omnibus PRISM/NSA/free Edward Snowden/encryption tutorial thread

via the Fandor film blog:

“How Laura Poitras Helped Snowden Spill His Secrets” is the straight-forward title of Peter Maass‘s cover story for this Sunday’s New York Times Magazine. It is, of course, an utterly riveting read, supplemented by Maass’s encrypted question-and-answer session with Snowden himself. Snowden: “We came to a point in the verification and vetting process where I discovered Laura was more suspicious of me than I was of her, and I’m famously paranoid.” And Guardian reporter Glenn Greenwald recalls that when he met Poitras, “She insisted that I not take my cellphone, because of this ability the government has to remotely listen to cellphones even when they are turned off.”

You’ve likely heard that Laura Poitras has her reasons for being cautious. With each successive film—My Country, My Country, nominated for an Oscar in 2006, The Oath (2010), winner of several awards (Sundance, Peabody, MacArthur), and now the one on surveillance which she began in 2011—Poitras has been detained at airports with increasing frequency. One “security guy” told her, “You have a threat score that is off the Richter scale. You are at 400 out of 400.” In short, she’s come a long way from the San Francisco Art Institute and those classes with Ernie Gehr.

http://www.nytimes.com/2013/08/18/magazine/laura-poitras-snowden.html

One “security guy” told her, “You have a threat score that is off the Richter scale. You are at 400 out of 400.”

this strikes me as kind of

something

being an Oscar nominee who's making a feature doc abt surveillance racks up pts i guess

Once she began working on her surveillance film in 2011, she raised her digital security to an even higher level. She cut down her use of a cellphone, which betrays not only who you are calling and when, but your location at any given point in time. She was careful about e-mailing sensitive documents or having sensitive conversations on the phone. She began using software that masked the Web sites she visited. After she was contacted by Snowden in 2013, she tightened her security yet another notch. In addition to encrypting any sensitive e-mails, she began using different computers for editing film, for communicating and for reading sensitive documents (the one for sensitive documents is air-gapped, meaning it has never been connected to the Internet).

These precautions might seem paranoid — Poitras describes them as “pretty extreme” — but the people she has interviewed for her film were targets of the sort of surveillance and seizure that she fears. William Binney, a former top N.S.A. official who publicly accused the agency of illegal surveillance, was at home one morning in 2007 when F.B.I. agents burst in and aimed their weapons at his wife, his son and himself. Binney was, at the moment the agent entered his bathroom and pointed a gun at his head, naked in the shower. His computers, disks and personal records were confiscated and have not yet been returned. Binney has not been charged with any crime.

“I’m not stopping what I’m doing, but I have left the country. I literally didn’t feel like I could protect my material in the United States, and this was before I was contacted by Snowden. If you promise someone you’re going to protect them as a source and you know the government is monitoring you or seizing your laptop, you can’t actually physically do it.”

lol @ http://killerapps.foreignpolicy.com/posts/2013/08/12/irony_alert_pentagon_now_fears_a_big_data_national_security_threat

Have any of you actually read the entire Poitras piece? I'm not done with it yet, but here is a Q&A with Snowden conducted by Peter Maass: http://www.nytimes.com/2013/08/18/magazine/snowden-maass-transcript.html

i did. slow day at the office.

For Americans who want to speak out against the NSA: http://nowaynsa.com

NSA copying emails directed to or originating from the US and Fourth Amendment stuff: http://www.theguardian.com/commentisfree/2013/aug/11/nsa-internet-surveillance-email

http://news.yahoo.com/-dni-clapper-won%E2%80%99t-control-spying-review--white-house--194607489.html

http://arstechnica.com/tech-policy/2013/08/obamas-reform-panel-to-be-led-by-clapper-who-denied-spying-to-congress/

i did. slow day at the office.

― BIG HOOS aka the denigrated boogeyman (BIG HOOS aka the steendriver), Tuesday, August 13, 2013 7:04 PM (4 hours ago) Bookmark Flag Post Permalink

I did too, though it was a fast day at the office (I was procrastinating). An amazing piece tbh.

clapper panel finds clapper guilty of loving america too much

http://www.mit.edu/newsoffice/2013/encryption-is-less-secure-than-we-thought-0814.html

In this case, rather than prior knowledge about the statistical frequency of the symbols used in a password, the attacker has prior knowledge about the probable noise characteristics of the environment: Phase noise with one set of parameters is more probable than phase noise with another set of parameters, which in turn is more probable than Brownian noise, and so on. Armed with these statistics, an attacker could infer the password stored on the card much more rapidly than was previously thought.

That is cool

Worrying presentation at Black Hat this year: http://breachattack.com

https://twitter.com/WikileaksTruck/status/367760668117565440/photo/1

https://pbs.twimg.com/media/BRqMYRICAAAr2gj.jpg

^^^ manning, just now

manningsplain

sad, moving, hard to fully trust

the outpouring of grief from supporters on twitter when he said "i am sorry my actions hurt the united states" was overwhelming

the people who've called him hero didn't expect remorse, i guess

but, shit

poor kid

well, torture works sometimes

yeah, friend was just saying 'what, you don't think they would have broken you too?'

Morbs most likely otm. And if not, given the situation and what he is facing I can't blame him for saying sorry. If it takes 10-20 years off the sentence, what the hell does any of it matter anyway?

galileo did the same iirc

http://www.chronicle.su/news/dog-the-bounty-hunter-to-pursue-snowden-bounty/

And if it isn't obvious now... Gmail promises “no reasonable expectation” of privacy

this is going around this morning

Unfortunately for outrage junkies, there's just nothing here. First of all, Google's argument isn't even about Gmail users, who are covered by Google's unified privacy policy. Google's argument is about non-Gmail users who haven't signed Google's terms of service. It's right there in black and white — the heading for the section literally starts with the words "The Non-Gmail Plaintiffs."

From there, Google's argument starts broadly and moves towards the specific — that's where the "a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties" line comes in. That's a quote from the 1979 Supreme Court case Smith v. Maryland, in which the court upheld what's called the "third-party doctrine," saying that once you involve a third party in communication, you lose legally enforceable privacy rights. (This is an extremely controversial notion, but for right now, it's the law.) Google's argument is that people who email Gmail users are necessarily involving Gmail's servers in the mix, kicking the third-party doctrine into effect. This is pretty basic stuff.

Then, in the very next paragraph, Google points out that email processing is a basic part of email itself, with citations to several state court decisions.

As numerous courts have held, the automated processing of email is so widely understood and accepted that the act of sending an email constitutes implied consent to automated processing as a matter of law.

And then, two paragraphs after the Smith v. Maryland quote, Google's lawyers spell out their exact argument in utterly simple terms:

Non-Gmail users who send emails to Gmail recipients must expect that their emails will be subjected to Google's normal processes as the email provider for their intended recipients.

Non-Gmail users. These words appear roughly 300 words after the Smith v. Maryland quote that's causing all the fuss, but it appears no one read that far.

http://www.theverge.com/2013/8/14/4621474/yes-gmail-users-have-an-expectation-of-privacy

The White House ✔ @whitehouse

Bo, stop trying to make fetch happen. pic.twitter.com/Ez6hWGFpFc

Milo P @milo_price

.@whitehouse ha ha ha so cute!! i feel bad about getting so wound up about the whole nsa thing now
3:42 PM - 13 Aug 2013

lol

young manning

https://pbs.twimg.com/media/BRt6wK2CYAAVqNh.jpg

http://www.washingtonpost.com/world/national-security/nsa-broke-privacy-rules-thousands-of-times-per-year-audit-finds/2013/08/15/3310e554-05ca-11e3-a07f-49ddc7417125_story.html?hpid=z1

Nothing to worry about here, that White House & NSA approved panel will fix everything

In one instance, the NSA decided that it need not report the unintended surveillance of Americans. A notable example in 2008 was the interception of a “large number” of calls placed from Washington when a programming error confused the U.S. area code 202 for 20, the international dialing code for Egypt, according to a “quality assurance” review that was not distributed to the NSA’s oversight staff.

Oops.

that part blows my mind

in their defense, that is super dumb and embarrassing and i wouldn't want to tell anyone about it either

http://arching.files.wordpress.com/2010/04/abnormal.png

Revealed: Photo of WikiLeaks source Pfc. Bradley Manning dressed as a woman released — as he claims gender ID disorder put pressure on him

The army released this photo after the court ruling. Disgusting. I mean.. why?

x-post re NSA:

So, if we're talking largely about mistakes, what's the basis for the controversy? A few things, actually.

First, the public was told that these violations weren't occurring. The incidents may have been mostly inadvertent, but they were more common than we thought.

Second, the sheer number of the occurrences is striking. The NSA audit obtained by Gellman counted 2,776 incidents, most of which were unintended, over a one-year period, of "unauthorized collection, storage, access to or distribution of legally protected communications." The ACLU's Jameel Jaffer said the raw total was "jaw-dropping."

http://maddowblog.msnbc.com/_news/2013/08/16/20050583-every-now-and-then-there-may-be-a-mistake

Very nice piece by Charlie Stross: http://www.antipope.org/charlie/blog-static/2013/08/snowden-leaks-the-real-take-ho.html

We human beings are primates. We have a deeply ingrained set of cultural and interpersonal behavioural rules which we violate only at social cost. One of these rules, essential for a tribal organism, is bilaterality: loyalty is a two-way street. (Another is hierarchicality: yield to the boss.) Such rules are not iron-bound or immutable — we're not robots — but our new hive superorganism employers don't obey them instinctively, and apes and monkeys and hominids tend to revert to tit for tat quite easily when unsure of their relative status. Perceived slights result in retaliation, and blundering, human-blind organizations can slight or bruise an employee's ego without even noticing. And slighted or bruised employees who lack instinctive loyalty because the culture they come from has spent generations systematically destroying social hierarchies and undermining their sense of belonging are much more likely to start thinking the unthinkable.

Edward Snowden is 30: he was born in 1983. Generation Y started in 1980-82. I think he's a sign of things to come.

PS: Bradley Manning is 25.

http://investigations.nbcnews.com/_news/2013/08/13/20008036-lavabitcom-owner-i-could-be-arrested-for-resisting-surveillance-order

"Because the government has barred Lavabit from disclosing the nature of its demands, we still don't know what information the government is seeking, or why it's seeking it," said Ben Wizner, a national security lawyer for the ACLU. "It's hard to have a debate about the reasonableness of the government's actions — or Lavabit's response, for that matter — when we don't know what we're debating."

[...]

Levison said he has been "threatened with arrest multiple times over the past six weeks," but that he was making a stand on principle: "I think it's important to point out that what prompted me to shut down my service wasn't access to one person's data. It was about protecting the privacy of all my users."

that is some early branding for generation y.

http://www.techdirt.com/articles/20130815/17545424195/aclu-coordinating-ed-snowdens-defense.shtml

What did the Prez and Feinstein know about the privacy audit and when did they know it? Maybe nothing till today...

He might not have known about the extent of the NSA’s privacy problems until this week.

It’s not as far-fetched as it sounds. We know that Diane Feinstein (D-Calif.), the chairwoman of the Senate Intelligence Committee, only learned about the NSA privacy audit when The Washington Post asked her staff about it. And the chief judge of the Foreign Intelligence Surveillance Court has admitted that the court has limited ability to police NSA misconduct.

Moreover, an internal NSA document Edward Snowden provided to The Washington Post advises NSA analysts that “while we do want to provide our FAA overseers with the information they need, we DO NOT want to give them any extraneous information.” The “overseers” are the Office of the Director of National Intelligence and the Department of Justice. The NSA may not have been giving the full story to the attorney general and the director of national intelligence. And they, in turn, might have had reasons to keep some details about the extent of NSA abuses to themselves.

http://www.washingtonpost.com/blogs/the-switch/wp/2013/08/16/did-president-obama-know-about-the-nsas-privacy-problems/

http://archive.is/KtnuJ

That demands a firing

http://www.theguardian.com/commentisfree/2013/aug/18/david-miranda-detained-uk-nsa

nice ominous end to that one.