Have you created a ShazzleMail account on your smartphone? This is a required first step.

Yes No

Free Encrypted Email

Posts Tagged ‘privacy’



January 4, 2016

When you pick up the phone, who you’re calling is none of the government’s business. The NSA’s domestic surveillance of phone metadata was the first program to be disclosed based on documents from whistleblower Edward Snowden, and Americans have been furious about it ever since. The courts ruled it illegal, and Congress let the section of the Patriot Act that justified it expire (though the program lives on in a different form as part of the USA Freedom Act).

Yet XKEYSCORE, the secret program that converts all the data it can see into searchable events like web pages loaded, files downloaded, forms submitted, emails and attachments sent, porn videos watched, TV shows streamed, and advertisements loaded, demonstrates how Internet traffic can be even more sensitive than phone calls. And unlike the Patriot Act’s phone metadata program, Congress has failed to limit the scope of programs like XKEYSCORE, which is presumably still operating at full speed. Maybe Verizon stopped giving phone metadata to the NSA, but if a Verizon engineer uploads a spreadsheet full of this metadata without proper encryption, the NSA may well get it anyway by spying directly on the cables that the spreadsheet travels over.

The outrage over bulk collection of our phone metadata makes sense:Metadata is private. Americans call suicide prevention hotlines, HIV testing services, phone sex services, advocacy groups for gun rights and for abortion rights, and the people they’re having affairs with. We use the phone to schedule job interviews without letting our current employer know, and to manage long-distance relationships. Most of us, at one point or another, have spent long hours on the phone discussing the most intimate details about our lives. There isn’t an American alive today who didn’t grow up with at least some access to a telephone, so Americans understand this well.

But Americans don’t understand the Internet yet. Bulk collection of phone metadata is, without a doubt, a violation of your privacy, but bulk surveillance of Internet traffic is orders of magnitude more invasive. People also use the Internet in all the ways they use phones — often inadvertently sharing even more intimate details through online searches. In fact, the phone network itself is starting to go over the Internet, without customers even noticing.

XKEYSCORE, as well as NSA’s programs that tap the Internet directly and feed data into it, have some legal problems: They violate First Amendment rights to freedom of association; they violate the Wiretap Act. But the biggest and most obvious concerns are with the Fourth Amendment.

The Fourth Amendment to the U.S. Constitution is short and concise:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

It means that Americans have a right to privacy. If government agents want to search you or seize your data, they must have a warrant. The warrant can only be issued if they have probable cause, and the warrant must be specific. It can’t say, “We want to seize everyone’s Internet traffic to see what’s in it.” Instead, it must say something like, “We want to seize a specific incriminating document from a specific suspect.”

But this is exactly what’s happening:

The government is indiscriminately seizing Internet traffic to see what’s in it, without probable cause. The ostensible justification is that, while tens of millions of Americans may be swept up in this dragnet, the real targets are foreigners. In a legal document called USSID 18, the NSA sets out policies and procedures that purportedly prevent unreasonable searches of data from U.S. persons.

But it doesn’t prevent, or even claim to prevent, unreasonable seizures.

Kurt Opsahl, general counsel of the Electronic Frontier Foundation, explains: “We have a fundamental disagreement with the government about whether [data] acquisition is a problem. Acquisition is a seizure and has to be compliant with the Fourth Amendment.”

If you read USSID 18 carefully, you’ll see that it appears to limit, with many exceptions, the government’s ability to intentionally collect data concerning U.S. persons. But the Department of Defense, under which the NSA operates, defines “collection” differently than most of us do. It doesn’t consider seized data as “collected” until it’s been queried by a human.

If you email your mom, there’s a good chance the NSA will intercept the message as it travels through a fiberoptic cable, such as the ones that make up the backbone of the Internet, eventually making its way to an XKEYSCORE field site. You can thwart this with encryption: either by encrypting your email (hopefully someday all parents will know how to use encrypted email), or by using email servers that automatically encrypt with each other. In the absence of such encryption, XKEYSCORE will process the email, fingerprint it and tag it, and then it will sit in a database waiting to be queried. According to the Department of Defense, this email hasn’t been “collected” until an analyst runs a query and the email appears on the screen in front of them.

When NSA seizes, in bulk, data belonging to U.S. citizens or residents, data that inevitably includes information from innocent people that the government does not have probable cause to investigate, the agency has already committed an unconstitutional “unreasonable seizure,” even if analysts never query the data about innocent U.S. persons.

The NSA has legal justifications for all their surveillance: Section 215 of the Patriot Act, now expired, was used to justify bulk collection of phone and email metadata. Section 702 of the Foreign Intelligence Surveillance Act(FISA) is currently used to justify so-called “upstream” collection, tapping the physical infrastructure that the Internet uses to route traffic across the country and around the world in order to import into systems like XKEYSCORE. Executive Order 12333, approved by President Reagan, outlines vague rules, which are littered with exceptions and loopholes, that the executive branch made for itself to follow regarding spying on Americans, which includes USSID 18.

But these laws and regulations ignore the uncomfortable truth that the Fourth Amendment requires surveillance of Americans to be targeted; it cannot be done in bulk. Americans are fighting to end bulk surveillance in dozens of lawsuits, including Jewel v. NSA, which relies on whistleblower-obtained evidence that NSA tapped the fiber optic cables that carry Internet traffic in AT&T’s Folsom Street building in San Francisco. It’s easy for the government to stall cases like this, or get them dismissed, by insisting that talking about it at all puts our national security at risk.

And, of course, let’s not forget the 6.8 billion people on Earth who are not in the United States. Article 12 of the U.N. Declaration of Human Rightsstates:

No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.

The NSA has very few restrictions on spying on non-Americans (it must be for “foreign intelligence” or “counterintelligence” purposes, and not other purposes), despite XKEYSCORE and the bulk collection programs that feed it being an “arbitrary interference” with the privacy of such persons. NSA doesn’t even have restrictions on spying on allies, such as Germany and France.

Facebook feeds everywhere are decorated with baby pictures. When those babies are grown up and getting elected to Congress, maybe then Americans will understand how the Internet works, and that bulk surveillance of phone metadata is just a tiny sliver of the enormous “collect it all” bulk surveillance pie.

Photo: Getty

Tags: , , , , ,

featured image 2

Game for privacy is gone, mass surveillance is here to stay – Assange on #RT10 panel

December 11, 2015

Humanity has lost its battle for privacy and must now learn to live in a world where mass surveillance is becoming cheaper for governments to implement, WikiLeaks founder Julian Assange said during a panel dedicated to RT’s 10th anniversary.
Assange addressed the panel on security and surveillance hosted by RT in central Moscow on Thursday via videoconference from the Ecuadorian embassy in London, where he has remained holed up for the last three years in order to avoid extradition to Sweden.
When offered a chance to comment on the session’s topic – “Security or Surveillance: Can the right to privacy and effective anti-terror security coexist in the digital age?” – the whistleblower asked the moderator, and host of The Big Picture Show on RT American, Thom Hartmann: “How long have you got, Tom?” implying he has a lot to say on the issue.
But it was Assange’s only joke during the event, as his reply turned out to be gravely serious and in many respects depressing.
“In thinking about this issue I want to take quite a different position, perhaps, from what you would expect me to have taken… I think that we should understand that the game for privacy is gone. It’s gone. The mass surveillance is here to stay,” he said.
Mass surveillance is already being implemented not only by major world powers, but also by some medium and small-sized countries, he added.
“The Five Eyes intelligence arrangement [of Australia, Canada, New Zealand, the UK and the US]… is so evasive in terms of mass surveillance of domestic and international telecommunications that while some experts can achieve practical privacy for themselves for limited number of operations… it’s gone for the rest of the populations,” the WikiLeaks founder stressed.
International terrorists are among those “experts” capable of making their communications invisible for security agencies, he added.
Privacy “will not be coming back, short of a very regressive economic collapse, which reduces the technological capacity of civilization,” Assange said.
“The reason it will not come back is that the cost of engaging in mass surveillance is decreasing by about 50 per cent every 18 months, because it’s the underlying cost that’s predicated on the cost of telecommunications, moving surveillance intercepts around and computerization and storage – all those costs are decreasing much faster at a geometric rate than the human population is increasing,” he explained.
Mass surveillance and computerization are “winning” the competition with humanity and human values and they’re “going to continue to win at an ever-increasing rate. That’s the reality that we have to deal with,” the WikiLeaks whistleblower added.
The focus should now switch from defending privacy to understanding what kind of society will be built in these new, changed conditions, he said.
The WikiLeaks founder reminded the panel of the historic examples of East Germany and other societies, in which people adapted to living under the scrutiny of the authorities.
“If you look at societal behavior in very conformist, small, isolated societies with reduced social spaces – like Sweden, South Korea, Okinawa in Japan and North Korea – then you’ll see that society adapts. Everyone becomes incredibly timid, they start to use code words; use a lot of subtext to try and sneak out your controversial views,” he said.
According to Assange, the modern world is currently moving “towards that kind of a society.”
Privacy is among values “that simply are unsustainable… in the face of the reality of technological change; the reality of the deep state with a military-industrial complex and the reality of Islamic terrorism, which is legitimizing that sector in a way that it’s behaving,” he stressed.
Assange encouraged those present on the panel as well as the general public to “get on the other side of the debate where it’s going” and stop holding on to privacy.
The panel discussion was part of an RT conference titled ‘Information, messages, politics:The shape-shifting powers of today’s world.’ The meeting brought together politicians, foreign policy experts and media executives from across the globe, among them former director of the US Defense Intelligence Agency Michael Flynn, the Green Party’s Jill Stein and former vice president of the Parliamentary Assembly of the OSCE, Willy Wimmer.

Tags: , , , , , , , ,

featured image 1

‘Dark ages’ warning issued over freedom of information changes

December 7, 2015

Information commissioner tells Tom Watson’s review that Conservatives are risking a return to ‘private government’

featured image 1

Exempting advice given to ministers from freedom of information requests risks returning the UK to the “dark ages” of “private government”, the information commissioner has warned. Christopher Graham told a review into the legislation that changes to FoI being considered by a government commission could lead to a blanket ban on all advice being made available to the public.

“The danger is the Whitehall machine might run more smoothly, [but] you are back to that world of private government which I don’t think fits with the 21st century,” Graham told the review, led by Labour deputy leader Tom Watson. “FoI is the price you pay for being a modern, accountable and efficient government in the 21st century.”

Details of advice given to ministers can be withheld if it is deemed in the public interest to do so, but part of the government review is considering whether ministers need a “safe space” to discuss policy with advisers.

The commission has been criticised for its membership, some of whom are on the record as having criticised FoI, and for holding private briefings and hearings. Watson’s review, which was set up in response to the commission, is holding public hearings. Though it is led by Labour, it has support from members of other parties, including the Conservative MP David Davis.

Campaigners for freedom of information, including Davis, think parliament is unlikely to approve any changes to the act. However, there are concerns that the government could try to water it down by introducing measures, such as fees for requests, that do not need to go before parliament. Graham said any attempt to introduce charges could “only be seen as a disincentive” to dissuade requests.

Watson’s review has said it will look at ways the act could be strengthened, including extending it to cover private contractors delivering public services. Graham said the act should “absolutely” be extended to make private contractors more accountable to the public, in part because so many more services traditionally considered within the public realm were now delivered by private companies.

He said: “I think it is absolutely essential that, as more and more services are provided by private contractors, we have to be clear about there being no less accountability.”

The Information Commissioner’s Office is proposing a range of measures that would open up private contractors to the public, including writing commitments to transparency into contracts and designating larger long-term providers as public bodies for the purposes of the act.

Graham rejected comments by the leader of the House of Commons, Chris Grayling, to the effect that journalists were misusing the act to generate stories. He said: “Journalists will always give you a hard time, but that’s just life.” 

Source: http://www.theguardian.com/media/2015/dec/07/dark-ages-warning-issued-over-freedom-of-information-changes

Tags: , , , , ,


House panel considers bill to protect email privacy

December 2, 2015

WASHINGTON — The House Judiciary Committeebegan considering a bill Tuesday to update a nearly 30-year-old law that allows government agents to read Americans’ emails without a search warrant if the messages are at least six months old.

“When current law affords more protections for a letter in a filing cabinet than an email on a server, it’s clear our policies are outdated,” said Rep. Suzan DelBene, D-Wash.

Under the 1986 Electronic Communications Privacy Act, federal, state and local police or regulatory agencies can order Internet service providers to turn over customers’ emails that are 180 days old or older. The law was written before email use was common and before the creation of cloud technology to store electronic communication.

The bipartisan Email Privacy Act by Reps. Kevin Yoder, R-Kan., and Jared Polis, D-Colo., would require government agencies to get a search warrant to gain access to emails regardless of when the messages were written or whether or not they were opened. The bill has more than 300 co-sponsors. Similar legislation has been introduced by members of the Senate Judiciary Committee, also with bipartisan support, and privacy rights groups and the U.S. tech industry are pushing for the bills to get a vote soon.

“(The bill) reaffirms our commitment to protecting the privacy interests of the American people,” said House Judiciary Chairman Bob Goodlatte, R-Va.

However, an official of the Securities and Exchange Commission said the bill would make it more difficult for agencies that investigate civil cases to go after lawbreakers.

The bill requires government agencies to obtain a criminal search warrant to compel an Internet service provider to turn over the content of emails. The SEC and other civil law enforcement agencies such as the IRS and the Environmental Protection Agencycannot obtain criminal warrants. Instead, they typically ask a court for a subpoena to get information. The standard for obtaining a subpoena is less stringent.

“(The bill) poses significant risks to the American public by impeding the ability of the SEC and other civil law enforcement agencies to investigate and uncover financial fraud and other unlawful conduct,” said Andrew Ceresney, director of the SEC’s enforcement division.

But lawmakers questioned how much the bill would really hamper the SEC since the agency has been prosecuting cases successfully in the wake of a 2010 federal court ruling that strengthened email privacy. That ruling by the Sixth Circuit Court of Appealsin Warshak vs. United States said the government violated constitutional protections against unreasonable search and seizure when it obtained emails stored by Internet service providers without a warrant.

The House bill would merely codify that decision, supporters of the legislation said.

“Civil agencies can already obtain digital content with a subpoena issued directly to the target of the investigation — such as a user who sent or received emails,” said Chris Calabrese, vice president for policy at the Center for Democracy and Technology.

The head of law enforcement for Google, Inc. said the giant tech company supports the bill as a way to protect the privacy of its customers.

“Users expect, as they should, that documents they store online have the same Fourth Amendment protections as documents stored at home,” said Richard Salgado, Google’s director of law enforcement and information security.

In today’s world, electronic communication often contains more personal information than any physical documents the government could seize, Calabrese said.

“You would find much more sensitive documents about me in the Cloud than you would in my home,” he said.

Tags: , , ,

featured image 1

Terrorist attacks: Mass surveillance is the problem, not the solution

November 25, 2015

Showing scant respect for the many victims of the Paris attacks, government officials and pundits have been quick to exploit public anger and fear to advance their own agendas. As Ars reported, a favourite target has been Edward Snowden. The logic, such as it is, seems to be that Snowden’s leaks alerted criminals to the mass surveillance being conducted by Western intelligence agencies, allowing would-be terrorists to take measures to avoid discovery before they carried out their murderous assaults. As a result, so this argument goes, Snowden bears a heavy moral responsibility for the suffering that has been caused in Paris and elsewhere.

Soon after these latest attempts to blame Snowden started appearing, Glenn Greenwald, who has been writing about surveillance and terrorism extensively, and who enjoys a unique access to the Snowden leaks, wrote a thorough rebuttal to this line of thinking. For example, he points out: “One key premise here seems to be that prior to the Snowden reporting, The Terrorists helpfully and stupidly used telephones and unencrypted emails to plot, so Western governments were able to track their plotting and disrupt at least large-scale attacks.” Except, of course, that governments did notstop the carnage of Bali (2002), Madrid (2004), London (2005), Mumbai (2008), and at the Boston Marathon (April 2013, before the first Snowden documents were revealed.)

In fact, the claim that it was Snowden who encouraged terrorists to use encrypted communications is easily disproved. Greenwald quotes several mainstream articles from 2001—over a decade before Snowden hit the world’s headlines—including the following memorable quotation from USA Today: “‘Uncrackable encryption is allowing terrorists—Hamas, Hezbollah, al-Qaida and others—to communicate about their criminal intentions without fear of outside intrusion,’ FBI Director Louis Freeh said last March during closed-door testimony on terrorism before a Senate panel. ‘They’re thwarting the efforts of law enforcement to detect, prevent and investigate illegal activities.'”

If those words seem familiar, it’s because variations on them are continually being wheeled out by senior intelligence officers today, not least in the wake of the Paris attacks. Indeed, since the smears against Snowden are so transparently false, most criticism is now levelled at encryption in general, and at the companies like Google and Facebook that have started to deploy it more widely in their services.

But the new narrative—that the terrorists in Paris used encryption communications to escape detection—soon started to disintegrate. As Ars noted, French police found an unencrypted, unlocked phone in a rubbish bin outside the Bataclan concert hall in Paris, which contained an SMS sent in the clear. It is believed the same device may have led the French authorities to the flat where a gun battle with suspects later took place.

It also emerged that at least five of the Paris attackers were known to have travelled to fight in Syria, and had then returned to France or Belgium. As The Guardian writes: “One of the attackers at the Stade de France, Omar Ismaïl Mostefai, had a French police ‘S’ file, denoted suspected radicalisation, since 2010.” In addition, “Sami Amimour, one of the gunmen at the Bataclan, had been detained in October 2012 on suspicion of terrorist links, and had an international arrest warrant out on him after he broke his parole the following year and travelled to Syria. Yet he returned in mid-October 2014, and was able to remain at large until the attacks.” One of the bombers even had a Facebook page where it is reported he called for attacks on the West.

The Washington Post reveals that there were similar missed chances in Belgium: “Over the past year, Belgian security forces tapped at least one bomber’s telephone and briefly detained and interviewed at least two other suspects—one for his travels to Syria and the other for his radical views, according to law enforcement officials here.” In fact: “Not only were police suspicious of the men tied to the Paris attacks, but Belgian researchers and even journalists also were tracking their posts on social media.” The terrorist links of four of the men were obvious enough to put them on a US counter-terrorism database.

Were the terrorists just lucky? Or is mass surveillance deeply flawed?

It might be argued that this was just an unfortunate one-off lapse, and that the terrorists were simply lucky on this occasion. But an important analysis by Ryan Gallagher in The Intercept shows that in ten of the most notorious terrorist attacks in recent years, some or all of the perpetrators were known to the authorities. That includes the murder of Fusilier Lee Rigby by Michael Adebolajo and Michael Adebowale in Woolwich, London in 2013:

According to a U.K. parliamentary report published following the attack, Adebolajo was investigated under five separate police and security service operations. He was believed to have links to several extremist networks and was suspected of having tried to travel overseas to join a terrorist organization. Adebowale was investigated by British spies after he was identified as having viewed extremist material online. London counterterrorism police also received an uncorroborated tip that Adebowale was affiliated with al Qaeda. Investigators reviewed Adebowale’s cellphone records and apparently did not find anything of interest. But they did not check his landline call records, which if they had would have revealed that he had been in contact with an individual in Yemen linked to al Qaeda. Covert surveillance of both Adebolajo and Adebowale had ceased prior to their attack in London in May 2013, though Adebowale was still the subject of a terrorism-related investigation at the time.

The UK parliamentary investigation into the murder of Lee Rigby was undertaken “to establish whether mistakes have been made and to ensure that any lessons are learned.” First among the eight “issues” raised by the report was the following: “MI5 has limited resources, and must continuously prioritise its investigations in order to allocate those resources.”

Stretched resources were also mentioned in the wake of the Paris attacks. The Guardian wrote: “French intelligence and police have only an estimated 500-600 staff whose task is to physically follow people. But the agencies have about 11,000 people on their books classified as potential threats to national security.”

These comments confirm points made by an FBI whistleblower, Coleen Rowley, in an article that appeared just after the parliamentary report was published in 2014. She wrote: “I fear that terrorists will succeed in carrying out future attacks—not despite the massive collect-it-all, dragnet approach to intelligence implemented since 9/11, but because of it. This approach has made terrorist activity more difficult to spot and prevent.” As she put it: “After Edward Snowden described just how massive and irrelevant the US and UK monitoring had become, people started to grasp the significance of the saying: ‘If you’re looking for a needle in a haystack, how does it help to add hay?'”

Rowley’s crucial point, about adding more hay to the haystack, is particularly pertinent today as politicians again cry out for encryption to be backdoored, and for even more intrusive mass surveillance to be carried out, in order to “fight terrorism.” The attacks in Paris did not take place because the terrorists used encryption to keep their communications secret. People died or suffered terrible injuries not because the terrorists had somehow managed to slip through the surveillance net. In fact, it seems that they were known to multiple intelligence agencies around the world.

The reason the attacks were successful and people died was largely because the authorities had insufficient resources to follow up the knowledge that they had, and some important leads that they were given. It was not because they had too little information about the terrorists, but because they had too much for the human resources they could bring to bear upon them.

Mass surveillance is not the solution to these attacks; it is the problem that makes them more likely. The belief that gathering yet more undifferentiated data from everyone, whoever they are, and whatever they are doing, will somehow make it easier to spot and stop attacks is contradicted by the painful events of the last decade or so. It is time to stop trying to shift the blame to Edward Snowden or encryption for the serious intelligence failures that have occurred. It is time to recognise that the current approach based on mass surveillance simply does not work, and must be replaced by a more targeted, more intelligent, and thus more effective approach.

Tags: , , ,

Introducing ShazzleMail Email and How it Works

Privacy is your Fundamental Human Right.

Our Daily Blog
Edward Snowden’s Autobiography Makes a Plea for the Fourth Amendment, the Right to Privacy, and Encryption
September 24, 2019

America's most famous whistleblower calls for restricting the power of government. Article by SCO...

Read more
Chinese deepfake app Zao sparks privacy row after going viral
September 3, 2019

Critics say face-swap app could spread misinformation on a massive scale A Chinese app that lets ...

Read more
Google tightens grip on some Android data over privacy fears, report says
August 19, 2019

The search giant ends a program that provided network coverage data to wireless carriers. BY CARR...

Read more
Wikipedia co-founder slams Mark Zuckerberg, Twitter and the ‘appalling’ internet
July 8, 2019

Elizabeth Schulze Wikpedia Co-Founder Larry Sanger said in an interview social media companies ...

Read more
Why America Needs a Thoughtful Federal Privacy Law
June 26, 2019

More than a dozen privacy bills have been introduced in this Congress. Here’s what it needs to do....

Read more