Brindle

As you may recall, a few months back, a big story broke involving the CIA spying on Senate Intelligence Committee staffers who were investigating the CIA's torture program. The details revealed that in the course of their investigation, the CIA had given the staffers an internal document they didn't think they'd given them, which revealed that an internal CIA analysis more or less agreed with the Senate analysis (which has been described as "scathing"). This was a very different position than what the CIA had said publicly. After some in the Senate had asked for the "full report" rather than the draft that the staffers had been given, the CIA believed (incorrectly it appears) that the staffers had gotten access to unauthorized classified materials, and searched the special private network that had been set up just for those staffers. This happened after previous problems with the CIA doing questionable things concerning the Senate staffers network.

In the end, both sides asked the DOJ to investigate the other side. The DOJ has now said that it won't pursue either claim:

"The department carefully reviewed the matters referred to us and did not find sufficient evidence to warrant a criminal investigation," said Justice Department spokesman Peter Carr.

Perhaps this isn't too surprising. The fact that the CIA itself handed the document to the staffers made that claim a pretty clear dead end. However, the CIA searching through the staffers' computer network always seemed a lot more questionable, but perhaps not criminal. It seems likely that the DOJ realized that to pursue either side in this would create a huge political mess, and it was just easier to let the case go, and let the two sides continue to glare angrily at each other.

Permalink | Comments | Email This Story

It's not much of a secret that broadband providers will bend over backwards to try to keep you from cancelling. In fact, many people realize that if you want to get a lower broadband bill you should just threaten to cancel. Rather than actually cancelling, you get transferred to a "retention specialist" who is paid on commission for annoying you into not cancelling. A little over a month ago, Tim Lee at Vox had some of the details, specific to Comcast:

"Everything was very commission-based," says Adam Reinardy, who worked in a Comcast call center in Minnesota until 2008. "You lost commission if you gave deals. If you retained a customer without giving them any sort of deal, you got commission on it."

That's all useful background for the following recording of Ryan Block (former editor-in-chief of Engadget and the founder of gdgt) trying to cancel his Comcast service. The recording starts approximately 10 minutes into the call, at which point Block is clearly already quite frustrated about the whole thing, and the Comcast customer service rep is clearly just trying to play his "part" of getting an answer to why Block is cancelling, so that he can then try to jump onto his big bag of tricks to try to badger and bully Block into staying. It gets more and more painful: The call is pretty much what you'd expect, but taken to a level that verges on Saturday Night Live-level parody. The customer service rep clearly has a script of how to respond to any "reason," but Block won't take the bait by giving him a reason. He just wants to cancel. Even towards the end, after he agrees to cancel the service and promises not to ask any more, he keeps on asking. Block asks when he's going to cancel the service, and the guy pretends that he's "working on it." When Block finally tells him to not speak until it's done, the guy then admits (of course) that it's done. In between all of this, the various salesy pitches get more and more ridiculous. "We're the fastest, guaranteed!" "Why not go with the company you know?" "You'll have to go to the store to return your cablecard!"

Comcast, of course, is famous for their horrible customer service. Just a few months ago, Comcast (and Time Warner Cable) were voted the absolute worst by the American Consumer Satisfaction Index, which is "considered the most comprehensive customer satisfaction survey in the United States." That was just a month after Comcast was voted the Worst Company in America by Consumerist. I haven't been a Comcast customer in ages following the October from hell when they cut out my internet service every day at 10am, and when I'd call, they'd tell me it was for "scheduled maintenance." And that it should "be back by 4pm." When I asked if it was "scheduled" for the next day, they'd tell me they couldn't tell me that information. Nor could they explain why I hadn't been told of this "scheduled" maintenance or why they couldn't refund me for all that broadband I'd paid for but couldn't use.

Comcast has been trying, for many years, to change that view with its "Comcast Cares" tagline: But, as a pretty long history and this call clearly demonstrate, Comcast leaves off the full version of Comcast Cares in its promo material:

Permalink | Comments | Email This Story

Today Google plans to publicly reveal the team, known as Project Zero, a group of top Google security researchers who will be given the sole mission of finding and neutering the most insidious security flaws in the world’s software.

In a long-running legal battle that stretches back nearly a decade, Amazon has again emerged as the winner, despite both a court ruling and legislation against it.

In 2004, France's bookstores took the company to court over its discounts and free shipping, arguing that the online retailer was killing off local businesses. Three years later, the court emerged with a ruling that declared Amazon would have to start charging for shipping or face a 1,000 euro per day fine until it did. Amazon chose the latter option, opting to allow aggrieved merchants (and press covering the legal battle) to provide it with some very low-cost press.

Since that strategy didn't pay off, French retailers began pushing for a law aimed at all online retailers -- but most specifically Amazon -- that would make it illegal to offer free shipping to French book purchasers. This was on top of an existing law (put into force in 1981) that forbade anything more than a 5% discount on new titles. This new law forces Amazon to charge for shipping or face being banned from selling in France completely, along with stripping away the 5% discount.

No doubt this was seen as a huge victory for all the local stores that managed to weather the last 10 years of low-level, government-aided price fixing. It probably felt like one, too, right up until Amazon announced its new shipping rate.

France's "anti-Amazon" law prohibiting free shipping and discounts has now gone into effect, and Amazon quickly announced that it had conformed -- technically. Though it no longer ships books for free, it only charges 0.01 euro, conforming to the letter if not the spirit of the law (French Prime members still receive free book shipping).

Enjoy your symbolic victory, French legislators. A whopping centime per shipment "containing books" (no matter how many items are in the cart) will no doubt restore the financial glory of local retailers, especially when unaffected items start flowing into France with both discounts and cheaper shipping.

That's the sort of "victory" that's often achieved by legislating "fairness." There are others ways local retailers could have handled this problem, but they chose the long, expensive and ultimately fruitless courtroom/legislation route and the end result is 1/100th of a Euro per shipment. And this won't be the end of it. Amazon is apparently eyeing an appeal with the EU Commission, which views the new law as anti-competitive.

Permalink | Comments | Email This Story

This is the picture of Steven Spielberg posing with the sick animatronic Triceratops from Jurassic Park some troll posted to his timeline (links to actual post just in case you want to read all the sadness for yourself) on Facebook. The response was depressing to say the least. It's one of those times when you really hope the people responding are also trolls and just trying to trick the original poster. Like two trolls clubbing the shit out of each other under a bridge. TWO TROLLS ENTER, ONLY ONE WILL LEAVE. Wait -- why does one have to leave? I say nuke the bridge while they're going at it. Keep going for an even longer, more depressing rant. Thanks to Outlaw, harry and PInkLemonde, who fear these are the same people who thought Titanic was a live documentary.

"Laws are for other people."
- Too many legislators to count

It's common knowledge that insider trading is illegal. In fact, we have an entire government agency in place to regulate trading and to investigate insider trading allegations. Executives have been sentenced to months (sometimes even years) in plush, well-appointed hellholes for participating in insider trading.

Members of Congress, however, were exempt from insider trading rules until 2012. An 2011 expose by 60 Minutes let millions of Americans know that members of Congress had plenty of access to market-changing information and were acting on it.

In a rare (ha!) show of self-preservation, a united House full of Congresspersons facing reelection battles passed the STOCK Act, which basically made Congress and its staffers play by the same trading rules as every other American.

In 2013, with Congressional members safely re-elected, the House decided to roll back its previous legislative effort in order to get back into the insider trading business. It tore out the stipulation demanding disclosure of trading activity -- the one thing citizens could use to verify adherence to the "no insider trading" rule -- stating that these disclosures were a "security risk." This sailed through with unanimous consent late on a Thursday afternoon (the end of the Congressional work week) and was signed by the President the following Monday.

Now, Congress is again claiming it doesn't need to submit to laws that govern US citizens and, again, it's doing this to avoid any transparency or accountability being applied to its trading activities.

The U.S. House Ways and Means Committee and a top staff member say the panel and its employees are "absolutely immune" from having to comply with subpoenas from a federal regulator in an insider-trading probe.

The committee yesterday responded to U.S. District Court Judge Paul Gardephe's order to explain why it hadn't complied with the U.S. Securities and Exchange Commission's requests for documents, phone records and testimony of aide Brian Sutter for more than a year.

The SEC is investigating a suspicious spike in health insurer trading volumes and prices ahead of a report that announced government payments to insurers would be increased, rather than decreased. This investigation claims that a Green Taureg LLC lobbyist sent the information to a Height Securities LLC analyst ahead of the official government announcement and that House Ways and Means staff director Brian Sutter may have been the originating source.

The Committee's legal rep has responded by claiming Congress is above the law or, if not above, very definitely adjacent to it, but certainly not within in and subject to federal subpoenas.

Kerry W. Kircher, the top lawyer for the House, said the SEC's request should be dismissed because the information it seeks concerns legislative activities protected by the Constitution, which can't be reviewed by federal judges.

Kircher also stated that his client does not and will not (EVER) have time for the SEC's "apply the insider trading rules to everyone" bullshit.

Sutter's connection to the investigation is "tangential" Kircher said, and would also interfere with his work because his schedule is "heavily, and nearly permanently, booked."

So, if anyone thought an SEC insider trading probe would bring more accountability to the House, those thoughts may now be dismissed to make room for more cynicism. There's a slim possibility the SEC may extract damning evidence, but it will have to fight its way through a House full of people with no conceivable reason to be compliant. Insider trading was a great Congressional job perk and its uncontested run helped pad the wallets of future lobbyists, board members and consultants. No one really wants to completely end it, but they'd certainly like people to stop talking about it.

Permalink | Comments | Email This Story

Three years ago we wrote about how Austrian police had seized computers from someone running a Tor exit node. This kind of thing happens from time to time, but it appears that folks in Austria have taken it up a notch by... effectively now making it illegal to run a Tor exit node. According to the report, which was confirmed by the accused, the court found that running the node violated §12 of the Austrian penal code, which effectively says:

Not only the immediate perpetrator commits a criminal action, but also anyone who appoints someone to carry it out, or anyone who otherwise contributes to the completion of said criminal action.

In other words, it's a form of accomplice liability for criminality. It's pretty standard to name criminal accomplices liable for "aiding and abetting" the activities of others, but it's a massive and incredibly dangerous stretch to argue that merely running a Tor exit node makes you an accomplice that "contributes to the completion" of a crime. Under this sort of thinking, Volkswagen would be liable if someone drove a VW as the getaway car in a bank robbery. It's a very, very broad interpretation of accomplice liability, in a situation where it clearly does not make sense.

Tragically, this comes out the same day that the EFF is promoting why everyone should use Tor. While it accurately notes that no one in the US has been prosecuted for running Tor, it may want to make a note about Austria. Hopefully there is some way to fight back on this ruling and take it to a higher court -- and hopefully whoever reviews it will be better informed about how Tor works and what it means to run an exit node.

Permalink | Comments | Email This Story

“Advocates from every corner of the political compass have produced a mountain of disinformation about the ‘militarization’ of American law enforcement.”

- Doug Deaton, Lieutenant, Plano (TX) Police, writing for PoliceOne

• 32 bomb suits
• 704 units of night vision equipment
• 712 rifles
• 42 forced entry tools, like battering rams
• 830 units of surveillance and reconnaissance equipment
• 13,409 personal protective equipment (PPE) or uniforms
• 120 utility vehicles
• 64 armored vehicles
• 4 GPS devices
• 17 helicopters
• 21,211 other types of military equipment
  

- Equipment obtained by Arizona law enforcement agencies via Dept. of Defense 1033 grants

Zambia, Slovakia, Somalia, Ghana, Hungary, Estonia, Mozambique

- Some of the countries (out of a total of 17) whose militaries have fewer helicopters than Arizona law enforcement agencies (according to statistics gathered by the CIA and posted at GlobalFirePower.com)


The ACLU's extensive report on police militarization shows a nation at war with itself. The War on Terror -- a 13-year windmill joust that has generated an excess of military equipment -- has merged with the War on Drugs, an exercise in futility seven years removed from the half-century mark.

Actual military combat, utilizing enlisted soldiers, has given birth to the same equipment now routinely being deployed to fight the crime formerly policed by normal police officers. Cell tower spoofers, surveillance drones, Mine-Resistant Ambush-Protected personnel carriers (MRAPs) -- all of these were developed for use by the military. And all of these have now found homes in local law enforcement armories.

The requisition forms are littered with terrorism-related terms, but the reality of the situation is much more banal. Low-level drug dealers are being dealt with like enemy combatants. Law enforcement agencies claim with straight faces that they're falling behind in the arms and technology race, all the while acquiring the best weaponry and technology tax dollars can buy.

These are then handed over to SWAT teams, special police forces developed to take on truly dangerous situations like riots, active shooters, hostage situations and barricaded suspects. They are outfitted in military gear and sent out to perform the everyday task of serving search warrants.


These teams prefer to do this mundane task with a maximum amount of chaos and violence. Warrants are delivered with no-knock raids, ostensibly to give the police department the upper hand on the presumed-to-be-dangerous occupants. In reality, this is the sort of thing that happens far too frequently.

[B]efore 3:00am on a night in May of 2014, a team of SWAT officers armed with assault rifles burst into the room where the family was sleeping. Some of the kids’ toys were in the front yard, but the Habersham County and Cornelia police officers claimed they had no way of knowing children might be present. One of the officers threw a flashbang grenade into the room. It landed in Baby Bou Bou’s crib.

It took several hours before Alecia and Bounkahm, the baby’s parents, were able to see their son. The 19-month-old had been taken to an intensive burn unit and placed into a medically induced coma. When the flashbang grenade exploded, it blew a hole in 19-month-old Bou Bou’s face and chest. The chest wound was so deep it exposed his ribs. The blast covered Bou Bou’s body in third degree burns.

Three weeks later, it's still unclear whether the child will survive. The SWAT predicated its warrant on a $50 drug purchase from someone who didn't even live at that residence. No drugs or guns were found. No arrests were made.

Note that the police defended their actions by claiming they had "no way of knowing" if children might be present. But that lack of crucial knowledge had zero effect on its tactics. Officers didn't throw a flashbang grenade into the house because they were sure there were no children present. Officers threw a flashbang grenade into the house because that's what SWAT teams do when they serve no-knock warrants. The question of children was never raised, at least not until their actions had placed a child in a medical coma and now needed to be defended. A safer assumption would be that nearly every house being raided has a child in it. Most houses do.

This is how law enforcement's new toys get used: to take down lowball drug dealers. A large majority of warrants served are drug-related. The ACLU has the stats.


The problem is more troubling than mere mission creep. The new armor and weapons are begging to be used. These acquisitions, often obtained over the protests of the populace under the agency's "protection" (or just as often, without their knowledge), need to be justified. The terrorism threat cited in requisition forms just isn't going to present itself. And so, law enforcement agencies deploy these against the next best thing: the neighborhood drug dealer boogeyman.


The whole report is, by turns, fascinating, brutal and deeply concerning. Some claim the militarization of the police is a misconception, an illusion generated by a handful of vocal journalists. But the ACLU has the numbers that say otherwise.

Law enforcement knows this is the truth. The government's misguided generosity has allowed local law enforcement to stockpile weapons and armor, but hasn't given it any limitations or guidance. And the stated reason -- terrorism -- simply isn't common enough to justify a one-sided arms "race," no matter how far the definition of "terrorist" is stretched. So, the weapons and armor are used to carry out search warrants, bringing unnecessary amounts of chaos and violence to something police used to handle with an authoritative knock and possibly a scuffle or two if things went south. Now, it's de rigueur. The tools can't be allowed to gather dust and the War on Drugs can't risk any more casualties -- at least not on the part of the enforcers.

Permalink | Comments | Email This Story

At least five Muslim-Americans, including prominent lawyers, a civil rights leader and academics, were targeted for years-long surveillance by the FBI and the National Security Agency. This is according to new revelations contained in documents leaked by NSA whistleblower Edward Snowden.

The "private security" contractor formerly known as Blackwater has often been accused of being engaged in what might normally be seen as a level of evil and depravity normally reserved for over-the-top movie villains. And yet, every time new news comes out about the company, it only seems to either live up to that reputation or take it even further. Blackwater is today known as Constellis Holdings as of a few weeks ago. Before that it was Academi. And before that it was also known as Xe Services for a while, as the company keeps trying to get further and further from its Blackwater reputation. NY Times reporter James Risen -- who the DOJ is currently trying to put in jail -- has an astounding report about how a Blackwater exec threatened to kill a State Department investigator, telling that investigator that nothing would be done if he were killed, because it happened in Iraq. Believe it or not, this was over the State Department investigator merely investigating claims of unsanitary conditions in a dining facility, rather than anything more serious:

Just weeks before Blackwater guards fatally shot 17 civilians at Baghdad’s Nisour Square in 2007, the State Department began investigating the security contractor’s operations in Iraq. But the inquiry was abandoned after Blackwater’s top manager there issued a threat: “that he could kill” the government’s chief investigator and “no one could or would do anything about it as we were in Iraq,” according to department reports.

As chilling as that is, what may be even more ridiculous was the reaction of US embassy officials in Iraq, when they were told of this threat. Rather than siding with the State Department investigator, they sided with Blackwater, and whined about the investigator "disrupting" their relationship with Blackwater:

American Embassy officials in Baghdad sided with Blackwater rather than the State Department investigators as a dispute over the probe escalated in August 2007, the previously undisclosed documents show. The officials told the investigators that they had disrupted the embassy’s relationship with the security contractor and ordered them to leave the country, according to the reports.

A few weeks after the State Department investigators were kicked out of the country by the US embassy, the infamous incident with Blackwater employees shooting up civilians happened. Following that, the State Department finally "took statements" from the investigators about what happened, "but took no further action." As Risen's report notes, when an investigation happened of the shootings, it appears that the warnings about Blackwater's out of control and "above the law" nature that the investigators had sent just weeks earlier were entirely suppressed.

Patrick Kennedy, the State Department official who led the special panel, told reporters on Oct. 23, 2007, that the panel had not found any communications from the embassy in Baghdad before the Nisour Square shooting that raised concerns about contractor conduct.

“We interviewed a large number of individuals,” Mr. Kennedy said. “We did not find any, I think, significant pattern of incidents that had not �” that the embassy had suppressed in any way.”

Permalink | Comments | Email This Story

Les Moonves, CEO of CBS, was one of the more vocal network execs leading the charge against Aereo. He was the one insisting that CBS would move its content off of the public airwaves if Aereo won -- to which many people said that sounded like a good idea, so that others could use that valuable spectrum. Of course, when talking to his investors, Moonves also admitted that an Aereo win would have no real impact on the company, revealing the truth of the matter.

Either way, it's no surprise that he'd be delighted by the victory over Aereo. What gets ridiculous is when he claims that it's a "pro-consumer thing." How, exactly, is that the case? If you look at the comments from just about any Aereo user following Aereo's decision to "pause" the service this weekend in the wake of the ruling, it certainly doesn't look particularly "pro-consumer." Aereo user and GigaOm writer Jeff Roberts has what might be the best explanation of how horrible this is for consumers:

But while CBS and ABC investors may be throwing around high fives at the sop from the Supremes, the average consumer just took a bath. Not only did the court just stick it to them by protecting the TV industry’s bundle rip-offs, consumers also lose access to a marvelous technology.

Aereo, you see, was different. It gave urban dwellers like me a cheap way to see over-the-air shows (which the broadcasters send out for free in the first place, don’t forget) on their computers and phones.

The service, to be sure, was from perfect. The show streams could be choppy, and in the case of sports, the short time delay could be frustrating �” I would sometimes learn about a goal on social media right before seeing it on Aereo. And it lacked the lazy, channel-clicking pleasure of TV.

But Aereo did point out what could be: a commonsense way to watch TV over the internet at a reasonable price. Now, we’re stuck instead with the TV industry’s over-priced bundles and, in the case of mobile, a confusing and convoluted “TV everywhere” system that seeks to replicate an out-of-date form of linear TV watching that no one wants in the first place.

You can claim that the networks' win in the Supreme Court was "good" for the broadcast industry (though I'd challenge that assertion too), but to claim in any way that it was "pro-consumer" is just clearly out and out ridiculousness by Moonves.

Permalink | Comments | Email This Story

The other shoe just dropped when it comes to how the federal government illegally spies on Americans. Last summer, the details of the NSA's "backdoor searches" were revealed. This involved big collections of content and metadata (so, no, not "just metadata" as meaningless as that phrase is) that were collected under Section 702 of the FISA Amendments Act (FAA). This is part of the program that the infamous PRISM effort operates under, and which allows the NSA to collect all sorts of content, including communications to, from or about a "target" -- where a "target" can be incredibly loosely defined (i.e., it can include groups or machines or just about anything). The "backdoor searches" were a special loophole added in 2011 allowing the NSA to make use of "US person names and identifiers as query terms." In the past, it had been limited (as per the NSA's mandate) to only non-US persons.

This morning, James Clapper finally responded to a request from Senator Ron Wyden concerning the number of such backdoor searches using US identifiers that were done by various government agencies. And, surprisingly, it's redaction free. The big reveal is... that it's not just the NSA doing these searches, but the CIA and FBI as well. This is especially concerning with regards to the FBI. This means that the FBI, who does surveillance on Americans, is spying on Americans communications that were collected by the NSA and that they're doing so without anything resembling a warrant. Oh, and let's make this even worse: the FBI isn't even tracking how often it does this. It's just doing it willy nilly:

The FBI does not track how many queries it conducts using U.S. person identifiers. The FBI is responsible for identifying and countering threats to the homeland, such as terrorism pilots and espionage, inside the U.S. Unlike other IC agencies, because of its domestic mission, the FBI routinely deals with information about US persons and is expected to look for domestic connections to threats emanating from abroad, including threats involving Section 702 non-US. person targets. To fulfill its mission and avoid missing connections within the information lawfully in its possession, the FBI does not distinguish between U.S. and non- U.S. persons for purposes of querying Section 702 collection. It should be noted that the FBI does not receive all of Section 702 collection; rather, the FBI only requests and receives a small percentage of total Section 702 collection and only for those selectors in which the FBI has an investigative interest.

Moreover, because the FBI stores Section 702 collection in the same database as its "traditional" FISA collection, a query of "traditional" FISA collection will also query Section 702 collection. In addition, the FBI routinely conducts queries across its databases in an effort to locate relevant information that is already in its possession when it opens new national security investigations and assessments. Therefore, the FBI believes the number of queries is substantial. However, only FBI personnel trained in the Section 702 minimization procedures are able to View any Section 702 collection that is responsive to any query.

Got that? Basically, the FBI often asks the NSA for a big chunk of data that the NSA probably shouldn't have in the first place -- including tons of Americans' communications, and the FBI gets to dump it into the same database that it is free to query. And the FBI tracks none of this, other than to say that it believes that there are a "substantial" number of such queries. This would seem to be a pretty blatant attempt to end run around the 4th Amendment, giving the FBI broad access to searching through the communications of Americans with what appears to be almost no oversight.

Yikes!

Oh, and it's not just the NSA, but the CIA as well. Remember, the CIA is not supposed to be doing any surveillance on US persons (like the NSA), but that's not what's happening at all. At least the CIA tracks some (but not all) of its abuse of backdoor searches:

In calendar year 2013, CIA conducted fewer than 1900 queries of Section 702-acquired communications using specific U.S. person identifiers as query terms or other more general query terms if they are intended to return information about a particular U.S. person. Of that total number approximately 40% were conducted as a result of requests for counterterrorism-related information from other U.S. intelligence agencies. Approximately 27% of the total number are duplicative or recurring queries conducted at different times using the same identifiers but that CIA nonetheless counts as separate queries. CIA also uses U.S. person identifiers to conduct metadata-only queries against metadata derived from the FISA Section 702 collection. However, the CIA does not track the number of metadata-only queries using U.S. person identifiers.

So, the CIA is doing these kinds of warrantless fishing expeditions into the communications of Americans as well, but at least the CIA tracks how often it's doing so. Of course, when it comes to metadata searches, the CIA doesn't bother. It's also a bit bizarre that the CIA is apparently carrying out a bunch of those searches for "other U.S. intelligence agencies," when the CIA should be especially limited in its ability to do these searches in the first place.

Senator Wyden has responded to these revelations by pointing out how "flawed" the oversight system is that these have been allowed:

When the FBI says it conducts a substantial number of searches and it has no idea of what the number is, it shows how flawed this system is and the consequences of inadequate oversight. This huge gap in oversight is a problem now, and will only grow as global communications systems become more interconnected. The findings transmitted to me raise questions about whether the FBI is exercising any internal controls over the use of backdoor searches including who and how many government employees can access the personal data of individual Americans. I intend to follow this up until it is fixed.

Hopefully, now you are starting to recognize what a big deal it was last week when the House of Representatives recently voted to defund the ability to do these kinds of backdoor searches. Still, much more needs to be done.

Oh, and in case you're wondering why Clapper finally 'fessed up to the FBI and CIA making use of these data to warrantlessly spy on Americans, it's worth noting that the Privacy and Civil Liberties Oversight Board (PCLOB) is expected to come out with its report on the Section 702 surveillance program on July 2nd (7/02, get it?). It seems likely that the report will discuss these backdoor searches on Americans and how other agencies besides the NSA has been involved in the practice.

Permalink | Comments | Email This Story

It would appear that the government's attempts to convince the public that giving up their privacy for the good of national security isn't going so well. The latest numbers from the Pew Research Center show pretty broad consensus that it's not right to diminish privacy rights in order to fight terrorism, and this was true across the political spectrum. Meanwhile, when it comes directly to the question of NSA surveillance, the research shows many on both sides of the traditional political aisle are against the NSA's practices: The various groupings seem a bit suspect to me (and I generally find "left/right" political spectrum analyzing to be a distraction), but it's still interesting. Given the details of how the groups are made up, it seems likely that many steadfast conservatives and the next generation left might flip the positions above if there were a Republican President, but it does seem notable and important that the solid liberals are now against NSA surveillance as well.

The partisan nature of views on surveillance has been a bit depressing -- because you see the very same people who hated the NSA's warrantless wiretapping under George W. Bush suddenly change their tune under Barack Obama -- and vice versa (I even had a bizarre Twitter debate with someone who dismissed all facts by saying "Well, I trust Eric Holder," which seemed like the ultimate in pure partisan faith). But it's good to see that plenty of people are ignoring the partisan pull (and whatever attempts there are by the NSA's defenders to "educate" the public) and are flat out recognizing how problematic these programs are.

Permalink | Comments | Email This Story

So, over the weekend, the Washington Post reported on the latest bombshell from the Snowden files, showing both that the NSA is really bad at "minimizing" information on Americans that it's not supposed to hang onto and (more importantly) that, contrary to earlier claims, Snowden did in fact have access to the FISA collection database of info (suggesting that the NSA's controls over misuse of that data are not nearly as good as the agency and its defenders have claimed). Over at the Daily Beast, they figured that the various Senators in charge of oversight of the NSA would have some comments on the piece and how it shows an out of control NSA. But, that's not quite what happened. Senator after Senator insisted that they either hadn't yet read the story or were still trying to understand the details. The most ridiculous of all was kneejerk defender of the NSA, Lindsey Graham, who insisted that whatever was in the report didn't matter because we're at war:

Sen. Lindsey Graham�”who sits on the Senate’s armed services, appropriations, and judiciary committees and is one of the Republican Party’s most prominent voices on defense and intelligence issues�”wasn’t familiar with the Post piece.

“I don’t really know the details about what they’re saying in the paper. I know [NSA intelligence-gathering] is necessary. We’re at war with radical Islam,” Graham said.

Of course, that's interesting on two accounts. First, technically, we're not at war, because Congress hasn't declared war. You'd think a Senator would know that. Second, even if we were at war, does Graham honestly believe that there can be no limitations on NSA surveillance and nothing can go too far, so long as he can insist that "we're at war" (even if we're not)? If so, that's rather scary.

Other Senators similarly begged off responding to the piece, insisting they hadn't seen the details, including Intelligence Committee head Dianne Feinstein:

Nearly two days after the release of The Washington Post’s report, Senate Intelligence Committee Chairwoman Dianne Feinstein, who has direct oversight of the NSA, was just beginning to be fully briefed in the issue.

“I’m just in the process of looking into that,” Feinstein said.

And onto some others:

Sen. Carl Levin, the Democratic head of the Senate Armed Services Committee, was in Afghanistan and hadn’t had a chance to catch up. Sen. James Inhofe, his Republican counterpart, hadn’t seen the story. Sen. Angus King, a member of the Intelligence Committee, said he didn’t know the facts behind the newest revelations yet. He wasn’t alone.

Of course, it's safe to assume that most of them are just making an excuse to avoid answering the question, but that seems even worse. Either they don't know what's happening and have taken days to find out (bad) or they do know what's happening and simply don't want to comment about it (worse). Then, of course, there's always someone who is going to insist the whole thing is bogus -- but refuses to give any explanation as to why:

Sen. Tom Coburn, a member of Feinstein’s committee, came out of the Senate’s Monday votes challenging the veracity of the report, saying the “story is not accurate.” Pressed on where it was inaccurate, Coburn said, “I can’t tell you in what way. If I could tell you in what way, I would.”

To date, there has been no indication that there is anything amiss with the story. If it were really "not accurate," you can rest assured that the NSA or James Clapper's office would have been hitting back hard already about "inaccuracies" in the report. To date, they have not. Coburn's "trust me," is not particularly convincing since he still is the only person saying that... Though, I guess that's still better than Graham's ridiculous "we're at war!" comment.

Permalink | Comments | Email This Story

It wasn't even whistleblowing, although that too can destroy careers and lives. It was a FOIA request, made by someone who knew exactly which documents he wanted released.

His CIA career included assignments in Africa, Afghanistan and Iraq, but the most perilous posting for Jeffrey Scudder turned out to be a two-year stint in a sleepy office that looks after the agency’s historical files.

It was there that Scudder discovered a stack of articles, hundreds of histories of long-dormant conflicts and operations that he concluded were still being stored in secret years after they should have been shared with the public.

To get them released, Scudder submitted a request under the Freedom of Information Act — a step that any citizen can take, but one that is highly unusual for a CIA employee. Four years later, the CIA has released some of those articles and withheld others. It also has forced Scudder out.

"Historical documents of long-dormant conflicts and operations." Scudder dared to ask for these documents, and the CIA cut him loose. It also sent another federal agency after him -- the FBI.

On Nov. 27, 2012, a stream of black cars pulled up in front of Scudder’s home in Ashburn, Va., at 6 a.m. FBI agents seized every computer in the house, including a laptop his daughter had brought home from college for Thanksgiving. They took cellphones, storage devices, DVDs, a Nintendo Game Boy and a journal kept by his wife, a physical therapist in the Loudoun County Schools.

To date, only his daughter has received her laptop back. Every other computer remains in the hands of the FBI, despite the fact that no charges were ever pressed and despite the fact that many of the documents Scudder asked for have been released by the CIA in the interim. More from his request list are due to be released in the near future.

The CIA avails itself of a wide array of FOIA exemptions, but its reluctance to publish historical documents is just baffling -- and is most likely a result of the agency's long-running adversarial relationship with transparency. It's been noted here before that the CIA has used the often-abused b(5) exemption to withhold documents over five decades old (dealing with the Bay of Pigs invasion), claiming that the release of the "sensitive" documents would "confuse the public."

Despite Scudder's efforts, the flow of historical CIA documents will only decrease in the future. The office charged with declassifying historical documents has been closed, deemed expendable by the agency in the face of budget cuts. This workload will be routed through the agency's FOIA office, creating even more incentive for the CIA to stonewall requests.

Scudder never did anything his superiors thought was wrong until after he attempted to free these historical documents. Everything the agency never took issue with during his previous 18 years of employment -- like personal call infractions and the possession of photos (taken by Scudder in his position as "official CIA photographer") deemed "classified" -- was suddenly yet another reason to force him out. It's been clear for a long time that the government doesn't care much for whistleblowers. It also seems to have something against transparency, even concerning documents of historical interest only.

Scudder did nothing criminal. He just did something the agency didn't like. And for that, he lost his job and clearance. So, it's not just whistleblowing that can get you destroyed. It's also holding the government to its own transparency standards -- something that isn't remotely criminal but is apparently completely unforgivable.

Permalink | Comments | Email This Story

This is Canadian graphic designer Brennan Gleason's 'Resum-Ale', a 4-pack of blonde beer he home-brewed and packaged with his resume. The resume is printed on the box, and each bottle contains an example of his graphic design work. Pretty clever. Unless your homebrew gives potential employers diarrhea, in which case you f***ed up. Remember: never give a boss diarrhea until you've worked for them at least a month. It's common courtesy. Thanks to El Capitan, who can steer my boat on the hunt for treasure any day.

Jake Appelbaum et. al, are reporting on XKEYSCORE selection rules that target users -- and people who just visit the websites of -- Tor, Tails, and other sites. This isn't just metadata; this is "full take" content that's stored forever.

This code demonstrates the ease with which an XKeyscore rule can analyze the full content of intercepted connections. The fingerprint first checks every message using the "email_address" function to see if the message is to or from "bridges@torproject.org". Next, if the address matched, it uses the "email_body" function to search the full content of the email for a particular piece of text - in this case, "https://bridges.torproject.org/". If the "email_body" function finds what it is looking for, it passes the full email text to a C++ program which extracts the bridge addresses and stores them in a database.

[...]

It is interesting to note that this rule specifically avoids fingerprinting users believed to be located in Five Eyes countries, while other rules make no such distinction. For instance, the following fingerprint targets users visiting the Tails and Linux Journal websites, or performing certain web searches related to Tails, and makes no distinction about the country of the user.

[...]

There are also rules that target users of numerous other privacy-focused internet services, including HotSpotShield, FreeNet, Centurian, FreeProxies.org, MegaProxy, privacy.li and an anonymous email service called MixMinion as well as its predecessor MixMaster. The appid rule for MixMinion is extremely broad as it matches all traffic to or from the IP address 128.31.0.34, a server located on the MIT campus.

It's hard to tell how extensive this is. It's possible that anyone who clicked on this link -- with the embedded torproject.org URL above -- is currently being monitored by the NSA. It's possible that this only will happen to people who receive the link in e-mail, which will mean every Crypto-Gram subscriber in a couple of weeks. And I don't know what else the NSA harvests about people who it selects in this manner.

Whatever the case, this is very disturbing.

EDITED TO ADD (7/3): The BoingBoing story says that this was first published on Tagesschau. Can someone who can read German please figure out where this originated.

And, since Cory said it, I do not believe that this came from the Snowden documents. I also don't believe the TAO catalog came from the Snowden documents. I think there's a second leaker out there.

EDITED TO ADD (7/3): More news stories. Thread on Reddit. I don't expect this to get much coverage in the US mainstream media.

EDITED TO ADD (7/3): Here is the code. In part:

// START_DEFINITION /* These variables define terms and websites relating to the TAILs (The Amnesic Incognito Live System) software program, a comsec mechanism advocated by extremists on extremist forums. */

$TAILS_terms=word('tails' or 'Amnesiac Incognito Live System') and
word('linux'
or ' USB ' or ' CD ' or 'secure desktop' or ' IRC ' or 'truecrypt' or '
tor ');
$TAILS_websites=('tails.boum.org/') or ('linuxjournal.com/content/linux*');
// END_DEFINITION

// START_DEFINITION
/*
This fingerprint identifies users searching for the TAILs (The Amnesic
Incognito Live System) software program, viewing documents relating to
TAILs,
or viewing websites that detail TAILs.
*/
fingerprint('ct_mo/TAILS')=
fingerprint('documents/comsec/tails_doc') or web_search($TAILS_terms) or
url($TAILS_websites) or html_title($TAILS_websites);
// END_DEFINITION

Hacker News and Slashdot threads. ArsTechnica and Wired articles.

EDITED TO ADD (7/4): EFF points out that it is illegal to target someone for surveillance solely based on their reading:

The idea that it is suspicious to install, or even simply want to learn more about, tools that might help to protect your privacy and security underlies these definitions -- and it’s a problem. Everyone needs privacy and security, online and off. It isn't suspicious to buy curtains for your home or lock your front door. So merely reading about curtains certainly shouldn’t qualify you for extra scrutiny.

Even the U.S. Foreign Intelligence Surveillance Court recognizes this, as the FISA prohibits targeting people or conducting investigations based solely on activities protected by the First Amendment. Regardless of whether the NSA is relying on FISA to authorize this activity or conducting the spying overseas, it is deeply problematic.

It's amazing what fun we can have when we really get a culture of permission going. Trademark law, ostensibly built around the idea of consumer protection when it comes to branding, has since devolved into a platform where certain entities think they can essentially own certain common words and phrases, such as "emergency essentials", or "footlong", or "monster." However, once you've opened the door to that kind of relatively minor insanity, it lets the really crazy monsters through.

Let's take, for instance, the word "how." You can't own "how", right? Well, according to the lawsuit of Dov Seidman, who portends to be something called a "corporate virtue advisor", you damn well can.

In papers filed in Manhattan federal court, Dov Seidman, author of "HOW: Why HOW We Do Anything Means Everything," says how Chobani is using "how" in its current marketing campaign is a blatant rip-off. Seidman and his company, LRN, "whose business is based on promoting ethical corporate behavior, own federal trademark registrations for word and mark HOW," the suit says.

Let's just drive this point home, shall we? A purveyor of business ethics is suing Chobani, a company that makes Greek yogurt, because they used the word "how" in a marketing campaign. Just let that sink in for a moment. The fight is over a single word, not some multi-word phrase. Hell, it's over a single syllable. And customer confusion is difficult to imagine, given that one side of the fight is a guy that talks to companies about who-knows-what and the other, you know, makes yogurt. So, how is this suit even possible? Well, it apparently falls upon a time when Chobani tweeted at Seidman to flatter and admire him.

The company has since claimed the campaign is purely coincidental, but Seidman noted that he got a Twitter message from Chobani on January 29 saying, "Thanks for inspiring the world to care about 'how.' Can you help inspire the food industry, too?" The "very next day," the suit says, the company "launched Chobani's new branding platform - which employs 'HOW' in precisely the same manner as plaintiffs employ their HOW marks: as a noun connoting responsible and ethical corporate behaviors."

Here's the tweet:

@DovSeidman Thanks for inspiring the world to care about "how." Can you help inspire the food industry, too? http://t.co/erVULG89Hp

— Chobani (@Chobani) January 29, 2014

And? So the hell what? Inspiration in the form of a single word does not a trademark violation make, because that would essentially lock up the courts for years as everyone fought roughly everyone. There's a reason trademarks, especially those on short phrases or common words, aren't all-encompassing throughout all of commercial use. That would break language completely.

Chobani is on record stating that this whole thing is exceptionally silly. One would hope a court will throw this out the moment it hits a bench. And how!

Permalink | Comments | Email This Story

Tim Murray, a self-identified "human," is contesting the Republican Congressional nomination in Oklahoma City's third district, on the grounds that his opponent, the incumbent Rep. Frank Lucas, was secretly replaced with a body-double after being executed by the World Court in Ukraine "on or about jan. 11, 2011." Read the rest

When you Google someone from within the EU, you no longer see what the search giant thinks is the most important and relevant information about an individual. You see the most important information the target of your search is not trying to hide. Stark evidence of this fact, the result of a European court ruling that individuals had the right to remove material about themselves from search engine results, arrived in the Guardian's inbox this morning, in the form of an automated notification that six Guardian articles have been scrubbed from search results. And then the EU wonders why support for even more 'Europe' is at an all-time low.

And so it begins. Following last month's dangerous "right to be forgotten" censorship ruling by the EU Court of Justice, Google has now started censoring truthful search results in Europe . According to the Wall Street Journal:

Google engineers overnight updated the company's technical infrastructure to begin implementing the removals, and Thursday began sending the first emails to individuals informing them that links they had requested were being taken down. The company has hired a dedicated "removals team" to evaluate each request, though only a small number of the initial wave of takedown requests has so far been processed.

"This week, we're starting to take action on the removals requests that we've received," a Google spokesman said. "This is a new process for us. Each request has to be assessed individually, and we're working as quickly as possible to get through the queue."

Perhaps even more troubling, is that after EU regulators got worked up about Google's plan to at least indicate that certain search results had been removed (as it does with DMCA copyright takedowns), Google has backed down on that plan:

Google, for its part, has appeared to bend to regulators' desire that the company refrain from indicating in search results when something had been removed. Google had earlier indicated it might highlight the removals, something it does when it removes links to pirated content. But EU regulators told Google in recent weeks that such a move would undermine the spirit of the decision by making it clear some individuals had wanted information about them suppressed, one regulator said.

Instead, Google on Thursday added a blanket notification that appears at the bottom of most results for individual name searches conducted on Google's European search websites, according to an explanation the company posted to its website. The notification—"Some results may have been removed under data protection law in Europe"—is added algorithmically to searches that appear to be for a name, a person familiar with the matter said.

Still, it seems highly likely that Google is going to face more litigation over this, since some are grumbling that Google is only removing those results on its EU pages, and that if someone sneaks over to one of Google's non-EU search engines, it can still find the (again, truthful) information.

This whole thing is a huge mess based on people totally misunderstanding the nature of public information. And, because of that, there are going to be a series of fights over just how far Google has to go in censoring such information.

Permalink | Comments | Email This Story

Any video game producer who produces a product for which online play is a large component also has to fight an ongoing arms-race against cheaters and hackers who gain an unfair advantage in the game and threaten the gamer ecosystem. It's annoying, it sucks, and the fight is unending. For online games, that's just kind of the deal. Most companies work with programmers and 3rd party service providers, like Steam, to try to ban players who cheat. Other companies, such as Blizzard, choose to try to twist copyright law into some kind of anti-cheater pretzel. Japan, on the other hand, appears to be done screwing around.

Newspapers in the land of the rising sun are reporting that three teenagers have been arrested for cheating in the online first-person shooter Sudden Attack. Yes, arrested.

Yomiuri Online, one of Japan's largest newspapers, reports that this is the first time gamers have had criminal liability charged against them in Japan for allegedly using cheat programs. One of the gamers is a university freshman, another is a 17 year-old vocational school student, and the last of the trio is a 17-year-old high school student. In Nexon's statement about the legal charges, the company explains that these three players allegedly used the cheat tools repeatedly in the game. IT Media reports that distribution of cheats was also allegedly involved.

Yup, things just got a little more real in the realm of pretending to shoot everyone you see. Yes, cheating is annoying. But criminal? That seems like a massive overreaction and tremendously dangerous. Cheating in online games goes back all the way to the dial-up days and companies have always taken it upon themselves to keep cheaters out of their games. They may not like the arms race, but that hardly means it should reach the level of criminal liability -- especially when the line between cheating and just gaining some kind of advantage may get blurry pretty fast. It's reasonable to argue that if the game maker allows something to happen in the game, then it's on that game maker to set things up to block actions it doesn't like. Opening it up to the criminal justice system seems like a recipe for disaster.

Cheating is wrong, but couldn't Nexon simply ban these players? Maybe the company tried, but was unsuccessful. Or maybe Nexon should've tried harder to combat the cheats. But making them a crime?

It's easy to point at cheaters and say they aren't worth defending, but nobody really wants to open up this can of worms where we can all be charged with crimes for messing around in a game.

Permalink | Comments | Email This Story

We recently noted that former NSA boss Keith Alexander is running around asking for $600k to $1 million per month for his new "cybersecurity" consulting firm. While some people thought that the number was "low" for banks, that doesn't make any sense. You could hire a lot of really good actual security professionals for that kind of cash. So it made us wonder just what banks thought they were getting for that $1 million. Actual security professional Bruce Schneier wondered that as well, and wondered aloud if the one difference was that... Alexander could give them classified info -- such as where he hid the backdoors in their routers.

That statement apparently caught the attention of Rep. Alan Grayson, who has been a vocal opponent of NSA overreach. He's now sent a letter to the Financial Service Rountable to point out that selling classified info is a crime:

Security expert Bruce Schneier noted that this fee for Alexander's services is on its face unreasonable. "Think of how much actual security they could buy with that $600k a month. Unless he's giving them classified information." Schneier also quoted Recode.net, which headlined this news as: "For another million, I'll show you the back door we put in your router."

This arrangement with Mr. Alexander may also include additional work with the shadow regulatory firm The Promontory Group, with whom Alexander apparently will partner "on cybersecurity matters." According to Promontory spokesman Chris Winans, Mr. Alexander "and a firm he's forming will work on the technical aspects of these issues, and we on the risk-management compliance and governance elements."

Disclosing or misusing classified information for profit is, as Mr. Alexander well knows, a felony. I question how Mr. Alexander can provide any of the services he is offering unless he discloses or misuses classified information, including extremely sensitive sources and methods. Without the classified information that he acquired in his former position, he literally would have nothing to offer to you.

Grayson also demands "all information related to your negotiations with Mr. Alexander, so that Congress can verify whether or not he is selling military or cybersecurity secrets to the financial services industry for personal gain. Sure, it's a snarky move, but there is a point behind it. Alexander can't command those sums because of his actual technical expertise. The reality, of course, is that he's selling his connections to the government. But it certainly raises the question of appearances.

Permalink | Comments | Email This Story

I'm no conspiracy theorist, generally speaking, but I have to admit the apparent systematic militarization of domestic police forces throughout the country scares the hell out of me. You've seen it, too. Officers, once clad in powder blue uniforms, are suddenly dressed in blues that are so dark they might as well be black. Small-town police forces are gobbling up military-style equipment for god-knows-why. Regulatory agencies are sending out armed forces to rescue wildlife. Whatever your politics, it's pretty clear that there is some kind of imbalance on display here.

The good news, however, is that these are public servants we're talking about here, so they're subject to a certain degree of transparency and information requests from John Q Public. Right? Right!?! Wrong, at least according to SWAT teams in Massachusetts, which are bizarrely claiming protection from such requests due to Massachusetts SWAT teams now being part of a private corporation.

As part of the American Civil Liberties Union's recent report on police militarization, the Massachusetts chapter of the organization sent open records requests to SWAT teams across that state. It received an interesting response. As it turns out, a number of SWAT teams in the Bay State are operated by what are called law enforcement councils, or LECs. These LECs are funded by several police agencies in a given geographic area and overseen by an executive board, which is usually made up of police chiefs from member police departments...Some of these LECs have also apparently incorporated as 501(c)(3) organizations. And it’s here that we run into problems. According to the ACLU, the LECs are claiming that the 501(c)(3) status means that they're private corporations, not government agencies. And therefore, they say they're immune from open records requests.

Yes sir, law enforcement just went private. It makes no sense, of course, because these LECs are in charge of oversight for local law enforcement agencies, LEC employee lists include all manner of public servants, and LEC SWAT teams are used to conduct raids on the citizenry. All of this is funded, by the way, with public money. Our money. That this money is funneled in from the public coffers of local police agencies doesn't make a lick of difference. The argument is essentially that if an LEC uses our money to set up its own oversight authority and then slapps a 501(c)(3) label on it, it no longer has to respond to public records laws. And, per the ACLU, this ain't some small-time problem we're discussing here.

Approximately 240 of the 351 police departments in Massachusetts belong to an LEC. While set up as “corporations,” LECs are funded by local and federal taxpayer money, are composed exclusively of public police officers and sheriffs, and carry out traditional law enforcement functions through specialized units such as SWAT teams. Police departments and regional SWAT teams are public institutions, working with public money, meant to protect and serve the public's interest. If these institutions do not maintain and make public comprehensive and comprehensible documents pertaining to their operations and tactics, the people cannot judge whether officials are acting appropriately or make needed policy changes when problems arise.

Which, of course, is the entire point. They're hiding from public scrutiny behind the veil of incorporation, which may rank right up there among the most cynical things a government organization has ever done. It's a move one might find in the corporate republic of some dystopian novel. I say that because it's truly not as though the police departments in question are attempting to claim some kind of exemption within public records law. They're just putting up a stone wall.

“You can’t have it both ways,” Jessie Rossman, a staff attorney for the Massachusetts ACLU, told me in a phone interview. “The same government authority that allows them to carry weapons, make arrests, and break down the doors of Massachusetts residents during dangerous raids also makes them a government agency that is subject to the open records law. “They didn’t even attempt to claim an exception,” Rossman says. “They’re simply asserting that they’re private corporations.”

Now, the ACLU is suing, claiming that these LECs have received both local and federal funding from government tax coffers, but others are suggesting this attempt to claim privatization is not without its pitfalls for those same law enforcement organizations. Pretending to be a private corporation to avoid freedom of information requests is one thing, but wouldn't that also mean giving up other things as well?

The claim by the Massachusetts LECs in response to the ACLU's demand under Freedom of Information laws is a cute attempt to twist corporate law with public authority law, but it is sheer, unadulterated nonsense. They can be one or the other. They cannot, by definition, be both.

The curious question is that if a cop claims to be exercising police authority on behalf of a private entity, does he lose qualified immunity for his actions, and subject himself to the same tort law as anyone else? It would seem so, not because he’s right about working for an LEC private corporation, but because he subjectively disavows the protections he would otherwise have if he functioned under the authority of the state. He stripped himself of immunity, as well as authority.

You can already hear the tortured back peddling that would be on display should such a situation arise, can't you? But that's just trying to get some fun out of what is clearly a claim by public institutions that cannot be allowed to stand. Allowing this move to be successful would only open the door to every other public institution that desired private oversight status to employ the same technique, the result of which would be public tax money propping up an officially private corporate government in which transparency is granted at that same corporate government's pleasure and never otherwise. It's the germination of an unholy mixture of corporatocracy and fascism and it would be the undoing of the very concept of the American government.

Permalink | Comments | Email This Story