A top secret National Security Agency program allows analysts to search with no prior authorization through vast databases containing emails, online chats and the browsing histories of millions of individuals, according to documents provided by whistleblower Edward Snowden.
The NSA boasts in training materials that the program, called XKeyscore, is its "widest-reaching" system for developing intelligence from the internet. The latest revelations will add to the intense public and congressional debate around the extent of NSA surveillance programs. They come as senior intelligence officials testify to the Senate judiciary committee on Wednesday, releasing classified documents in response to the Guardian's earlier stories on bulk collection of phone records and Fisa surveillance court oversight.
Drip: New Leaked Documents Reveal NSA Program to Gather "Nearly Everything a User Does on the Internet"
New revelations about the breadth and depth of the US Federal Government's totalitarian global surveillance system from Glenn Greenwald in the Guardian:
From Torrent Freak:
Earlier this week we reported that Google has already received takedown requests for more than 100 million URLs this year. While most of the submitted URLs do indeed link to infringing content, not all requests received by Google are correct.
The automated systems used by many of the copyright holders often trigger notices that include links to perfectly legitimate content, and sometimes even their own work. The latter happened in a recent DMCA takedown request sent by LeakID on behalf of Microsoft. Instead of listing URLs of infringing material, Microsoft asked Google to remove links to their own websites . . .
From Torrent Freak:
On Thursday the House Judiciary Subcommittee on Courts, Intellectual Property, and the Internet organized a hearing on the role of copyright as a driver of innovation in the United States . . .
The CCIA, which includes members such as Google, Microsoft and Facebook, submitted a statement debunking what they see as copyright industry propaganda. The tech industry association explains that tougher copyright can actually hinder innovation.
“Arguments that ever stronger regulation incentivizes innovation overlook the ways in which excessive protection can inhibit innovation,” the CCIA writes.
“Every year that a work is covered by a copyright is a year that subsequent users cannot build on that work. While incremental protection may provide additional reward to the author, society pays for this reward by being deprived of follow-on use, while the author and his or her heirs accumulate profits.”
“For this reason, protection exceeding the amount necessary to incentivize innovation represents a dead weight loss to the economy” . . .
Here's a funny little story from The Next Web:
An Instagram hack that posts pictures of fruit to users’ timelines has returned. We last saw the issue back in June. Once again, the images – often of fruit but sometimes (as The Verge notes) of smoothies – are accompanied by text suggesting that the user is trying a new diet and encouraging others to follow a link that has been inserted into their bio.
From the Washington Post:
There has been a lot of speculation that the revelations about NSA surveillance program PRISM damaged the credibility of U.S. tech companies, especially with international clients who were the primary targets of the snooping operation. But now it’s starting to look like the snooping is hitting U.S.-based cloud providers where it really hurts: Their pocketbooks.
Computer World UK reports a recent Cloud Security Alliance (CSA) survey found 10 percent of 207 officials at non-U.S. companies canceled contracts with U.S. providers after the leaks, and 56 percent of non-U.S. respondents are now hesitant to work with U.S.-based cloud operators.
A narrow majority of Democrats and Republicans in the US House are fervent opponents of the Fourth Amendment. From the Washington Post:
A controversial proposal to restrict how the National Security Agency collects telephone records failed to advance by a narrow margin Wednesday, a victory for the Obama administration, which has spent weeks defending the program since media leaks sparked international outrage about the agency’s reach.
Lawmakers voted 217 to 205 to defeat the proposal by an unlikely political pairing: Rep. Justin Amash (R-Mich.), a 33-year-old libertarian who often bucks GOP leadership and Rep. John Conyers (D-Mich.), an 84-year old liberal stalwart and the chamber’s second longest-serving member. Usually divergent in their political views, they joined forces in recent weeks in response to revelations about the NSA’s ability to collect telephone and Internet records that were leaked by Edward Snowden, a former NSA contractor who is seeking asylum in Russia.
One of the most common and likely ill-informed criticisms of Bitcoin is that the virtual currency is nothing more than a Ponzi scheme. A minimal amount of research into what Bitcoin is and how it functions should, however, dispel any reasonable doubt that Bitcoin itself is a scam. Yet that does not mean that Bitcoin cannot be used to construct traditional scams like the Ponzi scheme. The SEC has filed a suit against one such scammer who operated an enterprise called the Bitcoin Savings and Trust. From Entrepreneur:
The Securities and Exchange Commission has filed its first fraud lawsuit involving the virtual currency, claiming it was used in a Ponzi scheme. The SEC filed suit against Trendon T. Shavers, founder and owner of Bitcoin Savings and Trust, saying he raised more than 700,000 BTC from 66 investors. According to the SEC’s suit, that amounted to $4.5 million in cash based on the daily Bitcoin price at the time, according to the SEC.
People who first recognized the scope of the potential threats to their online data privacy following the NSA leaks last month are now beginning to change their habits. Or so it appears. From the Boston Globe:
News of the US government’s secret surveillance programs that targeted phone records and information transmitted on the Internet has done more than spark a debate about privacy. Some are changing their online habits as they reconsider some basic questions about today’s interconnected world. Among them: How much should I share and how should I share it?
Some say they want to take preventative measures in case such programs are expanded. Others are looking to send a message — not just to the US government but to the Internet companies that collect so much personal information.
‘‘We all think that nobody’s interested in us, we’re all simple folk,’’ said Doan Moran of Alexandria, La. ‘‘But you start looking at the numbers and the phone records . . . it makes you really hesitate.’’
A coalition of self-appointed moral censors and fear-mongering hysterics in the UK are pushing forward with a plan to implement the first stages of internet censorship under the guise of – what else? – protecting the children! From BBC:
Most households in the UK will have pornography blocked by their internet provider unless they choose to receive it, David Cameron has announced.In addition, the prime minister said possessing online pornography depicting rape would become illegal in England and Wales - in line with Scotland. Mr Cameron warned in a speech that access to online pornography was "corroding childhood".
The new measures will apply to both existing and new customers. Mr Cameron also called for some "horrific" internet search terms to be "blacklisted", meaning they would automatically bring up no results on websites such as Google or Bing.He told the BBC he expected a "row" with service providers who, he said in his speech, were "not doing enough to take responsibility" despite having a "moral duty" to do so.
He also warned he could have to "force action" by changing the law and that, if there were "technical obstacles", firms should use their "greatest brains" to overcome them.
When Yahoo bought Tumblr, it suggested that its adult and porn blogs would be left alone. Users found out this wasn't true when a new adult blog search policy went public on Thursday, capping Tumblr's quarantine on adult content, which now also includes excluding adult blogs from Google, Bing, Yahoo, and other search engines.
The changes render an estimated 10% of Tumblr's userbase invisible and unfindable. Now, around 12 million Tumblr blogs marked "adult" have been removed from Tumblr's internal search; this follows the revelation two months ago that adult blogs were no longer indexed by Google, and the pre-sale removal of Tumblr's "Erotica" category from its category index.
Tumblr's "Erotica" category had been launched in January 2010 with much sex-positive fanfare - it would appear that the days of Tumblr's tolerance are long gone . . .
The largest Internet companies in the United States have joined forces with top civil liberties groups to call on the White House and Congress to increase the transparency surrounding the government’s controversial National Security Agency surveillance programs. Apple, Google, Facebook, Yahoo, Microsoft and Twitter are among the tech giants that have signed a letter to the feds, asking for the right to disclose more information about national security data requests. Notably absent are the nation’s largest phone companies, including AT&T and Verizon Wireless, which have remained silent about their participation in the government’s snooping program.
If everyone is only six degrees of separation away from Kevin Bacon, according to the rules of the old game, how many degrees of separation do you think you are from a terrorist? Officials at the NSA have admitted to a Congressional panel that they claim the prerogative to spy on everyone within three degrees of communicative separation from an individual they believe (with 51% certainty) may have a connection to some kind of terrorist activity. That's a lot of people. From the Guardian:
The National Security Agency revealed to an angry congressional panel on Wednesday that its analysis of phone records and online behavior goes exponentially beyond what it had previously disclosed.
John C Inglis, the deputy director of the surveillance agency, told a member of the House judiciary committee that NSA analysts can perform "a second or third hop query" through its collections of telephone data and internet records in order to find connections to terrorist organizations.
"Hops" refers to a technical term indicating connections between people. A three-hop query means that the NSA can look at data not only from a suspected terrorist, but from everyone that suspect communicated with, and then from everyone those people communicated with, and then from everyone all of those people communicated with.
Inglis did not elaborate, nor did the members of the House panel – many of whom expressed concern and even anger at the NSA – explore the legal and privacy implications of the breadth of "three-hop" analysis.
An increasingly popular technology for extending cell-phone coverage ranges had a major security hole that went undetected for years, through which an attacker could eavesdrop on everything a target did on their phone, according to new research released on Monday.
The research brings to light previously unknown vulnerabilities in some models of femtocells, devices that mobile network operators use to bring wireless service to low-coverage zones. The compact boxes, which are typically as small as a standard cable modem, can be deployed in hard-to-reach spots like the top of an apartment building or a home in the mountains. Femtocells are also referred to as "network extenders," and analysts project that as many as 50 million of them will be in use by 2014.
According to the Daily Dot, a court has ruled that documents relating to Yahoo's legal resistance to demands from the Federal government for access to its users' records will be declassified. Excerpt:
Yahoo, initially vilified for being part of the PRISM program, which allows the National Security Agency (NSA) to tap it and other companies for users' information, is about to be vindicated.A court ruled Monday that the Department of Justice must reveal classified documents from 2008 that Yahoo says will demonstrate that the company fought back against a secret court order to reveal their users' data."The Government shall conduct a declassification review of this Court's Memorandum Opinion of [Yahoo's case] and the legal briefs submitted by the parties to this Court," the ruling read. The Department of Justice has two weeks to estimate how long it'll take to declassify the documents and can still redact the parts it finds contains classified information.
From PC Mag:
Microsoft, despite denials, appears to be in bed with the NSA. Apparently all encryption and other methods to keep documents and discussions private are bypassed and accessible by the NSA and whomever it is working with. This means a third party, for whatever reason, can easily access confidential business deals, love letters, government classified memos, merger paperwork, financial transactions, intra-corporate schemes, and everything in between.
With that said, do you really want to buy a Microsoft product? Do you want to buy anything that gives easy access to snoops poking around at their leisure? If you'd think twice about this, then why would a foreign government rely on Microsoft Office with any confidence? Personally, if I were any foreign government or corporation, I'd stop using all Microsoft products immediately for fear of America spying on me. Nothing can be secret.
If I was a shareholder in any public company, I'd get up at the annual meeting and ask if the company was using Microsoft products and if so, I'd demand to know why it has not dumped them for something else . . .
The paranoiacs are proven right, yet again. New documents reveal that Microsoft has provided the NSA with access to its users' audio and video chats on Skype, as well as email and message chat logs. If you want secure messaging, you may have to revert back to carrier pigeons. From Ars Technica:
Skype audio and video chats, widely regarded as resistant to interception thanks to encryption, can be wiretapped by American intelligence agencies, according to a new report in The Guardian. The report appears to contradict claims by Microsoft that it has not provided the contents of Skype communications to the government.
In a story published Thursday, based on documents leaked by former National Security Agency (NSA) contractor Edward Snowden, The Guardian offers some detail about extensive cooperation between the FBI, the National Security Agency, and Microsoft to enable government access to user communications via the intelligence tool known as PRISM. That cooperation included, according to the leaked NSA documents, enabling access to Outlook.com e-mails and chats, the SkyDrive cloud storage service, and Skype audio and video calls.
If you're not using a search engine such as Duck Duck Go, then it is very likely that the search engine you are using is tracking your every move. Search engines that value privacy and anonymity online are entering a boom following revelations of mass dragnet internet surveillance by government and business. From The Guardian:
Gabriel Weinberg noticed web traffic building on the night of Thursday 6 June – immediately after the revelations about the "Prism" programme. Through the programme, the US's National Security Agency claimed to have "direct access" to the servers of companies including, crucially, the web's biggest search engines – Google, Microsoft and Yahoo.
Within days of the story, while the big companies were still spitting tacks and tight-lipped disclaimers, the search engine Weinberg founded – which pledges not to track or store data about its users – was getting 50% more traffic than ever before. That has gone up and up as more revelations about NSA and GCHQ internet tapping have come in.
"It happened with the release by the Guardian about Prism," says Weinberg, right, a 33-year-old living in Paoli, a suburb of Philadelphia on the US east coast. "We started seeing an increase right when the story broke, before we were covered in the press." From serving 1.7m searches a day at the start of June, it hit 3m within a fortnight.
Yet you've probably never heard of DuckDuckGo.
As if you needed any more evidence of the ineptitude of U.S. lawmakers, here's a story out of Florida on a lawsuit alleging that state lawmakers have inadvertently made computers and smart phones illegal in their zeal to crack down on gambling at internet cafes. From PC Mag:
A law passed earlier this year, which was intended to crack down on illegal gambling at Internet cafes, is worded in such a way that some are concerned that it might actually allow for a ban of all smartphones and computers in the state.
A lawsuit filed by café owner Consuelo Zapata argues that, among other things, the bill "interfere[es] with the promotion of goods and services — computers with Internet access — that are used for the communication of information and ideas."
The bill in question - HB 155 - was signed in to law by Gov. Rick Scott on April 10 and bans "electronic gambling devices."
From the EFF:
A federal judge today rejected the U.S. government's latest attempt to dismiss the Electronic Frontier Foundation's (EFF's) long-running challenge to the government's illegal dragnet surveillance programs. Today's ruling means the allegations at the heart of the Jewel case move forward under the supervision of a public federal court.
"The court rightly found that the traditional legal system can determine the legality of the mass, dragnet surveillance of innocent Americans and rejected the government's invocation of the state secrets privilege to have the case dismissed," said Cindy Cohn, EFF's Legal Director. "Over the last month, we came face-to-face with new details of mass, untargeted collection of phone and Internet records, substantially confirmed by the Director of National Intelligence. Today's decision sets the stage for finally getting a ruling that can stop the dragnet surveillance and restore Americans' constitutional rights."
The online application Where Does My Tweet Go?, created by information architect Benoît Vidal and the team at MFG Labs in France, uses a visual algorithm to illustrate how your messages spread between your followers and strangers alike. Rather than looking at your Twitter feed and seeing an obscure number of retweets for a post, these graphs let you see how your messages travel and who moves them along in the Twitterverse. Vidal says that while they were inspired by how information gets out so quickly over the Internet, they were also inspired by their dissatisfaction with other applications that tracked your activity and gave you content suggestions, but did so in an invisible way.
From Fierce Wireless:
AT&T (NYSE:T) said it "may" begin selling anonymous information about its customers' wireless and Wi-Fi locations, U-verse usage, website browsing, mobile application usage and "other information" to other businesses. The carrier said it will protect its customers' privacy by providing the data in aggregate so it cannot be used to identify an individual. The carrier also said its customers can opt out of the program.
AT&T is not the first company to sell anonymous information about its customers' location and behavior. Facebook (NASDAQ:FB), Google (NASDAQ:GOOG) and most other Internet companies have long sold such data. In the wireless industry, Verizon Wireless (NYSE:VZ) launched its Precision Market Insights business last year, which also anonymizes and sells customer location and usage information. Further, companies such as AirSage and SAP have recently begun selling aggregated location and usage information from wireless carriers.
Ghostery is a Firefox add-on that allows users to see who is tracking them and block the offending trackers. From the extension's description:
Ghostery is built and maintained for users that care about their online privacy, and is engineered with privacy as a primary goal. Ghostery use is anonymous. No registrations or sign-ups are required. The Ghostery plug-in does not place cookies into your browser. Neither the Ghostery application nor Evidon receives any data from Ghostery users unless the user opts-in to participate in Ghostrank. Ghostrank data itslef is anonymous, is NEVER used for advertising targeting purposes, and is only shared in aggregated, non-personal, statistical form.
Tomorrow, the Fourth of July, a new campaign is being launched to restore the Fourth Amendment to the Constitution of the United States, and reign in the rampant abuses against illegal search and seizure that have become all too routine in the United States. Find a protest site in your area here. PC World reports on the campaign:
A large coalition of civil rights and privacy groups and potentially thousands of websites will stage protests on the Fourth of July to protest surveillance programs at the U.S. National Security Agency.
As part of the Restore the Fourth campaign, many website members of the 30,000-member Internet Defense League plan to display a protest of NSA surveillance and the text of the Fourth Amendment to the U.S. Constitution.
Websites participating include Reddit, where Restore the Fourth originated, WordPress, 4chan, Mozilla, Fark, and Cheezburger.com. Organizers of Restore the Fourth are also planning live protests in dozens of U.S. cities, including New York, Philadelphia, Los Angeles, Boston, Washington, D.C., San Francisco, Houston and Atlanta.
When the security hysterics among us get their feathers in a bunch, the first thing they seek to do to assuage their irrational fears is to demands that the rest of us comply with their insane proposals, no matter how inimical they are to liberty, rights or even security itself. Tech Dirt takes down a prime example of anti-tech hysteria at the Washington Post:
Every time I think I've read the least well-thought out luddite argument, someone comes along to top it, and today we have columnist Robert Samuelson in the Washington post with what might be the silliest, most lacking-in-thought argument for why we should get rid of the internet. The short version: yes, the internet has provided us with some good stuff, but because there's a yet unproven risk that it might also lead to some cyberattacks that might lead to as yet undetermined problems, we should scrap the whole thing. Oddly, the WaPo had put different titles on the piece online and in the print newspaper. Online, it's entitled: "Beware the Internet and the danger of cyberattacks." In the physical paper, they apparently went with the much more ridiculous: "Is the Internet Worth It?" with the clear implication being a fulfillment of Betteride's Law that the answer is "no, the internet is not worth it."
From Ars Technica:
The PRISM scandal engulfing US and UK intelligence agencies has blown the debate wide open over what privacy means in the digital age and whether the Internet risks becoming a kind of Stasi 2.0. The extent of the UK's involvement in this type of mass surveillance—which already appears exhaustive—shows just what a potential intelligence goldmine social media data can be.
But the monitoring of our online trail goes beyond the eavesdroppers in GCHQ. For the past two years, a secretive unit in the Metropolitan Police has been developing the tools for blanket surveillance of the public's social media conversations. Operating 24 hours a day, seven days a week, a staff of 17 officers in the National Domestic Extremism Unit (NDEU) has been scanning the public's tweets, YouTube videos, Facebook profiles, and anything else UK citizens post in the public online sphere.
The intelligence-gathering technique—sometimes known as Social Media Intelligence (Socmint)—has been used in conjunction with an alarming array of sophisticated analytical tools . . .