Electronic Frontier Foundation

EFF Unveils Plan For Ending Mass Surveillance 109

Posted by Soulskill
from the hopeful-but-doubtful dept.
An anonymous reader writes: The Electronic Frontier Foundation has published a detailed, global strategy for ridding ourselves of mass surveillance. They stress that this must be an international effort — while citizens of many countries can vote against politicians who support surveillance, there are also many countries where the citizens have to resort to other methods. The central part of the EFF's plan is: encryption, encryption, encryption. They say we need to build new secure communications tools, pressure existing tech companies to make their products secure against everyone, and get ordinary internet-goers to recognize that encryption is a fundamental part of communication in the surveillance age.

They also advocate fighting for transparency and against overreach on a national level. "[T]he more people worldwide understand the threat and the more they understand how to protect themselves—and just as importantly, what they should expect in the way of support from companies and governments—the more we can agitate for the changes we need online to fend off the dragnet collection of data." The EFF references a document created to apply the principles of human rights to communications surveillance, which they say are "our way of making sure that the global norm for human rights in the context of communication surveillance isn't the warped viewpoint of NSA and its four closest allies, but that of 50 years of human rights standards showing mass surveillance to be unnecessary and disproportionate."
Government

Comcast Ghost-Writes Politician's Letters To Support Time Warner Mega-Merger 130

Posted by Soulskill
from the where-the-money-lies dept.
WheezyJoe writes: As the FCC considers the merger between Comcast/Universal and Time-Warner Cable, which would create the largest cable company in the U.S. and is entering the final stages of federal review, politicians are pressuring the FCC with pro-merger letters actually written by Comcast. According to documents obtained through public records requests, politicians are passing letters nearly word-for-word written by Comcast as their own. "Not only do records show that a Comcast official sent the councilman the exact wording of the letter he would submit to the FCC, but also that finishing touches were put on the letter by a former FCC official named Rosemary Harold, who is now a partner at one of the nation's foremost telecom law firms in Washington, DC. Comcast has enlisted Harold to help persuade her former agency to approve the proposed merger."

Ars Technica had already reported that politicians have closely mimicked Comcast talking points and re-used Comcast's own statements without attribution. The documents revealed today show just how deeply Comcast is involved with certain politicians, and how they were able to get them on board.
Censorship

Police Organization Wants Cop-Spotting Dropped From Waze App 286

Posted by samzenpus
from the don't-report-me dept.
An anonymous reader writes "The Register reports on a request from the US National Sheriffs' Association, which "wants Google to block its crowd-sourced traffic app Waze from being able to report the position of police officers, saying the information is putting officer's lives at risk." From the article: "'The police community needs to coordinate an effort to have the owner, Google, act like the responsible corporate citizen they have always been and remove this feature from the application even before any litigation or statutory action,' AP reports Sheriff Mike Brown, the chairman of the NSA's technology committee, told the association's winter conference in Washington....Brown called the app a 'police stalker,' and said being able to identify where officers were located could put them at personal risk. Jim Pasco, executive director of the Fraternal Order of Police, said his members had concerns as well. 'I can think of 100 ways that it could present an officer-safety issue,' Pasco said. 'There's no control over who uses it. So, if you're a criminal and you want to rob a bank, hypothetically, you use your Waze.'"
United States

Plan C: The Cold War Plan Which Would Have Brought the US Under Martial Law 244

Posted by samzenpus
from the gentlemen-you-can't-fight-in-here-this-is-the-war-room dept.
v3rgEz writes with this story of a top secret Cold War plan which would have brought the U.S. under martial law. Starting on April 19, 1956, the federal government practiced and planned for a near-doomsday scenario known as Plan C. When activated, Plan C would have brought the United States under martial law, rounded up over ten thousand individuals connected to 'subversive' organizations, implemented a censorship board, and prepared the country for life after nuclear attack. There was no Plan A or B....Details of this program were distributed to each FBI field office. Over the following months and years, Plan C would be adjusted as drills and meetings found holes in the defensive strategy: Communications were more closely held, authority was apparently more dispersed, and certain segments of the government, such as the U.S. Attorneys, had trouble actually delineating who was responsible for what. Bureau employees were encouraged to prepare their families for the worst, but had to keep secret the more in-depth plans for what the government would do if war did break out. Families were given a phone number and city for where the relocated agency locations would be, but not the exact location.
Transportation

Germany Plans Highway Test Track For Self-Driving Cars 76

Posted by samzenpus
from the look-mutter-no-hands dept.
An anonymous reader writes with news about a new project to test autonomous vehicles in Germany. "The German government wants to convert part of the A9 Autobahn in Bavaria into a test-field for advanced car technology. The project is key to ensuring the country's 'digital sovereignty,' according to its transport minister. The track, part of the 'Digitales Testfeld Autobahn' project, would be launched this year, Alexander Dobrindt said on Monday in an interview (in German) with the Frankfurter Allgemeine Zeitung newspaper. The plan involves equipping the road with infrastructure to allow cars to communicate with each other and the road's own sensors to provide necessary data on traffic. 'Cars with assisted driving and later fully-automated cars will be able to drive there,' Dobrindt said. Germany, a major European car producer, wants to have robotic car technology that's not dependent on foreign companies, the minister said. Domestic producers 'won't rely on Google' he stressed."
Privacy

Omand Warns of "Ethically Worse" Spying If Unbreakable Encryption Is Allowed 371

Posted by samzenpus
from the don't-make-it-hard-for-us dept.
Press2ToContinue writes In their attempts to kill off strong encryption once and for all, top officials of the intelligence services are coming out with increasingly hyperbolic statements about why this should be done. Now, a former head of GCHQ, Sir David Omand has said: "One of the results of Snowden is that companies are now heavily encrypting [communications] end to end. Intelligence agencies are not going to give up trying to get the bad guys. They will have to get closer to the bad guys. I predict we will see more close access work." According to The Bureau of Investigative Journalism, which reported his words from a talk he gave earlier this week, by this he meant things like physical observation, bugging rooms, and breaking into phones or computers. "You can say that will be more targeted but in terms of intrusion into personal privacy — collateral intrusion into privacy — we are likely to end up in an ethically worse position than we were before." That's remarkable for its implied threat: if you don't let us ban or backdoor strong encryption, we're going to start breaking into your homes.
Government

Verizon, Cable Lobby Oppose Spec-Bump For Broadband Definition 235

Posted by timothy
from the never-let-the-government-define-words dept.
WheezyJoe writes Responding to the FCC's proposal to raise the definition of broadband from 4Mbps downstream and 1Mbps upstream to 25Mbps down and 3Mbps up, the lobby group known as the National Cable & Telecommunications Association (NCTA) wrote in an FCC filing Thursday that 25Mbps/3Mbps isn't necessary for ordinary people. The lobby alleges that hypothetical use cases offered for showing the need for 25Mbps/3Mbps "dramatically exaggerate the amount of bandwidth needed by the typical broadband user", referring to parties in favor of the increase like Netflix and Public Knowledge. Verizon, for its part, is also lobbying against a faster broadband definition. Much of its territory is still stuck on DSL which is far less capable of 25Mbps/3Mbps speeds than cable technology.

The FCC presently defines broadband as 4Mbps down and 1Mbps up, a definition that hasn't changed since 2010. By comparison, people in Sweden can pay about $40 a month for 100/100 mbps, choosing between more than a dozen competing providers. The FCC is under mandate to determine whether broadband is being deployed to Americans in a reasonable and timely way, and the commission must take action to accelerate deployment if the answer is negative. Raising the definition's speeds provides more impetus to take actions that promote competition and remove barriers to investment, such as a potential move to preempt state laws that restrict municipal broadband projects.
Google

Google Handed To FBI 3 Wikileaks Staffers' Emails, Digital Data 185

Posted by timothy
from the why-there-oughtta-be-a-constitution dept.
Ariastis writes Google took almost three years to disclose to the open information group WikiLeaks that it had handed over emails and other digital data belonging to three of its staffers to the FBI under a secret search warrant issued by a federal judge. WikiLeaks were told last month of warrants which were served in March 2012. The subjects of the warrants were the investigations editor of WikiLeaks, the British citizen Sarah Harrison; the spokesperson for the organisation, Kristinn Hrafnsson; and Joseph Farrell, one of its senior editors. When it notified the WikiLeaks employees last month, Google said it had been unable to say anything about the warrants earlier as a gag order had been imposed.
Crime

Anonymous Asks Activists To Fight Pedophiles In 'Operation Deatheaters' 390

Posted by timothy
from the or-have-you-stopped-beating-her? dept.
HughPickens.com writes The Independent reports that hacktivist group Anonymous, in a project named Operation DeathEaters, is calling for help in its fight against international pedophile networks, or what it calls the "paedosadist industry" and has issued a video instructing activists on how they can aid in the operation. The Anonymous project is intended to break what it says is a conspiracy of silence among sympathetic politicians, police and mainstream media to downplay the full extent of the online child sex industry. "The premise behind OpDeathEaters is to expose high level complicity, obstruction of justice and cover-up in the paedo-sadist industry in order to show the need for independent inquiries," says Heather Marsh, an online activist who is helping to co-ordinate the operation and describes herself as an "old friend" of Anonymous. The Anonymous database, which will be hosted on the GitHub online repository, promises to collate cases from all around the world, cross-referencing connections within sub-groups including the police, armed forces, schoolteachers, politicians, media, academics and religious organisations. The database's ultimate purpose has yet to be fully determined, but in the first instance the group says it wants to shut down the child-sex industry by "dismantling the power structure which held it there" and by "educating to create a cultural change".

The group is calling on volunteers to help with the ongoing work, which has been divided into three steps. The first is about collecting "all the factual information," second is to "share that information as widely as possible," and the third step is "to set up an independent, internationally linked, inquiry into all the areas which do not appear to have been investigated properly." Activists point to the muted media coverage given to a recent case in Washington DC in which Michael Centanni, a senior Republican fundraiser, was charged with child sex offences after investigators traced transmissions of child pornography to his computers in his basement. The case was not covered by The Washington Post or the New York Times, and was only picked up by a local NBC affiliate state and The Washington Examiner, a small conservative paper in the city. According to the court filings, Centanni was found in possession of 3,000 images, many apparently filmed in his own bedroom, including one showing a man raping a five-year-old girl who cries "no" and "mommy" while the man says "good baby" and "stop crying," according to one filing.
Security

Ed Felten: California Must Lead On Cybersecurity 79

Posted by timothy
from the so-goes-the-nation dept.
An anonymous reader writes In a Sacramento Bee op-ed, (in)famous computer security researcher Ed Felten responds to the State of the Union cybersecurity proposal. He doesn't mince words: "The odds of clearing Congress: low. The odds of materially improving security: even lower. "What he suggests as an alternative, though, is a surprise. "California," he writes, "could blaze a trail for effective cybersecurity policy." He calls for the state government to protect critical infrastructure and sensitive data, relying on outside auditors and experts. It's an interesting idea. Even if it doesn't go anywhere, at least it's some fresh thinking in this area of backward policy. From Felten's essay: Critical infrastructure increasingly relies on industrial automation systems. And those systems are often vulnerable – they keep a default password, for instance, or are accessible from the public Internet. These are not subtle or sophisticated errors. Fixing them requires basic due diligence, not rocket science. Requiring the state’s critical infrastructure providers to undergo regular security audits would be straightforward and inexpensive – especially relative to the enormous risks. Areas of sensitive data are also low-hanging cyber fruit. In health care, education and finance, California already imposes security and privacy requirements that go beyond federal law. Those legal mandates, though, are mostly enforced through after-the-fact penalties. Much like critical infrastructure, sectors that rely upon sensitive data would benefit from periodic outside auditing. Of any state government's, California's policies also have the chance to help (or harm) the most people: nearly 39 million people, according to a 2014 U.S. Census estimate.
Government

SpaceX, US Air Force Settle Spy Sat Dispute 78

Posted by timothy
from the show-elon-what-you're-wearing dept.
hypnosec writes The US Air Force and private space flight company SpaceX have settled their dispute involving the military's expendable rocket program, thereby paving the way for SpaceX to join the spy satellite launch program known as Evolved Expendable Launch Vehicle (EELV). The settlement opens doors for SpaceX to compete with United Launch Alliance (ULA) for launch of spy satellites. ULA is a joint Boeing-Lockheed venture – the only private player to have received clearance for launching black ops satellites.
Government

Fark's Drew Curtis Running For Governor of Kentucky 119

Posted by timothy
from the dark-horse dept.
New submitter AlCapwn writes [Fark founder] Drew Curtis announced on Friday that he will be running for governor of Kentucky. "We have a theory that we're about to see a huge change in how elections and politics work. Across the country, we have seen regular citizens stepping up and challenging the status quo built by political parties and career politicians. They have been getting closer and closer to victory and, here in Kentucky, we believe we have a chance to win and break the political party stronghold for good."
Books

Why We Still Can't Really Put Anything In the Public Domain 92

Posted by timothy
from the here-are-nice-things-no-wait dept.
Press2ToContinue writes While you can make a public domain dedication or (more recently) use the Creative Commons CC0 tool to do so, there's no clear way within the law to actually declare something in the public domain. Instead, the public domain declarations are really more of a promise not to make use of the exclusionary rights provided under copyright. On the "public domain day" of Copyright Week, Public Knowledge has pointed out that it's time that it became much easier to put things into the public domain. Specifically, the PK post highlights that thanks to the way copyright termination works, even someone who puts their works into the public domain could pull them back out of the public domain after 35 years.
Encryption

OpenSSL 1.0.2 Released 96

Posted by timothy
from the early-days dept.
kthreadd writes The OpenSSL project has released its second feature release of the OpenSSL 1.0 series, version 1.0.2 which is ABI compatible with the 1.0.0 and 1.0.1 series. Major new features in this release include Suite B support for TLS 1.2 and DTLS 1.2 and support for DTLS 1.2. selection. Other major changes include TLS automatic EC curve selection, an API to set TLS supported signature algorithms and curves, the SSL_CONF configuration API, support for TLS Brainpool, support for ALPN and support for CMS support for RSA-PSS, RSA-OAEP, ECDH and X9.42 DH.
Bitcoin

Winklevoss Twins Plan Regulated Bitcoin Exchange 79

Posted by timothy
from the trust-us-there-are-two-of-us dept.
itwbennett writes They of the square jaws and famous dispute with Mark Zuckerberg over the origins of Facebook, are also believed to be among the largest holders of Bitcoin in the world. Now they want to launch a regulated Bitcoin exchange—named Gemini, of course. To bolster confidence, they said they have formed a relationship with a chartered bank in the state of New York. "This means that your money will never leave the country," the twins wrote in a blog post. "It also means that U.S. dollars on Gemini will be eligible for FDIC insurance and held by a U.S.-regulated bank.
Privacy

China Cuts Off Some VPNs 202

Posted by timothy
from the we-see-what-you-did-there dept.
jaa101 writes The Register (UK) and the Global Times (China) report that foreign VPN services are unavailable in China. A quote sourced to "one of the founders of an overseas website which monitors the Internet in China" claimed 'The Great Firewall is blocking the VPN on the protocol level. It means that the firewall does not need to identify each VPN provider and block its IP addresses. Rather, it can spot VPN traffic during transit and block it.' An upgrade of the Great Firewall of China is blamed and China appears to be backing the need for the move to maintain cyberspace sovereignty.
Education

Behind the MOOC Harassment Charges That Stunned MIT 368

Posted by Soulskill
from the professors-behaving-badly dept.
An anonymous reader writes: The complainant in a sexual harassment case has come forward and told her story about what happened when she was a student in a MOOC led by a rockstar professor. "It would take almost a year before Harbi, with the help of MIT’s investigators, said she came to understand that Lewin’s interest in her was not motivated by empathy, and that their first conversations included inappropriate language. Shortly after contacting her, Harbi said, Lewin quickly moved their friendship into uncomfortable territory, and she was pushed to participate in online sexual role-playing and send naked pictures and videos of herself."
Encryption

Data Encryption On the Rise In the Cloud and Mobile 83

Posted by Soulskill
from the setting-a-standard dept.
dkatana writes: Overall, demand for encryption is growing. Cloud encryption services provider CipherCloud recently received a $50 million investment by Deutsche Telekom, which the company said positions it for "explosive growth" this year. The services are designed to allow corporations to benefit from the cost savings and elasticity of cloud-based data storage, while ensuring that sensitive information is protected.

Now, both Apple and Google are providing full encryption as a default option on their mobile operating systems with an encryption scheme they are not able to break themselves, since they don't hold the necessary keys.

Some corporations have gone as far as turning to "zero-knowledge" services, usually located in countries such as Switzerland. These services pledge that they have no means to unlock the information once the customer has entered the unique encryption keys. This zero-knowledge approach is welcomed by users, who are reassured that their information is impossible to retrieve — at least theoretically — without their knowledge and the keys.
China

Apple Agrees To Chinese Security Audits of Its Products 114

Posted by samzenpus
from the looking-behind-the-curtain dept.
itwbennett writes According to a story in the Beijing News, Apple CEO Tim Cook has agreed to let China's State Internet Information Office to run security audits on products the company sells in China in an effort to counter concerns that other governments are using its devices for surveillance. "Apple CEO Tim Cook agreed to the security inspections during a December meeting in the U.S. with information office director Lu Wei, according to a story in the Beijing News. China has become one of Apple’s biggest markets, but the country needs assurances that Apple devices like the iPhone and iPad protect the security and privacy of their users as well as maintain Chinese national security, Lu told Cook, according to an anonymous source cited by the Beijing News."
Crime

Dish Network Violated Do-Not-Call 57 Million Times 237

Posted by samzenpus
from the please-stop-calling dept.
lightbox32 writes Dish Network has been found guilty of violating the Do Not Call list on 57 million separate occasions. They were also found liable for abandoning or causing telemarketers to abandon nearly 50 million outbound telephone calls, in violation of the abandoned-call provision of the Federal Trade Commission's Telemarketing Sales Rule. Penalties for infringing on the Do Not Call list can be up to a whopping $16,000 for each outbound call.