FBI Director Says Scientists Are Wrong, Pitches Imaginary Solution to Encryption Dilemma

BY JENNA MCLAUGHLIN                       THE INTERCEPT
Testifying before two Senate committees on Wednesday about the threat he says strong encryption presents to law enforcement, FBI Director James Comey didn’t so much propose a solution as wish for one. Comey said he needs some way to read and listen to any communication for which he’s gotten a court order. Modern end-to-end encryption — increasingly common following the revelations of mass surveillance by NSA whistleblower Edward Snowden — doesn’t allow for that. Only the parties on either end can do the decoding. Comey’s problem is the nearly universal agreement among cryptographers, technologists and security experts that there is no way to give the government access to encrypted communications without poking an exploitable hole that would put confidential data, as well as entities like banks and power grids, at risk.

NSA mass phone surveillance revealed by Edward Snowden ruled illegal

BY DAN ROBERTS AND SPENCER ACKERMAN THE GUARDIAN
The US court of appeals has ruled that the bulk collection of telephone metadata is unlawful, in a landmark decision that clears the way for a full legal challenge against the National Security Agency. A panel of three federal judges for the second circuit overturned an earlier ruling that the controversial surveillance practice first revealed to the US public by NSA whistleblower Edward Snowden in 2013 could not be subject to judicial review. The judges opted not to end the domestic bulk collection while Congress decides its fate, calling judicial inaction “a lesser intrusion” on privacy than at the time the case was initially argued. “In light of the asserted national security interests at stake, we deem it prudent to pause to allow an opportunity for debate in Congress that may (or may not) profoundly alter the legal landscape,” the judges ruled. But they also sent a tacit warning to Senator Mitch McConnell, the Republican leader in the Senate who is pushing to re-authorize the provision, known as Section 215, without modification: “There will be time then to address appellants’ constitutional issues.”
“We hold that the text of section 215 cannot bear the weight the government asks us to assign to it, and that it does not authorize the telephone metadata program,” concluded their judgment.

The Hidden Battles to Collect Your Data and Control Your World

BY BRUCE SCHNEIER
SCHNEIER.COM

Data and Goliath is a book about surveillance, both government and corporate. It’s an exploration in three parts: what’s happening, why it matters, and what to do about it. This is a big and important issue, and one that I’ve been working on for decades now. We’ve been on a headlong path of more and more surveillance, fueled by fear­–of terrorism mostly­–on the government side, and convenience on the corporate side. My goal was to step back and say “wait a minute; does any of this make sense?” I’m proud of the book, and hope it will contribute to the debate.

But there’s a big idea here too, and that’s the balance between group interest and self-interest. Data about us is individually private, and at the same time valuable to all us collectively. How do we decide between the two? If President Obama tells us that we have to sacrifice the privacy of our data to keep our society safe from terrorism, how do we decide if that’s a good trade-off? If Google and Facebook offer us free services in exchange for allowing them to build intimate dossiers on us, how do we know whether to take the deal?

There are a lot of these sorts of deals on offer. Waze gives us real-time traffic information, but does it by collecting the location data of everyone using the service. The medical community wants our detailed health data to perform all sorts of health studies and to get early warning of pandemics. The government wants to know all about you to better deliver social services. Google wants to know everything about you for marketing purposes, but will “pay” you with free search, free e-mail, and the like.

Here’s another one I describe in the book: “Social media researcher Reynol Junco analyzes the study habits of his students. Many textbooks are online, and the textbook websites collect an enormous amount of data about how­–and how often­–students interact with the course material. Junco augments that information with surveillance of his students’ other computer activities. This is incredibly invasive research, but its duration is limited and he is gaining new understanding about how both good and bad students study­–and has developed interventions aimed at improving how students learn. Did the group benefit of this study outweigh the individual privacy interest of the subjects who took part in it?”

Again and again, it’s the same trade-off: individual value versus group value.

I believe this is the fundamental issue of the information age, and solving it means careful thinking about the specific issues and a moral analysis of how they affect our core values.

You can see that in some of the debate today. I know hardened privacy advocates who think it should be a crime for people to withhold their medical data from the pool of information. I know people who are fine with pretty much any corporate surveillance but want to prohibit all government surveillance, and others who advocate the exact opposite.

When possible, we need to figure out how to get the best of both: how to design systems that make use of our data collectively to benefit society as a whole, while at the same time protecting people individually.

The world isn’t waiting; decisions about surveillance are being made for us­–often in secret. If we don’t figure this out for ourselves, others will decide what they want to do with us and our data. And we don’t want that. I say: “We don’t want the FBI and NSA to secretly decide what levels of government surveillance are the default on our cell phones; we want Congress to decide matters like these in an open and public debate. We don’t want the governments of China and Russia to decide what censorship capabilities are built into the Internet; we want an international standards body to make those decisions. We don’t want Facebook to decide the extent of privacy we enjoy amongst our friends; we want to decide for ourselves.”

David Cameron doesn’t get it

BY SUSAN LANDAU
LAWFARE

Last week British Prime Minister David Cameron gave an extraordinary speech in which he urged the the banning of private communications, that is communications to which the government could not listen into when legally authorized to do so. Cameron is not the first government official to do so; GCHQ Director Robert Hannigan urged the same last fall, as did FBI Director James Comey in October. On the surface, such arguments make sense. Seeing armed men storming the editorial offices of Charlie Hebdo, killing the cartoonists who offended them gives rise to terror. The fact that these acts occurred in the center of Paris creates the overwhelming sense that nowhere is safe—and in some sense, that is an accurate assessment.

How the NSA Stole the Keys to Your Phone

BY JULIAN SANCHEZ
THE CATO INSTITUTE

A blockbuster story at The Intercept Thursday revealed that a joint team of hackers from the National Security Agency and its British counterpart, the Government Communications Headquarters (GCHQ), broke into the systems of one of the world’s largest manufacturers of cell phone SIM cards in order to steal the encryption keys that secure wireless communications for hundreds of mobile carriers—including companies like AT&T, T-Mobile, Verizon, and Sprint.  To effect the heist, the agencies targeted employees of the Dutch company Gemalto, scouring e-mails and Facebook messages for information that would enable them to compromise the SIM manufacturer’s networks in order to make surreptitious copies of the keys before they were transmitted to the carriers. Many aspects of this ought to be extremely disturbing. First, this is a concrete reminder that, as former NSA director Michael Hayden recently acknowledged, intelligence agencies don’t spy on “bad people”; they spy on “interesting people.”  In this case, they spied extensively on law-abiding technicians employed by a law-abiding foreign corporation, then hacked that corporation in apparent  violation of Dutch law. We know this was hardly a unique case—one NSA hacker boasted in Snowden documents diclosed nearly a year ago about “hunting sysadmins”—but it seems particularly poetic coming on the heels of the recent Sony hack, properly condemned by the U.S. government.  Dutch legislators quoted in the story are outraged, as well they should be.  Peaceful private citizens and companies in allied nations, engaged in no wrongdoing, should not have to worry that the United States is trying to break into their computers. Second, indiscriminate theft of mobile encryption keys bypasses one of the few checks on government surveillance by enabling wiretaps without the assistance of mobile carriers.

Citizen Four and the Canadian Surveillance Story

BY MICHAEL GEIST
2015-02-25

Citizen Four, Laura Poitras’ enormously important behind-the-scenes documentary film on Edward Snowden, won the Academy Award last night for best documentary. The film is truly a must-see for anyone concerned with privacy and surveillance. It not only provides a compelling reminder of the massive scale and scope of surveillance today, but it also exposes us to the human side of Snowden’s decision to leave his life behind in order to tell the world about secret surveillance activity. Canada is not mentioned in the film, but that is not because we have been immune to similar surveillance activity. In the months since the Snowden revelations began, there have been many Canadian-related stories including reports on G8/G20 spying, industrial spying in Brazil, the “airport wifi” surveillance program, and the massive Internet download surveillance program.

Ex-MI6 chief Sir John Sawers: We cannot stop terrorism unless we spy on innocent people

BY DAVID BARRETT
THE TELEGRAPH

The British security services will not be able to prevent terrorism unless they monitor the internet traffic of innocent people, the former head of MI6 has said. Sir John Sawers, the chief of the Secret Intelligence Service until November last year, warned a successful terrorist attack on the UK by Islamic militants is all but inevitable as he said there cannot be “no-go areas” on the internet. In his first public speech since stepping down from the spy chief role he said: “There is a dilemma because the general public, politicians and technology companies, to some extent, want us to be able to monitor the activities of terrorists and other evil-doers but they don’t want their own activities to be open to any such monitoring. “The benefit of the last 18 months’ debate is that people now understand that is not possible, and there has to be some form of ability to cover communications that are made through modern technology.” Sir John said the internet had to be open in the same way as communities in the real world.

Obama calls for public debate over encryption

BY DARLENE SUPERVILLE
WASHINGTON TIMES

President Barack Obama said Friday that he probably leans more toward strong computer data encryption than many in law enforcement, but added that he understands investigators’ concerns over the matter because of their need to protect people from attacks. He suggested having a “public conversation” about the issue because “the first time that attack takes place in which it turns out that we had a lead and we couldn’t follow up on it, the public’s going to demand answers.”

Obama was interviewed by the technology website Re/code after he addressed a White House summit on cybersecurity and consumer protection that was held at Stanford University. “And so this is a public conversation that we should end up having,” he said. “I lean probably further in the direction of strong encryption than some do inside of law enforcement. But I am sympathetic to law enforcement because I know the kind of pressure they’re under to keep us safe.

Latest FBI Claim of Disrupted Terror Plot Deserves Much Scrutiny and Skepticism

BY GLENN GREENWALD AND ANDREW FISHMAN
THE INTERCEPT

The Justice Department on Wednesday issued a press release trumpeting its latest success in disrupting a domestic terrorism plot, announcing that “the Joint Terrorism Task Force has arrested a Cincinnati-area man for a plot to attack the U.S. Capitol and kill government officials.” The alleged would-be terrorist is 20-year-old Christopher Cornell (above), who is unemployed, lives at home, spends most of his time playing video games in his bedroom, still addresses his mother as “Mommy” and regards his cat as his best friend; he was described as “a typical student” and “quiet but not overly reserved” by the principal of the local high school he graduated in 2012. The affidavit filed by an FBI investigative agent alleges Cornell had “posted comments and information supportive of [ISIS] through Twitter accounts.” The FBI learned about Cornell from an unnamed informant who, as the FBI put it, “began cooperating with the FBI in order to obtain favorable treatment with respect to his criminal exposure on an unrelated case.” Acting under the FBI’s direction, the informant arranged two in-person meetings with Cornell where they allegedly discussed an attack on the Capitol, and the FBI says it arrested Cornell to prevent him from carrying out the attack. Family members say Cornell converted to Islam just six months ago and claimed he began attending a small local mosque. Yet The Cincinnati Enquirer could not find a single person at that mosque who had ever seen him before, and noted that a young, white, recent convert would have been quite conspicuous at a mosque largely populated by “immigrants from West Africa,” many of whom “speak little or no English.”

The DOJ’s press release predictably generated an avalanche of scary media headlines hailing the FBI. CNN: “FBI says plot to attack U.S. Capitol was ready to go.” MSNBC: “US terror plot foiled by FBI arrest of Ohio man.” Wall St.

No, Department of Justice, 80 Percent of Tor Traffic Is Not Child Porn

BY ANDY GREENBERG
WIRED

The debate over online anonymity, and all the whistleblowers, trolls, anarchists, journalists and political dissidents it enables, is messy enough. It doesn’t need the US government making up bogus statistics about how much that anonymity facilitates child pornography. At the State of the Net conference in Washington on Tuesday, US assistant attorney general Leslie Caldwell discussed what she described as the dangers of encryption and cryptographic anonymity tools like Tor, and how those tools can hamper law enforcement. Her statements are the latest in a growing drumbeat of federal criticism of tech companies and software projects that provide privacy and anonymity at the expense of surveillance. And as an example of the grave risks presented by that privacy, she cited a study she said claimed an overwhelming majority of Tor’s anonymous traffic relates to pedophilia.