You are browsing the archive for Privacy.

Internet Privacy or (In)Security..a lesson in paranoia

7:41 pm in Uncategorized by cmaukonen

Secure Cloud Computing – FutUndBeidl / flickr creative commons

V.I. Kydor Kropotkin: Wel my phone isn’t tapped and I know yours isn’t tapped…

Don Masters, CEA Agent: But this phone booth was.

V.I. Kydor Kropotkin: Are you trying to tell me every phone in the country is tapped?

Don Masters, CEA Agent: That’s what’s in my head.

V.I. Kydor Kropotkin: Don, this is America, not Russia! – The President’s Analyst

Well it didn’t use to be. And according to this, nobody can expect any privacy over the Internet any more.

“Environmental advocates have the right to speak anonymously and travel without their every move and association being exposed to Chevron,” said Marcia Hofmann, Senior Staff Attorney with the Electronic Frontier Foundation, who—along with environmental rights group EarthRights International (ERI)—had filed a motion last fall to “quash” the subpoenas.

“These sweeping subpoenas create a chilling effect among those who have spoken out against the oil giant’s activities in Ecuador,” she added at the time.

According to ERI, the subpoena demands the personal information about each account holder as well as the IP addresses associated with every login to each account over a nine-year period. “This could allow Chevron to determine the countries, states, cities or even buildings where the account-holders were checking their email,” they write, “so as to ‘infer the movements of the users over the relevant period and might permit Chevron to makes inferences about some of the user’s professional and personal relationships.’”

First some background, so please excuse me as I get rather techy and geeky.

Right now we have the following four major operating systems to run on your PC, desktop or server machine:

Windows – Microsoft – the least secure.

OS X – Apple – more secure

Linux – the most secure for desktop use

BSD – the most secure of all but primarily for server applications.

BSD – (which stands for Berkeley Software Development) was originally developed at the University of California  Berkeley from work they did to expand the usefulness of ATT Unix. Now supported by the BSD Community. There are two main flavors. NET-BSD and Free-BSD.

Linux was developed by Linus Torvalds and contains all free software from the Free Software Foundation. It’s generally known as GNU/Linux.

OS X is built upon a BSD core using a MACK Kernel, but since the user interface IE windowing system is Apple Proprietary, there is no knowing what it may or may not have in it or how secure it actually is.

Windows is totally proprietary, though there has been pressure on Microsoft to release the source, or at least part of it.

Linux comes in a number of flavors.

RedHat – now know mostly as Fedora.

openSUSE – a distribution that was developed so that it could run on particular IBM Mainframe machines under their VM operating system but will also run on Intel and others.

Ubuntu – a distribution of the Debian/GNU flavor of Linux. There are various flavors of this as well, depending on the Window manager you happen to like. I use Xubuntu which uses the XFCE window manager. But all Ubuntus can run programs from the Ubuntu software library which is now very large. There are a very large number of Linux distributions as one can see from this list. And going into the differences of each would take a large book. The nice thing is that nearly all applications that will run on one version of Linux will run on the others. These days just about about anything one would want, from photo manipulation to web browsing to office products to audio and mp3 and videos, is available for Linux and even for BSD.

And with Wine, nearly all Windows apps will run on Linux. I am currently running a few myself. So there really is little reason not to switch these days.

So why am I going into all of this ? Because it should be evident to all that anything you type in the clear will be seen by the US Stasi. Count on it. And you can count on the fact that Microsoft and Apple will cooperate fully with them as well.

So first of all one needs to ditch the corporate software completely. Yes, it will take some getting used to. However the Widowing systems now available for Linux can give you the look and feel of Windows or OS X or even IBM’s OS2 – yech.

Use Firefox for browsing and an anonymous plugin for anything serious. Use Thunderbird for your mail app and a pgp encryption for your serious mail.  There are a number of plugins for both. DO NOT USE Gmail, Yahoomail or any of those free mailers for ANYTHING SERIOUS.  Use a secure mail service such as riseup or hushmail which will not divulge who you are.

Do NOT use Twitter or clear chat. Risup is starting a secure chat service.

But the biggest problem is how the government acquires and uses metadata.  From an email I received from Risup:

Metadata, i.e. all the information about who you communicate with, how
frequently, for how long, and from where, can be used to create a social
map. One way this social map can be used to determine who the bridge
people are within social movements and campaigns, i.e., which people are
the connectors.

Say that there is some really excellent, effective anti-coal organizing
going on — effective enough that the powers that be want to stop it.
Using the metadata to make a social map shows them who the handful of
people are that connect the green anarchists with the labor activists and
the climate change organizers. Even in really large campaigns, there are
often only a handful of people who are the connectors, and without them
communication, coalition, coordination, and solidarity will break down.
It’s not that it might break down, but it will. Corporations and
governments even know how many of these bridge people they need to take
out in order to disrupt a campaign. There are algorithms and academic
papers written about it. What they haven’t always known is who the heck
these bridge people are.

Enter the metadata’s social map, and they can easily and to an exacting
degree see who the bridge people are they need to target. Who to follow
and intimidate to stop their organizing. Who to have watched and legally
prosecuted via any small legal infraction. Who to illegally entrap. Who to
kidnap, torture, and kill. And let’s not be naive and imagine that hasn’t
happened before and will not happen again. The collection of this metadata
makes it all the easier.

Sound paranoid? Or are we at a point where nothing sounds paranoid anymore.

So, what can we do about it? For starters, get everyone you know to start
using an email provider that uses StartTLS. For email, this is the only
thing that can protect against the surveillance of our social networks.

What about phone calls, internet chat, and social networking sites? Riseup
birds don’t have all the answers, but we are working on it. One thing we
know, privacy and security are not solved by personal solutions. If we
want security, it will take a collective response and a collective
commitment to building alternative communication infrastructure.

In other words, just knowing who you are communicating with is important to the government these days. So to my mind what is necessary is this:

Someone is going to have come up with a secure communications scheme – probably cloud based – where you would not even know who was communicating with who, unless you had the key. And each person/communicator would have their own unique key to identify them.

Nothing – not even who you want to communicate with – would be in the clear. Everything encrypted so that when some kind of coordinated action is planned, at least knowing who is planning what with whom would be very difficult to discover.  We have entered the era of the American Stasi and KGB, people, and everything you say, email, tweet and chat will be used against you.

They Know What You Did Last Summer (and Fall and Winter And…)

6:38 pm in Uncategorized by cmaukonen

It would seem that our privacy and that of others around the world has been even more compromised that many had thought. The hacktivist team Anonymous acquired 70,000 emails from HBGary Federal concerning a government/private spying operation know as Romas/COIN and its replacement called Odyssey. Mostly targeting Arab countries but also citizens in this country.

The former self-appointed spokesman for the collective of hacktivists known as “Anonymous” revealed Tuesday what he called a massive U.S spying program against the Arab world.

In an email to about a dozen journalists, Barrett Brown said his Project PM had uncovered the nature of the U.S. spying operation known as Romas/COIN and its replacement called Odyssey.

“For at least two years, the U.S. has been conducting a secretive and immensely sophisticated campaign of mass surveillance and data mining against the Arab world, allowing the intelligence community to monitor the habits, conversations, and activity of millions of individuals at once,” Brown wrote.

Brown’s team made the discovery by analyzing 70,000 emails from data intelligence firm HBGary Federal. Anonymous stole the emails after HBGary CEO Aaron Barr told the Financial Times that his company had identified “core leaders” of the hacktivist group.

“The new revelation provides for a disturbing picture, particularly when viewed in a wider context,” Brown wrote Tuesday. “Unprecedented surveillance capabilities are being produced by an industry that works in secret on applications that are nonetheless funded by the American public – and which in some cases are used against that very same public. Their products are developed on demand for an intelligence community that is not subject to Congressional oversight and which has been repeatedly shown to have misused its existing powers in ways that violate U.S. law as well as American ideals.”

Although military contractor Northrop Grumman held the contract for Romas/COIN, HBGary had been asked to present officials with a plan for significantly expanding the program.

“I met with [Mantech CEO] Bob Frisbie the other day to catch up,” Barr wrote in an email to TASC CEO Al Pisani. “He is looking to expand a capability in IO [information operations] related to the COIN re-compete but more for DoD.”

This article from the Guardian says the plan was also to put this intelligence into the hands of private institutions as well.

The significance of this programme to the public is not limited to its potential for abuse by facets of the US intelligence community, which has long been proverbial for misusing other of its capabilities. Perhaps the most astonishing aspect is the fact that the partnership of contracting firms and other corporate entities that worked to obtain the contract was put into motion in large part by Aaron Barr, the disgraced former CEO of HBGary Federal who was at the centre of Team Themis’s conspiracy to put high-end intelligence capabilities at the disposal of private institutions. As I explain further in the linked report, this fact alone should prompt increased investigation into the manner in which this industry operates and the threats it represents to democratic institutions.

According to this piece in NetworkWorld it involved Apple and Google and a number of others and also focused on social networking sites as well.

Apple and Google were active team partners, and AT&T may have been as well. The latter is known to have provided the NSA free reign over customer communications (and was in turn protected by a bill granting them retroactive immunity from lawsuits). Google itself is the only company to have received a “Hostile to Privacy” rating from Privacy International. Apple is currently being investigated by Congress after the iPhone was revealed to compile user location data in a way that differs from other mobile phones; the company has claimed this to have been a “bug.”

-          The program makes use of several providers of “linguistic services.” At one point, the team discusses hiring a military-trained Arabic linguist. Elsewhere, Barr writes: “I feel confident I can get you a ringer for Farsi if they are still interested in Farsi (we need to find that out). These linguists are not only going to be developing new content but also meeting with folks, so they have to have native or near native proficiency and have to have the cultural relevance as well.”

-          Alterion and SocialEyez are listed as “businesses to contact.” The former specializes in “social media monitoring tools.” The latter uses “sophisticated natural language processing methodology” in order to “process tens of millions of multi-lingual conversations daily” while also employing “researchers and media analysts on the ground;” its website also notes that “Millions of people around the globe are now networked as never before – exchanging information and ideas, forming opinions, and speaking their minds about everything from politics to products.”

If this doesn’t make you want to check you back every few seconds, I don’t know what will.