NEWS2U International News
Connecting the Dots

Tuesday, August 25, 2015

UK Digital Surveillance Is "Worse Than Orwell"

New UN Privacy Chief Proclaims we are dealing with a world even worse that anything Orwell could have foreseen.

By Michael Krieger
August 25, 2015
Liberty Blitzkrieg

Cannataci says we are dealing with a world even worse that anything Orwell could have foreseen. “It’s worse,” he said. “Because if you look at CCTV alone, at least Winston was able to go out in the countryside and go under a tree and expect there wouldn’t be any screen, as it was called. Whereas today there are many parts of the English countryside where there are more cameras than George Orwell could ever have imagined. So the situation in some cases is far worse already. 
– UN Privacy chief, Joseph Cannataci
The UN special rapporteur on privacy, Joseph Cannataci, pulls no punches when it comes to privacy. It’s hard to disagree with what he has to say.
The first UN privacy chief has said the world needs a Geneva convention style law for the internet to safeguard data and combat the threat of massive clandestine digital surveillance.
Speaking to the Guardian weeks after his appointment as the UN special rapporteur on privacy, Joseph Cannataci described British surveillance oversight as being “a joke”, and said the situation is worse than anything George Orwell could have foreseen.
He added that he doesn’t use Facebook or Twitter, and said it was regrettable that vast numbers of people sign away their digital rights without thinking about it.
One thing that is certainly going to come up in my mandate is the business model that large corporations are using
“Some people were complaining because they couldn’t find me on Facebook. They couldn’t find me on Twitter. But since I believe in privacy, I’ve never felt the need for it,” Cannataci, a professor of technology law at University of Groningen in the Netherlands and head of the department of Information Policy & Governance at the University of Malta, said.
Appointed after concern about surveillance and privacy following the Edward Snowden revelations, Cannataci agreed that his notion of a new universal law on surveillance could embarrass those who may not sign up to it. “Some people may not want to buy into it,” he acknowledged. “But you know, if one takes the attitude that some countries will not play ball, then, for example, the chemical weapons agreement would never have come about.” 
Cannataci came into his new post in July after a controversial spat involving the first-choice candidate, Katrin Nyman-Metcalf, who the Germans in particular thought might not be tough enough on the Americans.
But for Cannataci – well-known for having a mind of his own – it is not America but Britain that he singles out as having the weakest oversight in the western world: “That is precisely one of the problems we have to tackle. That if your oversight mechanism’s a joke, and a rather bad joke at its citizens’ expense, for how long can you laugh it off as a joke?”
However, Cannataci says we are dealing with a world even worse that anything Orwell could have foreseen. “It’s worse,” he said. “Because if you look at CCTV alone, at least Winston [Winston Smith in Orwell’s novel 1984] was able to go out in the countryside and go under a tree and expect there wouldn’t be any screen, as it was called. Whereas today there are many parts of the English countryside where there are more cameras than George Orwell could ever have imagined. So the situation in some cases is far worse already.
“The way we handle it is going to be the difference. But Orwell foresaw a technology that was controlling. In our case we are looking at a technology that is ever-developing, and ever-developing possibly more sinister capabilities.” Because of this, the Snowden revelations were very important, he said.
“We have a number of corporations that have set up a business model that is bringing in hundreds of thousands of millions of euros and dollars every year and they didn’t ask anybody’s permission. They didn’t go out and say: ‘Oh, we’d like to have a licensing law.’ No, they just went out and created a model where people’s data has become the new currency. And unfortunately, the vast bulk of people sign their rights away without knowing or thinking too much about it,” he said. 
Now that we’ve got that out of the way…
Yes, the UK is particularly bad when it comes to privacy, as has been noted on many occasions. See:
In Liberty,
Michael Krieger




Sunday, August 16, 2015

Backdoors Won't Solve Comey's Going Dark Problem


August 15, 2015
by Bruce Schneier
CTO, Resilient Systems, Inc.

At the Aspen Security Forum two weeks ago, James Comey (and others) explicitly talked about the "going dark" problem, describing the specific scenario they are concerned about. Maybe others have heard the scenario before, but it was a first for me. It centers around ISIL operatives abroad and ISIL-inspired terrorists here in the US. 

The FBI knows who the Americans are, can get a court order to carry out surveillance on their communications, but cannot eavesdrop on the conversations, because they are encrypted. They can get the metadata, so they know who is talking to who, but they can't find out what's being said.
"ISIL's M.O. is to broadcast on Twitter, get people to follow them, then move them to Twitter Direct Messaging" to evaluate if they are a legitimate recruit, he said. "Then they'll move them to an encrypted mobile-messaging app so they go dark to us."
The FBI can get court-approved access to Twitter exchanges, but not to encrypted communication, Comey said. Even when the FBI demonstrates probable cause and gets a judicial order to intercept that communication, it cannot break the encryption for technological reasons, according to Comey.
If this is what Comey and the FBI are actually concerned about, they're getting bad advice -- because their proposed solution won't solve the problem. 
Comey wants communications companies to give them the capability to eavesdrop on conversations without the conversants' knowledge or consent; that's the "backdoor" we're all talking about. But the problem isn't that most encrypted communications platforms are securely encrypted, or even that some are -- the problem is that there exists at least one securely encrypted communications platform on the planet that ISIL can use.
Imagine that Comey got what he wanted. Imagine that iMessage and Facebook and Skype and everything else US-made had his backdoor. The ISIL operative would tell his potential recruit to use something else, something secure and non-US-made. Maybe an encryption program from Finland, or Switzerland, or Brazil. Maybe Mujahedeen Secrets. Maybe anything. (Sure, some of these will have flaws, and they'll be identifiable by their metadata, but the FBI already has the metadata, and the better software will rise to the top.)
As long as there is *something* that the ISIL operative can move them to, some software that the American can download and install on their phone or computer, or hardware that they can buy from abroad, the FBI still won't be able to eavesdrop.
And by pushing these ISIL operatives to non-US platforms, they lose access to the metadata they otherwise have.
Convincing US companies to install backdoors isn't enough; in order to solve this going dark problem, the FBI has to ensure that an American can only use backdoored software. And the only way to do that is to prohibit the use of non-backdoored software, which is the sort of thing that the UK's David Cameron said he wanted for his country in January:
But the question is are we going to allow a means of communications which it simply isn't possible to read. My answer to that question is: no, we must not.
And that, of course, is impossible. Jonathan Zittrain explained why. And Cory Doctorow outlined what trying would entail:
For David Cameron's proposal to work, he will need to stop Britons from installing software that comes from software creators who are out of his jurisdiction. The very best in secure communications are already free/open source projects, maintained by thousands of independent programmers around the world. They are widely available, and thanks to things like cryptographic signing, it is possible to download these packages from any server in the world (not just big ones like Github) and verify, with a very high degree of confidence, that the software you've downloaded hasn't been tampered with.
This, then, is what David Cameron is proposing:

* All Britons' communications must be easy for criminals, voyeurs and foreign spies to intercept.
* Any firms within reach of the UK government must be banned from producing secure software.
* All major code repositories, such as Github and Sourceforge, must be blocked.
* Search engines must not answer queries about web-pages that carry secure software.
* Virtually all academic security work in the UK must cease -- security research must only take place in proprietary research environments where there is no onus to publish one's findings, such as industry R&D and the security services.
* All packets in and out of the country, and within the country, must be subject to Chinese-style deep-packet inspection and any packets that appear to originate from secure software must be dropped.
* Existing walled gardens (like IOs and games consoles) must be ordered to ban their users from installing secure software.
* Anyone visiting the country from abroad must have their smartphones held at the border until they leave.
* Proprietary operating system vendors (Microsoft and Apple) must be ordered to redesign their operating systems as walled gardens that only allow users to run software from an app store, which will not sell or give secure software to Britons.
* Free/open source operating systems -- that power the energy, banking, ecommerce, and infrastructure sectors -- must be banned outright.
As extreme as it reads, without all of that, the ISIL operative would be able to communicate securely with his potential American recruit. And all of this is not going to happen.
Last week, former NSA director Mike McConnell, former DHS secretary Michael Chertoff, and former deputy defense secretary William Lynn published a Washington Post op-ed opposing backdoors in encryption software. 

They wrote:
Today, with almost everyone carrying a networked device on his or her person, ubiquitous encryption provides essential security. If law enforcement and intelligence organizations face a future without assured access to encrypted communications, they will develop technologies and techniques to meet their legitimate mission goals.
I believe this is true. Already one is being talked about in the academic literature: lawful hacking.
Perhaps the FBI's reluctance to accept this is based on their belief that all encryption software comes from the US, and therefore is under their influence. 
Back in the 1990s, during the first Crypto Wars, the US government had a similar belief. To convince them otherwise, George Washington University surveyed the cryptography market in 1999 and found that there were over 500 companies in 70 countries manufacturing or distributing non-US cryptography products. Maybe we need a similar study today.
This essay previously appeared on Lawfare.

Identifying encryption programs from the metadata:

Zittrain's rebuttal:

Doctorow's explanation:

The First Crypto Wars:

George Washington University survey from 1999:


Saturday, August 01, 2015

The TPP - What You're Not Being Told

There's a reason this is being hidden from the public.
Storm Clouds Gathering   June 11. 2015

What is the TPP? The average person has never heard of it, and most of those who have couldn't tell you what it is. That's no accident.
The TPP, or the Trans-Pacific Partnership, is a trade deal that has been negotiated in secret for years now. The deal encompasses the United States, Australia, Brunei, Canada, Chile, Japan, Malaysia, Mexico, New Zealand, Peru, Singapore, and Vietnam. A lot of people are going to be affected by this, but for some reason the public is not allowed to see what's in it. In fact many of the lawmakers which are about to vote on this deal haven't even read it themselves. Those who have, are forbidden to expose what it contains. If that strikes you as fishy, you're not alone.
We the people don't get a word to say about the TPP, but multinational corporations do. There are 600 corporate representatives participating in these closed door negotiations. Obviously these representatives are looking after their employers' interests not ours.
Though the public doesn't have access to the full text of this agreement, the contents of leaked drafts make it pretty obvious why this is being pushed through in such a sneaky way.
Now you might have heard some people focus on the probability that the TPP will cause the U.S. economy to loose jobs, much like NAFTA did, only worse. Though this concern may be valid, it's hardly the most dangerous part of the agreement.
The real danger lies in the way that this agreement subverts the sovereignty of nations. The TPP would create a system of shadowy trade tribunals which would allow companies to to override and nullify laws in any member country.
These tribunals are extrajudicial. Their authority is outside above national justice systems. The arbitrators are unelected, and completely unaccountable to the people.
The laws which will be subject to this new agreement include (but are not limited to) intellectual property rights, food and product safety, environmental standards, and just about any regulation that may affect the way companies do business.
Under the TPP, if a country passes a law to protect its citizens or reduce pollution in a particular sector, a multinational corporation which is affected by that law can take that country to a tribunal. The ruling will be legally binding. It doesn't matter what people voted for.
An example of what this will look can be found in Uruguay, which has been sued by the Philip Morris tobacco company. You see, Uruguay passed a law requiring particularly aggressive warning labels on cigarettes. These warning labels have been very effective. Smoking in Uruguay has declined by about 4 percent annually. Obviously that's bad for business.
The fact that intellectual property rights are covered by the TPP has grave implications for the future of the internet. Under this agreement companies claiming to be harmed by lenient copyright enforcement would have a backdoor means to push new draconian regulations on every participating country. This would bypass normal legislative processes completely.
Remember SOPA? Under the TPP they wouldn't even have to pass a new law. Unpopular measures like this could be imposed through a ruling. Politicians wouldn't have to risk anything.
Don't live in one of the countries implicated in the TPP? Have no fear, chances are they're cooking something up for you as well. The TPP is only one of several alphabet soup trade agreements currently in the works. The TTIP (aka the Transatlantic Trade and Investment Partnership) would extend this system of extrajudicial trade tribunals to the entire European Union.
If they get away with phase one of this power grab you can rest assured that there will be more to come.
This isn't about trade. This isn't about jobs. This is about power, power that is being covertly shifted farther and farther away from the people.
Isn't it beautiful, this rare show of Bipartisanship we're seeing. It's enough to give you the warm and fuzzies. Who would have guessed that the same Republicans who shut down the government over Obamacare would rally so enthusiastically to ram Obamatrade down our throats? It appears that those who line their pockets are in agreement on this one
It isn't enough for the corporate ruling class to have the politicians in their pocket. Now they want the ability to bypass elections and constitutions completely. How does that make you feel?
Well, don't waste your time telling me. The politicians who are pushing this bill have names and addresses. Look them up. Give them a ring. Rattle their cages. There is a time and a place for politeness. This isn't one of them.
If you're a resident of any of the countries involved in the TTP or TTIP now is the time to put pressure on the walking haircuts presiding over your particular region. Let them know that you know what they are up to. Make it clear that you will hold them personally responsible if they don't back out.
These trade agreements are just the beginning. They'll take this as far as you let them.
George Carlin said it in 3 minutes!