Slashdot Mirror
EFF Unveils Plan For Ending Mass Surveillance
An anonymous reader writes: The Electronic Frontier Foundation has published a detailed, global strategy for ridding ourselves of mass surveillance. They stress that this must be an international effort — while citizens of many countries can vote against politicians who support surveillance, there are also many countries where the citizens have to resort to other methods. The central part of the EFF's plan is: encryption, encryption, encryption. They say we need to build new secure communications tools, pressure existing tech companies to make their products secure against everyone, and get ordinary internet-goers to recognize that encryption is a fundamental part of communication in the surveillance age.
They also advocate fighting for transparency and against overreach on a national level. "[T]he more people worldwide understand the threat and the more they understand how to protect themselves—and just as importantly, what they should expect in the way of support from companies and governments—the more we can agitate for the changes we need online to fend off the dragnet collection of data." The EFF references a document created to apply the principles of human rights to communications surveillance, which they say are "our way of making sure that the global norm for human rights in the context of communication surveillance isn't the warped viewpoint of NSA and its four closest allies, but that of 50 years of human rights standards showing mass surveillance to be unnecessary and disproportionate."
They also advocate fighting for transparency and against overreach on a national level. "[T]he more people worldwide understand the threat and the more they understand how to protect themselves—and just as importantly, what they should expect in the way of support from companies and governments—the more we can agitate for the changes we need online to fend off the dragnet collection of data." The EFF references a document created to apply the principles of human rights to communications surveillance, which they say are "our way of making sure that the global norm for human rights in the context of communication surveillance isn't the warped viewpoint of NSA and its four closest allies, but that of 50 years of human rights standards showing mass surveillance to be unnecessary and disproportionate."
So, Slashdot, should we expect your support?. https, when?
Seriously, to put it simply, these guys are the shit. I figure most Slashdotters are well aware of what the EFF does, but if you aren't, definitely check out their website, blog, etc., look at what they've done, and consider donating to support them. (FWIW, I am in no way affiliated with the EFF. I just think it's a great organization.)
Good Luck! You'll Need It!
And what I mean by this --- the average Joe likes to post all his stuff on Facebook. He knows his communications aren't private and he doesn't care.
You aren't going to make him care either.
And is this a worthy cause? Cheap/free services depend on a revenue stream from something and exploiting the user ("You are the product") is not a horrible trade-off for the wide availability of cheap/free services.
How is a company going to support end-to-end encryption for free and still make money selling your information and metadata to third parties?
Keep in mind that means Google too. Or are you going to come up with a plan for Google to not be able to read your emails? Because if Google can read your emails, the government can.
Priest: "Universe from nothing, no laws of physics, sped up time"+ huge discrepancies. Creationism? No. Big Bang Theory
if enough people were serious about TOR, they would crash it while trying to avoid NSA.
There was an unknown error in the submission.
The problem is that while trying to survive and maintain some kind of social normalcy most people don't take an active role in shaping their local/regional/national/world topology until men in black are infiltrating their home at night and killing/disappearing them and/or raping their wife while their children watch. Complacency lies in the middle, and we're ("civilized" countries) still in the middle. The middle's that slippery slope between the crest and trough of utopia and North Korea. Hopefully the EFF will have some success before momentum takes us to that dark point where we have no choice but to answer with drastic measures. Ironically, the goal of both sides is peace and order. I suppose the difference in opinion about the road to said peace and order is what puts us at such unenviable odds.
Buy your next Linux PC at eightvirtues.com
Almost no one has a public IP address directly on their workstation at home and it is preventing free open source telephone to be widely adopted.
What is needed is a telephony protocol that and can easily be proxied or tunneled and/or that does not need extra measurements for surviving NAT.
echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
Starting using TOR browser bundle after White House threats in previous Slashdot article
WTFBBQ?!
Ok... White House threats?
The ones made by Sir David Omand
former head of GHCQ
in the UK (the "sir" and "GHCQ" should have been clues)
That guy is now a policy making executive in the White House?
Look I agree with your sentiment, but your total ignorance ruins your credibility here.
Some retired guy in the UK explaining that without surveillance spies will need to do more intrusive spying to get at intelligence does not amount to White House threats, even if he was the head of the British equivalent of the NSA. He's still just a retired guy rendering an opinion.
What's more what he is suggesting will happen is actually a good thing. We want the NSA to make intrusive spying efforts at targeted individuals, under warrant and court supervision. That's their job, and we all more or less agree with them doing exactly that. What we don't like is them sitting back and tapping everything from everyone, everwhere. But if they literally have to go somewhere and physically plant a bug in some suspected terrorists laptop to get at his info ... GREAT.
We should be raising Omand on our shoulders and parading him around as the voice of reason.
I heard a good quote from Glenn Greenwald. When talking with friends and others about mass surveillance, people often respond, "Well, if you're not doing anything wrong, you have nothing to worry about." To this, he replies, "Well, you're not doing anything wrong, right? So you wouldn't mind giving me the password to all your email accounts, and I will go through there and look for anything I find interesting and want to write about?" This makes people realize PRIVACY is not about HIDING bad stuff but about our fundamental write to keep our private communications from our private lives PRIVATE!
It is a catch 22; You can't get a warrant without evidence and you can't get evidence without a warrant.
No. Its really not. Its called regular police work. And police have been identifying suspects, building cases against them, culminating in search and arrest warrants for a hundred years now without "mass surveillance".
Will the EFF be the ones who apologize to the families of those killed by attacks that could have been stopped?
Where are these unicorns? Has there ever been a single verifiable case of this?
And even if they do exist? So what? Why should the EFF apologize for pushing for policies that make us all more free; even if a tiny handful of people die as a result?
Should the police be allowed to just randomly stop and frisk you? Maybe give you an anal probe right on the street? Maybe come into your house at night, and search the place for evidence of terrorism? No? You don't think that's ok?
Will you personally apologize to the families of those killed by attacks that could have been stopped if these searches had been allowed?
They're absolutely right to suggest the first thing we have to do is increase widespread use of encryption technology. But the NSA and others have already said if we do that, they'll step up their game. We need to not just take our technology to the next level, we need to take our governance to the next level.
Politicians have proven themselves to be complete failures in working for the people. Sure, some countries have more luck than others - but there's nothing to suggest that that luck won't run out. Look at even the Scandinavian countries - their agencies are working for the NSA, their politicians are playing the exact same games. We need to reform our political system to reduce the amount of fuckery to a bare minimum. How do we achieve that? Complete and total transparency is vital, but not enough. Politicians are willing to openly defraud citizens in many countries already - it's not enough to know what's going on, we have to be able to hold them to account. And that's where I think elections are a farce. We don't choose who runs. We don't choose who gets to be on the final ballot. All of that is taken care of by big money interests, and even in the off chance we do get a good person into the system, they're outnumbered 100 to 1. And then the system starts to chew them up, convince them that their ideals are worthless and principles be damned, the system needs to continue operating as it has, as it will, with no real changes. Yea, one batch of idiots might do a slightly better job on one thing or the other, but in the end, as long as we continue to feed the system, it's no wonder we get governments abusing their power.
We need to have a government. We need to have a monopoly on violence, otherwise it gets to be dog eat dog very quickly. But a government that isn't held to complete account by the people is just another mad dog. The failures of our political systems have shown themselves clear. Institutional corruption. Control by a tiny minority. Ridiculous squabbling over issues that are settled science. Is this really the best we can do? I don't think so. Why are we still using politicians? Professional ones? We can have representatives, but I think it should be clear to anyone that a random person off the street will demonstrate as much intelligence and thought as an elected official - perhaps even more, as an elected politician has demonstrated the ability to say anything to get to that position. Why not do a sortition? Randomly selected individuals, and give them 1 year to govern. They can propose laws, but nothing passes until there's an approval vote by the citizenry. If the sortition does a good job (as judged by the people), they get a huge bonus. If they don't, they get the median wage, and the next sortition tackles the problems. How is this worse than giving a tremendous amount of power to a group of people who've constantly demonstrated themselves as a bunch of liars, power hungry, war mongering liars at that, and giving them free reign for 2, 4, 6 years?
Absolutely, increase and improve the technology. But don't ignore the technology running our governance. It's tremendously outdated, with countless flaws and bugs that have remained unpatched for millennia. It's time for a new release of Government.
That's a good point, but it also misses the fact that there isn't a single government throughout history that didn't subject its citizens to horrible abuses of some sort, which includes the US government. Give normal humans nearly unlimited power and they'll abuse it. The people who say "If you're not doing anything wrong, you have nothing to fear." must be completely and utterly ignorant of history, and must have such faith in the 'normal' people in their governments that they not only believe that the current people in the government will not make mistakes or abuse their powers, but that everyone who will ever be in the government will always be that way. That is just plain stupidity.
Also, the fact that it's unconstitutional in the US should make people in "the land of the free and the home of the brave" oppose it instantly. Whatever happened to the idea that we should be extremely cautious of the government? Even many of the people who say they want a smaller government support mass surveillance, which makes zero sense.
Then the more people that use TOR, the more targets they'll have. You can provide cover for the people who really need protection. That's a good thing, not a bad thing.
Surveillance does not make people less free.
Violating your privacy infringes upon your freedoms, so yes, it does. The United States constitution's fourth amendment mentions that you are secure in your papers among other things. The papers themselves? No, what is really protected is the information on the papers.
If repressive things happen with the gathered data then that would be a problem but not the surveillance itself.
You can't separate the two, you insufferable moron. One inevitably leads to the other, as history shows. Information is power, and mass surveillance is a means of crushing democracy and destroying people who challenge the status quo. They tried to do that with MLK, they tried it with nearly every anti-war movement, they try it with nearly every movement that challenges the status quo, and now with mass surveillance, they'll be that much more efficient at crushing those who challenge authority.
"If you're not doing anything wrong, then you have no reason to hide"
That's what you say if you're the aggressor. If you're the victim, you say this:
"If I'm not doing anything wrong, then you have no reason to spy on me."
This forces the aggressor to come forward and admit that he doesn't believe in one of the most fundamental concepts of justice: that individuals are innocent before proven guilty.
Then we need more people willing to stand up for their principles, not less. If you give up, your privacy definitely won't be protected.
Its all well and good to talk about "encryption, encryption and more encryption" and to invent new protocols to help keep stuff from the eyes of those who would try to access private information (whether they be criminals, law enforcement, intelligence agencies or otherwise) but unless you can get vendors to adopt your new technology its not going to see widespread enough use to make a difference.
Take SSL/TLS for example. Right now when you visit a https site, your browser retrieves a certificate and checks that the certificate has been signed by a root certificate in your browser's local root trust store. There are a number of proposals out there to change this so that the public keys used for https connections are obtained in a way that doesn't rely on the broken CA model but as of yet none of those proposals have been implemented into any of the mainstream web browsers.
Why isn't more being done to get these new security ideas into the mainstream browsers? (especially the open source ones like Chrome/Webkit/Blink/Firefox). DANE (an RFC for storing https certificates in a DNSSEC secured DNS record) has a patch for Firefox posted in 2011 that has gone nowhere and vague mentions of work for Chrome but nothing else.
So you wouldn't mind giving me the password to all your email accounts
Go right ahead. There is literally almost nothing to see there - and Google has already seen it.
Just like Facebook has already seen the private messages people send each other.
Remember - three people can keep a secret only if two of them are dead. Sharing anything with anyone puts it out there - people learn in grade school that even kids like to gossip about each other.
It used to be that people could be shamed about stuff in their private lives. Today, not so much. A politician is gay or lesbian? So? An alcoholic? So? A crackhead (Rob Ford, I'm looking at you)? So? Cheats on his wife (Bill Clinton comes to mind)? So? Is being treated for a mental illness? So? Had an abortion? So? Nobody gives a damn.
The more open we are as a society, the healthier we are. There was a time that victims of rape hid in shame. That LGBT lived in fear of being outed, and thrown in jail (Turing). That someone with a mental illness was seen as "mental" and not "ill". That teenagers who had kids were "sent away."
Most of us have evolved. We see honor killings as seriously f'd up and totally dishonerable. We see female circumcision of children as mutilation and abuse. And we also understand that the best way to remove the stigma of a problem is to talk about it openly.
TL;DR: Unless you're a hermit, privacy is and always has been a convenient social illusion with an ugly unhealthy dark side.
"Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
Where are these unicorns? Has there ever been a single verifiable case of this?
I don't know about elsewhere, but here in Kanuckistan the RCMP has been working, with the cooperation of the muslim community, to deradicalize people, with some success.
"With the cooperation of the muslim community. Meaning; the RCMP were alerted to potential bad eggs from within the muslim community by volunteers; thanks to the RCMP being accessible and opening channels of communication. Its an example of truly good police work.
That's exactly what we need, and more of it.
But the unicorns I'm talking about are the terrorist attacks stopped by the panopticon, by the mass surveillance of everybody.