EFF Interviewed About Their Case Against AT&T

ntk writes "Glenn Greenwald from Salon has a long, informative interview with Cindy Cohn, the EFF attorney leading the suit against AT&T over their warrantless wiretapping of their customers. It talks about why the White House is pushing for retroactive immunity against the telco, what the suit has revealed so far, and how little Congressfolk appear to know about how Internet traffic is being monitored."

Just don't trust the middle

[mwilliamson]

The public needs to understand and accept the fact that neither telecos nor governments are trustworthy. Privacy is up to end users and they are free to secure their own traffic by wrapping it in real crypto. GPG, OpenSSL and OpenVPN are just a few free open-source toolkits available to provide secure ways to communicate without having to worry about the trustworthiness of the pipe between here and there.

It's just naive to wait for some politician to protect your privacy when you have the tools to insure this yourself. As a matter of practice, stick your letters in an envelope instead of waiting for the postmaster general to outlaw literacy of postal employees.

Re:Just don't trust the middle

[Daniel+Dvorkin]

It's just naive to wait for some politician to protect your privacy when you have the tools to insure this yourself.

As long as those tools are legal. The US already has ridiculous export restrictions on crypto (as though people in other countries aren't capable of writing this stuff on their own!) and IIRC, the UK government has argued for a central, government-run crypto key database, such that it would be illegal to encrypt anything in a way that law enforcement can't immediately crack. What's naive is thinking that just because the tools exist, you'll always be able to use them without getting your door kicked down in the middle of the night, a flashlight shined in your face as you're hauled out bed and cuffed, and a booming voice asking, "Citizen, what are you trying to hide?"

Short of armed revolution, which is not something that any sane person should want to become necessary, our best defense against government intrusion is to get politicians on board. Laws protecting citizens from abuses of power can and do work; for most of its existence, the Bill of Rights has been a sterling example. On those occasions when the government chooses to disregard these laws, it is the responsibility of We The People to put it back in its place -- and it is far preferable to do that with ballots than with bullets.

Re:Just don't trust the middle

[mrsteveman1]

Ignoring what the government does just because you can encrypt things at the moment is foolish.

I might add that if anyone had an interest in cracking popular encryption schemes right now, it would be the government that is trying to read every packet you touch. Things like this are never certain but I wouldn't trust my life to encryption anymore regardless of keysize or cipher length.

Re:Just don't trust the middle

[PopeRatzo]

The public needs to understand and accept the fact that neither telecos nor governments are trustworthy.

People keep throwing out this "cain't trust the gummint" garbage without realizing that the government is supposed to be us.

If Americans would just stop basing their vote on the rantings of Right-Wing radio idiots and start exercising their ability to influence the people we elect, we might actually be able to have a little trust in the government, in ourselves.

The authoritarian plutocrats have been spending billions to create this nonsense that government is the root of all evil, and if we'd just put all the power in the hands of corporate managers, life in America would be utopia. It's actually become conventional wisdom now that the private sector can do everything better than the public. The problem is, our experience with insurance companies, communication companies, energy companies, the very biggest of the big corporations, is uniformly horrible. But now we're supposed to happily turn over health care to those same insurance companies, media to those same communication companies (think of your cable provider) and the fuel of our lives over to Exxon.

I don't know about you all, but the last time I went to the DMV here in Chicago to renew my driver's license, it was a quick, inexpensive and efficient process. I was in and out in less than 15 minutes. I went to the DMV because the Secretary of State of Illinois sent me a timely letter telling me that my license was about to expire, and giving me instructions as to what I should bring and where I should go.

How was your last interaction with your insurance company?

I'm thoroughly sick of hearing people stridently assert that government can't do anything right. If any part of that is true, maybe it's because a certain segment of our ruling class and their corporate masters have been working and spending hard to destroy that very government, hoping that we'll happily open our wallets and our lives to them so they can do it right.

Maybe we ought to think about saving our government as created by our founding fathers with our Constitution before we decide to turn over control of our lives to the corporate sector, who, when it comes down to it, cares a lot more about their quarterly profits than about our welfare.

Re:Just don't trust the middle

[Daniel+Dvorkin]

Jefferson was quite sane, and he knew that things had indeed gone beyond a political solution. But it should take a lot before anyone ever gets to that point. There had been mutterings about rebellion in the Colonies since at least the 1720's, but except for isolated local incidents (which were quickly crushed) it never came to anything before 1776, and up through 1770 or so most people thought, quite rightly, that the idea was pretty dumb, because the Colonies simply didn't have the resources to make it work.

Americans often don't realize how profoundly lucky we were, I think. Ours could very easily have been one in the long, depressing series of wars of colonial liberation in which the colonists Throw Off The Hated Chains Of Oppression only to descend into dictatorship. We were lucky that Washington didn't want a crown, lucky that it was Washington rather than Arnold who ended up as the hero of the day, deeply lucky that the authoritarians among the Founders generally didn't get their way. A million things could have gone wrong; we threaded the needle and -- just barely -- got it right. Meanwhile, South America and Africa have provided many tragic examples of how difficult this is.

Also, our "Revolution" was a war of colonial liberation, not a revolution in the ordinary sense; as bad as colonial rebellions often are, internal revolutions, attempts to replace a government in place by armed force, are generally worse. To tell the truth, I'm not sure I can think of a single example that's really worked out well -- and the ascending scale of horror represented by the English Civil War, the French Revolution, and the Russian Revolution show how easily they can work out badly.

Sometimes revolution is the best of several bad choices, yes. But that's the best it can ever be. People who talk about it casually have no idea what they're playing with.

Re:Just don't trust the middle

The government our founding fathers intended is a government that would protect the borders and otherwise keep the hell out of our way.

It's certainly not the monster of red tapes and conspiracies it's become. Distrusting this particular form of government so that the government our founding fathers intended (and the one we deserve) can again flourish is the most patriotic thing any American can do.

RIAA vs. Government

[cygtoad]

I see a lot of criticism about these telecoms cooperating without warrants with the government. I don't think it is as bad as ISP's cooperating with private agencies like RIAA without a warrant. One might argue that the government could at least have some shadow of the public good in what they do. The RIAA is completely self serving. If the government is called into question for these activities, then maybe it will cascade down to privacy concerns that don't get as much press.

Nope - in both cases it's wrong

The principle is that there are laws, and none should be above the law (something Bush doesn't seem to get either).

Change that and you change justice. Full stop.

VeriSign's role as an NSA subcontractor

[Burz]

Required reading here.

Look at how gleefully they advertise exploiting their trusted thiry-party (SSL Certificate Authority) status.

I think we need to consider switching all our browsers to a more trustworthy CA.

Re:VeriSign's role as an NSA subcontractor

[DavidTC]

DailyKos is not a technology site, and the person who posted this diary doesn't understand that all Verisign normally gets is the signing request. (I'll probably post something like this there also.) They don't have your private key, they can't decode your communications.

What they could do is intercept it and man-in-the-middle it. With Verisign's help, they can trivially make a key that works in every browser. (And buying a non-verisign key won't help...end users will just be handed a 'legit' verisign one and don't know that server has a different one.)

I urge everyone with an SSL server to post the MD5 and SHA1 fingerprints of their public key, or even their entire public key, on their site and I urge people to occasionally check them against what their browser reports. Sadly, Firefox, at least, doesn't seem to actually report the public key in any usable format, and I can't see how to get the MD5 and SHA1 fingerprints from the key using openssl. If anyone has a set of step-by-step instructions, that tell exactly what to put up and how to instruct end users to check it, that would be nice to link to.

And if you have an SSL server and a Linux shell somewhere else, and run 'openssl s_client -connect example.com:443' from both the server and that other place to make sure the 'BEGIN CERTIFICATE' part matches.

I seriously doubt the NSA is doing this, but it should be easy enough to notice if it is.

And, speaking of 'occasionally checking', it would be nice if there was some Firefox extension to inform you that the encryption key had changed, and what the old and new key were. If the old key wasn't due to expire, and the new key has the same date as the old, it probably means someone is running a man-in-the-middle attack. They'd keep the dates the same, along with all the other info, to make it harder to notice, whereas while someone could buy a new key in advance, they wouldn't get one with the same date as the old.

LIARS

[visualight]

GG: John Boehner, the House Minority Leader, was on Fox News on Sunday arguing for telecom immunity, and this is one of the things he said in explaining why he believed in amnesty: "I believe that they deserve immunity from lawsuits out there from typical trial lawyers trying to find a way to get into the pockets of the American companies."

I have no doubt that Congressman Boehner is aware of the EFF's true motivations and is deliberately spinning them. His motivation for doing so can only be to defend the Bush Administration. Most importantly, He is absolutely aware that what has happened and is still happening is illegal and he is willing to lie on national tv to defend this. In board rooms, on conference calls, in the break room, at the pool hall down the street, people can't get away with this shit and they know they'll be called out for lying. We really need the people who interviewing these traitors to be more aggressive. Fuck politeness, just once I want some anchorman to say "Wo, hold the fuck on John, we all know that's bullshit."
Our elected officials (all of them) lie and spout meaningless rhetoric with impunity everyday and that needs to change. They need to be put on the spot and grilled once in a while.

Salon was the wrong outlet for this article.

[Animats]

Accessing the article, all I get is: Salon cannot set a cookie on your browser. This for an article on protecting privacy.

Re:Salon was the wrong outlet for this article.

I'm confused. I thought the whole point was to comment on the articles without trying to access them.