Slashdot Mirror
EFF Unveils Plan For Ending Mass Surveillance
An anonymous reader writes: The Electronic Frontier Foundation has published a detailed, global strategy for ridding ourselves of mass surveillance. They stress that this must be an international effort — while citizens of many countries can vote against politicians who support surveillance, there are also many countries where the citizens have to resort to other methods. The central part of the EFF's plan is: encryption, encryption, encryption. They say we need to build new secure communications tools, pressure existing tech companies to make their products secure against everyone, and get ordinary internet-goers to recognize that encryption is a fundamental part of communication in the surveillance age.
They also advocate fighting for transparency and against overreach on a national level. "[T]he more people worldwide understand the threat and the more they understand how to protect themselves—and just as importantly, what they should expect in the way of support from companies and governments—the more we can agitate for the changes we need online to fend off the dragnet collection of data." The EFF references a document created to apply the principles of human rights to communications surveillance, which they say are "our way of making sure that the global norm for human rights in the context of communication surveillance isn't the warped viewpoint of NSA and its four closest allies, but that of 50 years of human rights standards showing mass surveillance to be unnecessary and disproportionate."
They also advocate fighting for transparency and against overreach on a national level. "[T]he more people worldwide understand the threat and the more they understand how to protect themselves—and just as importantly, what they should expect in the way of support from companies and governments—the more we can agitate for the changes we need online to fend off the dragnet collection of data." The EFF references a document created to apply the principles of human rights to communications surveillance, which they say are "our way of making sure that the global norm for human rights in the context of communication surveillance isn't the warped viewpoint of NSA and its four closest allies, but that of 50 years of human rights standards showing mass surveillance to be unnecessary and disproportionate."
So, Slashdot, should we expect your support?. https, when?
Seriously, to put it simply, these guys are the shit. I figure most Slashdotters are well aware of what the EFF does, but if you aren't, definitely check out their website, blog, etc., look at what they've done, and consider donating to support them. (FWIW, I am in no way affiliated with the EFF. I just think it's a great organization.)
Good Luck! You'll Need It!
And what I mean by this --- the average Joe likes to post all his stuff on Facebook. He knows his communications aren't private and he doesn't care.
You aren't going to make him care either.
And is this a worthy cause? Cheap/free services depend on a revenue stream from something and exploiting the user ("You are the product") is not a horrible trade-off for the wide availability of cheap/free services.
How is a company going to support end-to-end encryption for free and still make money selling your information and metadata to third parties?
Keep in mind that means Google too. Or are you going to come up with a plan for Google to not be able to read your emails? Because if Google can read your emails, the government can.
Priest: "Universe from nothing, no laws of physics, sped up time"+ huge discrepancies. Creationism? No. Big Bang Theory
People like you are the real problem. If you truly cared about your family, you'd do something to ensure your children's freedom.
As it is, your words mark you as selfish and cowardly.
if enough people were serious about TOR, they would crash it while trying to avoid NSA.
There was an unknown error in the submission.
The problem is that while trying to survive and maintain some kind of social normalcy most people don't take an active role in shaping their local/regional/national/world topology until men in black are infiltrating their home at night and killing/disappearing them and/or raping their wife while their children watch. Complacency lies in the middle, and we're ("civilized" countries) still in the middle. The middle's that slippery slope between the crest and trough of utopia and North Korea. Hopefully the EFF will have some success before momentum takes us to that dark point where we have no choice but to answer with drastic measures. Ironically, the goal of both sides is peace and order. I suppose the difference in opinion about the road to said peace and order is what puts us at such unenviable odds.
Buy your next Linux PC at eightvirtues.com
Almost no one has a public IP address directly on their workstation at home and it is preventing free open source telephone to be widely adopted.
What is needed is a telephony protocol that and can easily be proxied or tunneled and/or that does not need extra measurements for surviving NAT.
echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
Starting using TOR browser bundle after White House threats in previous Slashdot article
WTFBBQ?!
Ok... White House threats?
The ones made by Sir David Omand
former head of GHCQ
in the UK (the "sir" and "GHCQ" should have been clues)
That guy is now a policy making executive in the White House?
Look I agree with your sentiment, but your total ignorance ruins your credibility here.
Some retired guy in the UK explaining that without surveillance spies will need to do more intrusive spying to get at intelligence does not amount to White House threats, even if he was the head of the British equivalent of the NSA. He's still just a retired guy rendering an opinion.
What's more what he is suggesting will happen is actually a good thing. We want the NSA to make intrusive spying efforts at targeted individuals, under warrant and court supervision. That's their job, and we all more or less agree with them doing exactly that. What we don't like is them sitting back and tapping everything from everyone, everwhere. But if they literally have to go somewhere and physically plant a bug in some suspected terrorists laptop to get at his info ... GREAT.
We should be raising Omand on our shoulders and parading him around as the voice of reason.
I heard a good quote from Glenn Greenwald. When talking with friends and others about mass surveillance, people often respond, "Well, if you're not doing anything wrong, you have nothing to worry about." To this, he replies, "Well, you're not doing anything wrong, right? So you wouldn't mind giving me the password to all your email accounts, and I will go through there and look for anything I find interesting and want to write about?" This makes people realize PRIVACY is not about HIDING bad stuff but about our fundamental write to keep our private communications from our private lives PRIVATE!
It is a catch 22; You can't get a warrant without evidence and you can't get evidence without a warrant.
No. Its really not. Its called regular police work. And police have been identifying suspects, building cases against them, culminating in search and arrest warrants for a hundred years now without "mass surveillance".
Will the EFF be the ones who apologize to the families of those killed by attacks that could have been stopped?
Where are these unicorns? Has there ever been a single verifiable case of this?
And even if they do exist? So what? Why should the EFF apologize for pushing for policies that make us all more free; even if a tiny handful of people die as a result?
Should the police be allowed to just randomly stop and frisk you? Maybe give you an anal probe right on the street? Maybe come into your house at night, and search the place for evidence of terrorism? No? You don't think that's ok?
Will you personally apologize to the families of those killed by attacks that could have been stopped if these searches had been allowed?
This is very true. However, WhatsApp appears to be a counter-example. They are deploying full end to end encryption and instead of ads, they just ..... charge people money, $1 per year. WhatsApp is not very big in the USA but it's huge everywhere else in the world.
The big problem is not people sharing with Facebook or Google or whoever (as you note: who cares?) but rather the last part - sharing with a foreign corporation is currently equivalent to sharing with its government, and people tend to care about the latter much more than the former. But that's a political problem. It's very hard to solve with cryptography. All the fancy science in the world won't stop a local government just passing a law that makes it illegal to use, and they all will because they all crave the power that comes with total knowledge of what citizens are doing and thinking.
Ultimately the solution must be two-pronged. Political effort to make it socially unacceptable for politicians to try and ban strong crypto. And the deployment of that crypto to create technical resistance against bending or breaking those rules.
They're absolutely right to suggest the first thing we have to do is increase widespread use of encryption technology. But the NSA and others have already said if we do that, they'll step up their game. We need to not just take our technology to the next level, we need to take our governance to the next level.
Politicians have proven themselves to be complete failures in working for the people. Sure, some countries have more luck than others - but there's nothing to suggest that that luck won't run out. Look at even the Scandinavian countries - their agencies are working for the NSA, their politicians are playing the exact same games. We need to reform our political system to reduce the amount of fuckery to a bare minimum. How do we achieve that? Complete and total transparency is vital, but not enough. Politicians are willing to openly defraud citizens in many countries already - it's not enough to know what's going on, we have to be able to hold them to account. And that's where I think elections are a farce. We don't choose who runs. We don't choose who gets to be on the final ballot. All of that is taken care of by big money interests, and even in the off chance we do get a good person into the system, they're outnumbered 100 to 1. And then the system starts to chew them up, convince them that their ideals are worthless and principles be damned, the system needs to continue operating as it has, as it will, with no real changes. Yea, one batch of idiots might do a slightly better job on one thing or the other, but in the end, as long as we continue to feed the system, it's no wonder we get governments abusing their power.
We need to have a government. We need to have a monopoly on violence, otherwise it gets to be dog eat dog very quickly. But a government that isn't held to complete account by the people is just another mad dog. The failures of our political systems have shown themselves clear. Institutional corruption. Control by a tiny minority. Ridiculous squabbling over issues that are settled science. Is this really the best we can do? I don't think so. Why are we still using politicians? Professional ones? We can have representatives, but I think it should be clear to anyone that a random person off the street will demonstrate as much intelligence and thought as an elected official - perhaps even more, as an elected politician has demonstrated the ability to say anything to get to that position. Why not do a sortition? Randomly selected individuals, and give them 1 year to govern. They can propose laws, but nothing passes until there's an approval vote by the citizenry. If the sortition does a good job (as judged by the people), they get a huge bonus. If they don't, they get the median wage, and the next sortition tackles the problems. How is this worse than giving a tremendous amount of power to a group of people who've constantly demonstrated themselves as a bunch of liars, power hungry, war mongering liars at that, and giving them free reign for 2, 4, 6 years?
Absolutely, increase and improve the technology. But don't ignore the technology running our governance. It's tremendously outdated, with countless flaws and bugs that have remained unpatched for millennia. It's time for a new release of Government.
That's a good point, but it also misses the fact that there isn't a single government throughout history that didn't subject its citizens to horrible abuses of some sort, which includes the US government. Give normal humans nearly unlimited power and they'll abuse it. The people who say "If you're not doing anything wrong, you have nothing to fear." must be completely and utterly ignorant of history, and must have such faith in the 'normal' people in their governments that they not only believe that the current people in the government will not make mistakes or abuse their powers, but that everyone who will ever be in the government will always be that way. That is just plain stupidity.
Also, the fact that it's unconstitutional in the US should make people in "the land of the free and the home of the brave" oppose it instantly. Whatever happened to the idea that we should be extremely cautious of the government? Even many of the people who say they want a smaller government support mass surveillance, which makes zero sense.
Then the more people that use TOR, the more targets they'll have. You can provide cover for the people who really need protection. That's a good thing, not a bad thing.
Surveillance does not make people less free.
Violating your privacy infringes upon your freedoms, so yes, it does. The United States constitution's fourth amendment mentions that you are secure in your papers among other things. The papers themselves? No, what is really protected is the information on the papers.
If repressive things happen with the gathered data then that would be a problem but not the surveillance itself.
You can't separate the two, you insufferable moron. One inevitably leads to the other, as history shows. Information is power, and mass surveillance is a means of crushing democracy and destroying people who challenge the status quo. They tried to do that with MLK, they tried it with nearly every anti-war movement, they try it with nearly every movement that challenges the status quo, and now with mass surveillance, they'll be that much more efficient at crushing those who challenge authority.
Donate
Donate
DONATE
If everyone who posted a reply to this story donated to the EFF with their dollars in addition to their words, that would be pretty substantial in aggregate, and they could do some real work with those funds.
Donate to the EFF. They have been fighting this fight for as long as I have been alive and are one of the only groups to has maintained the fight. While I have donated to them on and off over the years, I have been lax for quite awhile. I just donated to them and challenge everyone else to do the same.
PS: And, this comes from someone not in the USA who DOES NOT get a tax break from his donation since they are not registered in my country, but who recognizes the global impact of the EFF.
Surveillance does not make people less free. Does an audience at a theater make an actor less free?
What? Are you seriously trying to suggest that the role of police/security forces is comparable to a theater audience? Because I'm pretty sure that the audience pays actors for the privilege of watching them, whereas I am paying the police. I talk about my boss, my wife or my mother very differently when they're standing next to me, so I claim that an observer absolutely does restrict my freedom.
If repressive things happen with the gathered data then that would be a problem but not the surveillance itself.
OK, so when it's a private citizen, we should watch them closely, all the time, in order to identify when they might be thinking about committing a crime, but when it's the police, we should have no restrictions or preventative measures unless someone can document that the police have committed a crime. The crime rate for police is similar to civilians: they're human beings, not gods. They should be held to standards at least as high as you're proposing for civilians, and probably higher, given the special powers we invest in them.
"If you're not doing anything wrong, then you have no reason to hide"
That's what you say if you're the aggressor. If you're the victim, you say this:
"If I'm not doing anything wrong, then you have no reason to spy on me."
This forces the aggressor to come forward and admit that he doesn't believe in one of the most fundamental concepts of justice: that individuals are innocent before proven guilty.
A close (not so close anymore, unfortunately) relative of mine tried feeding me that line a few years ago when I complained to her that my phone was being screwed with. "Well,", she said, "if you're not doing anything wrong...." Hearing those words from her made my blood chill. That she works for the government in a job that she won't talk about, and knew years before it was public knowledge that Skype wasn't secure enough to use, told me everything I needed to know.
"How do you get probable cause when everything up to the actual act is planned and discussed over the internet." The same way the cops did it before the Internet existed. Look, the police didn't listen to every single phone call between 1920 and 1995 to try to find crimes that were being planned on the phone. They didn't even listen in to every conversation in every pool hall and dive bar trying to find people planning crimes. What you do is you work off tips from the public, you solve crimes that have already been committed, and you get out on the street and patrol and know your neighborhood and create an environment that isn't conducive to crime. You seem to think that the job of the police is to prevent every crime from ever being committed. This isn't Minority Report son. We can't stop them all before they happen. Personally, I'd rather have a few crimes occur and not live in a surveillance state thanks.
Support the First Amendment. Read at -1
Then we need more people willing to stand up for their principles, not less. If you give up, your privacy definitely won't be protected.
Its all well and good to talk about "encryption, encryption and more encryption" and to invent new protocols to help keep stuff from the eyes of those who would try to access private information (whether they be criminals, law enforcement, intelligence agencies or otherwise) but unless you can get vendors to adopt your new technology its not going to see widespread enough use to make a difference.
Take SSL/TLS for example. Right now when you visit a https site, your browser retrieves a certificate and checks that the certificate has been signed by a root certificate in your browser's local root trust store. There are a number of proposals out there to change this so that the public keys used for https connections are obtained in a way that doesn't rely on the broken CA model but as of yet none of those proposals have been implemented into any of the mainstream web browsers.
Why isn't more being done to get these new security ideas into the mainstream browsers? (especially the open source ones like Chrome/Webkit/Blink/Firefox). DANE (an RFC for storing https certificates in a DNSSEC secured DNS record) has a patch for Firefox posted in 2011 that has gone nowhere and vague mentions of work for Chrome but nothing else.
So you wouldn't mind giving me the password to all your email accounts
Go right ahead. There is literally almost nothing to see there - and Google has already seen it.
Just like Facebook has already seen the private messages people send each other.
Remember - three people can keep a secret only if two of them are dead. Sharing anything with anyone puts it out there - people learn in grade school that even kids like to gossip about each other.
It used to be that people could be shamed about stuff in their private lives. Today, not so much. A politician is gay or lesbian? So? An alcoholic? So? A crackhead (Rob Ford, I'm looking at you)? So? Cheats on his wife (Bill Clinton comes to mind)? So? Is being treated for a mental illness? So? Had an abortion? So? Nobody gives a damn.
The more open we are as a society, the healthier we are. There was a time that victims of rape hid in shame. That LGBT lived in fear of being outed, and thrown in jail (Turing). That someone with a mental illness was seen as "mental" and not "ill". That teenagers who had kids were "sent away."
Most of us have evolved. We see honor killings as seriously f'd up and totally dishonerable. We see female circumcision of children as mutilation and abuse. And we also understand that the best way to remove the stigma of a problem is to talk about it openly.
TL;DR: Unless you're a hermit, privacy is and always has been a convenient social illusion with an ugly unhealthy dark side.
"Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
This is akin to saying, "go ahead, put public webcams in ALL bathrooms". You are truly a fucking moron when logic and awareness meet up.
Comparing Google or the government reading my email to a peeping tom with a webcam is kind of stupid, don't you think?
Not really, Barbara. You've written that I shouldn't feel ashamed of anything if I'm not doing anything bad. But shame is very different than feeling a sense of privacy about some things. The obvious analogy here is exactly this: Everybody poops! There is nothing to be ashamed of in pooping. And yet [almost] no one, wants to poop while people are watching. The logical extension of your argument is webcams in bathrooms; after all, when everywhere else is surveilled, it will be the bathrooms where terrorists do their plotting. So we better have cameras in there. And if all you're doing is pooping and peeing, like everybody else, why should you be worried?
But far before that, there are many things in ordinary life that are just plain personal. The Sony hack to me was very sad because of the doxxing of innocent employees who had personal emails and medical records divulged, like the woman whose miscarriage was posted on the Internet. She shouldn't be ashamed of having a miscarriage, and yet privacy dictates that that is personal and she has been violated by having it outed. There are myriad examples of this. If I'm writing or speaking on the phone with a close friend about my conflicted feelings during the last moments of my mom's life as she died of cancer, that is something I have a right to share only with the people I choose to. If I'm talking with my girlfriend about how I want to bite her nipples and spank her ass tonight while dressed in black leather assless chaps, I don't want the world listening in because that is private between us. If I'm telling someone about my medical condition that causes me to be sometimes incontinent and why I therefore need to wear adult diapers, I don't want my colleagues at the office to be in the loop.
These are normal things that people must be able to share with their confidants.
Where are these unicorns? Has there ever been a single verifiable case of this?
I don't know about elsewhere, but here in Kanuckistan the RCMP has been working, with the cooperation of the muslim community, to deradicalize people, with some success.
"With the cooperation of the muslim community. Meaning; the RCMP were alerted to potential bad eggs from within the muslim community by volunteers; thanks to the RCMP being accessible and opening channels of communication. Its an example of truly good police work.
That's exactly what we need, and more of it.
But the unicorns I'm talking about are the terrorist attacks stopped by the panopticon, by the mass surveillance of everybody.
Why do you think it takes balls to log in? Just be thankful that your safe and comfortable life means that you don't need anonymity. (I also don't need anonymity, but at least I have some understanding that other people are in different situations).
You're a temporary arrangement of matter sliding towards oblivion in a cold, uncaring universe
I'm guessing Bitlocker is not useful for encrypting my data sufficiently to keep the government(s) out of it.
And the Truecrypt substitutes are all marginally trustworthy, as well as not quite so fully functional.
Not many good alternatives here.
deleting the extra space after periods so i can stay relevant, yeah.