Have you created a ShazzleMail account on your smartphone? This is a required first step.

Yes No

Free Encrypted Email

Posts Tagged ‘#surveillance’

GettyImages-512265474-1-article-header

Secret Text in Senate Bill Would Give FBI Warrantless Access to Email Records

May 27, 2016

A provision snuck into the still-secret text of the Senate’s annual intelligence authorization would give the FBI the ability to demand individuals’ email data and possibly web-surfing history from their service providers without a warrant and in complete secrecy.
If passed, the change would expand the reach of the FBI’s already highly controversial national security letters. The FBI is currently allowed to get certain types of information with NSLs — most commonly, information about the name, address, and call data associated with a phone number or details about a bank account.
Since a 2008 Justice Department legal opinion, the FBI has not been allowed to use NSLs to demand “electronic communication transactional records,” such as email subject lines and other metadata, or URLs visited.
The spy bill passed the Senate Intelligence Committee on Tuesday, with the provision in it. The lone no vote came from Sen. Ron Wyden, D-Ore., who wrote in a statement that one of the bill’s provisions “would allow any FBI field office to demand email records without a court order, a major expansion of federal surveillance powers.”
Wyden did not disclose exactly what the provision would allow, but his spokesperson suggested it might go beyond email records to things like web-surfing histories and other information about online behavior. “Senator Wyden is concerned it could be read that way,” Keith Chu said.
It’s unclear how or when the provision was added, although Sens. Richard Burr, R-N.C., — the committee’s chairman — and Tom Cotton, R-Ark., have both offered bills in the past that would address what the FBI calls a gap and privacy advocates consider a serious threat to civil liberties.
“At this point, it should go without saying that the information the FBI wants to include in the statue is extremely revealing — URLs, for example, may reveal the content of a website that users have visited, their location, and so on,” Andrew Crocker, staff attorney for the Electronic Frontier Foundation, wrote in an email to The Intercept.
“And it’s particularly sneaky because this bill is debated behind closed doors,” Robyn Greene, policy counsel at the Open Technology Institute, said in an interview.
In February, FBI Director James Comey testified during a Senate Intelligence Committee hearing on worldwide threats that the FBI’s inability to get email records with NSLs was a “typo” — and that fixing it was one of the FBI’s top legislative priorities.
Greene warned at the time: “Unless we push back against Comey now, before you know it, the long slow push for an [electronic communication transactional records] fix may just be unstoppable.”
The FBI used to think that it was, in fact, allowed to get email records with NSLs, and did so routinely until the Justice Department under George W. Bush told the bureau that it had interpreted its powers overly broadly.
Ever since, the FBI has tried to get that power and has been rejected, including during negotiations over the USA Freedom Act.
The FBI’s power to issue NSLs is actually derived from the Electronic Communications Privacy Act — a 1986 law that Congress is currently working to update to incorporate more protections for electronic communications — not fewer. The House unanimously passed the Email Privacy Act in late April, while the Senate is due to vote on its version this week.
Sen. John Cornyn, R-Texas, is expected to offer an amendment that would mirror the provision in the intelligence bill.
Privacy advocates warn that adding it to the broadly supported reform effort would backfire.
“If [the provision] is added to ECPA, it’ll kill the bill,” Gabe Rottman, deputy director of the Center for Democracy and Technology’s freedom, security, and technology project, wrote in an email to The Intercept. “If it passes independently, it’ll create a gaping loophole. Either way, it’s a big problem and a massive expansion of government surveillance authority.”
NSLs have a particularly controversial history. In 2008, Justice Department Inspector General Glenn Fine blasted the FBI for using NSLs supported by weak evidence and documentation to collect information on Americans, some of which “implicated the target’s First Amendment rights.”
“NSLs have a sordid history. They’ve been abused in a number of ways, including … targeting of journalists and … use to collect an essentially unbounded amount of information,” Crocker wrote.
One thing that makes them particularly easy to abuse is that recipients of NSLs are subject to a gag order that forbids them from revealing the letters’ existence to anyone, much less the public.

By Jenna McLaughlin

www.theintercept.com

Tags: , , , ,

1463600977631262

The Selling Point Of Google’s New Messaging App Is Not Encryption, It’s Surveillance.

May 18, 2016

The buzziest thing Google announced at its I/O conference Wednesday was Allo, a chatbot-enabled smartphone messaging app that looks to take on iMessage, Facebook Messenger, and the Facebook-owned WhatsApp.
Early sentiment about Allo is overwhelmingly positive: It looks beautiful, lets you doodle on images before you send them, comes with stickers as well as emojis, and it’s the first Google product to offer end-to-end encryption, which is certainly a good thing.
But if you care at all about your privacy, you should not use Google Allo.
Allo’s big innovation is “Google Assistant,” a Siri competitor that will give personalized suggestions and answers to your questions on Allo as well as on the newly announced Google Home, which is a competitor to Amazon’s Echo.
On Allo, Google Assistant will learn how you talk to certain friends and offer suggested replies to make responding easier. Let that sink in for a moment: The selling point of this app is that Google will read your messages, for your convenience.
Some reporters have lauded Allo for having an “Incognito Mode,” which will turn on end-to-end encryption for a specific conversation, meaning that, in theory, neither Google, nor hackers, nor law enforcement will be able to read messages sent in this mode. Incognito Mode is indeed a good thing to enable if you are going to use Allo, but a better idea would be to stay away from the app altogether.
Google would be insane to not offer some version of end-to-end encryption in a chat app in 2016, when all of its biggest competitors have it enabled by default. Allo uses the Signal Protocol for its encryption, which is good. But as with all other Google products, Allo will work much better if you let Google into your life.
Google is banking on the idea that you won’t want to enable Incognito Mode, and thus won’t enable encryption.
Lots of people use Chrome’s Incognito Mode for searching for porn or other sensitive or embarrassing stuff, but how many people use Incognito for every search? Likewise, it’s smart to turn off location history in Google Maps because once Google has that data, it’s out of your control. As with any app that collects personal data, it’s hard to know where that data will eventually end up: in the hands of a hacker or law enforcement, for example. However, turning off location history means you have to type in your full home address every time you want directions home.
With Allo, the stated purpose of the app is to have a Google bot integrated into a messaging app, so that it can specifically learn more about you. In doing so, the messages you send to your friends will be more tailored—maybe it’ll suggest a coffee shop that’s halfway between you and the person you’re flirting with, for example. Google will have your express permission to mine your conversations for both your own benefit and the benefit of the company’s business interests (Gboard, Google’s new keyboard app with Google integration, has many of the same problems).
Allo is fundamentally different in this way than Hangouts or Gchat. With those two programs, Google showed no interest in injecting its own suggestions into what you type and thus showed no interest in learning more about you.
Allo, on the other hand, is the first major messaging app to have the express purpose of learning everything about you, further fleshing out Google’s already comprehensive profile of you. And so, of course it’s going to be less fun or useful when you’ve turned off that core feature. In that sense, it’s also entirely different than Facebook Messenger’s ‘M’ assistant bot (which may actually be a human). With M, you are speaking one-on-one with a bot, the bot isn’t monitoring every single thing you say to your friends.
One final note about Allo’s place in the current encryption debate: The FBI only started getting upset about the state of crypto after Apple and Google announced that they were going to turn on encryption on their smartphones by default. Before those announcements, encrypting your iPhone or Android device was possible and easy, but few people actually did it.
And so my point isn’t that Allo is evil or Google is evil. But Allo’s security and privacy features are skin deep at best, and we should treat the app for what it is: Yet another chance for Google to learn more about you.
We’ve seen time and time again that people only use privacy tools when they are seamless and don’t affect the overall experience of using the app or program. With Allo, collecting data is core to the value it’s offering. Google is giving consumers two options: Insecure with a wonderful user experience, or secure with an inferior experience. What do you think the masses are going to choose?
By Jason Koebler
www.motherboard.vice.com

Tags: , , , , ,

2f211d498f833

Google And Microsoft Have Made A Pact To Protect Surveillance Capitalism

May 11, 2016

Two bitter rivals have agreed to drop mutual antitrust cases across the globe. Why? To fend off the greater regulatory threat of democratic oversight. Microsoft and Google, two of the world’s greatest monopolies, have been bitter rivals for nearly 20 years. But suddenly, in late April, they announced a startling accord. The companies have withdrawn all regulatory complaints against one another, globally. Rather than fighting their battles in public courts and commissions, they have agreed to privately negotiate.
This is a gentleman’s agreement. The specifics are secret, but the message on both sides is that the deal reflects a change in management philosophy. Microsoft’s new chief, Satya Nadella, is eager to push the vision of a dynamic, collaborative Microsoft, partnering with everyone from Apple to Salesforce.
The most dramatic of these partners is Google, a company that has long been considered Microsoft’s great arch-rival.
The wind started to change in September, just after Sundar Pichai became Google’s chief executive, when the two companies agreed to stop feuding over patents – a first step toward the current agreement. The common corporate line is that the companies want to compete on products, not court cases.
But this public relations gambit masks two far more interesting tales. One is about Microsoft and its desperate chase for relevance. The other is about Google, money and power. Both are part of a broader, deeply worrying narrative – a story about how tech companies are busy redrawing the lines around our lives, and facing little resistance in doing so.
Nobody ever wants to start a legal fight. Fractious, painful and wasteful, they divert huge resources, often for little productive gain. But this in itself fails to explain Microsoft’s decision to drop pending regulatory complaints against Google in Europe, Brazil and Argentina, as well as to cease funding and participating in lobby groups that it has backed for eight years, such as FairSearch.org and ICOMP, the Initiative for a Competitive Online Marketplace. So what does explain it?
It could be seen as a pragmatic move. Microsoft’s profits still exceed Google’s, but the ratio has been in decline for a decade. Meanwhile, since 2012, Apple has outstripped both companies combined (even if recent figures suggest this momentum might be slowing). A suite of regulatory enquiries into Google’s alleged abuses of its monopoly will continue even in Microsoft’s absence – both in places where Microsoft has filed complaints (Europe, Brazil, Argentina) and in others where it hasn’t, such as India.
With Microsoft’s withdrawal, it is clear that the remaining complainants in these fights – generally small, niche internet businesses – are legitimate critics in their own right. But then again, it takes serious coordination and resources to sustain and succeed in antitrust fights. Winning, especially in a broad and generally impactful manner, is a much taller order without a deep-pocketed supporter such as Microsoft.
But there’s another possible, rather more cunning, motive. Microsoft today is facing a very different business ecosystem to the one it dominated in the 1990s. It needs to adapt. And it appears to want to do so by positioning itself at the heart of what Satya Nadella describes as “systems of intelligence”.
Explaining this concept at Hannover Messe 2016, Nadella defined systems of intelligence as cloud-enabled digital feedback loops. They rely on the continuous flow of data from people, places and things, connected to a web of activity. And they promise unprecedented power to reason, predict and gain insight.
This is unbridled Big Data utopianism. And it is a vision that brings Microsoft squarely into Google territory. So maybe Microsoft is pulling out of regulatory battles because it doesn’t want to shoot itself in the foot. For emeritus Harvard Business School professor Shoshana Zuboff, this gets to the core of the Google-Microsoft deal.
Zuboff is a leading critic of what she calls “surveillance capitalism”, the monetization of free behavioral data acquired through surveillance and sold on to entities with an interest in your future behavior. As she explained to the Guardian: “Google discovered surveillance capitalism. Microsoft has been late to this game, but it has now waded in. Viewed in this way, its agreement with Google is predictable and rational.”
And here the most sinister upshot of Microsoft’s decision to stop needling Google with legal disputes becomes clear. “A key theme I write about is that surveillance capitalism has thrived in lawless space,” says Zuboff. “Regulations and laws are its enemy. Democratic oversight is a threat. Lawlessness is so vital to the surveillance capitalism project,” she continues, “that Google and Microsoft’s shared interest in freedom from regulation outweighs any narrower competitive interests they might have or once thought they had. They can’t insist to the public that they must remain unregulated, while trying to impose regulations on one another.”
What does all this mean for the cases pending against Google? For Maurice Stucke and Allen Grunes, American antitrust experts and co-authors of a comprehensive new book examining the deep and reaching implications of platform and data monopolies, Zuboff’s warning of a lawless alliance among tech giants such as Microsoft and Google only accentuates the demand for rigorous, intellectually led regulatory action. And when it comes to Google, the case for action is in their view clear.
“The one thing that any antitrust regime absolutely has to do, if it is to be effective, is to stand up to the most powerful companies of the time,” explains Grunes. “Take that away and antitrust ceases to be meaningful.
“The antitrust authorities in the US and EU did that in the case of Microsoft. It required brains, resources and relentless pursuit and commitment.”
Yet only the Europeans, he argues, seem to have the intellectual leadership to be doing it in the case of Google. “The failure of the FTC to take meaningful action against Google is without question one of the great failures of all time.”
Microsoft and Google’s new deal to stop fighting each other is an interesting, strategic corporate move. But it is a move accompanied by a much stronger, deeper play: to collect and capitalize data – including data about us, our behaviors, and our interactions. The challenge for regulators and citizens is complex but essential – and has only just begun.

By Julia Powels

www.theguardian.com

Tags: , , , , ,

featured image 1

Terrorist attacks: Mass surveillance is the problem, not the solution

November 25, 2015

Showing scant respect for the many victims of the Paris attacks, government officials and pundits have been quick to exploit public anger and fear to advance their own agendas. As Ars reported, a favourite target has been Edward Snowden. The logic, such as it is, seems to be that Snowden’s leaks alerted criminals to the mass surveillance being conducted by Western intelligence agencies, allowing would-be terrorists to take measures to avoid discovery before they carried out their murderous assaults. As a result, so this argument goes, Snowden bears a heavy moral responsibility for the suffering that has been caused in Paris and elsewhere.

Soon after these latest attempts to blame Snowden started appearing, Glenn Greenwald, who has been writing about surveillance and terrorism extensively, and who enjoys a unique access to the Snowden leaks, wrote a thorough rebuttal to this line of thinking. For example, he points out: “One key premise here seems to be that prior to the Snowden reporting, The Terrorists helpfully and stupidly used telephones and unencrypted emails to plot, so Western governments were able to track their plotting and disrupt at least large-scale attacks.” Except, of course, that governments did notstop the carnage of Bali (2002), Madrid (2004), London (2005), Mumbai (2008), and at the Boston Marathon (April 2013, before the first Snowden documents were revealed.)

In fact, the claim that it was Snowden who encouraged terrorists to use encrypted communications is easily disproved. Greenwald quotes several mainstream articles from 2001—over a decade before Snowden hit the world’s headlines—including the following memorable quotation from USA Today: “‘Uncrackable encryption is allowing terrorists—Hamas, Hezbollah, al-Qaida and others—to communicate about their criminal intentions without fear of outside intrusion,’ FBI Director Louis Freeh said last March during closed-door testimony on terrorism before a Senate panel. ‘They’re thwarting the efforts of law enforcement to detect, prevent and investigate illegal activities.'”

If those words seem familiar, it’s because variations on them are continually being wheeled out by senior intelligence officers today, not least in the wake of the Paris attacks. Indeed, since the smears against Snowden are so transparently false, most criticism is now levelled at encryption in general, and at the companies like Google and Facebook that have started to deploy it more widely in their services.

But the new narrative—that the terrorists in Paris used encryption communications to escape detection—soon started to disintegrate. As Ars noted, French police found an unencrypted, unlocked phone in a rubbish bin outside the Bataclan concert hall in Paris, which contained an SMS sent in the clear. It is believed the same device may have led the French authorities to the flat where a gun battle with suspects later took place.

It also emerged that at least five of the Paris attackers were known to have travelled to fight in Syria, and had then returned to France or Belgium. As The Guardian writes: “One of the attackers at the Stade de France, Omar Ismaïl Mostefai, had a French police ‘S’ file, denoted suspected radicalisation, since 2010.” In addition, “Sami Amimour, one of the gunmen at the Bataclan, had been detained in October 2012 on suspicion of terrorist links, and had an international arrest warrant out on him after he broke his parole the following year and travelled to Syria. Yet he returned in mid-October 2014, and was able to remain at large until the attacks.” One of the bombers even had a Facebook page where it is reported he called for attacks on the West.

The Washington Post reveals that there were similar missed chances in Belgium: “Over the past year, Belgian security forces tapped at least one bomber’s telephone and briefly detained and interviewed at least two other suspects—one for his travels to Syria and the other for his radical views, according to law enforcement officials here.” In fact: “Not only were police suspicious of the men tied to the Paris attacks, but Belgian researchers and even journalists also were tracking their posts on social media.” The terrorist links of four of the men were obvious enough to put them on a US counter-terrorism database.

Were the terrorists just lucky? Or is mass surveillance deeply flawed?

It might be argued that this was just an unfortunate one-off lapse, and that the terrorists were simply lucky on this occasion. But an important analysis by Ryan Gallagher in The Intercept shows that in ten of the most notorious terrorist attacks in recent years, some or all of the perpetrators were known to the authorities. That includes the murder of Fusilier Lee Rigby by Michael Adebolajo and Michael Adebowale in Woolwich, London in 2013:

According to a U.K. parliamentary report published following the attack, Adebolajo was investigated under five separate police and security service operations. He was believed to have links to several extremist networks and was suspected of having tried to travel overseas to join a terrorist organization. Adebowale was investigated by British spies after he was identified as having viewed extremist material online. London counterterrorism police also received an uncorroborated tip that Adebowale was affiliated with al Qaeda. Investigators reviewed Adebowale’s cellphone records and apparently did not find anything of interest. But they did not check his landline call records, which if they had would have revealed that he had been in contact with an individual in Yemen linked to al Qaeda. Covert surveillance of both Adebolajo and Adebowale had ceased prior to their attack in London in May 2013, though Adebowale was still the subject of a terrorism-related investigation at the time.

The UK parliamentary investigation into the murder of Lee Rigby was undertaken “to establish whether mistakes have been made and to ensure that any lessons are learned.” First among the eight “issues” raised by the report was the following: “MI5 has limited resources, and must continuously prioritise its investigations in order to allocate those resources.”

Stretched resources were also mentioned in the wake of the Paris attacks. The Guardian wrote: “French intelligence and police have only an estimated 500-600 staff whose task is to physically follow people. But the agencies have about 11,000 people on their books classified as potential threats to national security.”

These comments confirm points made by an FBI whistleblower, Coleen Rowley, in an article that appeared just after the parliamentary report was published in 2014. She wrote: “I fear that terrorists will succeed in carrying out future attacks—not despite the massive collect-it-all, dragnet approach to intelligence implemented since 9/11, but because of it. This approach has made terrorist activity more difficult to spot and prevent.” As she put it: “After Edward Snowden described just how massive and irrelevant the US and UK monitoring had become, people started to grasp the significance of the saying: ‘If you’re looking for a needle in a haystack, how does it help to add hay?'”

Rowley’s crucial point, about adding more hay to the haystack, is particularly pertinent today as politicians again cry out for encryption to be backdoored, and for even more intrusive mass surveillance to be carried out, in order to “fight terrorism.” The attacks in Paris did not take place because the terrorists used encryption to keep their communications secret. People died or suffered terrible injuries not because the terrorists had somehow managed to slip through the surveillance net. In fact, it seems that they were known to multiple intelligence agencies around the world.

The reason the attacks were successful and people died was largely because the authorities had insufficient resources to follow up the knowledge that they had, and some important leads that they were given. It was not because they had too little information about the terrorists, but because they had too much for the human resources they could bring to bear upon them.

Mass surveillance is not the solution to these attacks; it is the problem that makes them more likely. The belief that gathering yet more undifferentiated data from everyone, whoever they are, and whatever they are doing, will somehow make it easier to spot and stop attacks is contradicted by the painful events of the last decade or so. It is time to stop trying to shift the blame to Edward Snowden or encryption for the serious intelligence failures that have occurred. It is time to recognise that the current approach based on mass surveillance simply does not work, and must be replaced by a more targeted, more intelligent, and thus more effective approach.

Tags: , , ,

Introducing ShazzleMail Email and How it Works

Privacy is your Fundamental Human Right.

Our Daily Blog
main-snowden
Edward Snowden’s Autobiography Makes a Plea for the Fourth Amendment, the Right to Privacy, and Encryption
September 24, 2019

America's most famous whistleblower calls for restricting the power of government. Article by SCO...

Read more
ph
Chinese deepfake app Zao sparks privacy row after going viral
September 3, 2019

Critics say face-swap app could spread misinformation on a massive scale A Chinese app that lets ...

Read more
1463600977631262
Google tightens grip on some Android data over privacy fears, report says
August 19, 2019

The search giant ends a program that provided network coverage data to wireless carriers. BY CARR...

Read more
4000
Wikipedia co-founder slams Mark Zuckerberg, Twitter and the ‘appalling’ internet
July 8, 2019

Elizabeth Schulze Wikpedia Co-Founder Larry Sanger said in an interview social media companies ...

Read more
venmo_pub_priv
Why America Needs a Thoughtful Federal Privacy Law
June 26, 2019

More than a dozen privacy bills have been introduced in this Congress. Here’s what it needs to do....

Read more