Author Topic: сакупљање података, шпијунирање, праћење - србија и свет  (Read 86434 times)

0 Members and 1 Guest are viewing this topic.

Meho Krljic

  • 5
  • 3
  • Posts: 56.222
How the Pentagon punished NSA whistleblowers

By now, almost everyone knows what Edward Snowden did. He leaked top-secret documents revealing that the National Security Agency was spying on hundreds of millions of people across the world, collecting the phone calls and emails of virtually everyone on Earth who used a mobile phone or the internet. When this newspaper began publishing the NSA documents in June 2013, it ignited a fierce political debate that continues to this day – about government surveillance, but also about the morality, legality and civic value of whistleblowing.
But if you want to know why Snowden did it, and the way he did it, you have to know the stories of two other men.
The first is Thomas Drake, who blew the whistle on the very same NSA activities 10 years before Snowden did. Drake was a much higher-ranking NSA official than Snowden, and he obeyed US whistleblower laws, raising his concerns through official channels. And he got crushed.
Drake was fired, arrested at dawn by gun-wielding FBI agents, stripped of his security clearance, charged with crimes that could have sent him to prison for the rest of his life, and all but ruined financially and professionally. The only job he could find afterwards was working in an Apple store in suburban Washington, where he remains today. Adding insult to injury, his warnings about the dangers of the NSA’s surveillance programme were largely ignored.

“The government spent many years trying to break me, and the more I resisted, the nastier they got,” Drake told me.
Drake’s story has since been told – and in fact, it had a profound impact on Snowden, who told an interviewer in 2015 that: “It’s fair to say that if there hadn’t been a Thomas Drake, there wouldn’t have been an Edward Snowden.”
But there is another man whose story has never been told before, who is speaking out publicly for the first time here. His name is John Crane, and he was a senior official in the Department of Defense who fought to provide fair treatment for whistleblowers such as Thomas Drake – until Crane himself was forced out of his job and became a whistleblower as well.
His testimony reveals a crucial new chapter in the Snowden story – and Crane’s failed battle to protect earlier whistleblowers should now make it very clear that Snowden had good reasons to go public with his revelations.
During dozens of hours of interviews, Crane told me how senior Defense Department officials repeatedly broke the law to persecute Drake. First, he alleged, they revealed Drake’s identity to the Justice Department; then they withheld (and perhaps destroyed) evidence after Drake was indicted; finally, they lied about all this to a federal judge.
The supreme irony? In their zeal to punish Drake, these Pentagon officialsunwittingly taught Snowden how to evade their clutches when the 29-year-old NSA contract employee blew the whistle himself. Snowden was unaware of the hidden machinations inside the Pentagon that undid Drake, but the outcome of those machinations – Drake’s arrest, indictment and persecution – sent an unmistakable message: raising concerns within the system promised doom.
“Name one whistleblower from the intelligence community whose disclosures led to real change – overturning laws, ending policies – who didn’t face retaliation as a result. The protections just aren’t there,” Snowden told the Guardian this week. “The sad reality of today’s policies is that going to the inspector general with evidence of truly serious wrongdoing is often a mistake. Going to the press involves serious risks, but at least you’ve got a chance.”
Snowden saw what had happened to Drake and other whistleblowers like him. The key to Snowden’s effectiveness, according to Thomas Devine, the legal director of the Government Accountability Project (GAP), was that he practised “civil disobedience” rather than “lawful” whistleblowing. (GAP, a non-profit group in Washington, DC, that defends whistleblowers, has represented Snowden, Drake and Crane.)
“None of the lawful whistleblowers who tried to expose the government’s warrantless surveillance – and Drake was far from the only one who tried – had any success,” Devine told me. “They came forward and made their charges, but the government just said, ‘They’re lying, they’re paranoid, we’re not doing those things.’ And the whistleblowers couldn’t prove their case because the government had classified all the evidence. Whereas Snowden took the evidence with him, so when the government issued its usual denials, he could produce document after document showing that they were lying. That is civil disobedience whistleblowing.”

Crane, a solidly built Virginia resident with flecks of grey in a neatly trimmed chinstrap beard, understood Snowden’s decision to break the rules – but lamented it. “Someone like Snowden should not have felt the need to harm himself just to do the right thing,” he told me.
Crane’s testimony is not simply a clue to Snowden’s motivations and methods: if his allegations are confirmed in court, they could put current and former senior Pentagon officials in jail. (Official investigations are quietly under way.)
But Crane’s account has even larger ramifications: it repudiates the position on Snowden taken by Barack Obama and Hillary Clinton – who both maintain that Snowden should have raised his concerns through official channels because US whistleblower law would have protected him.

By the time Snowden went public in 2013, Crane had spent years fighting a losing battle inside the Pentagon to provide whistleblowers the legal protections to which they were entitled. He took his responsibilities so seriously, and clashed with his superiors so often, that he carried copies of the Whistleblower Protection Act of 1989 and the US constitution in his breast pocket and pulled them out during office conflicts.
Crane’s attorneys at GAP – who were used to working with all types of government and corporate whistleblowers – were baffled by him: in their experience, most senior government officials cared little for whistleblowers’ rights. So what motivated Crane to keep fighting for the rights of whistleblowers inside the Pentagon, even as his superiors grew increasingly hostile and eventually forced him to resign?
To hear Crane tell it, the courage to stand up and fight runs in his family. He never forgot the story he heard as a child, about his own grandfather, a German army officer who once faced down Adolf Hitler at gunpoint – on the night the future Fuhrer first tried to take over Germany.

A former press aide to Republican members of Congress, John Crane was hired by the Inspector General’s office of the Department of Defense in 1988. Within US government agencies, an inspector general serves as a kind of judge and police chief. The IG, as the inspector general is known, is charged with making sure a given agency is operating according to the law – obeying rules and regulations, spending money as authorised by Congress. “In the IG’s office, we were the guys with the white hats,” Crane said.
By 2004 Crane had been promoted to assistant inspector general. At the age of 48, his responsibilities included supervising the whistleblower unit at the Department of Defense, as well as handling all whistleblower allegations arising from the department’s two million employees (by far the largest workforce in the US government), in some cases including allegations originating in the NSA and other intelligence agencies.

By this time, Thomas Drake had proceeded well down the path that would eventually connect him with Crane. Drake’s first day as a fully fledged employee of the National Security Agency was 11 September 2001. Although the NSA would balloon in size and budget as the US responded to the September 11 attacks, the agency already ranked as the largest, most lavishly funded spy organisation on Earth. Created in 1952, the NSA was the government’s code-breaker and all-hearing global “ear”. The NSA intercepted the communications of foreign governments and individuals and translated this raw intelligence into information usable by the CIA, the FBI and kindred government agencies.
Drake, a father of five, had worked for the NSA for 12 years as a private-sector contractor. Now, as a staff member proper, he reported directly to the NSA’s third highest ranking official, Maureen Baginski; she headed the NSA’s largest division, the Signals Intelligence Directorate, which was responsible for the interception of phone calls and other communications.
Tall, sombre, intense, Drake was a championship chess player in high school whose gift for mathematics, computers and languages made him a natural for foreign eavesdropping and the cryptographic and linguistic skills it required. During the cold war, he worked for air force intelligence, monitoring the communications of East Germany’s infamous secret police, the Stasi.
Within weeks of the September 11 attacks, Drake was assigned to prepare the NSA’s postmortem on the disaster. Congress, the news media and the public were demanding answers: what had gone wrong at the NSA and other federal agencies to allow Osama bin Laden’s operatives to conduct such a devastating attack?
As Drake interviewed NSA colleagues and scoured the agency’s records, he came across information that horrified him. It appeared that the NSA – even before September 11 – had secretly revised its scope of operations to expand its powers.
Since its inception, the NSA had been strictly forbidden from eavesdropping on domestic communications. Drake’s investigation persuaded him that the NSA was now violating this restriction by collecting information on communications within as well as outside of the United States. And it was doing so without obtaining legally required court orders.
A straight arrow since high school – he once gave the police the names of classmates he suspected of selling pot – Drake told me he felt compelled to act. “I took an oath to uphold and defend the constitution against all enemies foreign and domestic,” he explained.
To Drake, the President’s Surveillance Program, as it was known inside the George W Bush administration, recalled the mindset of the Stasi. “You don’t spend year after year listening to a police state without being affected, you just don’t,” he told me. “I remember saying to myself, ‘Wow, I don’t want this to happen in our country!’ How could you live in a society where you always have to be looking over your shoulders, not knowing who you could trust, even in your own family?”

Drake’s descent into a nightmare of persecution at the hands of his own government began innocently. Having uncovered evidence of apparently illegal behaviour, he did what his military training and US whistleblower law instructed: he reported the information up the chain of command. Beginning in early 2002, he shared his concerns first with a small number of high-ranking NSA officials, then with the appropriate members of Congress and staff at the oversight committees of the US Senate and House of Representatives.
Drake spent countless hours in these sessions but eventually came to the conclusion that no one in a position of authority wanted to hear what he was saying. When he told his boss, Baginski, that the NSA’s expanded surveillance following 9/11 seemed legally dubious, she reportedly told him to drop the issue: the White House had ruled otherwise.

John Crane first heard about Thomas Drake when Crane and his colleagues at the Pentagon’s Office of the Inspector General received a whistleblower complaint in September 2002. The complaint alleged that the NSA was backing an approach to electronic surveillance that was both financially and constitutionally irresponsible. The complaint was signed by three former NSA officials, William Binney, Kirk Wiebe and Edward Loomis, and a former senior Congressional staffer, Diane Roark. Drake also endorsed the complaint – but because he, unlike the other four, had not yet retired from government service, he asked that his name be kept anonymous, even in a document that was supposed to be treated confidentially within the government.
Binney, Wiebe, Loomis and Roark shared Drake’s concerns about the constitutional implications of warrantless mass surveillance, but their complaint focused on two other issues.

The first was financial. The whistleblowers contended that the NSA’s surveillance programme, codenamed Trailblazer, was a shameful waste of $3.8 billion – it had been more effective at channelling taxpayer dollars to corporate contractors than at protecting the homeland.
Second, the whistleblowers warned that Trailblazer actually made the US less secure. They acknowledged that Trailblazer had vastly expanded the amount of electronic communications NSA collected. But this avalanche of raw data was too much – it left NSA’s analysts struggling to distinguish the vital from the trivial and thus liable to miss key clues.
Drake had discovered a shocking example while researching his postmortem report on the September 11 attacks. Months beforehand, the NSA had come into possession of a telephone number in San Diego that was used by two of the hijackers who later crashed planes into the World Trade Center. But the NSA did not act on this finding.
As Drake later told the NSA expert James Bamford, the NSA intercepted seven phone calls between this San Diego phone number and an al-Qaida “safe house” in Yemen. Drake found a record of the seven calls buried in an NSA database.
US officials had long known that the Yemen safe house was the operational hub through which Bin Laden, from a cave in Afghanistan, ordered attacks. Seven phone calls to such a hub from the same phone number was obviously suspicious. Yet the NSA took no action – the information had apparently been overlooked.
The NSA whistleblowers first sent their complaint to the inspector general of the NSA, who ruled against them. So they went up the bureaucratic ladder, filing the complaint with the Department of Defense inspector general. There, Crane and his staff “substantially affirmed” the complaint – in other words, their own investigation concluded that the NSA whistleblowers’ charges were probably on target.
In the course of their investigation, Crane and his colleagues in the inspector general’s office also affirmed the whistleblowers’ allegation that the Bush administration’s surveillance programme violated the fourth amendment of the US constitution by collecting Americans’ phone and internet communications without a warrant. “We were concerned about these constitutional issues even before we investigated their complaint,” Crane told me. “We had received other whistleblower filings that flagged the issue.”
In line with standard procedure, these investigative findings were relayed to the House and Senate committees overseeing the NSA – and this helped nudge Congress to end funding for the Trailblazer programme. But for the NSA whistleblowers, this apparent victory was the beginning of a dark saga that would change their lives for ever.

The Bush administration’s mass surveillance efforts were partly exposed in December 2005, when the New York Times published a front page article by reporters James Risen and Eric Lichtblau, which revealed that the NSA was monitoring international phone calls and emails of some people in the US without obtaining warrants.
Eight years later, that story would be dwarfed by Snowden’s revelations. But at the time, the Bush White House was furious – and they were determined to find and punish whoever had leaked the details to the New York Times.
According to Crane, his superiors inside the Pentagon’s Inspector General’s office were eager to help. Henry Shelley, the general counsel – the office’s top lawyer – urged that the IG office should tell the FBI agents investigating the Times leak about Drake and the other NSA whistleblowers.
After all, the NSA whistleblowers’ recent complaint had objected to the same surveillance practices described in the Times article – which made them logical suspects in the leak. Crane objected strenuously. Informing anyone – much less FBI investigators – of a whistleblower’s name was illegal.
After debating the matter at a formal meeting in the personal office of the inspector general, Shelley and Crane continued arguing in the hallway outside. “I reached into my breast pocket and pulled out my copy of the Whistleblower Protection Act,” Crane recalled. “I was concerned that Henry was violating the law. Our voices weren’t raised, but the conversation was, I would say, very intense and agitated. Henry [replied] that he was the general counsel, the general counsel was in charge of handling things with the Justice Department and he would do things his way.”
Henry Shelley declined my repeated requests for an interview. In an email, he told me, “I am confident when this matter is fully resolved no wrongdoing on my behalf will be identified.”
There the disagreement between Crane and Shelley stalled. Or so it seemed until 18 months later. On the morning of 26 July, 2007, FBI agents with guns drawn stormed the houses of Binney, Wiebe, Loomis and Roark. Binney was towelling off after a shower when agents accosted him; he and his wife suddenly found themselves with guns aimed directly between their eyes, the retired NSA man recalled.
Crane smelled a rat. The investigation that his staff had conducted into the whistleblowers’ complaint had been highly classified: very few people could have known their names, and they would have been inside the IG’s office. After the raids, Crane confronted Shelley and demanded to know whether the IG’s office had given the names to the FBI. Shelley refused to discuss the matter, Crane says.
The battle soon escalated. Four months later, FBI agents stormed Drake’s house in an early morning raid, as his family watched in shock.
After Drake was indicted in 2010, his lawyers filed a Freedom of Information Act request to obtain documents related to the investigation Crane’s office had conducted into the claims of the NSA whistleblowers. According to Crane, he was ordered by his superiors in the IG’s office to delay releasing any documents – which could have exonerated Drake – until after the trial, which was expected to take place later in 2010.
Crane alleges that he was ordered to do so by Shelley and Lynne Halbrooks – who had recently been named the principal deputy inspector general (in other words, the second-highest ranking official in the IG’s office). Crane protested but lost this skirmish as well. (Halbrooks did not respond to repeated requests for an interview.)
In December 2010, nearly five years after the Pentagon’s inspector general’s office had apparently given Drake’s name to FBI investigators, Drake’s lawyers filed a complaint with the inspector general, alleging that Drake had been punished in retaliation for his whistleblowing. According to their complaint, the crimes Drake had been charged with were “based in part, or entirely, on information that Mr Drake provided to the [Pentagon] IG” during its investigation of the NSA whistleblowers.
Crane was at once alarmed and revolted. The complaint from Drake’s lawyers seemed to confirm his suspicion that someone in the IG’s office had illegally fingered Drake to the FBI. Worse, the indictment filed against Drake had unmistakable similarities to the confidential testimony Drake had given to Crane’s staff – suggesting that someone in the IG’s office had not simply given Drake’s name to the FBI, but shared his entire testimony, an utter violation of law.
Drake’s complaint demanded investigation, Crane told Halbrooks. But Halbrooks, joined by Shelley, allegedly rejected Crane’s demand. She added that Crane wasn’t being a “good team player” and if he didn’t shape up, she would make life difficult for him.
But there was even worse to come. As Drake’s trial approached in the spring of 2011, Crane knew that the law required the IG’s office to answer the retaliation complaint filed by Drake’s lawyers. But, Crane says, Shelley now informed him it would be impossible to respond – because the relevant documents had been destroyed. Lower level staff “fucked up”, Crane said Shelley told him: they had shredded the documents in a supposedly routine purge of the IG’s vast stores of confidential material.
Crane could not believe his ears. “I told Henry that destruction of documents under such circumstances was, as he knew, a very serious matter and could lead to the inspector general being accused of obstructing a criminal investigation.” Shelley replied, according to Crane, that it didn’t have to be a problem if everyone was a good team player.
On 15 February, 2011, Shelley and Halbrooks sent the judge in the Drake case a letter that repeated the excuse given to Crane: the requested documents had been destroyed, by mistake, during a routine purge. This routine purge, the letter assured Judge Richard D Bennett, took place before Drake was indicted.
“Lynne and Henry had frozen me out by then, so I had no input into their letter to Judge Bennett,” Crane said. “So they ended up lying to a judge in a criminal case, which of course is a crime.”
With Drake adamantly resisting prosecutors’ pressure to make a plea deal – “I won’t bargain with the truth,” he declared – the government eventually withdrew most of its charges against him. Afterwards, the judgeblasted the government’s conduct. It was “extraordinary”, he said, that the government barged into Drake’s home, indicted him, but then dropped the case on the eve of trial as if it wasn’t a big deal after all. “I find that unconscionable,” Bennett added. “Unconscionable. It is at the very root of what this country was founded on … It was one of the most fundamental things in the bill of rights, that this country was not to be exposed to people knocking on the door with government authority and coming into their homes.”

When John Crane put his career on the line by standing up for legal treatment of Pentagon whistleblowers, he was following a moral code laid down 80 years before by his German grandfather. Crane grew up in suburban Virginia, but he spent nearly every summer in Germany with his mother’s extended family.During these summer sojourns, Crane heard countless times about the moment when his grandfather confronted Hitler. His mother and his grandmother both told the story, and the moral never changed. “One must always try to do the right thing, even when there are risks,” Crane recalled being instructed. “And should someone do the right thing, there can of course be consequences.”
Crane’s grandfather was days shy of turning 40 on the night of Hitler’s “Beer Hall Putsch”, 8 November, 1923. Plotting to overthrow the Weimar Republic, Hitler and 600 armed members of his fledgling Nazi party surrounded a beer hall in Munich where the governor of Bavaria, Gustav von Kahr, was addressing a large crowd. The rebels burst into the hall, hoping to kidnap Von Kahr and march on Berlin. After his men unveiled a machine gun hidden in the upstairs gallery, Hitler fired his pistol into the air and shouted, “The national revolution has begun!”

Crane’s grandfather, Günther Rüdel, was in the hall as part of his military duties, Rüdel recalled in an eight-page, single-spaced, typewritten affidavit that provides a minute-by-minute eyewitness account of the putsch. (Rüdel was later a government witness in the trial that sentenced Hitler to five years in prison, though he was not called to testify.)
The son of a prominent German general, Rüdel had served with distinction in the first world war, earning two Iron Crosses. By 1923, he was serving as chief political aide to General Otto von Lossow, the German army’s highest official in Bavaria. As such, Rüdel was the chief liaison between Von Lossow and Von Kahr and privy to the two men’s many dealings with Hitler. Suspecting that Hitler and his followers were planning a coup, Lossow and Rüdel had forced their way into the beer hall to monitor developments. The head of Bavaria’s state police, Hans Ritter von Seisser, was also there, accompanied by a bodyguard. Rüdel was standing with Lossow and Von Seisser when armed men burst into the hall, with Hitler in the lead.
“Hitler, with pistol held high, escorted on right and left by armed men, his tunic stained with beer, stormed through the hall towards the podium,” Rüdel wrote in his affidavit. “When he was directly in front of us, police chief Von Seisser’s adjutant gripped [but did not unsheath] his sword. Hitler immediately aimed his pistol at the man’s chest. I shouted, ‘Mr Hitler, in this way you will never liberate Germany.’ Hitler hesitated, lowered his pistol and pushed his way between us to the podium.”
In the surrounding chaos, Hitler’s men tried to force Von Kahr, Lossow and Von Seisser to join the coup, but their uprising soon fizzled. A few days later, Hitler was arrested and charged with treason. He served a year in jail, where he wrote his autobiography, Mein Kampf.

“We are now becoming a police state,” Diane Roark said in a 2014 television interview. Referring to herself and the other NSA whistleblowers, she added, “We are the canaries in the coal mine. We never did anything wrong. All we did was oppose this programme. And for that, they just ran over us.”
“They’re saying, ‘We’re doing this to protect you,’” Roark’s fellow whistleblower William Binney told me. “I will tell you that that’s exactly what the Nazis said in Special Order 48 in 1933 – we’re doing this to protect you. And that’s how they got rid of all of their political opponents.”
These are strong statements – comparing the actions of the US government to Nazi Germany, warning of an emerging “police state” – so it’s worth remembering who made them. The NSA whistleblowers were not leftwing peace nuts. They had spent their professional lives inside the US intelligence apparatus – devoted, they thought, to the protection of the homeland and defence of the constitution.
They were political conservatives, highly educated, respectful of evidence, careful with words. And they were saying, on the basis of personal experience, that the US government was being run by people who were willing to break the law and bend the state’s awesome powers to their own ends. They were saying that laws and technologies had secretly been put in place that threatened to overturn the democratic governance Americans took for granted and shrink their liberties to a vanishing point. And they were saying that something needed to be done about all this before it was too late.
In Washington, top government officials and politicians still insist that the true villain is Edward Snowden. Former CIA director James Woolsey has called for Snowden to be “hanged by the neck until he’s dead, rather than merely electrocuted”.
Democrats are less bloodthirsty, but no more forgiving. President Obama and Hillary Clinton argue that Snowden broke the law when he should have trusted it. “He could have gotten all of the protections of being a whistleblower,” Clinton said in the first Democratic presidential debate last October. “He could have raised all the issues that he has raised. And I think there would have been a positive response to that.”
Tell that to Thomas Drake. Tell it, for that matter, to John Crane.
Halbrooks forced Crane to resign his post in January 2013. After leaving the Pentagon, Crane made his way to the Government Accountability Project, where the erstwhile protector of whistleblowers became a whistleblower himself.
Crane filed a complaint against Shelley and Halbrooks, detailing many more alleged misdeeds than reported in this article. The Office of Special Counsel, the US agency charged with investigating such matters, concluded in March of 2016 that there was a “substantial likelihood” that Crane’s accusations were well-founded. The OSC’s choice of the term “substantial likelihood” was telling. It could have ruled there was merely a “reasonable belief” Crane’s charges were true, in which case no further action would have been required. By finding instead that there was a “substantial likelihood”, the OSC triggered a process that legally required secretary of defense Ashton Carter to organise a fresh investigation of Crane’s allegations. Because no federal agency is allowed to investigate itself, that inquiry is being conducted by the Justice Department.
Incredible as it may sound, Crane aims to get his old job back. His attorney, Devine, thinks that is a fantasy. In Devine’s view, the problems facing whistleblowers are systemic – and the system does not forgive, especially someone who has exposed the system’s corruption as devastatingly as Crane has done.
To Crane, however, it is a simple matter of right and wrong. It was not he who broke the law; it was his superiors. Therefore it is not he who should pay the price but they.
“I just want to see the system work properly,” he says. “I know the system can fail – world war two, Nazi Germany – but I also know that you need to do what is right. Because the government is so powerful, you need to have it run efficiently and honestly and according to the law.”
“What are the odds the system will work properly in your case?” I asked Crane.
“I’m not giving you odds,” he replies with a chuckle. “This is just something that I have to do.”
This article is adapted from Mark Hertsgaard’s new book, Bravehearts: Whistle Blowing in the Age of Snowden (Hot Books/Skyhorse)

Meho Krljic

  • 5
  • 3
  • Posts: 56.222
On her microphone's secret service: How spies, anyone can grab crypto keys from the air

Discerning secret crypto keys in computers and gadgets by spying on how they function isn't new, although the techniques used are often considered impractical.
A new paper demonstrates this surveillance can be pretty easy – well, easier than you might imagine – to pull off, even over the air from a few metres away.
We all know that tiny fluctuations in electrical current during encryption routines, or even the sounds made by the system, can be picked up wirelessly to ascertain keys used – just ask the NSA. However, it usually requires hooking up expensive analysis equipment and takes long periods of time to gather all the bits needed.
Now, in a paper published by the Association for Computing Machinery, researchers from Tel Aviv University have detailed how inexpensive kit can be used to harvest 4,096-bit encryption keys from distances of around 10 metres (33 feet).
These are the same boffins who hid a loop of wire and a USB radio dongle in a piece of pita bread last year and used it to steal keys over the air.
In their latest research, the team managed to pick up encryption keys using acoustics. As a computer's processor churns through the encryption calculations, the machine emits a high-frequency "coil whine" from the changing electrical current flowing through its components.

By using a parabolic mic, the team was able to pick up the coil whine from 10 meters (38 feet) away. Trouble is, that mic is a little obvious if you're trying to be sneaky, so they managed to get the same result from a mobile phone's microphone placed 30 centimetres (12 inches) away from the spied-on PC. In both cases it took an hour of listening to get the 4,096-bit RSA key.
On the one hand, this still isn't a very practical attack, and most people shouldn't fear it. You have to train a mic on a device for an hour while it runs cryptographic software over and over, and without background noise ruining the key capture. On the other hand, you may be paranoid enough to consider mitigating it.
To combat this security hole, you need tweak your software, the team suggested. It's possible to use acoustic dampening inside a PC against sound attacks, Faraday cages to block electromagnetic emissions, and insulation of the enclosures of laptops. But this isn't practical in the real world.
Instead, the team recommends encryption software writers build in "blinding" routines that insert dummy calculations into cryptographic operations. After discussions with the team, GNU Privacy Guard now does this.
So it's not all bad news, but the research does serve as a reminder that you don't just need to check your software for security, but scout around the hardware too for mysterious gadgets. ®

Meho Krljic

  • 5
  • 3
  • Posts: 56.222
The inventor of the Web thinks we need a new one that governments can’t control

Although the internet has created millions of new opportunities for people around the world and made the sum of human knowledge available to anyone with a connection, it’s also created problems that seem impossible to solve.
“Edward Snowden showed we’ve inadvertently built the world’s largest surveillance network with the web,” said Brewster Kahle, who heads up Internet Archive. And he’s not wrong: governments across the globe keep an eye on what their citizens are accessing online and some censor content on the Web in an effort to control what they think.
Sir Tim Berners-Lee, who invented the World Wide Web, believes that the way his creation works in the present day “completely undermines the spirit of helping people create.”
To that end, Berners-Lee, Kahle and other pioneers of the modern Web are brainstorming ideas for a new kind of information network that can’t be controlled by governments or powered by megacorporations like Amazon and Google.
Along with luminaries like TCP/IP protcol co-creator Vint Cerf, Mozilla Project leader Mitchell Baker and Electronic Frontier Foundation special advisor Cory Doctorow, they’ve gathered at the Decentralized Web Summit in San Francisco to discuss how this new kind of internet can be created and sustained.
Participants and speakers also mulled over the use of increased encryption and methods to bring more accountability, as well as to reduce content creators’ and publishers’ dependence on ad revenue by developing secure, direct cryptocurrency-based payment methods for subscribers.
But while it’s comforting to know that such great minds are coming together to address these issues that affect every Web user, it’s scary to think that it was us humans that polluted the internet and turned it into what it is today – and in all probability, we’ll ruin the next great network too.
The Decentralized Web Summit is on from June 8-9 and you can catch the livestream on the event’s ZeroNet site.
  The Web's creator looks to reinvent it on The New York Times 

Meho Krljic

  • 5
  • 3
  • Posts: 56.222
A vi posle hitajte u EU, nesvesni da stupate u Orvelovski košmar  :lol:
 EU Exploring the Idea of Using Government ID Cards as Potential Online Logins       
     Fears that fake online reviews might ruin the consumer market and damage legitimate businesses are making the European Commission consider the idea of forcing online platforms to allow EU citizens to log into online accounts using their government-issued ID cards.
Details about these plans can be found in a proposal named "Online Platforms and the Digital Single Market Opportunities and Challenges." The document addresses all platforms where users can post product reviews.
According to this document, dated to May 25, 2016, the European Commission is exploring the theoretical possibilities of forcing online review platforms into using government IDs as online identities.
The paragraph that raised the most concerns from privacy and civil groups is on page ten of the aforementioned document:
  It is recognised that a multitude of username and password combinations is both inconvenient and a security risk. [...], in order to keep identification simple and secure, consumers should be able to choose the credentials by which they want to identify or authenticate themselves. In particular, online platforms should accept credentials issued or recognised by national public authorities, such as electronic or mobile IDs, national identity cards, or bank cards. 
Why such an Orwellian clause? If we are to believe the same document, it's because of fake product reviews that might lead EU consumers into making the wrong purchase, as per page eleven of the same document:
  Online ratings and reviews of goods and services are helpful and empowering to consumers, but they need to be trustworthy and free from any bias or manipulation. A prominent example is fake reviews[...] 
The men behind this proposal think that forcing online platforms to allow EU citizens to use their real identities when logging into their online accounts to post reviews will stop people in non-EU countries from posting fake reviews. Because, let's face it, everyone would like to throw away the ability to protect their online identity for the sake of buying the best USB Type-C cable on Amazon. Giving people the option to recognize a real from a fake review based on the identity of the poster does not necessarily stop people from outright lying.Little chance of approval in its current state In its present form, the document has little chance of passing through the European Parliament, being clearly written by a person who didn't take all factors into account.
The document is clearly written for businesses alone and doesn't detail any security measures to protect the online privacy of EU citizens. If approved, EU citizens would be offering more information when logging into a review website than ever before, which could be very easily abused in the case of a data breach.
The European Commission and Andrus Ansip, Vice-President for the Digital Single Market on the European Commission and the man behind this proposal, will have to provide more details regarding the technical implementation of their plan.
Taking into account that the European General Data Protection Regulation (EGDPR) has recently come into effect, being a law that boosts online privacy protections for EU citizens, this proposal goes against the grain of what the EU is trying to accomplish in the long term.
Back in 2011, the US started a process to implement a similar plan called Internet ID, which in 2014 was tested in Michigan and Pennsylvania, with little news about it ever since.
UPDATE: The article's title was updated.

Meho Krljic

  • 5
  • 3
  • Posts: 56.222
Creepy startup will help landlords, employers and online dates strip-mine intimate data from your Facebook page 

There’s a scene in the dystopian scifi novel “Ready Player One” in which the protagonist glimpses the dossier of personal information a major tech company has gathered on him. It includes his height and weight, his browser history, his address — even several years of his school transcripts.
We’re still several years away from that vision, thankfully, but a new British startup called Score Assured has taken a big step in that direction: The company wants to, in the words of co-founder Steve Thornhill, “take a deep dive into private social media profiles” and sell what it finds there to everyone from prospective dates to employers and landlords.
[Everyone you know will be able to rate you on the terrifying ‘Yelp for people’ — whether you want them to or not]
Its first product, Tenant Assured, is already live: After your would-be landlord sends you a request through the service, you’re required to grant it full access to your Facebook, LinkedIn, Twitter and/or Instagram profiles. From there, Tenant Assured scrapes your site activity, including entire conversation threads and private messages; runs it through natural language processing and other analytic software; and finally, spits out a report that catalogues everything from your personality to your “financial stress level.”
My personal tenant report includes a list of my closest friends and interests, a percentage breakdown of my personality traits, a list of every time I’ve tweeted the words “loan” and “pregnant,” and the algorithm’s confidence that I’ll pay my rent consistently.
“If you’re living a normal life,” Thornhill reassures me, “then, frankly, you have nothing to worry about.”
In fact, Thornhill sees his product as empowering both landlords and tenants: the former, to make more informed decisions about whom they rent to and spot lies on applications; the latter, to present a fuller, more accurate picture of themselves than might be available in a credit report or background check.
[No, Facebook doesn’t eavesdrop on your phone. But it does spy on you.]
But I’m still pretty worried. Acutely so.
It’s old news, of course, that people in positions of authority — landlords, hiring managers, college admissions counselors, you name it — increasingly scope out social media as part of standard background checks. But Score Assured, with its reliance on algorithmic models and its demand that users share complete account access, is something decidedly different from the sort of social media audits we’re used to seeing. Those are like a cursory quality-control check; this is more analogous to data strip-mining.
It’s not just the amount or detail of data that’s problematic, either. Tenant Assured reports include information such as whether you’ve mentioned a pregnancy and how old you are, which are both protected statuses under U.S. housing discrimination law. (“All we can do is give them the information,” Thornhill said. “It’s up to landlords to do the right thing.”)
Meanwhile, unlike credit reports — which you may, under federal law, request every 12 months — Tenant Assured doesn’t give users any way to view their ratings or dispute misleading data.
Make no mistake: The data will mislead. Among the behaviors that count against your Tenant Assured “credit” percentage — i.e., how confident the company is that you’ll pay rent — are “online retail social logins and frequency of social logins used for leisure activities.” In other words, Tenant Assured draws conclusions about your credit-worthiness based on things such as whether you post about shopping or going out on the weekends.
Thornhill’s response to these criticisms is that Tenant Assured asks permission before it does any analysis: In that way, he argues, it’s not much different from a background check or credit rating. Of course, we have consumer protection laws to regulate both those things, in large part because they have such an outsize impact on consumers. Regulators also have recognized that although such checks may technically be “opt in,” they’re effectively not optional for those who don’t have the luxury of only choosing landlords, jobs or loans that don’t require them, or who work in industries or live in areas where such checks are standard practice.
These are early days, of course, and Tenant Assured is only Source Assured’s first product. By the end of July, the company expects to be offering specialized versions of the service to everyone from employers and HR departments to parents shopping around for nannies. Some day, Thornhill imagines, you won’t hire a dog sitter or book an Airbnb without first viewing their social media dossier, as compiled by his company.
There is always the possibility that it won’t catch on, of course, or that, as has happened when other companies infringed on private online spaces, consumers will rebel. But Thornhill is pretty unconcerned.
“People will give up their privacy to get something they want,” he said.

Meho Krljic

  • 5
  • 3
  • Posts: 56.222
Spy Tech That Reads Your Mind

On any given morning at a big national bank or a Silicon Valley software giant or a government agency, a security official could start her day by asking a software program for a report on her organization’s staff. “Okay, as of last night, who were the people who were most disgruntled?” she could ask. “Show me the top 10.”
She would have that capability, says Eric Shaw, a psychologist and longtime consultant to the intelligence community, if she used a software tool he developed for Stroz Friedberg, a cybersecurity firm. The software combs through an organization’s emails and text messages—millions a day, the company says—looking for high usage of words and phrases that language psychologists associate with certain mental states and personality profiles. Ask for a list of staffers who score high for discontent, Shaw says, “and you could look at their names. Or you could look at the top emails themselves.”
Many companies already have the ability to run keyword searches of employees’ emails, looking for worrisome words and phrases like embezzle and I loathe this job. But the Stroz Friedberg software, called Scout, aspires to go a giant step further, detecting indirectly, through unconscious syntactic and grammatical clues, workers’ anger, financial or personal stress, and other tip-offs that an employee might be about to lose it.
To measure employees’ disgruntlement, for instance, it uses an algorithm based on linguistic tells found to connote feelings of victimization, anger, and blame. For instance, unusually frequent use of the word me—several standard deviations above the norm—is associated with feelings of victimization, Shaw says. Why me? How can you do that to me? Anger might be signaled by unusually high use of negatives like no, not, never, and n’t, or of “negative evaluators” like You’re terrible and You’re awful at that. There might be heavy use of “adverbial intensifiers” like very, so, and such a or words rendered in all caps for emphasis: He’s a ZERO.
It’s not illegal to be disgruntled. But today’s frustrated worker could engineer tomorrow’s hundred-million-­dollar data breach. Scout is being marketed as a cutting-edge weapon in the growing arsenal that helps corporations combat “insider threat,” the phenomenon of employees going bad. Workers who commit fraud or embezzlement are one example, but so are “bad leavers”—employees or contractors who, when they depart, steal intellectual property or other confidential data, sabotage the information technology system, or threaten to do so unless they’re paid off. Workplace violence is a growing concern too.
Though companies have long been arming themselves against cyberattack by external hackers, often presumed to come from distant lands like Russia and China, they’re increasingly realizing that many assaults are launched from within—by, say, the quiet guy down the hall whose contract wasn’t renewed. The most spectacular examples have been governmental—the massive 2010 data dump of more than 700,000 classified files onto WikiLeaks by Chelsea Manning (then known as Pfc. Bradley Manning) and the leaks by former intelligence contractor Edward Snowden in 2013. While those events were sui generis, they opened the world’s eyes to the breathtaking scope of every organization’s vulnerability.
About 27% of electronic attacks on organizations—­public and private—come from within, according to the latest ­annual cybercrime survey jointly conducted by CSO Magazine, the U.S. Secret Service, PricewaterhouseCoopers, and the Software Engineering Institute CERT program. (CERT is a Defense Department–funded cybercrime research center at Carnegie Mellon University.) About 43% of the 562 participants surveyed said their organizations had endured at least one insider attack in the previous year. Though targets of these assaults often keep the incidents secret, known victims in recent years include Morgan Stanley    MS -0.23%  , AT&T    T 0.60%  , Goldman Sachs    GS -0.22%  , and DuPont    DD -0.68%  .
Insider threats are now sufficiently well recognized that their victims—especially financial institutions—may face regulatory sanctions as well as civil liability for not having taken adequate steps to prevent them. In June the Securities and Exchange Commission fined Morgan Stanley $1 million for failing to prevent a rogue financial adviser from compromising 730,000 customer accounts, even though the bank itself caught and reported the employee, who later pleaded guilty to a federal crime.
 Psycholinguistics: Finding Clues in an Ordinary EmailThis text was adapted from actual emails that a systems administrator, working under contract for a bank, wrote to his supervisor. after the man later lost his position, he sabotaged the bank’s servers. The illustration below shows which words Stroz Friedberg’s Scout software would pick up and “score,” using psycholinguistic principles, if it analyzed the email today. Here’s an explanation of why those words raise red flags, especially when they appear unusually frequently. —R.P.
  • “Negatives” like no, not, and n’t may signal anger, which Scout treats as a component of disgruntlement.
  • The word me used in excess can signal victimization, another component of disgruntlement.
  • Direct references, especially you, can signal blame, yet another sign of disgruntlement.
  • Words in all caps are “intensifiers” and can signal anger. Strong words and phrases (like garbage and screws up) are intensifiers and “negative evaluators,” which both signal anger.
  • Since much anger and negativity in emails relate to marital conflict, which is often not the employer’s concern, Scout uses words and phrases relating to employment, like fire, quit, and root access, as a filter. A client can opt to see only emails that contain such ­references.
Since 2011, government agencies that handle classified information have been required to have formal insider-threat programs in place. And in May that rule was extended to private contractors who handle such data—some 6,000 to 8,000 companies, according to Randall Trzeciak, who heads CERT’s Insider Threat Center. With increasing awareness of the problem, Trzeciak notes, the tools marketed to combat insider risk have proliferated. At the annual RSA conference on security two years ago, he says, only about 20 vendors displayed such wares. At this year’s, in February, he counted more than 125.
The vast majority of these tools, known as technical indicators, provide ways to monitor computer networks, prevent data loss, alert security to suspicious conduct, or even record keystrokes and take video of individual computer screens. Such solutions let an organization see, for instance, who’s logging onto her computer at odd hours, messing around with electronic tags that demark confidential information, or simply departing from routine in some sudden, marked fashion. (See below, “Tools for Stopping the Enemy Within.”)
Still other tools are available to comb through employees’ emails, looking for keywords. But Scout appears to be the email-scanning tool most specifically and ingeniously tailored to try to sniff out insider threats before they occur.

Scout was soft launched as a client service by Stroz Friedberg in late 2014, though the firm has long used earlier versions for internal investigations. The firm was founded in 2000 by Ed Stroz, a 16-year FBI veteran in Manhattan, and Eric Friedberg, an 11-year Brooklyn federal prosecutor. Each had led his office’s computer crime unit. Today, with more than 500 employees in 14 offices, the firm is one of the leading outfits of its kind, with specialties in digital forensics, incident response, and e‑discovery. Though most of its assignments are confidential, it claims to have worked for 30 of the Fortune 50, and publicly identified clients have included Target    TGT 0.33%  and Neiman Marcus (after their massive data breaches), Facebook    FB -0.08%  , Google    GOOGL 0.98%  , and the Justice Department.
As impressive as Stroz Friedberg’s credentials are, discussion of its Scout product must come with caveats. The firm declined to introduce Fortune to a single client using it, notwithstanding our promise to protect the organization’s identity. (Companies don’t like to discuss their insider-threat programs, in part because doing so makes workers feel mistrusted.) While the firm described instances in which Scout had been used as a forensic tool—say, identifying the sources of anonymous threats—it furnished no specific case in which Scout proactively warded off an insider attack. Stroz Friedberg did cite an instance in which it said that the system had flagged an employee’s extreme stress; upon follow-up, officials learned that the person was planning a suicide. They intervened, and Scout may have saved the worker’s life.
Ed Stroz acknowledges that Scout does not supplant the many technical tools already available to fight insider threat. But those solutions help only after someone is already “touching, reading, copying, and moving files” he’s not supposed to, he says. He likens Scout’s aspirations to those of the FBI after the attacks on the World Trade Center. “After 9/11 it became ‘disrupt and prevent,’ not just ‘react and investigate,’ ” he says. “How do you get in front of something and protect somebody from themselves?” The answer is through language. “Language is being used by everybody,” he observes. “Google is using it to sell you jeans.” Why not use it to “get to the left” of the actual event—getting ahead of it on a metaphorical timeline, in other words—“so that disasters don’t happen?”

Eric Shaw, 63, practices a rare specialty called political psychology. After earning his Ph.D. from Duke, he did a stint with the Central Intelligence Agency, from 1990 to 1992, and then worked as a consultant to other intelligence offices while building a private practice and teaching at George Washington University. (Shaw says he still spends two days a week consulting for an intelligence agency, which he won’t identify but which, he says, has installed Scout to monitor its own personnel.)
Political psychologists draw up mental-health profiles of foreign leaders—Kim Jong-Un, say—to assist policymakers at the State and Defense departments, intelligence agencies, and the White House. Is a hostile chief of state a madman, or can he be reasoned with? If the latter, what is the best way to approach him? These psychologists can’t examine their patients on the couch. One tool they use instead is language. They look for clues to a leader’s personality in his unconscious speech patterns as captured at public appearances.
In the late 1990s, Shaw recounts, the Defense Department asked Shaw to study insider cyberattacks after a couple of alarming incidents, including one in which an administrator at a Navy hospital encrypted patient records and held them for ransom. The FBI computer crime squads had the most experience with such crimes, so Shaw was put in touch with Ed Stroz, who then headed the flagship unit in Manhattan.

The first case file that Stroz showed Shaw involved a systems administrator at a bank who had butted heads with his supervisor. The supervisor eventually terminated him, prompting him to leave behind a “logic bomb” embedded in the network, which exploded and shut down the bank’s servers. Shaw examined the email traffic between the disputants prior to the termination and then marked them up by hand to show Stroz the linguistic red flags.
“It was fascinating,” recalls Stroz. At the FBI, he focused on white-collar crime, a realm in which the perpetrator’s state of mind is often the only contested issue. Shaw’s analysis provided entrée into that realm. “At some point,” Shaw continues, “[Stroz] is watching me code the emails, and he said, ‘You know, we have computers that will do this now.’ That was the beginning of the idea of creating this psycholinguistic software.”
Stroz left the bureau in 2000 and co-founded Stroz Friedberg. A few months later he contacted Shaw, after receiving client calls that required forensic linguistic expertise. These were often “anonymous author” cases, in which a client was receiving threats or demands. Shaw would try to identify the perpetrator by comparing distinctive aspects of his writing style to those of a series of suspects. He relied in part on traditional forensic techniques—distinctive formatting conventions, odd diction, telltale misspellings—but also on the linguistic principles political psychologists used. In a case written up in the New York Times in 2005, for instance, Shaw’s work helped identify a cyberextortionist who had been demanding $17 million from MicroPatent, a patent and trademark company he had hacked. (The perpetrator pleaded guilty and was sentenced to prison.)
To assist in analyzing writings, Stroz and Shaw developed an internal software tool, which they named WarmTouch. “Terrible name,” Stroz admits, “but the idea was, the keyboard exists only because human beings need a way to interface with the computer. The human being begins where he touches the keys.” Meanwhile, Shaw continued studying insider-risk cases, poring over case files at CERT’s Insider Threat Center. He looked for missed warning flags that preceded these crimes and then tried to design features that would enable WarmTouch to pick up the linguistic precursors of bad behavior.
To test and hone his hypotheses, he hid actual emails written by insiders prior to crimes in portions of a large, publicly available database of emails known as the Enron corpus. (The corpus consists of about 600,000 emails written by 175 Enron employees, the vast majority of them innocent of any wrongdoing, whose emails were collected by the Federal Energy Regulatory Commission during an investigation of market manipulation.) Shaw then had both human coders and WarmTouch use principles of language psychology to try to filter out red-flag emails without also catching an unmanageable number of false positives. The results, some of which were published in two articles in the peer-reviewed Journal of Digital Forensics in 2013, suggested that WarmTouch could be a useful, if imperfect, filtering tool. By late 2014, Stroz Friedberg was ready to offer the latest version, renamed Scout, to customers.
Scout uses about 60 algorithms and tracks a vocabulary list of about 10,000 words, though that list is fine-tuned for each client. About 50 of the algorithms focus on insider threat. The rest can be used for a variety of purposes, Stroz Friedberg maintains, including some nonforensic ones—like detecting intra-office strife, evaluating managers, and identifying emerging leaders. Scout is typically provided to clients with a service contract, calling for “licensed clinicians”—outside contractors overseen by Shaw—to interpret the results.
To oversee the new product, Stroz Friedberg hired Scott Weber, who had previously been a partner at law firm Patton Boggs and headed the government business at big-data company Opera Solutions. “Scout is not dispositive,” Weber admits. “It’s not going to say that Carolyn’s going to come in tomorrow and steal, or that Scott’s going to commit an act of workplace violence.” What it does do, he continues, is “take a massive amount of information in an organization and filter it down to an operationally friendly pool.”
As an example, Weber displays a PowerPoint slide of Scout’s user interface tackling a data set of nearly 51 million emails and text messages from more than 69,000 senders. Weber says this represented, at the time, a full data set from one governmental client. When directed to search for aberrantly high scores across four insider-risk variables, Scout winnowed out just 383 messages from 137 senders, representing 0.0008% of the total data set.
In a real-life case, a human clinician would then pull up the actual emails, via Scout’s interface, and examine them individually. He would present any messages judged truly worrisome to the client. The client would then decide what action to take, says Weber, after drawing input from managers and its human resources, legal, and security departments. Scout is currently being used in government and in the financial sector, Weber asserts, and is now being tested by clients in manufacturing, health care, and pharmaceuticals. He declines to give numbers.

Shaw jokes that he originally wanted to call Scout “Big Brother.” Doesn’t it, in fact, invade employees’ privacy?
 “It’s really very respectful of privacy,” Weber insists. He stresses that only a tiny fraction of emails are ever read, and most of those are reviewed only by the outside clinician—never coming to the attention of co-workers or supervisors. From a legal standpoint, Weber explains, in the U.S. a company needs “informed consent” to look at employees’ emails. “If you have a policy that informs your employees that it’s not their computer, it’s not their data, it’s subject to search, there’s no expectation of privacy—you’re covered,” he says. (Most large U.S. companies already have such policies in place.)
Weber even argues that privacy concerns cut in favor of Scout. “In many cyberattack cases we’re brought into,” he says, “privacy is exactly how people were wronged. Intruders went through their network, read stuff, copied things, photographed them, turned on the microphone or the camera inside the computer—those are huge privacy violations.”
Against that backdrop, the Stroz Friedberg crew claims that Scout is an enlightened approach to a grave, intractable problem. Clients are saying, “ ‘I want it to be something I’m not going to be ashamed to be doing, to have it be part of a caring working environment,’ ” says Stroz. “You have to get to the left of the line so that disasters don’t happen. But you have to do it responsibly.”
A version of this article appears in the July 1, 2016 issue of Fortune.

Meho Krljic

  • 5
  • 3
  • Posts: 56.222
MIT Researchers Devise New Anonymity Network Following Tor Bug

The system, dubbed Riffle, leverages several existing cryptographic techniques, but combines them in a new way.

Computer scientists at Massachusetts Institute of Technology have devised a new anonymity network they say is more secure than Tor.
For the uninitiated, anonymity networks like Tor let you hide your location and Web activity, offering people living under repressive regimes, for instance, protection from prying eyes monitoring their Internet use. But following the recent discovery of vulnerabilities in Tor, researchers at MIT's Computer Science and Artificial Intelligence Laboratory and the École Polytechnique Fédérale de Lausanne have been working on a more secure anonymity scheme. Now they say they have succeeded.
The researchers plan to present the new system, dubbed Riffle, at the Privacy Enhancing Technologies Symposium later this month in Darmstadt, Germany. They say it leverages several existing cryptographic techniques, but combines them in a new way.
Riffle relies on a series of servers (known collectively as mixnet), each of which "permutes the order in which it receives messages before passing them on to the next," according to a news release. So, if "for instance, messages from senders Alice, Bob, and Carol reach the first server in the order A, B, C, that server would send them to the second server in a different order — say, C, B, A. The second server would permute them before sending them to the third, and so on." As a result, someone tracking the messages would have no idea which was which by the time they exited the last server.
Like Tor, the system also uses onion encryption, wrapping each message in several layers of protection. On top of this, Riffle uses technique called verifiable shuffle to thwart tampering and prevent adversaries from infiltrating servers with their own code — a problem affecting other anonymity networks. Finally, it takes advantage of yet another technique, called authentication encryption, to verify the authenticity of an encrypted message.
The researchers say their system provides strong security while using bandwidth much more efficiently than similar solutions. In fact, in their experiments, anonymous users were able to transfer large files in one-tenth the time, compared to existing systems.
"The initial use case that we thought of was to do anonymous file-sharing, where the receiving end and sending end don't know each other," graduate student Albert Kwon, who helped devise the new system, said in a statement. He added that this could help combat the practice of honeypotting — in which spies offer services through a network like Tor to entrap its users.
"We also studied applications in microblogging, something like Twitter, where you want to anonymously broadcast your messages to everyone," Kwon added.


  • Očigledan slučaj RASTROJSTVA!
  • 3
  • Posts: 10.902
    • IP Tardis

Tuesday, 12 July, 2016 - 12:45
So that’s why Pokémon has been plastered all over social media and the television this weekend. Nothing in this world is accidental as Kit Daniels reports:

The ‘augmented reality’ mobile game Pokémon Go, which uses the player’s smartphone camera to ‘add’ Pokémon to real-world locations, has ties to the CIA.

The developer of Pokémon Go, Niantic, Inc., was founded by John Hanke, who previously received funding from the CIA’s venture capital firm In-Q-Tel to develop what eventually became Google Earth.

In-Q-Tel was once described as an “independent strategic investment firm that identifies innovative technology solutions to support the missions of the U.S. Intelligence Community.”

It’s easy to see why the CIA would have an interest in the software behind Pokémon Go; the game utilizes the player’s camera and gyroscope to display an image of a Pokémon as though it were in the real world, such as the player’s apartment complex or workplace bathroom.

Software like that could theoretically turn millions of smartphone users into ‘Imperial probe droids’ who take real-time, ground-level footage of their cities and homes, reaching into dark alleyways and basements which spy satellites and Google cars can’t reach.

For example, in the 2008 film The Dark Knight, Bruce Wayne intentionally places a back door into cell phones sold by his company to implement a city-wide sonar grid.

Did that scene from the film reveal the intent behind ‘augmented reality’ software?

In the early 2000s, In-Q-Tel invested in Keyhole Inc., the company founded by Hanke which developed 3D “flyby” images of buildings and terrain from geospatial data collected by satellites.

The name “Keyhole” was a homage to the KH spy satellites first launched by the American National Reconnaissance Office.

Google later purchased Keyhole in 2004 and rolled its technology into Google Earth.

The CIA established In-Q-Tel in 1999 as its venture capital arm to “identify and invest in companies developing cutting-edge information technologies that serve United States national security interests,” according to the firm itself.

“If you want to keep up with Silicon Valley, you need to become part of Silicon Valley,” says Jim Rickards, an adviser to the U.S. intelligence community familiar with In-Q-Tel’s activities. “The best way to do that is have a budget because when you have a checkbook, everyone comes to you.”
Why shouldn't things be largely absurd, futile, and transitory? They are so, and we are so, and they and we go very well together.

Meho Krljic

  • 5
  • 3
  • Posts: 56.222
Novi pravni presedani u domenu enkripcije i građanskih prava. Naime, do sada je američki pravni sistem funkcionisao po sledećem principu: iako sam osumnjičen za ovaj ili onaj prekršaj (uključujući i terorizam), ne mogu biti legalno nateran da otkrijem pasvord za svoj zaključani telefon ili harddisk jer američki ustav, kao i zakonodavstva mnogih zapadnih zemalja, svojim petim amandmanom veli da se građani ne mogu legalno naterati da pruže dokaze koji bi njih same oštetili pred sudom (i član 33 ustava Srbije ima takvu odrednicu u kojoj se veli da lice okrivljeno ili kome se sudi za krivično delo nije dužno da daje iskaze protiv sebe ili protiv lica bliskih sebi). Međutim, sada se pomalja ideja da mada čovek ne mora da izrecituje pasvord, ako mu se telefon otključava otiskom prsta, možda mora da da otisak prsta. Logika je otprilike da je verbalni iskaz zaštićen ustavom ali da se u praksi otisci prstiju tretiraju kao fizički dokazi pa ih ne štiti peti amandman itd. itd. itd. Propas? Verovatno.

Suspect required to unlock iPhone using Touch ID in second federal case

A second federal judge has ruled that a suspect can be compelled to unlock their iPhone using their fingerprint in order to give investigators access to data which can be used as evidence against them. The first time this ever happened in a federal case was back in May, following a District Court ruling in 2014.
The latest case involves a suspect accused of particularly unpleasant crimes, reports Ars Technica.
A Dallas, Texas man accused of prostituting underage girls was secretly ordered by a federal judge to unlock his iPhone using his fingerprint, according to federal court documents that are now unsealed.
The legal position of forcing suspects to use their fingerprints to unlock devices won’t be known with certainty until a case reaches the U.S. Supreme Court, but lower court rulings so far appear to establish a precedent which is at odds with that concerning passcodes …
Most constitutional experts appear to believe that the Fifth Amendment prevents a suspect from being compelled to reveal a password or passcode, as this would amount to forced self-incrimination – though even this isn’t certain. Fingerprints, in contrast, have traditionally been viewed as ‘real or physical evidence,’ meaning that police are entitled to take them without permission.
Some legal scholars disagree, however, arguing that the law never envisaged using fingerprints to provide access to data.
In the Texas case, the ruling turned out to be academic: it appears that more than 48 hours had elapsed since the iPhone was last unlocked, so iOS required the passcode to unlock it. Additionally, Apple strengthened the passcode requirement back in May, such that iOS now requires a passcode every six days if it hasn’t been unlocked by Touch ID within the past eight hours.
iOS also only permits five Touch ID unlock attempts before the passcode is required, so smart criminals would either register their little finger and use up those attempts with other fingers, or simply avoid using Touch ID at all – but fortunately most criminals aren’t smart.


  • 5
  • 3
  • Posts: 11.014
o majko najmilija...


hm, valjda: "... and their hostility to even modest curation has been instrumental in providing legaly usable information in any court of law."?

That’s how it is with people. Nobody cares how it works as long as it works.

Meho Krljic

  • 5
  • 3
  • Posts: 56.222
Da li je informacija dobavljena na nelegalan način uopšte usable in a court of law???


  • 5
  • 3
  • Posts: 11.014
That’s how it is with people. Nobody cares how it works as long as it works.

Meho Krljic

  • 5
  • 3
  • Posts: 56.222
This Company Has Built a Profile on Every American Adult   


Forget telephoto lenses and fake mustaches: The most important tools for America’s 35,000 private investigators are database subscription services. For more than a decade, professional snoops have been able to search troves of public and nonpublic records—known addresses, DMV records, photographs of a person’s car—and condense them into comprehensive reports costing as little as $10. Now they can combine that information with the kinds of things marketers know about you, such as which politicians you donate to, what you spend on groceries, and whether it’s weird that you ate in last night, to create a portrait of your life and predict your behavior.
IDI, a year-old company in the so-called data-fusion business, is the first to centralize and weaponize all that information for its customers. The Boca Raton, Fla., company’s database service, idiCORE, combines public records with purchasing, demographic, and behavioral data. Chief Executive Officer Derek Dubner says the system isn’t waiting for requests from clients—it’s already built a profile on every American adult, including young people who wouldn’t be swept up in conventional databases, which only index transactions. “We have data on that 21-year-old who’s living at home with mom and dad,” he says.
Dubner declined to provide a demo of idiCORE or furnish the company’s report on me. But he says these personal profiles include all known addresses, phone numbers, and e-mail addresses; every piece of property ever bought or sold, plus related mortgages; past and present vehicles owned; criminal citations, from speeding tickets on up; voter registration; hunting permits; and names and phone numbers of neighbors. The reports also include photos of cars taken by private companies using automated license plate readers—billions of snapshots tagged with GPS coordinates and time stamps to help PIs surveil people or bust alibis.
  IDI also runs two coupon websites, and, that collect purchasing and behavioral data. When I signed up for the latter, I was asked for my e-mail address, birthday, and home address, information that could easily link me with my idiCORE profile. The site also asked if I suffered from arthritis, asthma, diabetes, or depression, ostensibly to help tailor its discounts.
Users and industry analysts say the addition of purchasing and behavioral data to conventional data fusion outmatches rival systems in terms of capabilities—and creepiness. “The cloud never forgets, and imperfect pictures of you composed from your data profile are carefully filled in over time,” says Roger Kay, president of Endpoint Technologies Associates, a consulting firm. “We’re like bugs in amber, completely trapped in the web of our own data.”
When logging in to IDI and similar databases, a PI must select a permissible use for a search under U.S. privacy laws. The Federal Trade Commission oversees the industry, but PI companies are largely expected to police themselves, because a midsize outfit may run thousands of searches a month.
Dubner says most Americans have little to fear. As examples, he cites idiCORE uses such as locating a missing person and nabbing a fraud or terrorism suspect.
  IDI, like much of the data-fusion industry, traces its lineage to Hank Asher, a former cocaine smuggler and self-taught programmer who began fusing sets of public data from state and federal governments in the early 1990s. After Sept. 11, law enforcement’s interest in commercial databases grew, and more money and data began raining down, says Julia Angwin, a reporter who wrote about the industry in her 2014 book, Dragnet Nation.
Asher died suddenly in 2013, leaving behind his company, the Last One (TLO), which credit bureau TransUnion bought in bankruptcy for $154 million. Asher’s disciples, including Dubner, left TLO and eventually teamed up with Michael Brauser, a former business partner of Asher’s, and billionaire health-care investor Phillip Frost. In May 2015, after a flurry of purchases and mergers, the group rebranded its database venture as IDI.
Besides pitching its databases to big-name PIs (Kroll, Control Risks), law firms, debt collectors, and government agencies, IDI says it’s also targeting consumer marketers. The 200-employee company had revenue of about $40 million in its most recent quarter and says 2,800 users signed up for idiCORE in the first month after its May release. It declined to provide more recent figures. The company’s data sets are growing, too. In December, Frost helped underwrite IDI’s $100 million acquisition of marketing profiler Fluent, which says it has 120 million profiles of U.S. consumers. In June, IDI bought ad platform Q Interactive for a reported $21 million in stock.
IDI may need Frost’s deep pockets for a while. The PI industry’s three favorite databases are owned by TransUnion and media giants Reed Elsevier and Thomson Reuters. “There’s no shortage,” says Chuck McLaughlin, chairman of the board of the World Association of Detectives, which has about 1,000 members. “The longer you’re in business, the more data you have, the better results.” He uses TLO and Tracers Information Specialists.
Steve Rambam, a PI who hosts Nowhere to Hide on the Investigation Discovery channel, says marketing data remains a niche monitoring tool compared with social media, but its power can be unparalleled. “You may not know what you do on a regular basis, but I know,” Rambam says. “I know it’s Thursday, you haven’t eaten Chinese food in two weeks, and I know you’re due.”


Meho Krljic

  • 5
  • 3
  • Posts: 56.222
Nigde više čovek nema svoju intimu....

This sex toy tells the manufacturer every time you use it

The We-Vibe 4 Plus is a rubbery clamp that looks a little like the oversized thumb and forefinger of a Disneyland character pinching down. It comes in black, purple or pink and is billed as the “number one couple’s vibrator.” It has Bluetooth so that, once inserted into the desired part of your body, you can connect it to your smartphone and then use the We-Vibe app to control the intensity of its vibration.
But you should know a little something about your pleasure toy: it regularly violates the “don’t-vibrate-and-tell” rule.

When the device is in use, the We-Vibe 4 Plus uses its internet connectivity to regularly send information back to its manufacturer, Standard Innovations Corporation. It sends the device’s temperature every minute, and lets the manufacturer know each time a user changes the device’s vibration level. The company could easily figure out some seriously intimate personal information like when you get off, how long it takes, and with what combinations of vibes.
   This was revealed on Friday at hacker conference Defcon in Las Vegas by two security researchers, who wish to be called only by their handles @gOldfisk and @rancidbacon. The two examined the app’s code and the information being sent by the device over Bluetooth.
In a statement sent by email, Standard Innovation Corporation’s president Frank Ferrari confirmed that the company collects this information and explained why.
“At We-Vibe, we strive to create innovative products that have our customer’s preferences in mind,” he said. “We-Vibe collects data on the use of its products in terms of vibration intensity and mode for market research purposes so that we can better understand what settings and levels of intensity are most enjoyed.”
Yes, thanks to the connectivity of the internet, your orgasms are now subject to market research.

I asked the company whether it informs customers that data about their sexy times is being collected. When I downloaded the app and looked at the privacy policy, this was not explicitly disclosed. Instead, I found a 2014 boilerplate one that discussed information collected on the website, and promised that the devices would be discreetly shipped.
     “While our policy does disclose that we may collect data, we are currently in the process of reviewing our privacy & data collection policy in an effort to provide more transparency for our customers,” said Ferrari.
Good idea! “We need companies to treat the privacy and security of people’s intimate data seriously,” said researcher @g0ldfisk.
Now you may be thinking, “Why even have a vibrator that connects to the internet?” The idea is that a long distance lover could control your experience from afar, which while appealing, might not be worth the privacy trade-off, unless you’re a data exhibitionist.
If you’re more private about these things, the researchers advise using the device with your smartphone in airplane mode, so that you don’t inform the company that 7 minutes in “surf mode” is your ticket to ecstasy.
Here’s the full statement from Frank Ferrari, President of the Standard Innovation Corporation.
The safety and security of our customers is of utmost importance. We ensure that all data transmissions are encrypted in transit and protected on secure servers. We conduct regular security audits and address security issues as they are discovered to comply with current best practices and security standards.
At We-Vibe, we strive to create innovative products that have our customer’s preferences in mind. We-Vibe collects data on the use of its products in terms of vibration intensity and mode for market research purposes so that we can better understand what settings and levels of intensity are most enjoyed. Our reason for collecting CPU temperature data is purely for hardware diagnostic purposes. Data is only collected when the app is in use.
While our policy does disclose that we may collect data, we are currently in the process of reviewing our privacy & data collection policy in an effort to provide more transparency for our customers.

Father Jape

  • 4
  • 3
  • Posts: 7.257
Blijedi čovjek na tragu pervertita.
To je ta nezadrživa napaljenost mladosti.
Dušman u odsustvu Dušmana.


  • омнирелигиозни фанатични фундаменталиста
  • 4
  • 3
  • Posts: 3.565
...barcode never lies

Meho Krljic

  • 5
  • 3
  • Posts: 56.222
Ričard Stolmn smatra da, umesto da onlajn novine žive od oglasa i špijuniranja svojih čitalaca, treba da uspostave sistem koji omogućava da čitaoci anonimno plaćaju vesti. Ne slučajno, pošto su on i njegova ekipa kreirali baš takav sistem za GNU.

Publishers must let online readers pay for news anonymously

Online newspapers and magazines have come to depend, for their income, on a system of advertising and surveillance, which is both annoying and unjust.
Readers are rebelling by installing ad blockers, which cut into the publisher’s surveillance-based income. And in response, some sites are cutting off access to readers unless they accept being surveilled. What they ought to do instead is give us a truly anonymous way to pay.
Some people use ad blockers because they find the sight of an advertisement offensive. That’s purely subjective, and publishers could argue that readers are overreacting. Yet ads on the internet do inconvenience readers too. Adverts increase the amount of data needed to view a page, making it slow to load and expensive on a mobile connection.
At a deeper level, tailored adsalso imply snooping, because the most lucrative, targeted advertising on the internet nowadays is based on tracking people’s interests and behaviour.
Tracking, as we know, gives companies and governments dangerous power; the intimidating effect of general surveillance has been measured and is massive. The rate of visits to some Wikipedia pages – those about “al-Qaida”, “car bomb” and “Taliban” – declined by one-fifth after Edward Snowden showed us how much the US government spies on our internet activity. The thousands of users who were presumably intimidated into not looking up these subjects were not terrorists, but citizens who feared that governments would treat them as terrorists.
I’ve never been particularly bothered by ads online, but began using anti-surveillance technology because I object to mass surveillance. I understand how surveillance threatens individuals and democracy. As a side effect, this technology blocks ads that track users.
Use of ad blockers used to be rare, but increased dramatically in 2015. Sites began losing significant tracking-based revenue as substantial fractions of visitors declined to be tracked. Magazines such as Forbes and Wired began denying access to visitors running ad blockers. It seemed they were saying that if readers don’t like ads, and don’t want to let ad networks track them, then readers should subscribe to the publisher and let them track their personal interests instead. Yet this “solution” is another form of the problem – no thank you!  The Electronic Frontier Foundation is suing the US government over ‘unconstitutional’ use of the Digital Millennium Copyright Act  Publishers have been highly critical of ad blockers, which present yet another threat to their diminishing advertising revenues. One company, Adblock+, invites publishers to pay so that their ads won’t be blocked. Publishers consider this a kind of extortion. With a free (libre) ad blocker, users can control what is blocked.
But there is way for publishers to charge readers without monitoring their behaviour: publishers that charge for access should offer the option to pay a small amount anonymously to get an individual story. The system should be unlinkably anonymous, meaning that if you pay for one story today and another story tomorrow, the publisher’s site can’t tell that those two transactions were both done by the same person. Alternatively, sites could invite the reader to donate the amount they wish each time they read a story. There are many possible variants.
For the system to be ethical, it should avoid other unjust practices. Readers should be able, for example, to pay and download the story while running solely free (libre) software. In addition, stories should not by afflicted with what the free software movement and digital rights campaigners call “digital restrictions management” (and what its proponents call “digital rights management”). And the reader should not be required to accept any form of contract (end-user license agreement) about what she is or isn’t allowed to do with the articles she downloads. That should be governed by copyright alone.
For the GNU operating system, which was created by the free software movement and is typically used with the kernel Linux, we are developing a suitable payment system called GNU Taler that will allow publishers to accept anonymous payments from readers for individual articles. We hope that publishers will adopt GNU Taler or something equivalent, so they can profit from defending privacy rather than from exposing their readers.
Publishers, please let me pay you – anonymously!

Meho Krljic

  • 5
  • 3
  • Posts: 56.222
House Committee: Edward Snowden's Leaks Did 'Tremendous Damage' 

The U.S. House intelligence committee on Thursday unanimously approved a blistering report on the activities of Edward Snowden, saying his disclosures of top-secret documents and programs did "tremendous damage" to national security.
"The public narrative popularized by Snowden and his allies is rife with falsehoods, exaggerations, and crucial omissions," said the report by staff members of the House Permanent Select Committee on Intelligence.
The report comes amid a renewed push by Snowden's supporters, who urged President Obama this week to pardon him before the president leaves office.
And a largely favorable movie about Snowden, directed by Oliver Stone, is now in theaters.
Snowden said Wednesday that he would return to the U.S. if he thought he could get a fair trial. But he said federal espionage laws do not recognize a defense of acting in the public interest or as a whistleblower.
Contrary to Snowden's statements that he intended to reveal programs that intruded on the privacy of Americans, the House report concluded that the vast majority of the 1.5 million documents he stole "have nothing to do with programs impacting individual privacy interests. They instead pertain to military, defense, and intelligence programs of great interest to America's adversaries."
Related: Edward Snowden's Motive Revealed: He Can 'Sleep at Night'
Snowden, a former contractor working for the National Security Agency, left the U.S. in May 2013 with a trove of NSA documents that he began passing along to reporters. His disclosures led Congress to eliminate a program that allowed the NSA to store the numbers dialed by U.S. telephone customers.
Blocked later from traveling when the U.S. revoked his passport, Snowden has been living in Russia since shortly after he left.
The report said Snowden did not, as he claimed, try to express his concerns about potentially illegal intelligence gathering in a way that would qualify him as a whistleblower.
"The Committee found no evidence that Snowden took any official effort to express concerns about U.S. intelligence activities — legal, moral, or otherwise — to any oversight officials within the U.S. government, despite numerous avenues for him to do so."
Two weeks before he began to download classified documents at an NSA installation in Hawaii, the report said, he was reprimanded after "engaging in a workplace spat" with managers. And he was repeatedly counseled regarding his behavior at work, it said.
While he has claimed that statements made by U.S. intelligence official James Clapper at a March 2013 congressional hearing amounted to a "breaking point" for him, the report said Snowden began to download classified documents eight months earlier.
Snowden's ACLU-provided attorney, Ben Wizner, disputed the report.
"This is a dishonest report that attempts to discredit a genuine American hero," said Wizner. "But after years of 'investigation,' the committee still can't point to any remotely credible evidence that Snowden's disclosures caused harm."
He added, "The truth is that Edward Snowden and the journalists with whom he worked did the job that the House Intelligence Committee was supposed to do: bring meaningful oversight to the U.S. intelligence community. The did so responsibly and carefully, and their efforts have led to historic reforms."


  • омнирелигиозни фанатични фундаменталиста
  • 4
  • 3
  • Posts: 3.565

A BROAD COALITION of over 50 civil liberties groups delivered a letter to the Justice Department’s civil rights division Tuesday calling for an investigation into the expanding use of face recognition technology by police. “Safeguards to ensure this technology is being used fairly and responsibly appear to be virtually nonexistent,” the letter stated. The routine unsupervised use of face recognition systems, according to the dozens of signatories, threatens the privacy and civil liberties of millions — especially those of immigrants and people of color.

These civil rights groups were provided with advance copies of a watershed 150-page report detailing — in many cases for the first time — how local police departments across the country have been using facial recognition technology. Titled “The Perpetual Lineup,” the report, published Tuesday morning by the Georgetown Center on Privacy & Technology, reveals that police deploy face recognition technology in ways that are more widespread, advanced, and unregulated than anyone has previously reported.

“Face recognition is a powerful technology that requires strict oversight. But those controls by and large don’t exist today,” said Clare Garvie, one of the report’s co-authors. “With only a few exceptions, there are no laws governing police use of the technology, no standards ensuring its accuracy, and no systems checking for bias. It’s a wild west.”

Of the 52 agencies that acknowledged using face recognition in response to 106 records requests, the authors found that only one had obtained legislative approval before doing so. Government reports have long confirmed that millions of images of citizens are collected and stored in federal face recognition databases. Since at least 2002, civil liberties advocates have raised concerns that millions of drivers license photos of Americans who have never been arrested are being subject to facial searches — a practice that amounts to a perpetual digital lineup. This report augments such fears, demonstrating that at least one in four state or local law enforcement agencies have access to face recognition systems.

Among its findings, the report provides the most fine-grained detail to date on how exactly these face recognition systems might disproportionately impact African-Americans. “Face recognition systems are powerful — but they can also be biased,” the coalition’s letter explains. While one in two American adults have face images stored in at least one database, African-Americans are more likely than others to have their images captured and searched by face recognition systems.

In Virginia, for instance, the report shows how state police can search a mug shot database disproportionately populated with African-Americans, who are twice as likely to be arrested in the state. Not only are African-Americans more likely to be subject to searches, according to the report, but this overrepresentation puts them at greatest risk for a false match.

These errors could be compounded by the fact that some face recognition algorithms have been shown to misidentify African-Americans, women, and young people at unusually high rates. In a 2012 study co-authored by FBI experts, three algorithms that were tested performed between 5 and 10 percent worse on black faces than on white faces. And the overall accuracy of systems has been shown to decrease as a dataset expands. The Georgetown report interviewed two major facial recognition vendors which said that they did not test for racial basis, despite the fact that systems have been shown to be far from “race-blind.”

A slideshow on San Diego’s privacy policy obtained by the researchers reveals that people of color in the county are between 1.5 and 2.5 more likely to be targeted by its surveillance systems. San Diego County uses a mugshot-only system, and repeated studies have shown that African-Americans are twice as likely as white people to be arrested and searched by police.
 New York Police Department officers watch demonstrator as they lie down on the floor of Gran Central Station in New York on December 6, 2014, as part of a die-in. Protesters in many US cities are demonstrating against the recent decisions by grand juries in New York and Ferguson, Missouri, not to charge police officers involved in the deaths of two African-American men. 

First Amendment Concerns

The Georgetown report shows for the first time that at least five major police departments have “run real-time face recognition off of street cameras, bought technology that can do so, or expressed a written interest in buying it.” They warn that such real-time surveillance tracking could have serious implications for the right to associate privately.

“This is the ability to conduct a real time digital manhunt on the street by putting people on a watchlist,” explained Alvaro Bedoya, the executive director of the Georgetown Center and one of the report’s co-authors. “Now suddenly everyone is a suspect.” Real-time recognition, he added, could have a chilling effect on people engaging in civil conduct. “It would be totally legal to take picture of people obstructing traffic and identify them.”

Indeed, as the ACLU revealed last week, face recognition systems were used to track Black Lives Matter protesters in Baltimore. “There’s a question of who is being subjected to this kind of facial recognition search in the first place,” David Rocah, a staff attorney at the ACLU of Maryland, told the Baltimore Sun. “Is it only Black Lives Matter demonstrators who get this treatment? Are they drawing those circles only in certain neighborhoods? The context in which it’s described here seems quintessentially improper.”

Bedoya pointed out that these systems in Baltimore uploaded social media photographs of protestors into these systems to conduct real-time street surveillance. “It turns the premise of the Fourth Amendment on its head,” he added.

The Georgetown report shows that some departmental policies allow for face recognition algorithms to be used in the absence of an individualized suspicion, which means the technology could conceivably be used to identify anyone. At least three agencies, according to the report, allow face recognition searches to identify witnesses of a crime in addition to criminal suspects.

As privacy organizations have previously noted, the FBI’s federal database includes and simultaneously searches photographic images of U.S. citizens who are neither criminals or suspects. The Georgetown report likewise shows that some state databases include mug shots, while others include both mug shots and driver’s license photos.

In a landmark Supreme Court decision on privacy, in which the justices unanimously concluded that the prolonged use of an unwarranted GPS device violated the Fourth Amendment, Justice Sotomayor wondered whether “people reasonably expect that their movements will be recorded and aggregated in a manner that enables the government to ascertain, more or less at will, their political and religious beliefs, sexual habits, and so on.”

Of the 52 agencies found by the report to have used face recognition, however, only one department’s policy explicitly prohibited officers from “using face recognition to track individuals engaging in political, religious, or other protected free speech.”

Apart from some news stories focusing on the policies of specific departments, most notably those of San Diego County, reporting on law enforcement’s use of face recognition technology has been scarce. Departments themselves have not been forthcoming about their use of the technology to identify suspects on the streets and to secure convictions. And many of the documents obtained by privacy organizations about face recognition programs largely date to 2011, prior to the federal face program’s full implementation.

No Oversight, Little Data

This is partly due to how little information is available. There is no national database of departments using these programs, how they work, what policies govern them, who can access them, and how the passive information is being collected and queried. The Georgetown report, compiling tens of thousands of records produced in response to Freedom of Information requests sent to fifty of the largest police departments across the country, provides the most comprehensive snapshot to date of how and on whom face recognition systems are used — and what policies constrain their use, if any. But even this picture continues to be partial, given the continued lack of transparency of several large law enforcement agencies with some of the most advanced systems.

The researchers state that despite several news articles and descriptions of the New York Police Department’s face recognition program, the NYPD denied their records request entirely, arguing that the records fell under a “non-routine techniques and procedures” exemption. Likewise, while the Los Angeles Police Department has claimed to use real-time, continuous face recognition and has made decades of public statements about the technology, the department found “no records responsive to [their] request” for information about this or any other face recognition system. “We followed up with a number emails and calls inquiring what that meant,” Garvie said. “The final word was that they found no records responsive.”

Of the 52 agencies that did provide responsive records to the researchers, at least 24 did not provide a face recognition use policy. Four of those two dozen agencies admitted that they expressly lacked any policy whatsoever to govern their face recognition systems.

Civil rights groups have long described the difficulties of calling for greater oversight for a system whose contours, uses, and abuses are unknown. The amount of up-to-date public records collected by the Georgetown researchers has the potential to change this and spark a national conversation on oversight, Bedoya said.

“I genuinely hope that more and more of the American public has a chance to see what’s at stake here,” Bedoya said, describing face recognition as “an extraordinarily powerful tool.” “It doesn’t just track our phones or computers. It tracks our flesh and our bones. This is a tracking technology unlike anything our society has ever seen. You don’t even need to touch anything.”

No national guidelines, laws, or polices currently regulate law enforcement’s use of face recognition technology. To fill this gap, the Georgetown report proposes protective legislation for civil liberties, limits on the amount and types of data stored, and a push for independent oversight and public notice procedures.

Among their recommendations, the Georgetown researchers advise that mug shots, rather than driver’s license and ID photos, be used to populate photo databases for face recognition, and for those images to be “periodically scrubbed to eliminate the innocent.” They also suggest that financing for police face recognition systems be contingent “on public reporting, accuracy and bias tests, legislative approval—and public posting—of a face recognition use policy.”

In Seattle, where a face recognition program was funded by a $1.64 million grant from the Department of Homeland Security, some of these model guidelines are already in place. Only specially trained officers use the software, real-time use is banned, and the software’s use is limited to scanning suspicious subjects only.

The ACLU, when it first investigated nascent uses of face recognition technology back in 2002, presciently warned that the “worst-case scenario … would be if police continue to utilize facial recognition systems despite their ineffectiveness because they become invested in them, attached to government or industry grants that support them, or begin to discover additional, even more frightening uses for the technology.”

The Georgetown report offers a glimpse into this worst-case scenario, but Bedoya is hopeful that the Model Face Recognition Act proposed by the report and endorsed by the letter’s signatories provides a “deeply reasonable” solution. He pointed to the fact that state legislatures have previously passed laws to limit geolocation technology by police, automatic license plate readers, drones, wiretaps and other surveillance tools. “This is very feasible. It’s not about protecting criminals. It’s about protecting our values.”
...barcode never lies

Meho Krljic

  • 5
  • 3
  • Posts: 56.222
AT&T Is Spying on Americans for Profit, New Documents Reveal

The telecom giant is doing NSA-style work for law enforcement—without a warrant—and earning millions of dollars a year from taxpayers.

On Nov. 11, 2013, Victorville, California, sheriff’s deputies and a coroner responded to a motorcyclist’s report of human remains outside of town.
 They identified the partially bleached skull of a child, and later discovered the remains of the McStay family who had been missing for the past three years. Joseph, 40, his wife Summer, 43, Gianni, 4, and Joseph Jr., 3, had been bludgeoned to death and buried in shallow graves in the desert.Investigators long suspected Charles Merritt in the family’s disappearance, interviewing him days after they went missing. Merritt was McStay’s business partner and the last person known to see him alive. Merritt had also borrowed $30,000 from McStay to cover a gambling debt, a mutual business partner told police. None of it was enough to make an arrest.Even after the gravesite was discovered and McStay’s DNA was found inside Merritt’s vehicle, police were far from pinning the quadruple homicide on him.Until they turned to Project Hemisphere.Hemisphere is a secretive program run by AT&T that searches trillions of call records and analyzes cellular data to determine where a target is located, with whom he speaks, and potentially why.
 “Merritt was in a position to access the cellular telephone tower northeast of the McStay family gravesite on February 6th, 2010, two days after the family disappeared,” an affidavit for his girlfriend’s call records reports Hemisphere finding (PDF). Merritt was arrested almost a year to the date after the McStay family’s remains were discovered, and is awaiting trial for the murders.
 In 2013, Hemisphere was revealed by The New York Times and described only within a Powerpoint presentation made by the Drug Enforcement Administration. The Times described it as a “partnership” between AT&T and the U.S. government; the Justice Department said it was an essential, and prudently deployed, counter-narcotics tool.
 However, AT&T’s own documentation—reported here by The Daily Beast for the first time—shows Hemisphere was used far beyond the war on drugs to include everything from investigations of homicide to Medicaid fraud.
 Hemisphere isn’t a “partnership” but rather a product AT&T developed, marketed, and sold at a cost of millions of dollars per year to taxpayers. No warrant is required to make use of the company’s massive trove of data, according to AT&T documents, only a promise from law enforcement to not disclose Hemisphere if an investigation using it becomes public.These new revelations come as the company seeks to acquire Time Warner in the face of vocal opposition saying the deal would be bad for consumers. Donald Trump told supporters over the weekend he would kill the acquisition if he’s elected president; Hillary Clinton has urged regulators to scrutinize the deal.
 While telecommunications companies are legally obligated to hand over records, AT&T appears to have gone much further to make the enterprise profitable, according to ACLU technology policy analyst Christopher Soghoian.“Companies have to give this data to law enforcement upon request, if they have it. AT&T doesn’t have to data-mine its database to help police come up with new numbers to investigate,” Soghoian said.AT&T has a unique power to extract information from its metadata because it retains so much of it. The company owns more than three-quarters of U.S. landline switches, and the second largest share of the nation’s wireless infrastructure and cellphone towers, behind Verizon. AT&T retains its cell tower data going back to July 2008, longer than other providers. Verizon holds records for a year and Sprint for 18 months, according to a 2011 retention schedule obtained by The Daily Beast.
 The disclosure of Hemisphere was not the first time AT&T has been caught working with law enforcement above and beyond what the law requires.
Special cooperation with the government to conduct surveillance dates back to at least 2003, when AT&T ordered technician Mark Klein to help the National Security Agency install a bug directly into its main San Francisco internet exchange point, Room 641A. The company invented a programming language to mine its own records for surveillance, and in 2007 came under fire for handing these mined records over to the FBI. That same year Hemisphere was born.
 By 2013, it was deployed to three DEA High Intensity Drug Trafficking Area (HIDTA) Investigative Support Centers, according to the Times. Today, Hemisphere is used in at least 28 of these intelligence centers across the country, documents show. The centers are staffed by federal agents as well as local law enforcement; one center is the Los Angeles Regional Criminal Information Clearinghouse, where Merritt’s number was sent for analysis.
 Analysis is done by AT&T employees on behalf of law enforcement clients through these intelligence centers, but performed at another location in the area. At no point does law enforcement directly access AT&T’s data.A statement of work from 2014 shows how hush-hush AT&T wants to keep Hemisphere.


“The Government agency agrees not to use the data as evidence in any judicial or administrative proceedings unless there is no other available and admissible probative evidence,” it says.But those charged with a crime are entitled to know the evidence against them come trial. Adam Schwartz, staff attorney for activist group Electronic Frontier Foundation, said that means AT&T may leave investigators no choice but to construct a false investigative narrative to hide how they use Hemisphere if they plan to prosecute anyone.
 Once AT&T provides a lead through Hemisphere, then investigators use routine police work, like getting a court order for a wiretap or following a suspect around, to provide the same evidence for the purpose of prosecution. This is known as “parallel construction.”“This document here is striking,” Schwartz told The Daily Beast. “I’ve seen documents produced by the government regarding Hemisphere, but this is the first time I’ve seen an AT&T document which requires parallel construction in a service to government. It’s very troubling and not the way law enforcement should work in this country.”The federal government reimburses municipalities for the expense of Hemisphere through the same grant program that is blamed for police militarization by paying for military gear like Bearcat vehicles.
 “At a minimum there is a very serious question whether they should be doing it without a warrant. A benefit to the parallel construction is they never have to face that crucible. Then the judge, the defendant, the general public, the media, and elected officials never know that AT&T and police across America funded by the White House are using the world’s largest metadata database to surveil people,” Schwartz said.The EFF, American Civil Liberties Union, and Electronic Privacy Information Center have all expressed concern that surveillance using Hemisphere is unconstitutionally invasive, and have sought more information on the program, with little success. The EFF is currently awaiting a judge’s ruling on its Freedom of Information Act suit against the Department of Justice for Hemisphere documentation.
 AT&T spokesperson Fletcher Cook told The Daily Beast via an email that there is “no special database,” and that the only additional service AT&T provides for Atlanta’s intelligence center is dedicated personnel to speed up requests.
 “Like other communications companies, if a government agency seeks customer call records through a subpoena, court order or other mandatory legal process, we are required by law to provide this non-content information, such as the phone numbers and the date and time of calls,” AT&T’s statement said.Soghoian said AT&T is being misleading.“They say they only cooperate with law enforcement as required, and frankly, that’s offensive when they are mining the data of millions of innocent people, and really built a business and services around the needs of law enforcement,” he said.Sheriff and police departments pay from $100,000 to upward of $1 million a year or more for Hemisphere access. Harris County, Texas, home to Houston, made its inaugural payment to AT&T of $77,924 in 2007, according to a contract reviewed by The Daily Beast. Four years later, the county’s Hemisphere bill had increased more than tenfold to $940,000.
 “Did you see that movie Field of Dreams?” Soghoian asked. “It’s like that line, ‘if you build it, they will come.’ Once a company creates a huge surveillance apparatus like this and provides it to law enforcement, they then have to provide it whenever the government asks. They’ve developed this massive program and of course they’re going to sell it to as many people as possible.”
 AT&T documents state law enforcement doesn’t need a search warrant to use Hemisphere, just an administrative subpoena, which does not require probable cause. The DEA was granted administrative subpoena power in 1970.
 The Supreme Court ruled in 1979’s Smith v. Maryland that “non-content” metadata such as phone records were like an address written on an envelope, and phone customers had no reasonable expectation that it would be kept private.
 AT&T stores details for every call, text message, Skype chat, or other communication that has passed through its infrastructure, retaining many records dating back to 1987, according to the Times 2013 Hemisphere report. The scope and length of the collection has accumulated trillions of records and is believed to be larger than any phone record database collected by the NSA under the Patriot Act, the Times reported.
 The database allows its analysts to detect hidden patterns and connections between call detail records, and make highly accurate inferences about the associations and movements of the people Hemisphere is used to surveil. Its database is particularly useful for tracking a subscriber between multiple discarded phone numbers, as when drug dealers use successive prepaid “burner” phones to evade conventional surveillance.Some Hemisphere operations have regionally appropriate nicknames: Atlanta’s is “Peach,” while Hawaii’s has been called “Sunshine.” West Allis, Wisconsin, city council minutes do not name the contract at all, referring to it only as “services needed for an investigative tool used by each of the HIDTA’s Investigative Support Centers from AT&T Government Solutions.” In 2014 Cameron County, Texas, Judge Carlos Casco ordered a line item in the commission minutes changed from “Hemisphere Program” to “database analysis services.” Casco is now the secretary of State of Texas.
 The Florida attorney general’s Medicaid Fraud Unit received “Hemisphere Project” training in 2013, according to a report on the unit’s data-mining activities. Florida is one of eight states that is allowed to spend federal money on anti-fraud data mining initiatives. Florida Medicaid fraud investigators use such technology to look for suspicious connections between call detail records such as “a provider and a beneficiary with the same phone number or address.”
 A group of shareholders represented by Arjuna Capital are concerned about the effect of negative press on stock value, and filed a proposal in December 2015 to require the company to issue a statement “clarifying the Company’s policies regarding providing information to law enforcement and intelligence agencies, domestically and internationally, above and beyond what is legally required by court order or other legally mandated process.”
 AT&T contested the proposal and the matter is now before the Securities and Exchange Commission.


  • 4
  • 3
  • Posts: 13.334
Juče sam čitao suludu prognozu na ovu temu. Do sada se mislilo da oni skupljaju podatke o ljudima, jer prate šta rade i onda im poturaju reklamne banere po raznim sajtovima, pretpostavljajući da ako je neko guglo nešto prije tri mjeseca da mu sad treba nabaciti reklamu na istu temu.

I ono, ajd dobro, možda je i korisno... poslije ispade dobro je to i za policiju, ali ne samo u ovakvim slučajevima ubistva, nego npr ako aktivisti organizuju proteste, ovi ih prate, znaju gdje se nalaze, znaju gdje će otići, i sjebu ih pendrecima...

Ajd ono, jebeš i proteste, ali treće ide da će da porede podatke o ponašanju ljudi i onome što ostavljaju onlajn sa njihovim psihofizičkim zdravljem, i tako s informacijama stotina miliona ljudi izvuku obrazac razvoja određenih bolesti. Hm, možda i to može biti korisno, mada sve redom od početka do kraja ima dvije oštrice, da ga jebeš.

I onda dođe naizgled nebitna stavka, ali onda vidiš da si u ovom sistemu totalne kontrole naebo. Ako sazna da si npr. u procesu razvoda, banka će da ti snizi kreditni rejting. Bojim se da pitam šta će da rade ako mi saznaju boju stolice, ili tako nešto.

Ispade da više ne možeš ni pošteno da se isereš, a da te to ne košta slobode i novaca. Big Brada, hir vi kam!
šta će mi bogatstvo i svecka slava sva kada mora umreti lepa Nirdala

Meho Krljic

  • 5
  • 3
  • Posts: 56.222
Softver koji pamti sve što ste ikada pogledali putem svog kompjutera i pohranjuje to u kriptovanoj formi na serveru firme koja softver pravi? Da, baš nam to treba u životu.

This search engine remembers literally everything that's been on your computer

Meho Krljic

  • 5
  • 3
  • Posts: 56.222
S druge strane imamo ovo: dvogodišnja FBI istraga radikalnog hrišćanskog kulta koji podstičena nasilje nad poštovaocima satane oslanjajući se na poznati srednjevekovni traktat Malleus Maleficarum kojim se pozivalo na istrebljenje veštica, a za koji se (kult, ne traktat) ispostavilo da je parodija:

The FBI’s years-long investigation into a fictional anti-goth cult

Ova priča bi bila manje smešna da na samom sajtu tog, jelte, "kulta", nema uredno napisan disklejmer da je u pitanju satirična parodija.

Meho Krljic

  • 5
  • 3
  • Posts: 56.222
Britain has passed the 'most extreme surveillance law ever passed in a democracy' 

The UK has just passed a massive expansion in surveillance powers, which critics have called "terrifying" and "dangerous".
The new law, dubbed the "snoopers' charter", was introduced by then-home secretary Theresa May in 2012, and took two attempts to get passed into law following breakdowns in the previous coalition government.
Four years and a general election later -- May is now prime minister -- the bill was finalized and passed on Wednesday by both parliamentary houses.
But civil liberties groups have long criticized the bill, with some arguing that the law will let the UK government "document everything we do online".
It's no wonder, because it basically does.
The law will force internet providers to record every internet customer's top-level web history in real-time for up to a year, which can be accessed by numerous government departments; force companies to decrypt data on demand -- though the government has never been that clear on exactly how it forces foreign firms to do that that; and even disclose any new security features in products before they launch.
Not only that, the law also gives the intelligence agencies the power to hack into computers and devices of citizens (known as equipment interference), although some protected professions -- such as journalists and medical staff -- are layered with marginally better protections.
In other words, it's the "most extreme surveillance law ever passed in a democracy," according to Jim Killock, director of the Open Rights Group.
The bill was opposed by representatives of the United Nations, all major UK and many leading global privacy and rights groups, and a host of Silicon Valley tech companies alike. Even the parliamentary committee tasked with scrutinizing the bill called some of its provisions "vague".
And that doesn't even account for the three-quarters of people who think privacy, which this law almost entirely erodes, is a human right.
There are some safeguards, however, such as a "double lock" system so that the secretary of state and an independent judicial commissioner must agree on a decision to carry out search warrants (though one member of the House of Lords disputed that claim).
A new investigatory powers commissioner will also oversee the use of the powers.
Despite the uproar, the government's opposition failed to scrutinize any significant amendments and abstained from the final vote. Killock said recently that the opposition Labour party spent its time "simply failing to hold the government to account".
But the government has downplayed much of the controversy surrounding the bill. The government has consistently argued that the bill isn't drastically new, but instead reworks the old and outdated Regulation of Investigatory Powers Act (RIPA). This was brought into law in 2000, to "legitimize" new powers that were conducted or ruled on in secret, like collecting data in bulk and hacking into networks, which was revealed during the Edward Snowden affair.
Much of those activities were only possible thanks to litigation by one advocacy group, Privacy International, which helped push these secret practices into the public domain while forcing the government to scramble to explain why these practices were legal.
The law will be ratified by royal assent in the coming weeks.

Da se ne opustimo, kod nas je ovo verovatno već praksa, znajući da slično imamo u domenu čuvanja podataka o korišćenju mobilnog telefona.

Meho Krljic

  • 5
  • 3
  • Posts: 56.222
Dakle, mnogi su se nadali da će Obama, sad kad lagano pakuje kofere da ode iz Bijele Kuće i svestan je da će nova administracija da se pogosti njegovim dostignućima, kao što je Affordable Care Act za koji mnogi brinu da će biti ukinut (a i Tramp je rekao da će da ga ukine i zameni nečim boljimI), kao i da nema neke ambicije da se dalje mnogo bavi politikom, dakle, da će Obama onda makar da do the right thing i javno pomiluje Edwarda Snowdena kako bi bar tu muku skinuo sa vrata čoveku koji je demonstrirao solidan moral i, mada je prekršio zakon, učinio uslugu građanima (i to ne samo američkim) a pritom se držao i patriocke linije i nije predao nikakve strašne tajne američkim neprijateljima...

E, pa...

Obama says he can’t pardon Snowden

Obama replied: "I can't pardon somebody who hasn't gone before a court and presented themselves, so that's not something that I would comment on at this point." He continued:

I think that Mr. Snowden raised some legitimate concerns. How he did it was something that did not follow the procedures and practices of our intelligence community. If everybody took the approach that I make my own decisions about these issues, then it would be very hard to have an organized government or any kind of national security system.
At the point at which Mr. Snowden wants to present himself before the legal authorities and make his arguments or have his lawyers make his arguments, then I think those issues come into play. Until that time, what I've tried to suggest -- both to the American people, but also to the world -- is that we do have to balance this issue of privacy and security.

Ovo je problematično iz barem dva razloga.

Prvi je da je Snowden mnogo puta rekao da će rado doći u Ameriku da mu se sudi, ako tužilaštvo pristane da to bude javno suđenje. Što se, razume se, neće desiti jer bi se njemu sudilo po zakonu o špijunaži koji podrazumeva zatvoreno suđenje bez ikakvog prisustva javnosti na kome bi, naravno, tužilac i sudija samo pričali viceve jedan drugom i na kraju bi Snowden popio 6-7 doživotnih robija, versus suđenja pred novinarima gde bi Edward, bez obzira što bi svejedno otišao u zatvor, barem američkoj javnosti mogao mnogo toga da kaže.

Drugi problem se navodi i u samom tekstu. Obamino objašnjenje da ne možeš, kad si precednik, da pomiluješ osobu koja nije izašla pred sud jer, eto, to je tako, nekakav proceduralni problem, to objašnjenje je bizarno neistinito i sramota je da ga izgovara jedan ipak pravnik. Čak i mi ovde znamo da je Džerald Ford pomilovao Niksona "za sva sagrešenja koja je počinio ili je mogao počiniti protiv SAD" iako se Nikson nikada nije pojavio pred sudom, a to daleko da je bio prvi primer takvog milovanja u američkoj istoriji....

Thanks, Obama!

Meho Krljic

  • 5
  • 3
  • Posts: 56.222
Exclusive: Face-to-face with Edward Snowden in Moscow on Trump, Putin and dwindling hopes of a presidential pardon

Ima i video, a ovo je samo siže:

In an exclusive interview in Russia with Yahoo Global News Anchor Katie Couric, Edward Snowden, the fugitive whistleblower who leaked information about U.S. surveillance activities, says he is “kind of encouraged” by the idea that Russian President Vladimir Putin might return him to the U.S. to stand trial because that would show the world he’s not a spy and Russia “doesn’t own me.”
But he also acknowledged he isn’t eager to return home to face U.S. justice, saying such a prospect “would be a threat to my liberty and to my life.”
Speaking for 90 minutes in a Moscow hotel room, Snowden — calm and completely unrepentant — also took new swipes at top U.S. intelligence officials, claiming they have accused him of damaging national security only because they were “embarrassed” by his disclosures of classified National Security Agency documents and worried about their “reputations.”
Those comments drew an angry rebuke Sunday from the Obama administration’s former top counterterrorism official. “Snowden is delusional,” said Matt Olsen, the former director of the National Counterterrorism Center, when read excerpts of the interview.
“It wasn’t so many years ago that people were saying, ‘This guy’s a Russian spy,’” said Snowden when asked by Couric how “nervous” he was about the possibility of losing his Russian sanctuary and being sent home to face criminal charges of theft of government property and violations of the Espionage Act.
“But countries don’t give up their spies. And if my recent criticism of the Russian government’s Internet policies, criticisms of their human rights record, have been so severe that even my greatest critics in the intelligence community are now saying, ‘Oh, yeah, he’s a liability, they wanna get him out of there,’ that’s a vindication.”
“Vindication of what?” Couric asked him.
“The fact that I’m independent, the fact that I have always worked on behalf of the United States, and the fact that Russia doesn’t own me,” Snowden replied. “In fact, the Russian government may see me as sort of a liability.”

“So you wouldn’t mind if Putin extradited you and said, ‘Here you go, President Trump’?” asked Couric.
“Well, who wouldn’t?” Snowden answered. “I mean, that would obviously be something that would bother me. That would obviously be something that would be a threat to my liberty and to my life. … What I’m proud of is the fact that every decision that I made I can defend.”
There is no evidence that Putin is considering such a move. But Snowden’s fate is very much uncertain: His comments come at a crucial moment for him, three and a half years after he deserted his job as an NSA contractor in Hawaii and fled, initially to Hong Kong, with a thumb drive of highly classified documents that he began disclosing to journalists.
Facing what is expected to be an unyielding hard line from the new Trump administration — Kansas Congressman Mike Pompeo, who is designated to be Trump’s CIA director, has called him a “traitor” who should be subject to the death sentence — Snowden and his allies in the United States are mounting an aggressive public campaign for a pardon by President Obama. “Time is running out,” reads one of the headlines on the campaign’s website, which also cites sympathetic comments by former Attorney General Eric Holder that Snowden “performed a public service” by triggering a debate about U.S. surveillance programs that led to reforms, including the end of the bulk collection of U.S. phone records by the NSA.
But Obama has made clear, as recently as last month, that he won’t consider a pardon until after Snowden returns and his case is adjudicated. And even Snowden acknowledged he’s not expecting one. “Well, I’m not counting on it,” he told Couric when asked about a pardon.

In the meantime, Snowden’s lawyers and defenders are privately seeking to open discussion of a possible plea bargain that would allow him to return home without facing a trial that could result in a long prison sentence. A letter to Obama and Attorney General Loretta Lynch from the Pardon Snowden campaign, signed by 15 former staff members of the Church Committee — which exposed abuses by the FBI and CIA in the 1970s — urged “leniency” for Snowden, while avoiding any mention of a pardon.
In the interview, Snowden seemed to draw a parallel between the information he leaked to journalists in 2013 and the findings of the committee (headed by the late Sen. Frank Church, D-Idaho), including how U.S. intelligence agencies “were secretly administering psychedelic drugs to college students to see the impacts they would have.” Snowden went on: “They [the CIA] were engaging in assassination operations that were contrary to both American and international law, all kinds of crazy things. And these individuals who [signed the letter] are experts in what’s going on in intelligence at the classified level, who worked for the government, right? These aren’t sort of hippie reformers or anything like that. They argued that President Obama should seriously consider leniency in this case. He said that — or they said — that this case has caused far more benefits to American society, which I think is uncontroversial at this point, than any claimed harms for which we’ve never seen evidence.”
“If you had one minute to make your case face-to-face to President Obama, what would you say to convince him to pardon you?” Couric asked.
“I wouldn’t,” Snowden replied. “I would respectfully say to the president, ‘I understand you have an incredibly difficult job. No one wants to be a whistleblower. This is something that’s hard to do. It’s hard enough to stand up to a bully in your life, to your boss in the office, much less the combined might of the National Security Agency, the FBI and, you know, the apparatus of government.”
But any consideration of leniency for Snowden will run into fierce resistance from the U.S. intelligence community, which continues to view the former NSA contractor as an untrustworthy renegade who deceived his colleagues and endangered national security. This week, U.S. intelligence officials told Yahoo News, the office of the director of national intelligence is planning to declassify new portions of a highly critical 36-page report by the House Intelligence Committee that concluded Snowden was a “serial fabricator” who stole more than 1.5 million documents — 90 percent of which were military and defense secrets unrelated to the surveillance programs involving the privacy of U.S. citizens.
Snowden, for his part, casually dismissed claims that his disclosures to journalists did any damage to U.S. national security at all.
“Do you really think if the government can show somebody was hurt, a program was damaged, we’ve gone dark and can’t track dangerous people, they wouldn’t leak that criticism?” Snowden replied to Couric when asked about claims that the information he disclosed made it harder for U.S. agencies to monitor terrorists. “That wouldn’t be on the front page of the New York Times by the end of the day? I don’t think so. And I hope, maybe in time, you’ll think the same.”
Couric noted that even former Washington Post reporter Barton Gellman, who won a Pulitzer Prize for his reporting on NSA documents he received from Snowden, recently wrote: “I do not share the view of some of his fans that he did no damage at all.”
“Can you at least acknowledge that damage might have been done as a result of your disclosures?” Couric asked Snowden.
“I don’t agree with him in that regard,” he replied about Gellman’s comment. “What I will say is this. Whenever we’re talking about damage without evidence — this is an intentional effort to change the conversation from the concrete harms of these programs that violated the rights of every man, woman and child in the United States and people around the world… What Barton Gellman was acknowledging there was that, yes, it’s possible that officials could have been embarrassed by this. Reputations could have been damaged by this. And the intelligence community considers this to be a matter of national security. But I would argue there’s more to national security than reputations.”
Couric pressed: “But aren’t we talking, in fairness, more than simply reputations or being embarrassed? Virtually every U.S. security official, current and former, agrees that these disclosures made it more difficult to track the movements of organizations like ISIS and other terrorist groups.”
“I don’t agree with that,” Snowden responded. “Terrorists read the newspaper too. But I’ll tell you, terrorists already knew the NSA was coming after them. And what we saw in the newspaper wasn’t anything that they didn’t already understand. What was revealed in the newspaper was only a surprise to Americans and ordinary citizens.”

It was these comments that drew a sharp response from Olsen, the former Obama administration counterterrorism director, who has said he watched in 2013 as terrorist operatives grew “dark” and changed their communication methods after the Snowden disclosures.
“Regardless of his motivation, the fact is that his theft and release of an unprecedented amount of classified information have directly aided terrorists, Russian intelligence services, and other US adversaries,” Olsen wrote Sunday in an email to Yahoo News. “His actions have resulted in the loss of intelligence sources that have saved American lives around the world.”
Olsen added: “Snowden disclosed specific information about how the US collects intelligence, who we work with, and where we have operations. These are activities that are entirely lawful and most have nothing to do with the privacy of Americans. These facts are not disputed, except by Snowden himself and perhaps his Russian hosts, with whom he has shared intelligence.”
Snowden, for his part, denied sharing any information with the Russian intelligence services. He also denied the assertion by U.S. intelligence officials that he visited the Russian Consulate in Hong Kong before flying to Moscow — en route, he claims, to Ecuador, only to be “trapped” in Russia because the U.S. had revoked his passport.
Snowden’s comments about U.S. intelligence officials being “embarrassed” by his disclosures weren’t his only remarks in the interview that have triggered sharp responses. Former U.S. intelligence officials and national security experts sought to debunk his assertion, published by Yahoo News on Sunday, that former CIA Director David Petraeus had disclosed “far more highly classified information than I ever did.” Petraeus, who is said to be under consideration for secretary of state in the Trump administration, shared top-secret information with his lover and biographer. He was forced to resign and pleaded guilty to a misdemeanor charge of mishandling classified information.
“I am not in any way defending Petraeus, but I don’t think many intelligence experts would agree with this,” tweeted Tommy Vietor, a former national security spokesman for the Obama White House.
“Snowden is apparently taking a play from Trump’s book on how to reinvent facts,” Mark Zaid, a prominent national security lawyer, wrote in a Facebook posting. “It is absurd to claim Petraeus’ actions were worse or more damaging than his. Other than giving classified information to his mistress, which is totally unacceptable (even though she had a security clearance), the information was neither stolen nor compromised. Moreover, it was never published. To the contrary, Snowden stole highly classified information and DELIBERATELY compromised it by allowing the world, which includes our enemies, to see it.”
While insisting on his independence from Putin, Snowden seemed to echo the Russian government’s line regarding charges that its intelligence services hacked into Democratic Party campaign committees to influence the 2016 election. Moscow says the Obama administration has failed to give evidence for these allegations.
While conceding it was “possible” that the Russians had hacked the Democrats, Snowden added: “What bothers me about this kind of conversation is that the last time there was a significant hack that affected the United States that we believed had an association to a nation-state, it was the Sony hack, which we said North Korea was behind. The FBI immediately released evidence that they believed proved that they were behind that attack. We haven’t seen that here. And I think if we’re gonna have this conversation, it should be evidence-based.”
Snowden deflected most questions about his activities that led up to his flight to Moscow. He refused, for example, to identify any of the 10 NSA colleagues and superiors to whom he has said he raised concerns about U.S. surveillance before he began disclosing classified documents. Asked why he has been unable to produce a single email in which he raised such concerns, Snowden replied: “I’m not an email administrator” and “These aren’t things you put in writing at NSA. Saying, ‘I think the NSA is breaking the law. I think maybe this program is violating the Constitution’ is a career-ending move. And the people that I talked to first, my supervisor, said, ‘You know, hey, we can talk about this, but you shouldn’t rock the boat, and don’t write this down.’” (The only email that has surfaced, released by the NSA, shows that Snowden asked one of the agency’s lawyers in April, 2013 to “clarify” an issue about legal authorities in an agency training manual, but expresses no concern about surveillance practices.)
“Why hasn’t anyone come forward, though?” Couric retorted. “Why haven’t you given any names to corroborate the fact that you did, in fact, try to go through the so-called proper channels?”
“Because if I did that, they would end the careers of these individuals, right? If these individuals spoke on their own without waiting for me, they would go to jail.”
Snowden — who has consistently asserted he shared documents only with “responsible” journalists who worked for publications he knew would carefully vet them — was also challenged on why he revealed highly classified information about NSA hacking in China to a journalist for the South China Morning Post while he was in Hong Kong. He defended the disclosure, saying the institutions being hacked by the NSA were not “valid intelligence targets” but civilian ones, such as hospitals and universities. He said for the first time that he didn’t know that the reporter to whom he gave this information, Lana Lam, worked for the Hong Kong-based South China Morning Post (although she was identified as one of the paper’s correspondents on its website); he says he understood she was a “freelancer” from Australia.
“So you didn’t even know that it was going to be in a newspaper in China?” Couric asked him.
“I knew it would be in a newspaper,” he said. “I didn’t know what newspaper. This was not my concern.”
Brian Rhoads, managing editor of the South China Post, said in an email to Yahoo News Monday that the paper’s reporter, Lam, “made clear her status and who she was working for” when she interviewed Snowden in Hong Kong. “She was a full-time staff member of the South China Morning Post at the time, and represented herself as full-time staff throughout the interview process. We asked Snowden and the lawyers follow up questions and communicated with them about dates we were planning publication of the material.” Rhoads, also emphasized that the South China Post is an independent publication that “is not controlled by China” and does not share information with the country’s government.

Snowden, who lives with his longtime girlfriend, Lindsay Mills, in a Moscow apartment, and says he walks freely throughout the city unmolested and for the most part unrecognized, was asked by Couric at one point what he misses most about the United States.
“Family, of course,” he replied. “That’s always the thing. You know, they can come and see me, but you’ve got all these travel arrangements and logistics, you’ve got to go on an airplane ride. Who doesn’t miss that?”
“When you look back at the last three years, was it worth it?” Couric asked. “Absolutely. I would do it again.”
 “No regrets?”
 “No regrets at all.”

Meho Krljic

  • 5
  • 3
  • Posts: 56.222
Ultrasound Tracking Could Be Used to Deanonymize Tor Users

Ultrasounds emitted by ads or JavaScript code hidden on a page accessed through the Tor Browser can deanonymize Tor users by making nearby phones or computers send identity beacons back to advertisers, data which contains sensitive information that state-sponsored actors can easily obtain via a subpoena.
This attack model was brought to light towards the end of 2016 by a team of six researchers, who presented their findings at the Black Hat Europe 2016 security conference in November and the 33rd Chaos Communication Congress held last week.
 Attack relies on ultrasound cross-device tracking (uXDT)
Their research focuses on the science of ultrasound cross-device tracking (uXDT), a new technology that started being deployed in modern-day advertising platforms around 2014.
uXDT relies on advertisers hiding ultrasounds in their ads. When the ad plays on a TV or radio, or some ad code runs on a mobile or computer, it emits ultrasounds that get picked up by the microphone of nearby laptops, desktops, tablets or smartphones.
These second-stage devices, who silently listen in the background, will interpret these ultrasounds, which contain hidden instructions, telling them to ping back to the advertiser's server with details about that device.
Advertisers use uXDT in order to link different devices to the same person and create better advertising profiles so to deliver better-targeted ads in the future.
 Ultrasounds can be reliably used to deanonymize Tor users
Speaking at last week's 33rd Chaos Communication Congress, Vasilios Mavroudis, one of the six researchers, detailed a deanonymization attack on Tor users that leaks their real IP and a few other details.
The attack that the research team put together relies on tricking a Tor user into accessing a web page that contains ads that emit ultrasounds or accessing a page that contains hidden JavaScript code that forces the browser to emit the ultrasounds via the HTML5 Audio API.
 If the Tor user has his phone somewhere nearby and if certain types of apps are on his phone, then his mobile device will ping back one or more advertisers with details about his device, so the advertiser can build an advertising profile on the user, linking his computer with his phone.
According to Mavroudis, the mobile phone must have an app installed that has embedded one of the many advertising SDKs that include support for uXDT.
At this stage, the state-sponsored actor can simply subpoena a short list of advertisers that engage in this practice and get details about the user's real-world identity. In tests carried out by Mavroudis, the researcher has intercepted some of the traffic these ultrasound beacons trigger on behalf of the phone, traffic which contains details such as the user's real IP address, geo-location coordinates, telephone number, Android ID, IMEI code, and device MAC address.
 Multiple ways to deliver the attack
According to Mavroudis, there are multiple ways to deliver these attacks other than social-engineering Tor users to access certain URLs, where these ultrasound beacons can be served.
Researchers say that an attacker can use XSS (cross-site scripting) vulnerabilities to inject the malicious JavaScript code on websites that contain XSS flaws.
Similarly, the attackers could also run a malicious Tor exit node and perform a Man-in-the-Middle attack, forcibly injecting the malicious code that triggers uDXT beacons in all Tor traffic going through that Tor node.
A simpler attack method would also be to hide the ultrasounds, which are inaudible to human ears, inside videos or audio files that certain Tor users might be opening.
The FBI might be very interested in this method and could deploy it to track viewers of child pornography videos on the Tor network, just like it previously did in Operation Playpen, where it used a Flash exploit.
 Some mitigations to fight uXDT advertising
Currently, the practice of uXDT is not under any regulation. While the FTC is currently evaluating the impact of uXDT ads, the research team has proposed a series of mitigations that could restrict the free reign this type of advertising currently enjoys.
First and foremost, the team created a Chrome browser extension named SilverDog that filters all the HTML5 audio played through the browser and removes ultrasounds.
Unfortunately, this extension doesn't work with sounds played back via Flash, and can't protect Tor Browser users, a browser based on Firefox.The researchers also propose a medium-term solution such as the introduction of a new query in the Android permissions model that explicitly informs users that an app might listen to ultrasounds.
This permission would allow users to revoke or deny this right from existing or new Android apps they're installing on their smartphone.For long-term solutions, the research team advocates for a standardized format for these ultrasound advertising beacons, and OS-level APIs for discovering and managing ultrasound beacons. The Tor Project has also been notified of this issue a few months back.
Below is Mavroudis presenting his findings at the 33rd Chaos Communication Congress held last week in Germany.

Na linku imaju i slike.


  • 4
  • 3
  • Posts: 13.334
Haha ludlo nači sad more i bez kabla

Sve u svemu, još par torent godina za nas
šta će mi bogatstvo i svecka slava sva kada mora umreti lepa Nirdala


  • омнирелигиозни фанатични фундаменталиста
  • 4
  • 3
  • Posts: 3.565
...barcode never lies


  • омнирелигиозни фанатични фундаменталиста
  • 4
  • 3
  • Posts: 3.565
да не остане незабележено - директно са извора

Vault 7: CIA Hacking Tools Revealed

не бих сад цитирао цео текст овде пошто у оквиру извештаја, анализе и примера, имате линкове које можете следити ка изворним подацима
...barcode never lies


  • 4
  • 3
  • Posts: 13.334
Podsjeti me Palmer s dataminingom

Može li ovo prosječna osoba da instalira i upotrebi?

To jest, osoba koja ni ne zna šta je source code koji nude za download
šta će mi bogatstvo i svecka slava sva kada mora umreti lepa Nirdala


  • 3
  • Posts: 785
Koliko vidim ovo je open source, i koristi tvitove kao data set, tj. bazu koju može da koristiš za analitiku. Možeš da je skineš i koristiš kod sebe na lokalnom serveru. Znači da pristupaš preko svog google chroma, u suprotonom bi morao kod njihna sajtu da koristiš. E sad zbog privatnosti ne  znam da li možeš da koristiš twiter ako nisi istraživač tj. u cilju istraživačkog rada. Ovde je dokumentacija, valja je pročešljati malo. Deluje zanimljivo.


  • 4
  • 3
  • Posts: 13.334
Koliko sam shvatio to vrši search svakih 10-15 min i skuplja tvitove s traženom riječi, dakle, privatnost nije problem, ne traži se arhiva Twitter-a, baš zato cirkuliše svakih 10 min

Zanimalo me kako se političari kotiraju, možda bi svašta ispalo :)
šta će mi bogatstvo i svecka slava sva kada mora umreti lepa Nirdala


  • 4
  • 3
  • Posts: 13.334
šta će mi bogatstvo i svecka slava sva kada mora umreti lepa Nirdala


  • 4
  • 3
  • Posts: 13.334

The Justice Department today indicted two Russian spies, along with two criminal hackers, for attacking the accounts of 500 million Yahoo users in 2014.

The spies are officers of FSB, a successor organization to Russia’s KGB.
šta će mi bogatstvo i svecka slava sva kada mora umreti lepa Nirdala


  • 4
  • 3
  • Posts: 13.334
šta će mi bogatstvo i svecka slava sva kada mora umreti lepa Nirdala

Meho Krljic

  • 5
  • 3
  • Posts: 56.222
Leaked: The UK's secret blueprint with telcos for mass spying on internet, phones – and backdoors

The UK government has secretly drawn up more details of its new bulk surveillance powers – awarding itself the ability to monitor Brits' live communications, and insert encryption backdoors by the backdoor.
In its draft technical capability notices paper [PDF], all communications companies – including phone networks and ISPs – will be obliged to provide real-time access to the full content of any named individual within one working day, as well as any "secondary data" relating to that person.
That includes encrypted content – which means that UK organizations will not be allowed to introduce true end-to-end encryption of their users' data but will be legally required to introduce a backdoor to their systems so the authorities can read any and all communications.
In addition, comms providers will be required to make bulk surveillance possible by introducing systems that can provide real-time interception of 1 in 10,000 of its customers. Or in other words, the UK government will be able to simultaneously spy on 6,500 folks in Blighty at any given moment.
According to the draft, telcos and other comms platforms must "provide and maintain the capability to disclose, where practicable, the content of communications or secondary data in an intelligible form and to remove electronic protection applied by or on behalf of the telecommunications operator to the communications or data."
The live surveillance of individuals will require authorization from secretaries of state, overseen by a judge appointed by the prime minister. And there are a few safeguards built into the system following strong opposition to earlier drafts of the Investigatory Powers Act.
 Closed doors What will concern many, however, is how the draft paper and its contents are being handled.
The technical capability notices paper has only been provided to a select few companies – mostly ISPs and telcos – on a short four-week consultation, but a copy of the draft found its way to the Open Rights Group, which popped it online today.
According to the document, it has already passed through the UK's Technical Advisory Board, which comprises six telco representatives – currently O2, BT, BSkyB, Cable and Wireless, Vodafone and Virgin Media – plus six people from the government's intercepting agencies, and a board chairman.
That means that the contents have already been largely agreed to by most of the organizations that have been included in the closed consultation.
It is unclear whether the Home Office intends to make it available for public comment after that time or whether it will seek to push it through the legislature before anyone outside the consultation group has an opportunity to review it.
The rules will have to be formally approved by both houses of Parliament before becoming law.
 You ain't see me, right? The process and the approach seem to be purposefully obscure. The rules come under Section 267(3)(i) of the Investigatory Powers Act – a one paragraph section that refers back to Section 253, which covers "Technical capability notices."
There is no mention of the technical capability notices paper existing either on the Home Office website or on the consultation website. And the only reason we know about it is presumably because someone at one of the few companies that have been sent the draft rules decided to tell Open Rights Group about it.
But what the nine-page document does is provide the government with the legal authority to monitor anyone in the UK in real time, as well as effectively make strong and unbreakable encryption illegal.
This act of stripping away safeguards on people's private data is also fantastic news for hackers, criminals, and anyone else who wants to snoop on Brits. The seals are finally coming off.
"This lays bare the extreme mass surveillance this Conservative government is planning after the election," Liberal Democrat President Sal Brinton told us in a statement.
"It is a full frontal assault on civil liberties and people's privacy. The security services need to be able to keep people safe. But these disproportionate powers are straight out of an Orwellian nightmare and have no place in a democratic society."
The Home Office's private consultation is open until 19 May. If you would like the UK government to know your views, then email ®
 PS: The Home Office ran a short public consultation earlier this year on a code of conduct for government snoops.

Meho Krljic

  • 5
  • 3
  • Posts: 56.222
234 Android Applications Are Currently Using Ultrasonic Beacons to Track Users

A team of researchers from the Brunswick Technical University in Germany has discovered an alarming number of Android applications that employ ultrasonic tracking beacons to track users and their nearby environment.
Their research paper focused on the technology of ultrasound cross-device tracking (uXDT) that became very popular in the last three years.
uXDT is the practice of advertisers hiding ultrasounds in their ads. When the ad plays on a TV or radio, or some ad code runs on a mobile or computer, it emits ultrasounds that are picked up by the microphone of nearby laptops, desktops, tablets or smartphones.
SDKs embedded in apps installed on those devices relay the beacon back to the online advertiser, who then knows that the user of TV "x" is also the owner of smartphone "Y" and links their two previous advertising profiles together, creating a broader picture of the user's interests, device portfolio, home, and even family members.
 uXDT trackers found at four stores in the EU
SDKs created by Shopkick, Lisnr, or SilverPush provide most of today's support for embedding ultrasonic beacons inside web and classic media streams.
In research sponsored by the German government, a team of researchers conducted extensive tests across the EU to better understand how widespread this practice is in the real world.
Their results revealed Shopkick ultrasonic beacons at 4 of 35 stores in two European cities. The situation isn't that worrisome, as users have to open an app with the Shopkick SDK for the beacon to be picked up.
In the real world, this isn't an issue, as store owners, advertisers, or product manufactures could incentivize users to open various apps as a way to get discounts.
 No uXDT beacons found in TV streams — for now
The only good news found in this research was that after searching TV streams from seven different countries, researchers failed to discover any ultrasonic beacons, meaning uXDT is not as widespread in television ads as some might have believed.
But researchers don't feel that safe about their findings. "[E]ven if the tracking through TV content is not actively used yet, the monitoring functionality is already deployed in mobile applications and might become a serious privacy threat in the near future," researchers said.
  Their worries are based on a scan of 1,3 million applications, which unearthed that 234 Android apps are already using uXDT beacons.
 uXDT is spreading in Android apps
This number is up from previous scans. For example, a scan of the same data set in April 2015 found only 6 apps using uXDT beacons, while another scan in December 2015, found 39 apps.
The jump from 39 to 234 is staggering, to say the least, especially since some of these apps have millions of downloads and belong to reputable companies, such as McDonald’s and Krispy Kreme.
Earlier this year, researchers showcased a method of tracking and unmasking Tor users using uXDT ultrasonic beacons.
The team's research is entitled Privacy Threats through Ultrasonic Side Channels on Mobile Devices.


  • 4
  • 3
  • Posts: 13.334
Dobro, će skupljaju podatke i to, al ima li tekstova šta rade s tim?
šta će mi bogatstvo i svecka slava sva kada mora umreti lepa Nirdala