know we're being watched? Yes, absolutely, but I don't think NSA wanted that, although a grimly conspiratorial interpretation of current events is that it is a vast planned PR gambit to effect transition to a global neo-Panoptic society, after all civil libertarians have exhausted themselves in protest... Caspar -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Sociological studies of covert mass-surveillance organisations
On 09/01/13 22:21, Guido Witmond wrote: ... Before the revelations and the subsequent confirmations, many people would rather believe the old truth (having nothing to hide) than to live with the new truth that they've been misled. Truth hurts. That's the reason why so many people claim they have nothing to hide. It's emotional. And often the people claiming this most loudly are politicians, because the clamour for transparency into every detail of a political candidate's private life has made this imperative. We should be afraid of that tendency, because if the only people prepared to go into public life are those whose interior life is so dull or non-existent that they really have nothing to hide, then it is certain we will be ruled by philosophical zombies with a sub-normal sense of empathy and self-awareness. I'd rather elect a hypocrite any day Caspar -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Sociological studies of covert mass-surveillance organisations
On 09/02/13 08:46, Caspar Bowden (lists) wrote: On 09/01/13 21:49, Michael Rogers wrote: ... Wasn't the NSA closer to the panoptic ideal when it was No Such Agency than now, when we know we're being watched? Yes, absolutely, but I don't think NSA wanted that, although a grimly conspiratorial interpretation of current events is that it is a vast planned PR gambit to effect transition to a global neo-Panoptic society, after all civil libertarians have exhausted themselves in protest... Sorry I misread, that was a non-seqitur, i.e. the NSA is *now* the warden of a Panoptic Internet in consequence of the revelations. When it was No Such Agency, the Panoptic effect only occurs with paranoids or (as above speculatively) unconsciously CB -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Sociological studies of covert mass-surveillance organisations
Many thanks Yosem, Luis Felipe Greg On 08/31/13 07:14, Luis Felipe R. Murillo wrote: On 08/30/2013 01:54 PM, Yosem Companys wrote: From: Caspar Bowden li...@casparbowden.net I realize this is an improbable request (I think), but is anyone aware of any Surveillance Studies research on the organisations conducting * covert/secret* mass-surveillance (a securitocracy) many thanks any pointers I am not particularly familiar with this literature, but I know of a few pointers. This seminar in Brazil brought together researchers studying surveillance and social control. They had three panels of interest ('Internet and Surveillance', 'New Technologies of Surveillance', and 'Institutional Surveillance'): http://www2.pucpr.br/ssscla/ Yes - that is in the mainstream Surveillance Studies tradition These two references are central in the debate (so Caspar must be super familiar with them): - Foucault, Michel. Discipline and Punish (redefining the debate on the nature of power and the nature of state power): http://www.foucault.info/documents/disciplineandpunish/foucault.disciplineandpunish.panopticism.html - Deleuze, Gilles. Society of Control (updating Foucault's treatment of surveillance to the contemporary 'society of control'): Yes :-) AFAIK Deleuze, Foucault et al. did not say anything specifically about covert (mass-)surveillance, or analyse how the inherently secret nature of such organizations might be a causal element in theories of social control. Secret surveillance organizations are NOT Panoptic in a technical sense - they normally don't want you to know or fear they are watching (with tactical exceptions). In the sense that it aims to remain un-knowable by society, it seems academic Surveillance Studies neglects covert surveillance to a large extent becuase (a) it's very hard to study (!) , and (b) because it doesn't (overtly and ordinarily) interact with Society like overt surveillance it is less of interest to Sociologists (!) To share back, one interesting reference so far: * Bridget Nolan (PhD thesis) 'Information sharing and collaboration in the United States Intelligence Community: An Ethnographic Study of the National Counterterrorism Center' o est.sandia.gov/consequence/docs/JICRD.pdf Caspar -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Defund Domestic Spying
So the spying on the rest-of-the-world's data sent to the US, including information with respect to a foreign-based political organization _or_ foreign territory that _relates_ to the _conduct of the foreign affairs_ of the United States, that's totally fine is it? When the US domestic spying problem is fixed everyone can go home... (slide 5) https://sigint.ccc.de/schedule/system/attachments/2068/original/How_to_wiretap_the_Cloud_without_anybody_noticing_-_SIGINT_7.7.2013.pdf CB On 07/23/13 23:56, Jonathan Wilkes wrote: To any U.S. citizens out there, this might be a good time to act: https://www.eff.org/deeplinks/2013/07/tomorrow-congress-votes-amendment-defund-spying-heres-how-you-can-help -Jonathan -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Microsoft Accesses Skype Chats
On 05/17/13 12:31, Rich Kulawiec wrote: ... And incidentally, the proffered rationale for this doesn't fly, given that (a) they're only sending HEAD: actually scanning destination URLs for malware et.al. would require fetching the whole page and (b) they're only retrieving HTTPS URLs (per Heise) which is not what someone actually looking for malware would do. Moreover (c) even if they classified a URL as malicious, let's sayhttps://example.net/blah, the recipient of said URL is likely to access it via a data path outside their control, thus -- unless they blocked it *inside* Skype -- they have no way to prevent access to it and delivery of whatever malware payload awaits. (delurking) A) it would very interesting if a bunch of people filed a complaint with the Data Protection Authority of Luxembourg (where Skype is registered in Europe) making this argument above in well-crafted detail, and report back on response http://www.cnpd.public.lu/fr/support/contact/index.php (gotta love their address BTW) (they have a dumb webform, so suggest use info at cnpd.lu instead) B) FYI all, in Feb I managed to exercise my right of access to personal data from Skype under EU Data Protection Law. They ducked this for months, but after 6 emails to Luxembourg DPA, finally complied. Because I deliberately did this on an account I hadn't used for a while, it's not clear how much Internet call/chat metadata they retain, so I have a new request running If anyone wants a suggested template for how to do (A) and or (B) contact me offlist (I'll post details if a lot of interest) N.B. 1. you don't have to be European to do this (but probably helps if an EU resident or can cite chats/calls with those who are). Interesting also to what happens if a US-based user tries to get call metadata citing EU law (in theory this could work if that data is held in EU) 2. FYI Skype in Europe maintains they aren't a telco http://www.itworld.com/networking/347950/french-regulator-says-skype-must-register-telco-or-risk-prosecution, and thus not subject to the notorious EU Data Retention Directive. However this may actually be worse, becuase they would also not be obligated to delete metadata after a some period (6 mths to 2 years depending on various vagaries) 3. would be interesting to ask about whether Skype voice crypto is (still ?) genuinely end-to-end as well, as this not mentioned in privacy statement and finessed in FAQs, becuase will trigger test of whether DPA can force Skype to specify that (I did this already - awaiting answers) 4. the Luxembourg DPA website is in French German but you can write to them in English 5. To make a subject access request to Skype, seems like best email is cro at skype.net, but also instructive to go through the website and see if you can figure out how to contact them electronically in the circular maze of their support info. Procedure is then to complain to DPA if they ignore of fob off. Caspar Bowden @CasparBowden -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech