http://www.wired.com/2014/12/fbi-metasploit-tor/?mbid=social_twitter
Category Archives: work2
Everything Is Broken: ” We often point out that the phone you mostly play casual games on and keep dropping in the toilet at bars is more powerful than all the computing we used to go to space for decades. NASA had a huge staff of geniuses to understand and care for their software. Your phone has you.”
Misuse of data on the server side can be meaningfully prevented by devising user-controlled organizational processes…
… ensuring that:
-sw and hw actually running are those supppsed to be and have been audited extremely relative to conplexity
-access to servers require physical entrance in a hosting roon whose access is conditional to 5 randomly selected users acting as citizen-jury in guarantee of the legality AND constitutionality of access. The will be able to launch a scorched earth procedure with plausible deniability in case of forceful abise attempts.
The latter would protect from insider as well as state abuse, while maintaining access for constitutional intercept.
We are planning that at the User Verified Social Telematics project.
EFF Dir. on The Economist say the truth about the still very sorry state of crypto:”we might have a chance to protect everyone else who isn’t being targeted for surveillance”
“Rather, we might have a chance to protect everyone else who isn’t being targeted for surveillance,
Who Should Own the Internet? – NYTimes.com
Assange :” It is not, as we are asked to believe, that privacy is inherently valuable. It is not. The real reason lies in the calculus of power: the destruction of privacy widens the existing power imbalance between the ruling factions and everyone else,”
“At their core, companies like Google and Facebook are in the same business as the U.S. government’s National Security Agency. They collect a vast amount of information about people, store it, integrate it and use it to predict individual and group behavior,… “
In 2009 NSA top execs dissenters proposed a “system to quickly send queries to the telephone companies as needed”
http://bigstory.ap.org/article/acc54fc0c64c4c3eae29b8ac380cc065/ap-exclusive-snowden-debate-inside-nsa
“To address their concerns, the former senior official and other NSA dissenters in 2009 came up with a plan that tracks closely with the Obama proposal that the Senate failed to advance on Tuesday. The officials wanted the NSA to stop collecting the records, and instead fashion a system for the agency to quickly send queries to the telephone companies as needed, letting the companies store the records as they are required to do under telecommunications rules.”
With CivicRoom of the User Verified Social Telematics project, we’ve devised a system that would allow for such needed, legal and constitution function for criminal and national security investigations but in such a way that its constitutional would be under the citizen-jury like bodies controlled by the users, through extremely accountable service providing organizations.
We should consider if almost all free software ethical hackers, and their fan journos, over last 2 decades have been very “usefull idiots” for NSA
We should consider if almost all free software ethical hackers, and their fan journos, over last 2 decades have been very “useful idiots” for NSA, and similar, by unwillingly conveying a hugely false sense of security on the techs they have been providing.
That has had catastrophic consequences, allowing NSA and similar: (1) to spy on a ton of people sharing very valuable critical data via the Net which they wouldn’t have if they knew better, (2) to cry for “going dark”, and (3) to push for laws to outlaw access privacy.
Nov 27th 2014 UPDATE: I regret the choice of the term “useful idiots” which may be regarded as offensive, even though that is not its original meaning.
Bruce Schneier: ” “I assume that all big companies are now in cahoots with the NSA, cannot be trusted, are lying to us constantly,” he says. “You cannot trust any company that makes any claims of the security of their products. Not one cloud provider, not one software provider, not one hardware manufacturer.”
“The question is who gets to be part of the “we” that are being kept allegedly safe by all this exploiting and listening and decrypting and profiling.”
“We often point out that your phone… is more powerful than all the computing we used to go to space for decades. NASA had a huge staff of geniuses to understand and care for their software. Your phone has you.”
” Some botnets patch computers to throw out the other botnets so they don’t have to share you with other hackers. How can you tell if this is happening? You can’t! Have fun wondering if you’re getting your online life rented out by the hour!”
All 3 countries mentioned, namely China, Germany and S. Korea, are all foreign telecomm power houses. When you put operatives in, possibly to subvert the manufactured products, you cover a good part of the global market.
A great MIT paper showing what it takes to trust a device at the hardware-level
“Officials have expressed alarm for several years about the expansion of online communication services that — unlike traditional and cellular telephone communications — lack intercept capabilities because they are not required by law to build them in.”
says a US official in this Washington Post article.
“I do think that more and more they’ll see less and less,” said Albert Gidari Jr., a partner at the law firm Perkins Coie who represents tech firms, referring to the government’s quandary. “But it’s their own fault,” he added. “No one now believes they were ever going dark. It’s just that they had the lights off so you couldn’t see what they were collecting.”
“Every piece of technology we’ve used in the last twenty years has probably been backdoored at birth by the NSA”
The new “Anti-theft kill-switch” backdoor mandated by new law in CA is coming nation-wide.
The extension nation-wide of such California and Minnesota laws matches well the recurring proposals for giving ability to FBI to implant malware when court-mandated for lawful intercept or search & seizure.
The 2 laws attempt, ineffectively, tackle a genuine important problem of “going dark” while, of course, creating huge potential (certainty?!) for privacy abuse.
In fact, in order to stop criminals, the FBI should also be able to prevent non-compliant devices to be used on US soil or connect in any way to US.
Is there a way to prevent its abuse through state-regulated and/or citizen-controllled safeguards?
TOR exec dir:” I worry that by making turning encryption into a panacea, law enforcement and intelligence agencies will just lobby for weak encryption, backdoor access, or flat out make it illegal.”
http://blog.lewman.is/personal-thoughts-on-being-targeted-by-the-nsa
Sounds that the only solution may be to devise techs and services that reconcile ability to perform court-mandated intercept (search and seizure) and to provide meaningful privacy, so that they would be made illegal ?
May as User Verified Social Telematics project?