XregnaR wrote:

Grumble grumble I remember Time Square when it had street preachers and hookers on the same corner grumble grumble fucking weapons of mass consumption Disneyfied bullshit grumble grumble.

My old man's office was on the Empire State Bldg's 44th floor when I was in grade school, when you could still open its upper storey windows and amuse yourself tossing pennies... until Time Square's quarter peep shows beckoned below.

I don't actually know what this means, but it seems sorta sinister and encouraging at the same time.

While it's tempting to think of the story as Max Headroom-style subversion of the tools of social control, I'm less optimistic.  It's more like someone ripping a surveillance camera off the wall and using it to smash the windows of nearby cars to steal from them.  Actually, in that example, the impact on the camera operator would be much greater than what we're seeing here.

Now, if people start hacking the cameras to actually alter the video they spit out, that's another story...

Let's just have industry do the spying for us.

In essence, the measure provides corporate America with legal immunity when sharing data about hacks and digital breaches with the Department of Homeland Security. The DHS can then funnel that information to other agencies, including the NSA and FBI.

How did your Senators vote?

At least somebody in Texas has their priorities straight:  Cruz (R-TX), Not Voting

Move over, GCHQ - MI5 has been doing its own mass surveillance.

One judge goes off script.

Judge Richard Leon wrote:

Thus, for all the reasons stated herein, I will grant plaintiffs J.J. Little and J.J. Little & Associates' requests for an injunction and enter an order consistent with this Opinion that (1) bars the Government from collecting, as part of the NSA's Bulk Telephony Metadata Program, any telephone metadata associated with these plaintiffs' Verizon Business Network Services accounts and (2) requires the Government to segregate any such metadata in its possession that has already been collected.

We mostly tell you about security flaws, mostly.

The U.S. National Security Agency, seeking to rebut accusations that it hoards information about vulnerabilities in computer software, thereby leaving U.S. companies open to cyber attacks, said last week that it tells U.S. technology firms about the most serious flaws it finds more than 90 percent of the time.

The re-assurances may be misleading, because the NSA often uses the vulnerabilities to make its own cyber-attacks first, according to current and former U.S. government officials. Only then does NSA disclose them to technology vendors so that they can fix the problems and ship updated programs to customers, the officials said.

Spook U., Continuing Ed for Our Silent Warriors Battling to Subvert Due Process.

NSA's shell game.

Though it was revealed by Edward Snowden in June 2013, the National Security Agency's (NSA) infamous secret program to domestically collect Americans' e-mail metadata in bulk technically ended in December 2011. Or so we thought. A new document obtained through a lawsuit filed by The New York Times confirms that this program effectively continued under the authority of different government programs with less scrutiny from the Foreign Intelligence Surveillance Court (FISC).

Let's see... intelligence agencies focus their effort on collecting wholesale data on you, me, and millions of other innocents and pushing for encryption backdoors.  Meanwhile, actual known terrorists who don't even bother using encryption aren't picked up.  Just who are we paying these people to watch?

Baywolfe wrote:

square wrote:

Let's see... intelligence agencies focus their effort on collecting wholesale data on you, me, and millions of other innocents and pushing for encryption backdoors.  Meanwhile, actual known terrorists who don't even bother using encryption aren't picked up.  Just who are we paying these people to watch?

They just get together on these online gaming sites and go into a private chat room.  I wouldn't even try to estimate the number of people that do this on a daily basis.
(Online gaming sites around the world X people who at least once private chatted in one) + The entire Internet Relay Chat system, but especially #alt.

It's always easier and more effective to hide in plain sight.

Surprise, surprise: surveillance only goes one way.

The Home Office has refused to make Theresa May's internet browsing history public under freedom of information rules, arguing that a request to do so is "vexatious".

The Independent requested the Home Secretary's work browsing history for the last week of October under the Freedom of Information Act.

Under the new Investigatory Powers Bill announced by Ms May the internet browsing history of everyone in the UK will have to be stored for a year and police and security services will be able to access the list of visited websites without any warrant.

"Collect it all" doesn't work.

William Binney, a former technical director of the US National Security Agency (NSA), told parliamentarians that the plans for bulk collection of communications data tracking everyone's internet and phone use are "99% useless" because they would swamp intelligence analysts with too much data.

square wrote:

"Collect it all" doesn't work.

William Binney, a former technical director of the US National Security Agency (NSA), told parliamentarians that the plans for bulk collection of communications data tracking everyone's internet and phone use are "99% useless" because they would swamp intelligence analysts with too much data.

I, and I'm sure a bazillion other people, have been saying that for years.  Collect the fucking data, we still don't have intelligent enough software or fast enough computers to process it.

Baywolfe wrote:

square wrote:

"Collect it all" doesn't work.

William Binney, a former technical director of the US National Security Agency (NSA), told parliamentarians that the plans for bulk collection of communications data tracking everyone's internet and phone use are "99% useless" because they would swamp intelligence analysts with too much data.

I, and I'm sure a bazillion other people, have been saying that for years.  Collect the fucking data, we still don't have intelligent enough software or fast enough computers to process it.

That's only a problem for now, while Moore's Law is mostly defunct it still carries some weight.

The article's a bit technical, but not surprising: UK spy arm GCHQ discourages a secure telephone encryption standard (MIKEY-IBAKE), preferring a standard that allows undetectable mass surveillance (MIKEY-SAKKE).

MIKEY-SAKKE is the security protocol behind the Secure Chorus voice (and also video) encryption standard, commissioned and designed by GCHQ through their information security arm, CESG. GCHQ have announced that they will only certify voice encryption products through their Commercial Product Assurance (CPA) security evaluation scheme if the product implements MIKEY-SAKKE and Secure Chorus. As a result, MIKEY-SAKKE has a monopoly over the vast majority of classified UK government voice communication and so companies developing secure voice communication systems must implement it in order to gain access to this market. GCHQ can also set requirements of what products are used in the public sector and as well as for companies operating critical national infrastructure. . . .

Although the words are never used in the specification, MIKEY-SAKKE supports key escrow. That is, if the network provider is served with a warrant or is hacked into it is possible to recover responder private keys and so decrypt past calls without the legitimate communication partners being able to detect this happening. Secure Chorus facilitates undetectable mass surveillance, in a way that EDH [ephemeral Diffie-Hellman] based key encryption schemes would not. This is presented as a feature rather than bug, with the motivating case in the GCHQ documentation being to allow companies to listen to their employees calls when investigating misconduct, such as in the financial industry. . . .

GCHQ's submission to the committee provides an analysis of MIKEY-IBAKE and points out the security features which result from its use of EDH - forward security and resistance to passive eavesdropping - are incompatible with their requirements of allowing large scale undetectable surveillance, both from a technical and legal perspective. Consequently GCHQ requested that MIKEY-IBAKE should not be used, stating:

"In light of these requirements, UK government has developed a similar scheme, MIKEY-SAKKE, which supports 3GPP SA3 LI [lawful interception] requirements and has additional benefits such as low latency."

Somehow, having private master keys in the hands of telecoms, sure to be the target of every intelligence agency and skilled hacker, isn't weakening encryption.

Nor does GCHQ want security products to be weakened by forcing products in the UK to have "so-called backdoors," [GCHQ Director Robert] Hannigan claimed.

"We have never said this and we do not want this," he added. "Products should be secure. We work with companies to help make them secure."

Haven't read it myself yet, but this looks like a must-have book for anyone who's made it this far into the thread.

square wrote:

How do you handle a lawyer who exposes illegal behavior but is impractical to prosecute? Try to get him disbarred.

According to the National Law Journal, which broke the story Tuesday, the bar review panel opened Tamm's case in 2009, and the charges were lodged in December. The delay was attributed to a "backlog" of cases. Tamm is expected to respond to the ethics charges next month. His attorney said the allegations were a "shame."

There is no evidence here anywhere of shame for the sham, the lies on top of lies at one stroke responsible for erasing 200-odd years of US faith in due process.

No, demoting a lawyer at the top of his profession to defense of the indigent wasn't enough.

Last edited by choad (2016-01-28 08:06:38)

Rest easy, Europeans! You're now safe behind the EU-US Privacy Shield^TM!

"The US has clarified that they do not carry out indiscriminate mass surveillance of European citizens," [European Commission vice president Andrus] Ansip said.

The British are coming (again).

If U.S. and British negotiators have their way, MI5, the British domestic security service, could one day go directly to American companies such as Facebook or Google with a wiretap order for the online chats of British suspects in a counterterrorism investigation.

The transatlantic allies have quietly begun negotiations this month on an agreement that would enable the British government to serve wiretap orders directly on U.S. communication firms for live intercepts in criminal and national security investigations involving its own citizens. Britain would also be able to serve orders to obtain stored data, such as emails. . . .

The negotiating text was silent on the legal standard the British government must meet to obtain a wiretap order or a search warrant for stored data. Its system does not require a judge to approve search and wiretap warrants for surveillance based on probable cause, as is done in the United States. Instead, the home secretary, who oversees police and internal affairs, approves the warrant if that cabinet member finds that it is "necessary" for national security or to prevent serious crime and that it is "proportionate" to the intrusion.

Genuine surprise: someone in government stands up for encryption.

A State or political subdivision of a State may not mandate or request that a manufacturer, developer, seller, or provider of covered products or services--

(1) design or alter the security functions in its product or service to allow the surveillance of any user of such product or service, or to allow the physical search of such product, by any agency or instrumentality of a State, a political subdivision of a State, or the United States; or

(2) have the ability to decrypt or otherwise render intelligible information that is encrypted or otherwise rendered unintelligible using its product or service.

square wrote:

Not so surprising.

"Smart devices incorporated into the electric grid, vehicles--including autonomous vehicles--and household appliances are improving efficiency, energy conservation, and convenience. However, security industry analysts have demonstrated that many of these new systems can threaten data privacy, data integrity, or continuity of services. In the future, intelligence services might use the [Internet of Things] for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials," [Director of National Intelligence James] Clapper said, according to his prepared testimony before the Senate Select Committee on Intelligence. . . .

Clapper's remarks on the Internet of Things are remarkable because they come from the nation's top spy chief, and they likely mean that US spy agencies are trying to exploit it.

So bugging just got a little easier it wasn't all that difficult in the first place once the age of electronics was upon us.

Will Apple allow the FBI to torture its iPhone, make it confess and burn down the US tech sector in the process?

No link. All anyone can predict from here is this won't end well.