Slashdot Mirror

The public has a great lobbying group on this, the EFF. It's just that not enough people have decided that their rights are worth $25/year. If the ranks of the EFF swelled to level of those of the NRA, this whole conversation would be different; instead of reading an article about how the FCC is going to do whatever it wants we'd be reading an article about how the FCC is carefully evaluating the EFF's 80-page comment on network neutrality while EFF lawyers prepare their lawsuit should the rule making process fail, and in the meantime the EFF will unleash their loyal congressmen to grill the head of the FCC in some committee hearings.

It's not magic. Your voice doesn't count unless you stand and speak.

--- NRA Life Member, and EFF Titanium Member for several years now.

sdguero wrote:

He said the buildings that house the trans-oceanic data cables were designed from the ground up with small rooms, broom closet sized, that the primary data cables run through. ... He said that all data traffic entering those rooms left them with a noticable amount of latency (at the time, late 80s he said it was about 10ms), but no hops. He claimed that the federal government had been monitoring internet activity in these data hubs since the dawn of the web.

Mark Klein, former tech from AT&T, claimed to have witnessed installation of one such room at a San Francisco POP in 2002. He gave a formal statement to attorneys at the Electronic Frontier Foundation, which was printed in this Wired Article. The money quote is below:

While doing my job, I learned that fiber optic cables from the secret room were tapping into the Worldnet circuits by splitting off a portion of the light signal. I saw this in a design document available to me, entitled "Study Group 3, LGX/Splitter Wiring, San Francisco" dated Dec. 10, 2002. I also saw design documents dated Jan. 13, 2004 and Jan. 24, 2003, which instructed technicians on connecting some of the already in-service circuits to the "splitter" cabinet, which diverts some of the light signal to the secret room. The circuits listed were the Peering Links, which connect Worldnet with other networks and hence the whole country, as well as the rest of the world.

One of the documents listed the equipment installed in the secret room, and this list included a Narus STA 6400, which is a "Semantic Traffic Analyzer". The Narus STA technology is known to be used particularly by government intelligence agencies because of its ability to sift through large amounts of data looking for preprogrammed targets. The company's advertising boasts that its technology "captures comprehensive customer usage data ... and transforms it into actionable information.... (It) provides complete visibility for all internet applications.

EFF proceeded to file a lawsuit (Hepting v. AT&T) claiming infringement of privacy by the firm. Though no finding of fact was challenged, ultimately it was dismissed due to retroactive FISA legislation signed by Bush legalizing the process. On appeal, the Supreme Court refused to review the case.

Though many argued that Klein was just one person with a grudge against his employer, and thus dismissed his testimony as overblown or vindictive, in 2013 Edward Snowden's revelations "proved what he'd said was true. That the government did work with network service providers - including AT&T - to install monitoring systems throughout the Internet backbone.

This Attorney General Eric Holder sounds just like another pedophile, or another sexual predator in the making.

He's using the same exact argument school officials used for taking secret webcam pictures of teenagers in the privacy of their own beds. And he's using the same argument San Francisco cops used for accessing the full prescription drug records of any woman they were dating, or any woman they had any personal sexual interest in.

Now don't get me wrong, I'm not against taking away the sexual privacy, nor the medical privacy, of sexual offenders or drug offenders, but if that means doing away with the sexual privacy and the medical privacy, of every man, woman, and child, because law enforcement finds it just more convenient to place peeping holes into every possible bedroom, every private medicine cabinet, and every possible device out there, then things have gone really too far.

There must be some accountability about what specific information is being viewed by those law enforcement officials. There must be some discrimination about what is being viewed. There must be an audit trail. Right now, there isn't. And there must be disclosure made to the people being looked into, to make sure they're not just being stalked, or spied upon, just because a cop, or a government official has a crush on them.

I agree: Google is outright "aggressive" when attempting to capture user data.

And they employ numerous techniques:
    - persistent nagging - incessantly asking for additional data/permissions despite consistently declined in the past
    - trying to capitalise on user error - making it easy to sign-up for services you don't actually want (convert to Google+)
    - and now, forcing manufacturers to add services many people don't actually want (why do we have app stores, anyway, if apps are pre-loaded?)
    - making permissions generic - allowing more aggressive apps to be waved through
    - not allowing granular permissions - anyone remember this?

> The courts have already determined they can compel a person to provide the means to decrypt the device by court order.

Some courts have, some courts have not.

Sure about that?

Citation: Know Your Rights!

If the police ask for my encryption keys or passwords, do I have to turn them over?
A: No. The police can't force you to divulge anything. However, a judge or a grand jury may be able to. The Fifth Amendment protects you from being forced to give the government self-incriminating testimony. If turning over an encryption key or password triggers this right, not even a court can force you to divulge the information. But whether that right is triggered is a difficult question to answer. If turning over an encryption key or password will reveal to the government information it does not have (such as demonstrating that you have control over files on a computer), there is a strong argument that the Fifth Amendment protects you. If, however, turning over passwords and encryption keys will not incriminate you, then the Fifth Amendment does not protect you. Moreover, even if you have a Fifth Amendment right that protects your encryption keys or passwords, a grand jury or judge may still order you to disclose your data in an unencrypted format under certain circumstances. If you find yourself in a situation where the police are demanding that you turn over encryption keys or passwords, let EFF know.

I seems like a return to the bad old days of corrupt NSW Police practices.

Net Neutrality is a technically a routing policy that individual nodes in the network can comply with. My home router is most certainly not neutral, for instance, and that's a good thing, I like how I have traffic prioritized on my network.

Of course, that definition doesn't really make sense in this context. Perhaps you refer to enforcing a law that brings legal action against router operators that don't implement the routing policy. But that doesn't really make any sense either; the FCC never had any policy on the books to begin with. You can't end something by continuing to not have a law three decades after the fact.

(Fwiw, I'm totally down for not enacting more laws. The FCC is not your friend, and I doubt they'd be an effective packet police.)

Except printers put in identifying information into their printed pages.

Although AFAIK crayons and/or markers are not identifiable...

For those who don't know how DMCA safe harbor provisions work, it protects a web site from liability if one of its users should violate copyright on it. e.g. Someone uploads a copyright movie to YouTube, and the safe harbor provision protects YouTube from being sued by the studios for copyright infringement. However, in order to qualify for the safe harbor provision, the site has to take certain measures. Most notably, they have to respond to those DMCA takedown notices within a reasonable timeframe by either taking the alleged infringing work down (and informing the user why and how to issue a challege), or with a response explaining why they're not taking it down. If they fail to do this, they become monetarily liable for the copyright infringement of their users.

Regardless of your opinion on celebrities, taking nude photos of yourself, cloud storage, porn, or hacking, this is pretty clearly a copyright violation. The copyright on the photos belong to the celebrities who took them, and they have sole, exclusive control over distribution in any country which is a signatory to the Berne Copyright Convention. Contrary to popular belief, you do not have to register a copyright for a work to be copyrighted. Any copyrightable work you create is automatically copyrighted. The only thing registering does is raise the damage ceiling in a lawsuit (without registration you can only collect damages suffered; with registration the limit is $200,000 per infringed work). So Reddit may have been premature in quashing the subreddit before they got a DMCA notice, but it was inevitable they were going to get one and they would've had to quash it anyway.

What constitutional right? Privacy? Let's see what the EFF says about that:

https://ssd.eff.org/your-compu...

That means the police can follow you around in public and observe your activities, see what you are carrying or to whom you are talking, sit next to you or behind you and listen to your conversations — all without a warrant.

Are we sure about this? In the end, cops are individual people, and they're interacting one-on-one on the ground with people in their own community, most hopefully for the better, some for the worse. This looks like a step towards involuntary ubiquitous surveillance for the individual, civilian cop or regular civilian, while visibility into decisions and actions of larger organizations, those that affect large groups at once, is still hazy or completely unavailable:

• basic text of US legislation before voting
• lobbyist discussions with legislators
• international agreements like the trans-pacific partnership
• centralized government surveillance via NSA

our ISPs are not above direct HTTP injection just to let you know you're approaching the bandwidth cap

It's shit like this...

It sounds like their intentions are good with that particular case though, if I'm understanding correctly. I'd far prefer an SMS, personally...

Okay, I tracked down the actual bill text:

SB 962

The bill says absolutely nothing about how the kill actually happens and who can do it. The EFF expressed that exact concern here:

EFF letter opposing SB 962

Since several posts have mentioned shutting down areas, I thought I'd bring this back up. Let's not let this shit happen again.

https://www.eff.org/deeplinks/...

Are you sure about that?

In general though, they face a LOT more public anger if they shut down an entire area. It would be even worse if even 1 single 911 call doesn't go through. The kill switch won't block 911 calls and will allow them to shut down coordinators based on cell traffic. Perhaps selectively enough that they could try denying the whole thing.

Even if you ignore prior art from 1982, the Supreme Court of the United States recently decided Alice Corp. v. CLS Bank to strike down treatment of "with a computer" as an inventive step. I'm not a lawyer, but I'd recommend that nonpracticing entities reconsider their business plans in light of the opinion of the Court.

https everywhere. https://www.eff.org/https-ever...
and for those of you wondering why slashdot redirects to http, it could be any number of conspiracy theories but the most obvious: a BigIP appliance controls ssl handoff and they dont have the licenses for every freaking connection.

Quite the contrary: StartSSL is accepted by every major browser and SSL/TLS library, and has been for years.

Well-known sites, like EFF.org, LibreOffice, and others use StartSSL-issued certs and don't have any issues. Sure, they're not Google-sized sites, but they're fairly major.

I read...
https://www.eff.org/deeplinks/... ...and it reads to me like.

USG apparently says something in open court they shouldn't have said.
USG makes an overly broad request to remove all record of the event.
Judge shares that info.
Defense argues that, at best, it should be redacted.
Judge seems to agree, asks for details.
USG says, "Meh, I guess it's OK."
Everyone goes home happy.

Meh.

So if the judge agreed with the USG's request, wouldn't this be a great cover story?

I read...
https://www.eff.org/deeplinks/... ...and it reads to me like.

USG apparently says something in open court they shouldn't have said.
USG makes an overly broad request to remove all record of the event.
Judge shares that info.
Defense argues that, at best, it should be redacted.
Judge seems to agree, asks for details.
USG says, "Meh, I guess it's OK."
Everyone goes home happy.

Meh.

I never fail to find the bravado and hubris underlying American exceptionalism... exceptional.

Land of the free... as long as you're not in one of our many many prisons ( http://nomadcapitalist.com/201... ), which has a higher per capita incarceration rate than Cuba, which is second on the list. Oh, and speaking of Cuba, there's always http://en.wikipedia.org/wiki/G....

Home of the brave... because you'd be pretty brave too if your military budget was larger than the nearest eight other countries combined ( http://pgpf.org/Chart-Archive/... )

Where all men are created equal... except, of course, when they're not ( http://www.pbs.org/newshour/ru... ) and a man can make something from himself even if he starts out life with nothing (but probably not): http://money.cnn.com/2013/12/0... )

And where the rule of law is universal and sacrosanct... except in those cases where it's not convenient ( https://www.globalpolicy.org/u... ) and ( https://www.eff.org/nsa-spying... )

Oh well, enjoy your "freedoms".

I wanted to throw point out Privacy Badger: https://www.eff.org/privacybad... Paid ads support many development teams, which creates/improves websites with better content It's not the ads so much, it's the tracking that I can do with out

EFF initial analysis : https://www.eff.org/deeplinks/...

The US Patent Office..

It could be worse for Beats--they could have also violated Bose's highly innovative use of .2 in the model number.

And, as proof of that, starting in November, the official CAs will stop issuing those types of certs.

Not quite. As of November, the official CAs will claim that they've stopped issuing those types of certs. When something like the SSL Observatory points out that they're still issuing them, they'll say that this (and the other 8,192 times they did it) was a one-off mistake and they've updated their policies to make sure it never happens again. Then when they get caught again they'll say that it was test certificates that accidentally escaped. After that, they'll stop responding to reports. And we'll all be much, much safer, and phishing will be eradicated once and for all.

Although a bit of a long read, the article about the data collected and what the stat's mean is pretty helpful. And unique among 4.3M is pretty bad. It means you are easy to identify and track.

What the results mean (PDF): https://panopticlick.eff.org/b...

As mentioned in the HowTo you can check your "fingerprint" here: https://panopticlick.eff.org/.

Ok, dum de dum...clicky clicky...

'Your browser fingerprint appears to be unique among the 4,309,928 tested so far.'

This is either an 'oh bugger' moment, or lol...

(I don't know which at present)

(although I'm not sure if it would defeat this... noscript + privacy badger?)

From https://www.eff.org/privacybadger#how_does_it_work

At a more technical level, Privacy Badger keeps note of the "third party" domains that embed images, scripts and advertising in the pages you visit. If a third party server appears to be tracking you without permission, by using uniquely identifying cookies to collect a record of the pages you visit across multiple sites, Privacy Badger will automatically disallow content from that third party tracker. In some cases a third-party domain provides some important aspect of a page's functionality, such as embedded maps, images, or fonts. In those cases Privacy Badger will allow connections to the third party but will screen out its tracking cookies.

That's an absolutely certain "Maybe".

Yes, Privacy Badger is a great tool. It's a little tedious when loading content from CDN's, can make pages look pretty bad unless you let a little tracking in... So I also keep my privacy set to delete everything when I close the browser. I also follow the guidelines here ( Scroll down to the Web Browser section ). It's Debian specific but easily translated to whatever mozilla based browsing experience you're using.

As mentioned in the HowTo you can check your "fingerprint" here: https://panopticlick.eff.org/.

And all that said, I have no idea at the moment if any of the above defeats the technique from TFA.

I guess this is probably the best place to plug privacy badger https://www.eff.org/privacybad... (although I'm not sure if it would defeat this... noscript + privacy badger?)

I just learned about privacy badger 2 days ago at HOPE.

Also, that the inks and toners are actually made by only a handful of companies, and are again, not unique to the printer. He was very disappointing with the information.

He then went back to the office, complained to his coworkers, and then one of his brighter coworkers decided to strongarm printer manufacturers into making the output traceable. Nice job, jerk.

Yes, it is.

https://www.eff.org/deeplinks/...

The link you provided isn't even remotely analogous to this situation.

No, I did not imply might makes right, I said, quite simply, that an incorporated entity is subject to the laws of the jurisdiction it operates under.

The ECJ can order Google to delete data not stored on European servers because Google operates in Europe. Google can always say "fuck off", just like MS can, but then sanctions will be brought against the entity incorporated *in that jurisdiction*, in accordance with law.

Your remarkably disingenuous or ignorant TPB citation has to do with foreign jurisdictions trying to force a foreign entity to do something.
The court in this instance isn't ordering MS-Ireland to turn over data, it's ordering MS-USA to do it. If MS-USA has the ability to do so (by owning MS-Ireland), then it can be compelled to do so within its jurisdiction, like any company in any other jurisdiction.

What the fuck? Do you call rape victims sluts and publicly humiliate them?

I sure don't, but that has no bearing on this conversation. At all.

she was clearly wronged

Yes, she was wronged. Who wronged her? Was it Pinkmeth? Was it Verisign? Was it Katz? Was it the Tor project? No, it was none of those. It was whoever she sent those pictures to, whoever stole her phone, etc. I don't see that individual listed on her lawsuit, which is the reason her lawsuit (not her personally) is deserving of ridicule. Asserting that Pinkmeth is engaged in a conspiracy with Tor is ridiculous (literally - deserving of ridicule). The reason I included links was to show that suing Pinkmeth will have no effect on whether or not people will see her pictures. Those links were within the first 8 pages of Google results for her name, and none of them point to Pinkmeth. In short, not Pinkmeth, nor Verisign, nor Katz, nor Tor are the reasons why her images are online. The person who posted the images is the reason why they are online. If she wants justice, she needs to go after that person, not useful things that plenty of other people use for completely legitimate reasons.

What's the benefit?

It's a little strange that I have to point this out, but the benefit of Tor is anonymity and the ability to not be tracked. Hopefully you understand why protection of privacy is a good thing for everyone, not just people interested in committing a crime. If you want the argument for why Tor is a good thing, read what the EFF has to say about it.

If you read the report or the synopsis, it said the thumb drive was four layers deep inside a metal box which was inside a metal filing cabinet. Assuming there was anything else in the filing cabinet, the scent of the owner would be concentrated around all sorts of things inside.

Using your *no further descriptions needed* scenario, the person would have touched many other things with the same scent: his keyboard, his mouse, his desk, the door of the filing cabinet, the tin box, possibly the key to the filing cabinet, the door handle of the room, etc. I doubt the dog was following scent of the owner around the room. (If I was trying to hide something from the dog I would use a micro-SD card and stick it inside my mouse. The dog is probably trained to ignore the common items like the mouse, keyboard, monitor, webcam, USB hub, etc.)

Or perhaps the makers of memory cards and thumb drives have been asked to add certain chemicals the the PCBs or memory chips to make it easier for dogs to locate them. It wouldn't be the first time hardware manufactures have been asked to modify their products to help police track them. https://www.eff.org/issues/pri...

~~

Using Tor is not the norm, and so then it becomes a matter of scrutinizing what it does, who uses it, and for what purposes.

The same could be said for any emerging technology. That argument would have applied when SSL was new. Maybe one day Tor will be standard, you buy a new computer, get online, and it's using Tor without you ever changing any settings. The EFF is already saying that everyone should use Tor. At this point, the only reason it's not the norm is because it's fairly new. I wouldn't be surprised if we see computers within a couple years marketed with privacy in mind that come with Tor already installed and configured, or ISPs adding exit nodes to their networks as a PR privacy initiative.

The EFF has a whole list of cases, most of which are way more important for the rest of us than the Schwartz case would have been.

A few details did slip out over the years via the "Connecticut Four" https://en.wikipedia.org/wiki/... and others who went to open courts.
http://www.nytimes.com/2006/05...
http://www.americanlibrariesma...
National Security Letters (January 10, 2011)
https://www.aclu.org/national-...
"...web sites a person visits, a list of e-mail addresses with which a person has corresponded, or even unmask the identity of a person who has posted anonymous speech on a political website."
" provision also allows the FBI to forbid or "gag" anyone who receives an NSL from telling anyone about the record demand. "
FBI Withdraws Unconstitutional National Security Letter After ACLU and EFF Challenge (May 7, 2008)
https://www.eff.org/press/arch...
"a digital library recognized by the state of California -- and its attorneys in November of 2007. The letter asked for personal information about one of the Archive's users, including the individual's name, address, and any electronic communication transactional records pertaining to the user."
FBI Backs Off From Secret Order for Data After Lawsuit (May 8, 2008)
http://www.washingtonpost.com/...

Since the summary links you to a stupid news article and not the guides themselves, here is the ACLU Guide and EFF Guides here.

The EFF guide you linked has not been updated yet to reflect the Riley decision. Some of those answers need to be changed because they are incorrect now. The ACLU "Know Your Rights" manual does not appear to have been updated either, but it simply doesn't address the issue of cell phone searches incident to arrest at all.

You are correct - they have not been updated. Why are they even mentioned in the summary and the article? Either way, I think the sources themselves are more valuable than the silly article.

Since the summary links you to a stupid news article and not the guides themselves, here is the ACLU Guide and EFF Guides here.

The EFF guide you linked has not been updated yet to reflect the Riley decision. Some of those answers need to be changed because they are incorrect now. The ACLU "Know Your Rights" manual does not appear to have been updated either, but it simply doesn't address the issue of cell phone searches incident to arrest at all.

Since the summary links you to a stupid news article and not the guides themselves, here is the ACLU Guide and EFF Guides here.

"..rat me out to every advertiser..." Hooray, FUD! Google doesn't sell your data to advertisers, it shows you ads based off of your information, big difference. Advertisers get aggregated statistics but not your precious precious data.

"...as well as the cops." https://www.eff.org/who-has-yo... Google has 6/6 from the EFF on keeping your information private from the authorities (unless they are complelled to by the law).

Even before Google acquired Nest their products already gave your information to a third party (how do you think the web and app works?). If you want your privacy you have to make some sacrifices: setting up and securing your own home automation server, doing without a smart home, trusting someone else (who will still have the warrant problem), or something else I'm not thinking of.

Do read https://www.eff.org/wp/defendi... . ICE and CBP do have the authority to detain you or refuse entry into the country (for non-US citizens), or detain your devices (the last one happens often), if you refuse to give them the password.

Protect yourself from surveillance by removing the battery? Your innocence is astounding. Unless you can manage to mount a concerted effort to obscure the data (chaffing, mixnets, etc.), you're still being tracked--and you're pretty much putting a giant flashing light on your head saying, "HERE! ME!"

https://www.eff.org/deeplinks/2013/12/meet-co-traveler-nsas-cell-phone-location-tracking-program

With neither public debate nor court authorization, CO-TRAVELER collects billions of records daily of cell phone user location information. It maps the relationships of cell phone users across global mobile network cables, gathering data about who you are physically with and how often your movements intersect with other cell phone users. The program even tracks when your phone is turned on or off.

If you're implying the use of steganography, then you're a moron.

Given the existence of undocumented- and more seriously, undisclosed- yellow marks output by various laser printers which have in at least one case been proven to be steganographic markings *and* decoded, it's certainly not "moronic" to consider that a similar scheme could in theory exist hidden in some digital cameras.

Frankly, in the wake of the Snowden revelations I wouldn't even consider this possibility ludicrously paranoid any more. Of course, digital cameras can have giveaway signatures like naturally-occurring hot pixels (and other signs) anyway, so in a sense it's already there. I don't think it's plausible that a non-GPS-advertised device would have a hidden detector inside, or even any method (e.g. WiFi triangulation) of detecting its location if that wasn't already designed into it.

A camera on a GPS-enabled smartphone though? If my life depended on it, I wouldn't bet against the possibility.

If you're implying the use of steganography, then you're a moron.

Given the existence of undocumented- and more seriously, undisclosed- yellow marks output by various laser printers which have in at least one case been proven to be steganographic markings *and* decoded, it's certainly not "moronic" to consider that a similar scheme could in theory exist hidden in some digital cameras.

Frankly, in the wake of the Snowden revelations I wouldn't even consider this possibility ludicrously paranoid any more. Of course, digital cameras can have giveaway signatures like naturally-occurring hot pixels (and other signs) anyway, so in a sense it's already there. I don't think it's plausible that a non-GPS-advertised device would have a hidden detector inside, or even any method (e.g. WiFi triangulation) of detecting its location if that wasn't already designed into it.

A camera on a GPS-enabled smartphone though? If my life depended on it, I wouldn't bet against the possibility.

yes "Stingrays: The Biggest Technological Threat to Cell Phone Privacy You Don't Know About" recalling
https://www.eff.org/deeplinks/...
You getting what federal/mil/security services would get over an area via a tame existing telco tower hardware/software at the local state and city level kit.

but the DoJ has to 1) actually comply with the order

The judge would have wide discretion in issuing sanctions for contempt of the discovery order. I personally doubt this is the sort of thing where a whole bunch of people progressively higher up the food chain would be willing to take up residence in a jail cell. We'll see.

2) The judge actually agree on merits

Agreed, though I'm encouraged that one of the reasons in the opinion for ordering the docs to be submitted to the court was the DoJ's prior shady practices in the case: "The evidence in the record shows that some documents, previously withheld in the course of this litigation and now declassified, had been withheld in their entirety when a disclosure of reasonably segregable portions of those documents would have been required. Further, the withholding followed an Order from this Court expressing concern that the agency had failed to explain sufficiently why the withheld documents “would be so replete with descriptions of intelligence activities, sources and methods that no portions thereof would contain” reasonably segregable and producible, non-exempt information." As a result, she seems appropriately skeptical going into this round.

3) The DoJ not immediately file for an appeal due to matters of national saftey

I don't believe an order to produce classified documents is immediately appealable.

4) the DoJ actually give the information to the EFF

The judge should have the same contempt levers available here as in #1.

Its like many ideas presented to top US intelligence students.
Just enough history on todays enemy, the tech to do the work needed and the correct collection of happy short tech stories from the past.
Thanks to the work of whistleblowers the world now understands:
https://www.eff.org/deeplinks/...
Different govs, the US, UK have total mastery of the 'net' via local shared facilities and people.
http://www.theregister.co.uk/2... (3 Jun 2014) http://www.nytimes.com/2014/04... (APRIL 23, 2014) The standard crypto offered is junk.
Entire generations have to rethink what the 'net' really is: predictive and trackable:
"US Secret Service wants sarcasm-detection tool for Twitter" (05 Jun 2014)
http://www.telegraph.co.uk/tec...
People read the headline but a bit further down is the fun part: "real-time" and the ability to identify 'influencers'.
Tech that was once at a budget level of a few nations agencies is now more wide spread at a federal level with a domestic role.

It actually turns out to be very easy to do something about it:
https://supporters.eff.org/don...